| 1. General Results, most used to calculate the result |
| A | name "77.105.38.187" is ipv4 address, public suffix is not defined
|
| A | Good: All ip addresses are public addresses
|
| A | Good - only one version with Http-Status 200
|
| A | Good: No cookie sent via http.
|
| A | Good: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):2 complete Content-Type - header (4 urls)
|
| http://77.105.38.187/ 77.105.38.187
|
| Url with incomplete Content-Type - header - missing charset
|
| http://77.105.38.187/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 77.105.38.187
|
| Url with incomplete Content-Type - header - missing charset
|
| B | https://77.105.38.187/ 77.105.38.187
|
| Missing HSTS-Header
|
| H | Fatal error: No https - result with http-status 200, no encryption
|
| H | Fatal error: http result with http-status 200, no encryption. Add a redirect http ⇒ https, so every connection is secure. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop.
|
| M | https://77.105.38.187/ 77.105.38.187
|
| Misconfiguration - main pages should never send http status 400 - 499
|
| M | https://77.105.38.187/ 77.105.38.187
|
| Misconfiguration - main pages should never send http status 400 - 499
|
| N | https://77.105.38.187/ 77.105.38.187
|
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
| N | https://77.105.38.187/ 77.105.38.187
|
| Error - Certificate isn't trusted, RemoteCertificateNameMismatch
|
| B | No _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.77.105.38.187
|
| 2. Header-Checks |
| F | 77.105.38.187 77.105.38.187
| Content-Security-Policy
| Critical: Missing Header:
|
| F | 77.105.38.187 77.105.38.187
| X-Content-Type-Options
| Critical: Missing Header:
|
| F | 77.105.38.187 77.105.38.187
| Referrer-Policy
| Critical: Missing Header:
|
| F | 77.105.38.187 77.105.38.187
| Permissions-Policy
| Critical: Missing Header:
|
| B | 77.105.38.187 77.105.38.187
| Cross-Origin-Embedder-Policy
| Info: Missing Header
|
| B | 77.105.38.187 77.105.38.187
| Cross-Origin-Opener-Policy
| Info: Missing Header
|
| B | 77.105.38.187 77.105.38.187
| Cross-Origin-Resource-Policy
| Info: Missing Header
|
| 3. DNS- and NameServer - Checks |
| 4. Content- and Performance-critical Checks |
| A | Good: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
|
| A | Good: All images with internal compression not compressed. Some Images (.png, .jpg, .jpeg, .webp, .gif) are already compressed, so an additional compression isn't helpful. 1 images (type image/png, image/jpg) found without additional GZip. Not required because these images are already compressed
|
| Warning: Images with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 2 image files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 2 complete.
|
| A | Good: All checked attribute values are enclosed in quotation marks (" or ').
|
| A | Good: Some img-elements have a valid alt-attribute.: 2 img-elements found, 1 img-elements with correct alt-attributes (defined, not an empty value).
|
| Wrong: img-elements without alt-attribute or empty alt-attribute found. The alt-attribute ("alternative") is required and should describe the img. So Screenreader and search engines are able to use these informations.: 1 img-elements without alt-attribute, 0 img-elements with empty alt-attribute found.
|
| A | Duration: 55934 milliseconds, 55.934 seconds
|
%22%20style=%22background-color:rgb(255,255,255)%22%3e%3c/svg%3e)