Check DNS, Urls + Redirects, Certificates and Content of your Website





1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
2606:4700:4700::1111
AAAA
2606:4700:4700::1111
Montreal/Quebec/Canada (CA) - Cloudflare, Inc.

yes



2. DNSSEC


No DNSSEC - Informations found


3. Name Servers


No Nameserver entries found


4. SOA-Entries


No SOA entries found

5. Screenshots

Startaddress: https://one.one.one.one/, address used: https://one.one.one.one/, Screenshot created 2024-04-02 14:01:50 +00:0

Mobil (412px x 732px)

1144 milliseconds

Screenshot mobile - https://one.one.one.one/
Mobil + Landscape (732px x 412px)

1150 milliseconds

Screenshot mobile landscape - https://one.one.one.one/
Screen (1280px x 1680px)

1339 milliseconds

Screenshot Desktop - https://one.one.one.one/

Mobile- and other Chrome-Checks

widthheight
visual Viewport396732
content Size3968060

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://[2606:4700:4700:0000:0000:0000:0000:1111]/
2606:4700:4700::1111
301
https://2606:4700:4700:0000:0000:0000:0000:1111/
Html is minified: 109.15 %
0.030
E
Server: cloudflare
Date: Tue, 02 Apr 2024 12:00:44 GMT
Connection: close
Location: https://[2606:4700:4700::1111]/
CF-RAY: 86e0a9078aec30c9-FRA
Content-Type: text/html
Content-Length: 167

• https://[2606:4700:4700:0000:0000:0000:0000:1111]/
2606:4700:4700::1111
302
https://one.one.one.one/
3.723
B
Date: Tue, 02 Apr 2024 12:00:44 GMT
Transfer-Encoding: chunked
Connection: close
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AnO5YV9Ys%2Bo83JGG1xeJDFVHz0gJ19i0TZ34wgYgrvZuKGB%2BiJ35RKMMCTo6C%2FXpF06hRnvvzoLl4G1DYBwSXdLC%2Ft%2Fnj0jllv2Z3miqkiD2ItUl0kid9ZBzx9%2FiWqeDa2OFeyONEFTFevjD7FW28KwIvtc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Location: https://one.one.one.one/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 86e0a907fbaa8ff5-FRA
Alt-Svc: h3=":443"
Expires: Thu, 01 Jan 1970 00:00:01 GMT

• https://[2606:4700:4700::1111]/

302
https://one.one.one.one/
4.310
B
Date: Tue, 02 Apr 2024 12:00:54 GMT
Transfer-Encoding: chunked
Connection: close
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9HtzJw8W1Xz%2FVYAmYcrIpOZKm5dFnvNJObviOKRFYZJgNN%2BGprATdq1gnkGU93we3Bmz5j9%2F9MRC7LfyJVjSGP3CylRk8J8qcAn4IA7H%2FGXba3aUo7O%2FxJO10usbl7z1TV3CEQtDK%2BjSbXqZf9IltAKRzvI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Location: https://one.one.one.one/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 86e0a9477f019b83-FRA
Alt-Svc: h3=":443"
Expires: Thu, 01 Jan 1970 00:00:01 GMT

• https://one.one.one.one/
GZip used - 17433 / 56604 - 69.20 %
Inline-JavaScript (∑/total): 2/109 Inline-CSS (∑/total): 1/106
200

Html is minified: 102.53 %
3.350
I
Date: Tue, 02 Apr 2024 12:01:00 GMT
Transfer-Encoding: chunked
Connection: close
CF-Ray: 86e0a968884a9073-FRA
Access-Control-Allow-Origin: *
Cache-Control: public, must-revalidate, max-age=0
ETag: W/"5dd740d0e716a31c1b8437db0263fa93"
Vary: Accept-Encoding
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Server: cloudflare
Alt-Svc: h3=":443"
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip

• http://[2606:4700:4700:0000:0000:0000:0000:1111]/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2606:4700:4700::1111
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
301
https://2606:4700:4700:0000:0000:0000:0000:1111/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 109.15 %
0.030
E
Visible Content:
Server: cloudflare
Date: Tue, 02 Apr 2024 12:00:49 GMT
Connection: close
Location: https://[2606:4700:4700::1111]/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
CF-RAY: 86e0a9274fe71cc9-FRA
Content-Type: text/html
Content-Length: 167

• https://[2606:4700:4700::1111]/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

302
https://one.one.one.one/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
3.043
A
Visible Content:
Date: Tue, 02 Apr 2024 12:01:04 GMT
Transfer-Encoding: chunked
Connection: close
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pD3d%2BfIigr3BteZSTN9CvBslfou%2BXNiFi11BUldZEp0ZWsfYaeh8H8mZYyrnXQ5tYkia80wXSDG0f%2FtSvgfTlDHOn885kh%2BpoZ4EnpGm50kG8zpFbQ8DfB%2Byv8RqaaXatF1aFHDN95wzk74CmCHsoyNkuoc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Location: https://one.one.one.one/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 86e0a9850ffb9220-FRA
Alt-Svc: h3=":443"
Expires: Thu, 01 Jan 1970 00:00:01 GMT

• https://one.one.one.one/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
GZip used - 386 / 1285 - 69.96 %
Inline-JavaScript (∑/total): 7/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 102.96 %
3.150
A
Not Found
Visible Content:
Date: Tue, 02 Apr 2024 12:01:08 GMT
Transfer-Encoding: chunked
Connection: close
CF-Ray: 86e0a99d3c805d9d-FRA
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Server: cloudflare
Alt-Svc: h3=":443"
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip

• https://[2606:4700:4700:0000:0000:0000:0000:1111]/
2606:4700:4700::1111
302
https://one.one.one.one/
4.234
B
Date: Tue, 02 Apr 2024 12:00:49 GMT
Transfer-Encoding: chunked
Connection: close
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w88gee53OK%2BEah2A%2F%2FewDW55OSfYSEQnyytDTVYKqwCIPaTyj%2BwossHizgBvR0CJjG13DIfbJPRZGb%2FpXw%2Fo85kbCnt7tiki%2BKIilEuXJusOCWflK64uLR437zoQFSugZ1%2FDqz0ko25Wg9vjGNib9rn6EmA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Location: https://one.one.one.one/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 86e0a927b9312c49-FRA
Alt-Svc: h3=":443"
Expires: Thu, 01 Jan 1970 00:00:01 GMT

7. Comments


1. General Results, most used to calculate the result

Aname "2606:4700:4700::1111" is ipv6 address, public suffix is not defined
AGood: All ip addresses are public addresses
Ahttps://[2606:4700:4700::1111]/
302
https://one.one.one.one/
Correct redirect https to https
Ahttps://[2606:4700:4700:0000:0000:0000:0000:1111]/ 2606:4700:4700::1111
302
https://one.one.one.one/
Correct redirect https to https
Ahttps://[2606:4700:4700::1111]/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
302
https://one.one.one.one/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Correct redirect https to https
Ahttps://[2606:4700:4700:0000:0000:0000:0000:1111]/ 2606:4700:4700::1111
302
https://one.one.one.one/
Correct redirect https to https
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: non-www is preferred
AGood: No cookie sent via http.
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Bhttps://[2606:4700:4700::1111]/
302

Missing HSTS-Header
Bhttps://[2606:4700:4700:0000:0000:0000:0000:1111]/ 2606:4700:4700::1111
302

Missing HSTS-Header
Bhttps://one.one.one.one/
200

Missing HSTS-Header
Bhttps://[2606:4700:4700::1111]/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
302

Missing HSTS-Header
Bhttps://one.one.one.one/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Missing HSTS-Header
Ehttp://[2606:4700:4700:0000:0000:0000:0000:1111]/ 2606:4700:4700::1111
301
https://2606:4700:4700:0000:0000:0000:0000:1111/
Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Ihttps://one.one.one.one/
200

Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.2606:4700:4700::1111

2. Header-Checks

Aone.one.one.one
X-Content-Type-Options
Ok: Header without syntax errors found: nosniff
A
Referrer-Policy
Ok: Header without syntax errors found: strict-origin-when-cross-origin
Fone.one.one.one
Content-Security-Policy
Critical: Missing Header:
Fone.one.one.one
Permissions-Policy
Critical: Missing Header:

3. DNS- and NameServer - Checks


4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Every https result with status 200 supports GZip.
https://one.one.one.one/
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
AGood: Every https result with status 200 has a minified Html-Content with a quota lower then 110 %.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
https://one.one.one.one/
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 1 script elements without defer/async.
https://one.one.one.one/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 7 script elements without defer/async.
AGood: All CSS / JavaScript files are sent with GZip. That reduces the content of the files. 16 external CSS / JavaScript files found
AGood: All images with internal compression not sent via GZip. Images (.png, .jpg) are already compressed, so an additional GZip isn't helpful. 4 images (type image/png, image/jpg) found without additional GZip. Not required because these images are already compressed
Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 0 external CSS / JavaScript files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 16 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 16 complete.
Warning: Images with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 0 image files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 5 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 5 complete.
AGood: All checked attribute values are enclosed in quotation marks (" or ').
Wrong: img-elements without alt-attribute or empty alt-attribute found. The alt-attribute ("alternative") is required and should describe the img. So Screenreader and search engines are able to use these informations.: 5 img-elements without alt-attribute, 0 img-elements with empty alt-attribute found.
https://one.one.one.one/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
3.150 seconds
Warning: 404 needs more then one second
ADuration: 91607 milliseconds, 91.607 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
one.one.one.one
one.one.one.one
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
one.one.one.one
one.one.one.one
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=one.one.one

2CN=GTS CA 1P5, O=Google Trust Services LLC, C=US

3CN=GTS Root R1, O=Google Trust Services LLC, C=US


[2606:4700:4700::1111]
2606:4700:4700::1111
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

[2606:4700:4700::1111]
2606:4700:4700::1111
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=cloudflare-dns.com, O="Cloudflare, Inc.", L=San Francisco, C=US, ST=California

2CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US


[2606:4700:4700:0000:0000:0000:0000:1111]
2606:4700:4700::1111
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

[2606:4700:4700:0000:0000:0000:0000:1111]
2606:4700:4700::1111
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=cloudflare-dns.com, O="Cloudflare, Inc.", L=San Francisco, C=US, ST=California

2CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US


[2606:4700:4700:0000:0000:0000:0000:1111]
2606:4700:4700::1111
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

[2606:4700:4700:0000:0000:0000:0000:1111]
2606:4700:4700::1111
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=cloudflare-dns.com, O="Cloudflare, Inc.", L=San Francisco, C=US, ST=California

2CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US


9. Certificates

1.
1.
CN=cloudflare-dns.com, O="Cloudflare, Inc.", L=San Francisco, S=California, C=US
30.12.2023
22.01.2025
expires in 283 days
cloudflare-dns.com, *.cloudflare-dns.com, one.one.one.one, 1.0.0.1, 1.1.1.1, 162.159.36.1, 162.159.46.1, 2606:4700:4700:0000:0000:0000:0000:1001, 2606:4700:4700:0000:0000:0000:0000:1111, 2606:4700:4700:0000:0000:0000:0000:0064, 2606:4700:4700:0000:0000:0000:0000:6400 - 11 entries
1.
1.
CN=cloudflare-dns.com, O="Cloudflare, Inc.", L=San Francisco, S=California, C=US
30.12.2023

22.01.2025
expires in 283 days
cloudflare-dns.com, *.cloudflare-dns.com, one.one.one.one, 1.0.0.1, 1.1.1.1, 162.159.36.1, 162.159.46.1, 2606:4700:4700:0000:0000:0000:0000:1001, 2606:4700:4700:0000:0000:0000:0000:1111, 2606:4700:4700:0000:0000:0000:0000:0064, 2606:4700:4700:0000:0000:0000:0000:6400 - 11 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:SHA256 With RSA-Encryption
Serial Number:0622A220DCD376B20952A347B70033C5
Thumbprint:AE19172E6BEBDCB24925F5E948577A9E62C74171
SHA256 / Certificate:Y+fSKyxXdlb9oxRieZ2Gy3JdpxEsf1m0JhWw+WrDw0g=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):1dd0c182d9e3d3bfcdaca3662c26e0e6bc4aefc65e85d1d9fd4a2eb71e221f36
SHA256 hex / Subject Public Key Information (SPKI):1dd0c182d9e3d3bfcdaca3662c26e0e6bc4aefc65e85d1d9fd4a2eb71e221f36 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
24.09.2020
24.09.2030
expires in 2354 days


2.
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
24.09.2020

24.09.2030
expires in 2354 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:085F94C02D857BE8CC14FF53EDA23E2A
Thumbprint:1D7322B41ED99FDD68511BAB786C8E26E0831B3B
SHA256 / Certificate:H4656ajgZsxbODPgazEpdktiJjnVsWP2AOHHkSC/Pu0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79
SHA256 hex / Subject Public Key Information (SPKI):59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013
15.01.2038
expires in 5024 days


3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013

15.01.2038
expires in 5024 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:033AF1E6A711A9A0BB2864B11D09FAE5
Thumbprint:DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA256 / Certificate:yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=
SHA256 hex / Cert (DANE * 0 1):cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA256 hex / PublicKey (DANE * 1 1):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


2.
1.
CN=one.one.one
04.02.2024
04.05.2024
expires in 20 days
one.one.one, *.one.one.one - 2 entries
2.
1.
CN=one.one.one
04.02.2024

04.05.2024
expires in 20 days
one.one.one, *.one.one.one - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00E01BA64E2960336D0E2A3A504A5990CB
Thumbprint:66ABBC5DE8738D6F4AC2CFE95F57CE5427DF2E6F
SHA256 / Certificate:joNp1V1zPlz8G8RiOnb31Gp2vUmKZHsYUhfSOJoWk5c=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):f25d6dd7a7ee6ac06a65fe0a5b7d5f30be3b2ae80a7c87dd71a0e0dc0b726e47
SHA256 hex / Subject Public Key Information (SPKI):f25d6dd7a7ee6ac06a65fe0a5b7d5f30be3b2ae80a7c87dd71a0e0dc0b726e47 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.pki.goog/s/gts1p5/p8syNk3fuX4
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


2.
CN=one.one.one
04.02.2024
04.05.2024
expires in 20 days
one.one.one, *.one.one.one - 2 entries

2.
CN=one.one.one
04.02.2024

04.05.2024
expires in 20 days
one.one.one, *.one.one.one - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00E01BA64E2960336D0E2A3A504A5990CB
Thumbprint:66ABBC5DE8738D6F4AC2CFE95F57CE5427DF2E6F
SHA256 / Certificate:joNp1V1zPlz8G8RiOnb31Gp2vUmKZHsYUhfSOJoWk5c=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):f25d6dd7a7ee6ac06a65fe0a5b7d5f30be3b2ae80a7c87dd71a0e0dc0b726e47
SHA256 hex / Subject Public Key Information (SPKI):f25d6dd7a7ee6ac06a65fe0a5b7d5f30be3b2ae80a7c87dd71a0e0dc0b726e47 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.pki.goog/s/gts1p5/p8syNk3fuX4
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


3.
CN=GTS CA 1P5, O=Google Trust Services LLC, C=US
13.08.2020
30.09.2027
expires in 1264 days


3.
CN=GTS CA 1P5, O=Google Trust Services LLC, C=US
13.08.2020

30.09.2027
expires in 1264 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0203BC50A32753F0918022EDF1
Thumbprint:9C0B252A678A087FBEE496A44377F7556AC605E7
SHA256 / Certificate:l9QgA+EyVSlGCX8g75VfWxzVcKpDcteAAzpl775pdY0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):f3559fd766dc2e51474007c996ec67cd9e85ae0fa827d3d663f5abc2eafcbe24
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.pki.goog/gtsr1
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


4.
CN=GTS CA 1P5, O=Google Trust Services LLC, C=US
13.08.2020
30.09.2027
expires in 1264 days


4.
CN=GTS CA 1P5, O=Google Trust Services LLC, C=US
13.08.2020

30.09.2027
expires in 1264 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0203BC50A32753F0918022EDF1
Thumbprint:9C0B252A678A087FBEE496A44377F7556AC605E7
SHA256 / Certificate:l9QgA+EyVSlGCX8g75VfWxzVcKpDcteAAzpl775pdY0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):f3559fd766dc2e51474007c996ec67cd9e85ae0fa827d3d663f5abc2eafcbe24
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.pki.goog/gtsr1
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


5.
CN=GTS Root R1, O=Google Trust Services LLC, C=US
19.06.2020
28.01.2028
expires in 1384 days


5.
CN=GTS Root R1, O=Google Trust Services LLC, C=US
19.06.2020

28.01.2028
expires in 1384 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:77BD0D6CDB36F91AEA210FC4F058D30D
Thumbprint:08745487E891C19E3078C1F2A07E452950EF36F6
SHA256 / Certificate:PuAnjfcfo8ElxM1IfwHXdGlOb8V+DNlMJO/XaRM5GOU=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67
SHA256 hex / Subject Public Key Information (SPKI):871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.pki.goog/gsr1
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


6.
CN=GTS Root R1, O=Google Trust Services LLC, C=US
22.06.2016
22.06.2036
expires in 4452 days


6.
CN=GTS Root R1, O=Google Trust Services LLC, C=US
22.06.2016

22.06.2036
expires in 4452 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:6E47A9C54B470C0DEC33D089B91CF4E1
Thumbprint:E1C950E6EF22F84C5645728B922060D7D5A7A3E8
SHA256 / Certificate:KldUceMTQLwhWBy9LPE+FYRjID7OlLz508wZa/CaVHI=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



7.
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
01.09.1998
28.01.2028
expires in 1384 days


7.
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
01.09.1998

28.01.2028
expires in 1384 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:040000000001154B5AC394
Thumbprint:B1BC968BD4F49D622AA89A81F2150152A41D829C
SHA256 / Certificate:69QQQOS7PsdCyeOB0x7ypBpItmhclufO88HfbNQzHJk=
SHA256 hex / Cert (DANE * 0 1):ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA256 hex / PublicKey (DANE * 1 1):2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SHA256 hex / Subject Public Key Information (SPKI):2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found


2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

No CRT - CT-Log entries found


11. Html-Content - Entries

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://one.one.one.one/
a

38

0


0
0
0


img

5
443,356 Bytes
1
5
0
0
0
0


link
stylesheet
1

0
1
0
0
0
0


link
other
4

0
2
0
0
0
0


meta
twitter
7

0
0
1
0
0
0


meta
apple
1

0


0
0
0


meta
og
4

0
0
3
0
0
0


meta
other
7

0


0
0
0


script

1

0
1
0
0
0
0

Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://one.one.one.one/

a

/ar-EG/


1
ok








a

/de-DE/


1
ok








a

/dns/


1
ok








a

/es-ES/


1
ok








a

/fa-IR/


1
ok








a

/family/


1
ok








a

/fr-FR/


1
ok








a

/id-ID/


1
ok








a

/it-IT/


1
ok








a

/ja-JP/


1
ok








a

/ko-KR/


1
ok








a

/nl-NL/


1
ok








a

/pl-PL/


1
ok








a

/pt-BR/


1
ok








a

/ru-RU/


1
ok








a

/tr-TR/


1
ok








a

/zh-Hans/


1
ok








a

/zh-Hant/


1
ok








a

https://1111-releases.cloudflareclient.com/mac/Cloudflare_WARP.zip


2
ok








a

https://1111-releases.cloudflareclient.com/windows/Cloudflare_WARP_Release-x64.msi


2
ok








a

https://blog.cloudflare.com/warp-for-desktop


2
ok








a

https://cloudflare.com


2
ok








a

https://developers.cloudflare.com/warpclient/setting-up/linux/


1
ok








a

https://developers.cloudflare.com/warpclient/setting-up/macOS/


1
ok








a

https://developers.cloudflare.com/warpclient/setting-up/windows/


1
ok








a

https://itunes.apple.com/us/app/1-1-1-1-faster-internet/id1423538627


2
ok








a

https://pkg.cloudflareclient.com/


2
ok








a

https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone


2
ok








a

https://twitter.com/intent/tweet?text=ISPs%20spy%20on%20your%20Internet%20traffic%20and%20sell%20the%20data.%20I%27m%20using%201.1.1.1%20with%20WARP%2C%20a%20free%20app%20which%20makes%20the%20Internet%20on%20my%20phone%20faster%20and%20more%20private.%20You%20should%20get%20the%20app%20too%3A%20https%3A//one.one.one.one


1
ok








a

https://www.cloudflare.com/careers/departments/


1
ok








a

https://www.dnsperf.com/#!dns-resolvers


1
ok








img
src
/media/lighthouse.svg
200

1
ok
no alt-Attributeimage/svg+xml, X-Content-Type-Options nosniff found

Cache-Control: public, must-revalidate, max-age=0 - max-age too short.
GZip: 2431/6972 Bytes






img
src
/media/warp-desktop.png
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: public, must-revalidate, max-age=0 - max-age too short.
No GZip - 124178 Bytes






img
src
/media/warp-desktop-2.png
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: public, must-revalidate, max-age=0 - max-age too short.
No GZip - 225857 Bytes






img
src
/media/warp-desktop-3.png
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: public, must-revalidate, max-age=0 - max-age too short.
No GZip - 93321 Bytes






img
src
/media/warp-plus.png
-14
Timeout - The operation has timed out.
1
Timeout - The operation has timed out.
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

0 Bytes






link
canonical
https://1.1.1.1


1
ok








link
icon
favicon.ico
200

1
ok
image/vnd.microsoft.icon, X-Content-Type-Options nosniff found

Cache-Control: public, must-revalidate, max-age=0 - max-age too short.
GZip: 7902/15086 Bytes






link
manifest
/media/manifest.json


1
ok








link
shortcut icon
/favicon.ico
200

1
ok
image/vnd.microsoft.icon, X-Content-Type-Options nosniff found

Cache-Control: public, must-revalidate, max-age=0 - max-age too short.
GZip: 7902/15086 Bytes






link
stylesheet
/site-c58cb85ce829b35a363c.css
200

1
ok
text/css; charset=utf-8, X-Content-Type-Options nosniff found

Cache-Control: public, must-revalidate, max-age=0 - max-age too short.
GZip: 5724/28736 Bytes




local SRI possible, possible hash-values:

sha256-q0eqxUnLqwV1IBCZNDfdKnp1BeKxcCNjGpHnl7abaqM=
sha384-xX3CLtji8xyAlsuwLsRziI1asOiKSca1n5pNA7AWu2SEhBP++8f+Hvp69L9dyU27
sha512-unaNexM029rQ/qTh/0HodUA7Ntm+arjC0UtlUECyAQOVcpKY7iHMPwOYD3BuYjP3Wk5J/Ubgdv8MGh8V9OAs2w==

<link rel="stylesheet" href="/site-c58cb85ce829b35a363c.css" crossorigin="anonymous" integrity="sha256-q0eqxUnLqwV1IBCZNDfdKnp1BeKxcCNjGpHnl7abaqM=" />



Content loaded via url("...")

/media/mockup-1.png1
/media/mockup-2.png1
/media/mockup-3.png1

meta

utf-8


1
ok








meta
og:image
https://1.1.1.1/media/social-share.png
302
https://one.one.one.one/media/social-share.png
1
ok
, missing X-Content-Type-Options nosniff

0 Bytes




Server-Header Access-Control-Allow-Origin: not found
Cross-Origin Resource Sharing (CORS) not supported



meta
og:title
1.1.1.1 — The free app that makes your Internet faster.


1
ok








meta
og:url
https://1.1.1.1
302
https://one.one.one.one/
1
ok
, missing X-Content-Type-Options nosniff

0 Bytes




Server-Header Access-Control-Allow-Origin: not found
Cross-Origin Resource Sharing (CORS) not supported



meta
og:video
https://1.1.1.1/media/open-graph.mp4
302
https://one.one.one.one/media/open-graph.mp4
1
ok
, missing X-Content-Type-Options nosniff

0 Bytes




Server-Header Access-Control-Allow-Origin: not found
Cross-Origin Resource Sharing (CORS) not supported



meta
X-UA-Compatible
IE=edge, chrome=1


1
ok








meta
apple-itunes-app
app-id=1423538627


1
ok








meta
author
1.1.1.1


1
ok








meta
description
Install the free app that makes your phone’s Internet more fast, private, and reliable.


1
ok








meta
generator
1.1.1.1


1
ok








meta
og:description
Install the free app that makes your phone’s Internet more fast, private, and reliable.


1
ok








meta
twitter:card
summary_large_image


1
ok








meta
twitter:creator
@Cloudflare


1
ok








meta
twitter:description
Install the free app that makes your phone’s Internet more fast, private, and reliable.


1
ok








meta
twitter:image
https://1.1.1.1/media/social-share.png
302
https://one.one.one.one/media/social-share.png
1
ok
, missing X-Content-Type-Options nosniff

0 Bytes




Server-Header Access-Control-Allow-Origin: not found
Cross-Origin Resource Sharing (CORS) not supported



meta
twitter:site
@Cloudflare


1
ok








meta
twitter:title
1.1.1.1 — The free app that makes your Internet faster.


2
ok








meta
viewport
initial-scale=1, width=device-width


1
ok








script
src
/site-c58cb85ce829b35a363c.js
200

1
ok
Missing defer / async attribute. application/javascript, X-Content-Type-Options nosniff found

Cache-Control: public, must-revalidate, max-age=0 - max-age too short.
GZip: 63789/94855 Bytes




local SRI possible, possible hash-values:

sha256-7LfW+YOL1dMXvH+IlR1R6SbS2ho+/M6SahbedypU79A=
sha384-oUEafgtf3n7EjNg6iISo23MDq3jBvBuqnUDBC17x9vT9ykBsDphkvYt/O3iO1eZp
sha512-9hvRJDmAV5PhGsioa088Z5ldvIWD5Br7cuvneQAQhLrhgzsvnUjtdWEXigGfS4keeH0BLwlaZEvb7aVypvZsDQ==

<script src="/site-c58cb85ce829b35a363c.js" crossorigin="anonymous" integrity="sha256-7LfW+YOL1dMXvH+IlR1R6SbS2ho+/M6SahbedypU79A=" />




12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:


No NameServer - IP address - Informations found


13. CAA - Entries

No CAA entries found


14. TXT - Entries

No TXT entries found


15. DomainService - Entries

No DomainServiceEntries entries found



16. Cipher Suites

DomainIPPortCipher (OpenSsl / IANA)



Skipped, CDN used or too many ip addresses






17. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.



Permalink: https://check-your-website.server-daten.de/?i=23aaca3b-6c0d-4f66-a440-670500d1f02f


Last Result: https://check-your-website.server-daten.de/?q=[2606:4700:4700::1111] - 2024-04-02 14:00:38


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=[2606:4700:4700::1111]" target="_blank">Check this Site: [2606:4700:4700::1111]</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro