Check DNS, Urls + Redirects, Certificates and Content of your Website


 

 

N

 

No trusted Certificate

 

Checked:
09.04.2021 10:34:42

 

Older results

No older results found

 

1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
2602:806:a003:40f::127:ff01
AAAA
2602:806:a003:40f::127:ff01
Fremont/California/United States (US) - Peter Jin Technologies LLC

yes


 

2. DNSSEC

 

No DNSSEC - Informations found

 

3. Name Servers

 

No Nameserver entries found

 

4. SOA-Entries

 

No SOA entries found

5. Screenshots

No Screenshot listed, because no screenshot found. Perhaps the check is too old, the feature startet 2019-12-23.

 

 

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://[2602:0806:a003:040f:0000:0000:0127:ff01]/
2602:806:a003:40f::127:ff01 No Compression used - 1827 / 4879 - 37.45 % possible
200

Html is minified: 211.58 %
0.320
H
strict-transport-security: max-age=31536000
x-frame-options: DENY
content-security-policy: default-src 'self'; style-src 'unsafe-inline'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Content-Length: 4879
Date: Fri, 09 Apr 2021 08:34:45 GMT
Connection: close

• https://[2602:0806:a003:040f:0000:0000:0127:ff01]/
2602:806:a003:40f::127:ff01 No Compression used - 1827 / 4879 - 37.45 % possible
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/2305
200

Html is minified: 211.58 %
Other inline scripts (∑/total): 0/0
4.177
N
Certificate error: RemoteCertificateNameMismatch
strict-transport-security: max-age=31536000
x-frame-options: DENY
content-security-policy: default-src 'self'; style-src 'unsafe-inline'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Content-Length: 4879
Date: Fri, 09 Apr 2021 08:34:46 GMT
Connection: close

• http://[2602:0806:a003:040f:0000:0000:0127:ff01]/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2602:806:a003:40f::127:ff01
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0
0.317
A
Not Found
Visible Content: Cannot GET /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Content-Security-Policy: default-src 'none'
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 208
Date: Fri, 09 Apr 2021 08:34:50 GMT
Connection: close

• https://[2602:0806:a003:040f:0000:0000:0127:ff01]/
2602:806:a003:40f::127:ff01 No Compression used - 1827 / 4879 - 37.45 % possible
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/2305
200

Html is minified: 211.58 %
Other inline scripts (∑/total): 0/0
3.753
N
Certificate error: RemoteCertificateNameMismatch
strict-transport-security: max-age=31536000
x-frame-options: DENY
content-security-policy: default-src 'self'; style-src 'unsafe-inline'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
Content-Type: text/html; charset=utf-8
Content-Length: 4879
Date: Fri, 09 Apr 2021 08:34:51 GMT
Connection: close

 

7. Comments


1. General Results, most used to calculate the result

Aname "2602:806:a003:40f::127:ff01" is ipv6 address, public suffix is not defined
AGood: All ip addresses are public addresses
AGood: one preferred version: non-www is preferred
AGood: No cookie sent via http.
AGood: every https has a Strict Transport Security Header
AGood: HSTS max-age is long enough, 31536000 seconds = 365 days
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
CError - more then one version with Http-Status 200. After all redirects, all users (and search engines) should see the same https url: Non-www or www, but not both with http status 200.
HFatal error: http result with http-status 200, no encryption. Add a redirect http ⇒ https, so every connection is secure. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop.
Nhttps://[2602:0806:a003:040f:0000:0000:0127:ff01]/ 2602:806:a003:40f::127:ff01
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://[2602:0806:a003:040f:0000:0000:0127:ff01]/ 2602:806:a003:40f::127:ff01
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch

2. Header-Checks (Cross-Origin-* headers are alpha - started 2024-06-05)


3. DNS- and NameServer - Checks


4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
https://[2602:0806:a003:040f:0000:0000:0127:ff01]/ 2602:806:a003:40f::127:ff01
200

Warning: https result with status 200 and size greater then 1024 Bytes without Compression found. Add Compression support (gzip, deflate, br - these are checked) so the html content is compressed.
https://[2602:0806:a003:040f:0000:0000:0127:ff01]/ 2602:806:a003:40f::127:ff01
200

Warning: https result with status 200 and size greater then 1024 Bytes without Compression found. Add Compression support (gzip, deflate, br - these are checked) so the html content is compressed.
https://[2602:0806:a003:040f:0000:0000:0127:ff01]/ 2602:806:a003:40f::127:ff01
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://[2602:0806:a003:040f:0000:0000:0127:ff01]/ 2602:806:a003:40f::127:ff01
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://[2602:0806:a003:040f:0000:0000:0127:ff01]/ 2602:806:a003:40f::127:ff01
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://[2602:0806:a003:040f:0000:0000:0127:ff01]/ 2602:806:a003:40f::127:ff01
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://[2602:0806:a003:040f:0000:0000:0127:ff01]/ 2602:806:a003:40f::127:ff01
200

Warning: Https connections (Standard Port 443) found without support of the http/2 protocol via ALPN. Http/2 is the new Http-Version (old: http 1.1) with some important new features. Update your server software so http/2 is available. Only one TCP-connection per Server (that's a performance boost), Header-Compression and Server Pushs are available. Domain Sharding and Inline-CSS/Javascript shouldn't used with http/2.
https://[2602:0806:a003:040f:0000:0000:0127:ff01]/ 2602:806:a003:40f::127:ff01
200

Warning: Https connections (Standard Port 443) found without support of the http/2 protocol via ALPN. Http/2 is the new Http-Version (old: http 1.1) with some important new features. Update your server software so http/2 is available. Only one TCP-connection per Server (that's a performance boost), Header-Compression and Server Pushs are available. Domain Sharding and Inline-CSS/Javascript shouldn't used with http/2.
AGood: All checked attribute values are enclosed in quotation marks (" or ').
AInfo: No img element found, no alt attribute checked
http://[2602:0806:a003:040f:0000:0000:0127:ff01]/ 2602:806:a003:40f::127:ff01
200

Warning: HSTS header sent via http has no effect
ADuration: 22383 milliseconds, 22.383 seconds

 

8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
[2602:0806:a003:040f:0000:0000:0127:ff01]
2602:806:a003:40f::127:ff01
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
[2602:0806:a003:040f:0000:0000:0127:ff01]
2602:806:a003:40f::127:ff01
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
no http/2 via ALPN 
Tls.1.2
no Tls.1.1
no Tls.1.0
no http/2 via ALPN
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain - incomplete

1CN=ipv6-things.srv.peterjin.org


2CN=R3, O=Let's Encrypt, C=US


[2602:0806:a003:040f:0000:0000:0127:ff01]
2602:806:a003:40f::127:ff01
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok

[2602:0806:a003:040f:0000:0000:0127:ff01]
2602:806:a003:40f::127:ff01
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
error checking OCSP stapling
ok
no http/2 via ALPN 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no http/2 via ALPN
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain - incomplete

1CN=ipv6-things.srv.peterjin.org


2CN=R3, O=Let's Encrypt, C=US

 

9. Certificates

1.
1.
CN=ipv6-things.srv.peterjin.org
09.02.2021
11.05.2021
1303 days expired
*.aliases.peterjin.org, *.colors.misc.peterjin.org, *.misc.peterjin.org, *.ptable.misc.peterjin.org, *.scp.rdns.peterjin.org, *.t.rdns.peterjin.org, ipv6-things.srv.peterjin.org - 7 entries
1.
1.
CN=ipv6-things.srv.peterjin.org
09.02.2021

11.05.2021
1303 days expired


*.aliases.peterjin.org, *.colors.misc.peterjin.org, *.misc.peterjin.org, *.ptable.misc.peterjin.org, *.scp.rdns.peterjin.org, *.t.rdns.peterjin.org, ipv6-things.srv.peterjin.org - 7 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:SHA256 With RSA-Encryption
Serial Number:0484EDC603FBE448900E43896F7970E77747
Thumbprint:C815F41A3971D14CD01A2DB8B62F639872FAA5CB
SHA256 / Certificate:Af+B5HP/Bqz2ZHGevqjHtN81hezUaDkKmjDfWagwCGM=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):82c6fcf424cd38148ff1ff3c07f990b5fa3100f2b0807182a3d7926f2298e56a
SHA256 hex / Subject Public Key Information (SPKI):82c6fcf424cd38148ff1ff3c07f990b5fa3100f2b0807182a3d7926f2298e56a
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://r3.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=R3, O=Let's Encrypt, C=US
07.10.2020
29.09.2021
1162 days expired


2.
CN=R3, O=Let's Encrypt, C=US
07.10.2020

29.09.2021
1162 days expired




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:400175048314A4C8218C84A90C16CDDF
Thumbprint:48504E974C0DAC5B5CD476C8202274B24C8C7172
SHA256 / Certificate:cwwb3NhfV85dwLunM+XxulqSWyp3HWQKJvekVCJNrTs=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SHA256 hex / Subject Public Key Information (SPKI):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




3.
CN=DST Root CA X3, O=Digital Signature Trust Co.
30.09.2000
30.09.2021
1161 days expired


3.
CN=DST Root CA X3, O=Digital Signature Trust Co.
30.09.2000

30.09.2021
1161 days expired




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:44AFB080D6A327BA893039862EF8406B
Thumbprint:DAC9024F54D8F6DF94935FB1732638CA6AD77C13
SHA256 / Certificate:BocmAzGnJAPZCfEF5pvPDTLhvSST/8bZIG0RvNZ3Bzk=
SHA256 hex / Cert (DANE * 0 1):0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
SHA256 hex / PublicKey (DANE * 1 1):563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b
SHA256 hex / Subject Public Key Information (SPKI):563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




 

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found

 

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

No CRT - CT-Log entries found

 

11. Html-Content - Entries

Summary

No data found or small Code-update

 

Details

Small Code Update - wait one minute

 

12. Html-Parsing via https://validator.nu/ / https://validator.w3.org/nu/ (started 2024-09-28, 09:00, alpha)

  Unfortunately, there are differences between the first used validator.nu and validator.w3.org/nu/ - switched to validator.w3.org/nu/. Looks like some error messages (link - fetchpriority attribute) of validator.nu are obsolete, not seen in the w3.org-version and not found in the current specification: link may have a fetchpriority attribute.

Small Code update, wait one minute

 

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:

 

 

No NameServer - IP address - Informations found

 

14. CAA - Entries

No CAA entries found

 

15. TXT - Entries

No TXT entries found

 

16. DomainService - Entries

No DomainServiceEntries entries found

 

 

17. Cipher Suites

No Ciphers found

 

18. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.

 

 

Permalink: https://check-your-website.server-daten.de/?i=7e00f315-a102-4d3b-8c49-abb6e1c14e6b

 

Last Result: https://check-your-website.server-daten.de/?q=%5B2602%3A806%3Aa003%3A40f%3A%3A127%3Aff01%5D - 2021-04-09 10:34:42

 

Do you like this page? Support this tool, add a link on your page:

 

<a href="https://check-your-website.server-daten.de/?q=%5B2602%3A806%3Aa003%3A40f%3A%3A127%3Aff01%5D" target="_blank">Check this Site: %5B2602%3A806%3Aa003%3A40f%3A%3A127%3Aff01%5D</a>

 

 

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

 

QR-Code of this page - https://check-your-website.server-daten.de/?d=[2602:806:a003:40f::127:ff01]