| 1. General Results, most used to calculate the result |
A | name "136.57.57.197" is ipv4 address, public suffix is not defined
|
A | Good: All ip addresses are public addresses
|
A | Good - only one version with Http-Status 200
|
A | Good: No cookie sent via http.
|
A | Good: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
|
D | http://136.57.57.197/ 136.57.57.197
| http://136.57.57.197/login.html
| Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
|
H | Fatal error: No https - result with http-status 200, no encryption
|
H | Fatal error: http result with http-status 200, no encryption. Add a redirect http ⇒ https, so every connection is secure. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop.
|
V | https://136.57.57.197/ 136.57.57.197
|
| Connect failure - perhaps firewall
|
V | https://136.57.57.197/ 136.57.57.197
|
| Connect failure - perhaps firewall
|
B | No _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.136.57.57.197
|
| 2. Header-Checks (Cross-Origin-* headers are alpha - started 2024-06-05) |
U |
|
| No https result with http status 2** or 4** (standard-check) found, no header checked.
|
| 3. DNS- and NameServer - Checks |
| 4. Content- and Performance-critical Checks |
| http://136.57.57.197/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 136.57.57.197
|
| Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 401 / 403 Not Allowed / Forbidden. A http status 404 - Not Found - is expected. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
|
A | Info: No img element found, no alt attribute checked
|
A | Duration: 8950 milliseconds, 8.950 seconds
|