| 1. General Results, most used to calculate the result |
A | name "188.213.5.134" is ipv4 address, public suffix is not defined
|
A | Good: All ip addresses are public addresses
|
A | Good: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):0 complete Content-Type - header (2 urls)
|
| https://188.213.5.134/ 188.213.5.134
|
| Url with incomplete Content-Type - header - missing charset
|
| https://188.213.5.134/ 188.213.5.134
|
| Url with incomplete Content-Type - header - missing charset
|
B | https://188.213.5.134/ 188.213.5.134
|
| Missing HSTS-Header
|
C | Error - no version with Http-Status 200
|
H | Fatal error: No https - result with http-status 200, no encryption
|
M | https://188.213.5.134/ 188.213.5.134
|
| Misconfiguration - main pages should never send http status 400 - 499
|
M | https://188.213.5.134/ 188.213.5.134
|
| Misconfiguration - main pages should never send http status 400 - 499
|
N | https://188.213.5.134/ 188.213.5.134
|
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
|
N | https://188.213.5.134/ 188.213.5.134
|
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
|
B | No _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.188.213.5.134
|
| 2. Header-Checks (Cross-Origin-* headers are alpha - started 2024-06-05) |
A | 188.213.5.134 188.213.5.134
| Content-Security-Policy
| Ok: Header without syntax errors found: frame-ancestors 'self'
|
F |
|
| Bad: Missing default-src directive. A default-src directive is used if one of the specialized fetch directives (child-src, connect-src, font-src, frame-src, img-src, manifest-src, media-src, object-src, prefetch-src, script-src, style-src, worker-src) isn't defined. Missing default-src, all sources are allowed, that's bad. A default-src with 'none' or 'self' blocks that.
|
E |
|
| Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
|
A |
|
| Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
|
E |
|
| Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
|
F |
|
| Critical: No object-src and no default-src as fallback defined. So object / embed / applet can load every resource. That's fatal.
|
F |
|
| Critical: No script-src and no default-src as fallback defined. So scripts are unlimited. That's fatal.
|
A |
| X-Content-Type-Options
| Ok: Header without syntax errors found: nosniff
|
A |
| X-Frame-Options
| Ok: Header without syntax errors found: SAMEORIGIN
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
|
A |
| X-Xss-Protection
| Ok: Header without syntax errors found: 1; mode=block
|
B |
|
| Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block
|
F | 188.213.5.134 188.213.5.134
| Referrer-Policy
| Critical: Missing Header:
|
F | 188.213.5.134 188.213.5.134
| Permissions-Policy
| Critical: Missing Header:
|
B | 188.213.5.134 188.213.5.134
| Cross-Origin-Embedder-Policy
| Info: Missing Header
|
B | 188.213.5.134 188.213.5.134
| Cross-Origin-Opener-Policy
| Info: Missing Header
|
B | 188.213.5.134 188.213.5.134
| Cross-Origin-Resource-Policy
| Info: Missing Header
|
| 3. DNS- and NameServer - Checks |
| 4. Content- and Performance-critical Checks |
| http://188.213.5.134/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 188.213.5.134
|
| Fatal: Check of /.well-known/acme-challenge/random-filename has a timeout. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
|
A | Good: All checked attribute values are enclosed in quotation marks (" or ').
|
A | Info: No img element found, no alt attribute checked
|
A | Duration: 59947 milliseconds, 59.947 seconds
|