Check DNS, Urls + Redirects, Certificates and Content of your Website

...

skip EDNS-Check

skip Content-Check

check links

old / weak connection

Checked:
10.01.2025 13:58:49

Older results

O - 19.09.2024 19:24:38

O - 16.09.2024 01:29:26

O - 13.09.2024 21:31:07

X - 17.04.2024 12:14:29

O - 09.03.2024 13:09:49

O - 28.02.2024 12:56:11

X - 24.02.2024 13:46:47

O - 24.02.2024 10:35:09

O - 15.12.2023 16:50:23

O - 08.06.2023 15:15:20

1. IP-Addresses

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
cia.gov	A	23.207.8.62 Piscataway/New Jersey/United States (US) - Akamai Technologies, Inc. Hostname: a23-207-8-62.deploy.static.akamaitechnologies.com	yes	1	0
	AAAA	2600:141b:f000:181::184d Edison/New Jersey/United States (US) - Akamai International B.V.	yes
	AAAA	2600:141b:f000:1a5::184d Edison/New Jersey/United States (US) - Akamai International B.V.	yes
www.cia.gov	CNAME	www.cia.gov.edgekey.net	yes	1	0
	CNAME	e6221.dscna.akamaiedge.net	yes
www.cia.gov	A	23.201.180.249 Secaucus/New Jersey/United States (US) - Akamai Technologies No Hostname found	no
*.cia.gov	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes

2. DNSSEC

Zone (*)	DNSSEC - Informations

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 26470, Flags 256


	Public Key with Algorithm 8, KeyTag 61050, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.01.2025, 00:00:00 +, Signature-Inception: 01.01.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: gov
gov	1 DS RR in the parent zone found


	DS with Algorithm 13, KeyTag 2536, DigestType 2 and Digest C68mt7vzE6hZBG/Tse5J3fujOTTPs+cXwh4qKTXC8lk=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner gov., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 05:00:00 +, Signature-Inception: 10.01.2025, 04:00:00 +, KeyTag 26470, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26470 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 13, KeyTag 2536, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 13, KeyTag 35496, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner gov., Algorithm: 13, 1 Labels, original TTL: 3600 sec, Signature-expiration: 06.03.2025, 11:05:46 +, Signature-Inception: 04.01.2025, 11:05:46 +, KeyTag 2536, Signer-Name: gov


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2536 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2536, DigestType 2 and Digest "C68mt7vzE6hZBG/Tse5J3fujOTTPs+cXwh4qKTXC8lk=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: cia.gov
cia.gov	2 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 25534, DigestType 2 and Digest T26fiGpkmXYSfTpHRhCMJGHi2RmPHSTIac/Z6R4s9bM=


	DS with Algorithm 8, KeyTag 62599, DigestType 2 and Digest 5RrlQBjkFhn5cHalbJadEKcbTQBQ2/Hmq43i+M8COuU=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner cia.gov., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 11.01.2025, 13:58:57 +, Signature-Inception: 09.01.2025, 11:58:57 +, KeyTag 35496, Signer-Name: gov


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 35496 used to validate the DS RRSet in the parent zone


	4 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20734, Flags 256


	Public Key with Algorithm 8, KeyTag 24358, Flags 256


	Public Key with Algorithm 8, KeyTag 48959, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 62599, Flags 257 (SEP = Secure Entry Point)


	2 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 48959, Signer-Name: cia.gov


	RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 62599, Signer-Name: cia.gov


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 48959 used to validate the DNSKEY RRSet


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 62599 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 62599, DigestType 2 and Digest "5RrlQBjkFhn5cHalbJadEKcbTQBQ2/Hmq43i+M8COuU=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	RRSIG Type 1 validates the A - Result: 23.207.8.62 Validated: RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 20 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov


	RRSIG Type 16 validates the TXT - Result: v=spf1 mx -all Validated: RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov


	RRSIG Type 28 validates the AAAA - Result: 2600:141B:F000:0181:0000:0000:0000:184D 2600:141B:F000:01A5:0000:0000:0000:184D Validated: RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 20 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov


	RRSIG Type 257 validates the CAA - Result: 5\|iodefmailto:caanotices@uce.cia.gov 5\|issuedigicert.com Validated: RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 1800 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov


	CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "vbvtihccf48lla86u4fv7ljf5vjmh4jb" equal the hashed NSEC3-owner "vbvtihccf48lla86u4fv7ljf5vjmh4jb" and the hashed NextOwner "0fbeppk5ciddcm0mb7g2626ebk3ldclf". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner vbvtihccf48lla86u4fv7ljf5vjmh4jb.cia.gov., Algorithm: 8, 3 Labels, original TTL: 14400 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov


	Status: Good. NoData-Proof required and found.


	TLSA-Query (_443._tcp.cia.gov) sends a valid NSEC3 RR as result with the hashed owner name "vbvtihccf48lla86u4fv7ljf5vjmh4jb" (unhashed: cia.gov). So that's the Closest Encloser of the query name. Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner vbvtihccf48lla86u4fv7ljf5vjmh4jb.cia.gov., Algorithm: 8, 3 Labels, original TTL: 14400 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "5usn7f1lp8msbbh5m7092jljvojnmltr" (unhashed: _tcp.cia.gov) with the owner "5s90q1hdc1geqrgsqoh4g0l2vmiil9oh" and the NextOwner "5vb8gbt76fbvkm6m5se493lumueum6ca". So that NSEC3 confirms the not-existence of the Next Closer Name. Bitmap: A, RRSIG Validated: RRSIG-Owner 5s90q1hdc1geqrgsqoh4g0l2vmiil9oh.cia.gov., Algorithm: 8, 3 Labels, original TTL: 14400 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "q13hfn7cai6aefchhdqo133fs8km2qv5" (unhashed: *.cia.gov) with the owner "p5q8609o7h8q64s1lue3lthekc4g6apd" and the NextOwner "qb31ib9okhpae04gt6vktgg5nkku6cqj". So that NSEC3 confirms the not-existence of the Wildcard expansion. Bitmap: A, RRSIG Validated: RRSIG-Owner p5q8609o7h8q64s1lue3lthekc4g6apd.cia.gov., Algorithm: 8, 3 Labels, original TTL: 14400 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov


	Status: Good. NXDomain-Proof required and found.

Zone: www.cia.gov
www.cia.gov	0 DS RR in the parent zone found


	RRSIG Type 5 validates the CNAME - Result: www.cia.gov.edgekey.net Validated: RRSIG-Owner www.cia.gov., Algorithm: 8, 3 Labels, original TTL: 14400 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 26470, Flags 256


	Public Key with Algorithm 8, KeyTag 61050, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.01.2025, 00:00:00 +, Signature-Inception: 01.01.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: net
net	1 DS RR in the parent zone found


	DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 05:00:00 +, Signature-Inception: 10.01.2025, 04:00:00 +, KeyTag 26470, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26470 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 13, KeyTag 31059, Flags 256


	Public Key with Algorithm 13, KeyTag 37331, Flags 257 (SEP = Secure Entry Point)


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner net., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 17.01.2025, 15:10:35 +, Signature-Inception: 02.01.2025, 15:05:35 +, KeyTag 37331, Signer-Name: net


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 37331 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest "LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: edgekey.net
edgekey.net	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "2a0amkj9v4j641a6apq195g5diut3cbc" between the hashed NSEC3-owner "2a0963gvltddogkcji3eujginncdime3" and the hashed NextOwner "2a0dj5vpi8s7nqvoi1idabi5tt0jc7g7". So the parent zone confirmes the not-existence of a DS RR. Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 2a0963gvltddogkcji3eujginncdime3.net., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 15.01.2025, 03:09:56 +, Signature-Inception: 08.01.2025, 01:59:56 +, KeyTag 31059, Signer-Name: net


	DS-Query in the parent zone sends valid NSEC3 RR with the Hash "a1rt98bs5qgc9nfi51s9hci47uljg6jh" as Owner. That's the Hash of "net" with the NextHashedOwnerName "a1rtlnpgulogn7b9a62shje1u3ttp8dr". So that domain name is the Closest Encloser of "edgekey.net". Opt-Out: True. Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner a1rt98bs5qgc9nfi51s9hci47uljg6jh.net., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 15.01.2025, 03:05:20 +, Signature-Inception: 08.01.2025, 01:55:20 +, KeyTag 31059, Signer-Name: net


	0 DNSKEY RR found




Zone: gov.edgekey.net
gov.edgekey.net	0 DS RR in the parent zone found


	0 DNSKEY RR found




Zone: cia.gov.edgekey.net
cia.gov.edgekey.net	0 DS RR in the parent zone found


	0 DNSKEY RR found




Zone: www.cia.gov.edgekey.net
www.cia.gov.edgekey.net	0 DS RR in the parent zone found

3. Name Servers

Domain	Nameserver	NS-IP
cia.gov	• a1-22.akam.net	193.108.91.22 Seattle/Washington/United States (US) - Akamai International B.V.	•
	•	2600:1401:2::16 Seattle/Washington/United States (US) - Akamai International B.V.	•
	• a12-65.akam.net	184.26.160.65 Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.	•
	•	2600:1480:f000::41 Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.	•
	• a13-65.akam.net	2.22.230.65 Madrid/Spain (ES) - Akamai Technologies	•
	•	2600:1480:800::41 Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.	•
	• a16-67.akam.net	23.211.132.67 Milan/Lombardy/Italy (IT) - Akamai International, BV	•
	•	2600:1406:1b::43 Milan/Lombardy/Italy (IT) - Akamai International B.V.	•
	• a22-66.akam.net	23.211.61.66 Cambridge/Massachusetts/United States (US) - Akamai International B.V.	•
	•	2600:1480:7800::42 Miami/Florida/United States (US) - Akamai International B.V.	•
	• a3-64.akam.net	96.7.49.64 Cambridge/Massachusetts/United States (US) - Akamai International B.V.	•
	•	2600:1408:1c::40 Springfield/Illinois/United States (US) - Akamai International B.V.	•
gov	• a.ns.gov / 520m156		•
	• b.ns.gov / 556m146		•
	• c.ns.gov / 520m160		•
	• d.ns.gov / 20m713		•

cia.gov.edgekey.net	• ns1-2.akamai.com
gov.edgekey.net	• ns1-2.akamai.com
edgekey.net	• a10-66.akam.net	96.7.50.66 Cambridge/Massachusetts/United States (US) - Akamai International B.V.	•
	•	2600:1480:d000::42 Los Angeles/California/United States (US) - Akamai International B.V.	•
	• a11-65.akam.net	84.53.139.65 Sterling/Virginia/United States (US) - Akamai Technologies	•
	•	2600:1480:1::41 Learmonth/Western Australia/Australia (AU) - Akamai International B.V.	•
	• a12-65.akam.net	184.26.160.65 Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.	•
	•	2600:1480:f000::41 Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.	•
	• a13-65.akam.net	2.22.230.65 Madrid/Spain (ES) - Akamai Technologies	•
	•	2600:1480:800::41 Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.	•
	• a1-66.akam.net	193.108.91.66 Seattle/Washington/United States (US) - Akamai International B.V.	•
	•	2600:1401:2::42 Seattle/Washington/United States (US) - Akamai International B.V.	•
	• a16-65.akam.net	23.211.132.65 Milan/Lombardy/Italy (IT) - Akamai International, BV	•
	•	2600:1406:1b::41 Milan/Lombardy/Italy (IT) - Akamai International B.V.	•
	• a18-65.akam.net	95.101.36.65 London/England/United Kingdom (GB) - Akamai Technologies	•
	•	2600:1480:4800::41 Cambridge/Massachusetts/United States (US) - Akamai International B.V.	•
	• a28-65.akam.net	95.100.173.65 London/England/United Kingdom (GB) - Akamai Technologies	•
	•	2600:1480:d800::41 Cambridge/Massachusetts/United States (US) - Akamai International B.V.	•
	• a3-65.akam.net	96.7.49.65 Cambridge/Massachusetts/United States (US) - Akamai International B.V.	•
	•	2600:1408:1c::41 Springfield/Illinois/United States (US) - Akamai International B.V.	•
	• a5-65.akam.net	95.100.168.65 Milan/Lombardy/Italy (IT) - Akamai Technologies	•
	•	2600:1480:b000::41 Washington/District of Columbia/United States (US) - Akamai International B.V.	•
	• a6-65.akam.net	23.211.133.65 Washington/District of Columbia/United States (US) - Akamai International B.V.	•
	•	2600:1401:1::41 Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.	•
	• a7-64.akam.net	23.61.199.64 Cambridge/Massachusetts/United States (US) - Akamai International B.V.	•
	•	2600:1406:32::40 San Jose/California/United States (US) - Akamai International B.V.	•
	• a9-65.akam.net	184.85.248.65 Amsterdam/North Holland/The Netherlands (NL) - Akamai International B.V.	•
	•	2a02:26f0:117::41 Cambridge/Massachusetts/United States (US) - Akamai International B.V	•
	• adns1.akam.net	96.7.50.66 Cambridge/Massachusetts/United States (US) - Akamai International B.V.	•
	• ns1-2.akam.net	193.108.91.2 Seattle/Washington/United States (US) - Akamai International B.V.	•
	•	2600:1401:2::2 Seattle/Washington/United States (US) - Akamai International B.V.	•
	• ns1-2.akamai.com
	• usw6.akam.net	23.61.199.64 Cambridge/Massachusetts/United States (US) - Akamai International B.V.	•
net	• a.gtld-servers.net / nnn1-defra-5		•
	• b.gtld-servers.net / nnn1-elwaw4		•
	• c.gtld-servers.net / nnn1-par6		•
	• d.gtld-servers.net / nnn1-defra-5		•
	• e.gtld-servers.net / nnn1-defra-5		•
	• f.gtld-servers.net / nnn1-defra-4		•
	• g.gtld-servers.net / nnn1-defra-4		•
	• h.gtld-servers.net / nnn1-defra-4		•
	• i.gtld-servers.net / nnn1-defra-4		•
	• j.gtld-servers.net / nnn1-frmrs-2		•
	• k.gtld-servers.net / nnn1-frmrs-2		•
	• l.gtld-servers.net / nnn1-nlams-2e		•
	• m.gtld-servers.net / nnn1-ein2		•

4. SOA-Entries

Domain:	gov
Zone-Name:	gov
Primary:	a.ns.gov
Mail:	dns.cloudflare.com
Serial:	1736513701
Refresh:	3600
Retry:	900
Expire:	604800
TTL:	300
num Entries:	4

Domain:	cia.gov
Zone-Name:	cia.gov
Primary:	a1-22.akam.net
Mail:	monrpt.cia.gov
Serial:	2015111800
Refresh:	7200
Retry:	3600
Expire:	2419200
TTL:	14400
num Entries:	12


Domain:	net
Zone-Name:	net
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1736513917
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	900
num Entries:	8

Domain:	net
Zone-Name:	net
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1736513932
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	900
num Entries:	5

Domain:	edgekey.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	1

Domain:	edgekey.net
Zone-Name:	edgekey.net
Primary:	ns1-2.akamai.com
Mail:	hostmaster.akamai.com
Serial:	1579386911
Refresh:	900
Retry:	300
Expire:	604800
TTL:	180
num Entries:	30

Domain:	gov.edgekey.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	1

Domain:	cia.gov.edgekey.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	1

5. Screenshots

Startaddress: https://www.cia.gov/, address used: https://www.cia.gov/, Screenshot created 2025-01-10 14:09:39 +00:0

Mobil (412px x 732px)

1040 milliseconds

Screenshot mobile - https://www.cia.gov/

Mobil + Landscape (732px x 412px)

1055 milliseconds

Screenshot mobile landscape - https://www.cia.gov/

Screen (1280px x 1680px)

1132 milliseconds

Screenshot Desktop - https://www.cia.gov/

Mobile- and other Chrome-Checks

	width	height
visual Viewport	412	732
content Size	412	732

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

6. Url-Checks

show header:

Domainname	Http-Status	redirect	Sec.	G
• http://cia.gov/ 23.207.8.62	301	https://cia.gov/	0.200	A
Server: AkamaiGHost
Location: https://cia.gov/
Date: Fri, 10 Jan 2025 13:02:40 GMT
Connection: keep-alive
Content-Length: 0

• http://cia.gov/ 2600:141b:f000:181::184d	301	https://cia.gov/	0.203	A
Server: AkamaiGHost
Location: https://cia.gov/
Date: Fri, 10 Jan 2025 13:02:40 GMT
Connection: keep-alive
Content-Length: 0

• http://cia.gov/ 2600:141b:f000:1a5::184d	301	https://cia.gov/	0.206	A
Server: AkamaiGHost
Location: https://cia.gov/
Date: Fri, 10 Jan 2025 13:02:40 GMT
Connection: keep-alive
Content-Length: 0

• http://www.cia.gov/ 23.201.180.249	301	https://www.cia.gov/	0.203	A
Server: AkamaiGHost
Location: https://www.cia.gov/
Date: Fri, 10 Jan 2025 13:02:40 GMT
Connection: keep-alive
Content-Length: 0

• https://cia.gov/ 23.207.8.62	301	https://www.cia.gov/	4.923	B
Location: https://www.cia.gov/
Date: Fri, 10 Jan 2025 13:02:41 GMT
Connection: keep-alive
Set-Cookie: _session_=FB679AE9BEECE5B8D3BB60065C4421B4; path=/; domain=cia.gov; secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Length: 0

• https://cia.gov/ 2600:141b:f000:181::184d	301	https://www.cia.gov/	4.737	B
Location: https://www.cia.gov/
Date: Fri, 10 Jan 2025 13:02:47 GMT
Connection: keep-alive
Set-Cookie: _session_=760F55A428411910D3AFD07027F5B984; path=/; domain=cia.gov; secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Length: 0

• https://cia.gov/ 2600:141b:f000:1a5::184d	301	https://www.cia.gov/	4.707	B
Location: https://www.cia.gov/
Date: Fri, 10 Jan 2025 13:02:52 GMT
Connection: keep-alive
Set-Cookie: _session_=997758DCAA6C3BEB54EF072580EC65DF; path=/; domain=cia.gov; secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Length: 0

• https://www.cia.gov/ 23.201.180.249 gzip used - 56073 / 369882 - 84.84 % Inline-JavaScript (∑/total): 3/1024 Inline-CSS (∑/total): 4/310540	200	Html is minified: 631.70 % Other inline scripts (∑/total): 2/1176	5.800	I
Accept-Ranges: bytes
ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
Vary: Accept-Encoding
X-Akamai-Transformed: 9 55987 0 pmb=mNONE,1
Date: Fri, 10 Jan 2025 13:02:58 GMT
Connection: keep-alive
Set-Cookie: _session_=1D00DB5D0E9557AAB31754DEA0C8A0D9; path=/; domain=cia.gov; secure; HttpOnly
ID: f0L5Q7YDhtnMIIk6nUpV3rP7UHImHBgvna7O3Qe3/WDycIg3eX2sof+qaLqKPGie
SESSION: eMSWoKzEhtOM4oeFvWfRVNnblxkQt+hNVrCzwBIc2QJ7ThBhAbYI+L7jqnUTPMvRGJlFLOwuXciGs2U9H1fheg==
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: text/html
Last-Modified: Wed, 08 Jan 2025 17:25:30 GMT
Content-Encoding: gzip
Content-Length: 56073

• http://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 23.207.8.62	301	https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.267	A
Visible Content:
Server: AkamaiGHost
Location: https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 10 Jan 2025 13:03:05 GMT
Connection: keep-alive
Content-Length: 0

• http://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2600:141b:f000:181::184d	301	https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.557	A
Visible Content:
Server: AkamaiGHost
Location: https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 10 Jan 2025 13:03:07 GMT
Connection: keep-alive
Content-Length: 0

• http://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2600:141b:f000:1a5::184d	301	https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.110	A
Visible Content:
Server: AkamaiGHost
Location: https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 10 Jan 2025 13:03:08 GMT
Connection: keep-alive
Content-Length: 0

• http://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 23.201.180.249	301	https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.383	A
Visible Content:
Server: AkamaiGHost
Location: https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 10 Jan 2025 13:03:09 GMT
Connection: keep-alive
Content-Length: 0

• https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	301	https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	6.040	B
Visible Content:
Location: https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 10 Jan 2025 13:03:34 GMT
Connection: keep-alive
Set-Cookie: _session_=44208D43A1A2C31CC610F3C80C5C2AB6; path=/; domain=cia.gov; secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Length: 0

• https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de gzip used - 53531 / 351544 - 84.77 % Inline-JavaScript (∑/total): 3/1028 Inline-CSS (∑/total): 4/310432	404	Html is minified: 871.56 % Other inline scripts (∑/total): 1/567	7.014	A
Not Found
Visible Content:
Accept-Ranges: bytes
ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
Vary: Accept-Encoding
X-Akamai-Transformed: 9 53442 0 pmb=mNONE,1
Date: Fri, 10 Jan 2025 13:03:42 GMT
Connection: keep-alive
ID: nT2z370BbxW1olR2+jvBAFKhI+OONphuBQrmTyRorYFZquLeaivjhdUXeEZC6wvb
SESSION: vj5XAqNj+t2Z8GSUKb6UKIkxyayvBObIh0On6ZrguvsPq8WNETpDr61A4OpRX5Iu+5FHAdDQxXrU7w8QrnvpbQ==
Cache-Control: no-store, no-cache, max-age=0
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: text/html
Last-Modified: Wed, 08 Jan 2025 17:25:30 GMT
Content-Encoding: gzip
Content-Length: 53531

• https://23.207.8.62/ 23.207.8.62	400	Html is minified: 101.64 %	4.820	N
Bad Request
Certificate error: RemoteCertificateNameMismatch
Server: AkamaiGHost
Mime-Version: 1.0
Date: Fri, 10 Jan 2025 13:03:11 GMT
Connection: close
Content-Type: text/html
Content-Length: 310
Expires: Fri, 10 Jan 2025 13:03:11 GMT

• https://23.201.180.249/ 23.201.180.249	400	Html is minified: 101.63 %	5.113	N
Bad Request
Certificate error: RemoteCertificateNameMismatch
Server: AkamaiGHost
Mime-Version: 1.0
Date: Fri, 10 Jan 2025 13:03:27 GMT
Connection: close
Content-Type: text/html
Content-Length: 312
Expires: Fri, 10 Jan 2025 13:03:27 GMT

• https://[2600:141b:f000:0181:0000:0000:0000:184d]/ 2600:141b:f000:181::184d	400	Html is minified: 101.65 %	4.700	N
Bad Request
Certificate error: RemoteCertificateNameMismatch
Server: AkamaiGHost
Mime-Version: 1.0
Date: Fri, 10 Jan 2025 13:03:16 GMT
Connection: close
Content-Type: text/html
Content-Length: 308
Expires: Fri, 10 Jan 2025 13:03:16 GMT

• https://[2600:141b:f000:01a5:0000:0000:0000:184d]/ 2600:141b:f000:1a5::184d	400	Html is minified: 101.65 %	4.684	N
Bad Request
Certificate error: RemoteCertificateNameMismatch
Server: AkamaiGHost
Mime-Version: 1.0
Date: Fri, 10 Jan 2025 13:03:22 GMT
Connection: close
Content-Type: text/html
Content-Length: 308
Expires: Fri, 10 Jan 2025 13:03:22 GMT

7. Comments

	1. General Results, most used to calculate the result
A	name "cia.gov" is domain, public suffix is ".gov", top-level-domain is ".gov", top-level-domain-type is "sponsored", tld-manager is "General Services Administration Attn: QTDC, 2E08 (.gov Domain Registration)", num .gov-domains preloaded: 5110 (complete: 263653)
A	Good: All ip addresses are public addresses
A	Good: Minimal 2 ip addresses per domain name found: cia.gov has 3 different ip addresses (authoritative).
A	Good: Ipv4 and Ipv6 addresses per domain name found: cia.gov has 1 ipv4, 2 ipv6 addresses
A	Good: No asked Authoritative Name Server had a timeout
A	Good: destination is https
A	Good - only one version with Http-Status 200
A	Good: one preferred version: www is preferred
A	Good: No cookie sent via http.
A	Good: every cookie sent via https is marked as secure
A	Good: HSTS has preload directive
A	Excellent: Domain is in the Google-Preload-List
A	Excellent: Domain is in the Mozilla/Firefox-Preload-List
A	HSTS-Preload-Status: Preloaded. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
A	Good: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):0 complete Content-Type - header (2 urls)
	https://www.cia.gov/ 23.201.180.249			Url with incomplete Content-Type - header - missing charset
	https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de			Url with incomplete Content-Type - header - missing charset
A	http://cia.gov/ 23.207.8.62	301	https://cia.gov/	Correct redirect http - https with the same domain name
A	http://cia.gov/ 2600:141b:f000:181::184d	301	https://cia.gov/	Correct redirect http - https with the same domain name
A	http://cia.gov/ 2600:141b:f000:1a5::184d	301	https://cia.gov/	Correct redirect http - https with the same domain name
A	http://www.cia.gov/ 23.201.180.249	301	https://www.cia.gov/	Correct redirect http - https with the same domain name
B	https://cia.gov/ 23.207.8.62	301	_session_=FB679AE9BEECE5B8D3BB60065C4421B4; path=/; domain=cia.gov; secure; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	https://cia.gov/ 2600:141b:f000:181::184d	301	_session_=760F55A428411910D3AFD07027F5B984; path=/; domain=cia.gov; secure; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	https://cia.gov/ 2600:141b:f000:1a5::184d	301	_session_=997758DCAA6C3BEB54EF072580EC65DF; path=/; domain=cia.gov; secure; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	https://www.cia.gov/ 23.201.180.249	200	_session_=1D00DB5D0E9557AAB31754DEA0C8A0D9; path=/; domain=cia.gov; secure; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
B	https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	301	_session_=44208D43A1A2C31CC610F3C80C5C2AB6; path=/; domain=cia.gov; secure; HttpOnly	Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
I	https://www.cia.gov/ 23.201.180.249	200		Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
I	https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404		Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
M	https://23.207.8.62/ 23.207.8.62	400		Misconfiguration - main pages should never send http status 400 - 499
M	https://[2600:141b:f000:0181:0000:0000:0000:184d]/ 2600:141b:f000:181::184d	400		Misconfiguration - main pages should never send http status 400 - 499
M	https://[2600:141b:f000:01a5:0000:0000:0000:184d]/ 2600:141b:f000:1a5::184d	400		Misconfiguration - main pages should never send http status 400 - 499
M	https://23.201.180.249/ 23.201.180.249	400		Misconfiguration - main pages should never send http status 400 - 499
N	https://23.207.8.62/ 23.207.8.62	400		Error - Certificate isn't trusted, RemoteCertificateNameMismatch
N	https://[2600:141b:f000:0181:0000:0000:0000:184d]/ 2600:141b:f000:181::184d	400		Error - Certificate isn't trusted, RemoteCertificateNameMismatch
N	https://[2600:141b:f000:01a5:0000:0000:0000:184d]/ 2600:141b:f000:1a5::184d	400		Error - Certificate isn't trusted, RemoteCertificateNameMismatch
N	https://23.201.180.249/ 23.201.180.249	400		Error - Certificate isn't trusted, RemoteCertificateNameMismatch
O	cia.gov / 23.207.8.62 / 443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	cia.gov / 2600:141b:f000:181::184d / 443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
O	cia.gov / 2600:141b:f000:1a5::184d / 443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain cia.gov, 3 ip addresses.
	Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are the same. So that domain doesn't require Server Name Indication (SNI), it's the primary certificate of that set of ip addresses.: Domain cia.gov, 3 ip addresses, 1 different http results.
B	No _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.cia.gov
	2. Header-Checks
F	www.cia.gov 23.201.180.249	Content-Security-Policy		Critical: Missing Header:
F	www.cia.gov 23.201.180.249	X-Content-Type-Options		Critical: Missing Header:
F	www.cia.gov 23.201.180.249	Referrer-Policy		Critical: Missing Header:
F	www.cia.gov 23.201.180.249	Permissions-Policy		Critical: Missing Header:
B	www.cia.gov 23.201.180.249	Cross-Origin-Embedder-Policy		Info: Missing Header
B	www.cia.gov 23.201.180.249	Cross-Origin-Opener-Policy		Info: Missing Header
B	www.cia.gov 23.201.180.249	Cross-Origin-Resource-Policy		Info: Missing Header
	3. DNS- and NameServer - Checks
A	Info:: 19 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 6 Name Servers.
A	Info:: 19 Queries complete, 19 with IPv6, 0 with IPv4.
A	Good: All DNS Queries done via IPv6.
	Ok (4 - 8):: An average of 3.2 queries per domain name server required to find all ip addresses of all name servers.
A	Info:: 6 different Name Servers found: a1-22.akam.net, a12-65.akam.net, a13-65.akam.net, a16-67.akam.net, a22-66.akam.net, a3-64.akam.net, 6 Name Servers included in Delegation: a1-22.akam.net, a12-65.akam.net, a13-65.akam.net, a16-67.akam.net, a22-66.akam.net, a3-64.akam.net, 6 Name Servers included in 1 Zone definitions: a1-22.akam.net, a12-65.akam.net, a13-65.akam.net, a16-67.akam.net, a22-66.akam.net, a3-64.akam.net, 1 Name Servers listed in SOA.Primary: a1-22.akam.net.
A	Good: Only one SOA.Primary Name Server found.: a1-22.akam.net.
A	Good: SOA.Primary Name Server included in the delegation set.: a1-22.akam.net.
A	Good: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: a1-22.akam.net, a12-65.akam.net, a13-65.akam.net, a16-67.akam.net, a22-66.akam.net, a3-64.akam.net
A	Good: All Name Server Domain Names have a Public Suffix.
A	Good: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
A	Good: All Name Server ip addresses are public.
A	Good: Minimal 2 different name servers (public suffix and public ip address) found: 6 different Name Servers found
A	Good: All name servers have ipv4- and ipv6-addresses.: 6 different Name Servers found
	Warning: All Name Servers have the same Top Level Domain / Public Suffix. If there is a problem with that Top Level Domain, your domain may be affected. Better: Use Name Servers with different top level domains.: 6 Name Servers, 1 Top Level Domain: net
	Warning: All Name Servers have the same domain name. If there is a problem with that domain name (or with the name servers of that domain name), your domain may be affected. Better: Use Name Servers with different domain names / different top level domains.: Only one domain name used: akam.net
A	Good: Name servers with different Country locations found: 6 Name Servers, 4 Countries: DE, ES, IT, US
A	Info: Ipv4-Subnet-list: 6 Name Servers, 5 different subnets (first Byte): 184., 193., 2., 23., 96., 5 different subnets (first two Bytes): 184.26., 193.108., 2.22., 23.211., 96.7., 6 different subnets (first three Bytes): 184.26.160., 193.108.91., 2.22.230., 23.211.132., 23.211.61., 96.7.49.
A	Good: Name Server IPv4-addresses from different subnet found:
A	Info: IPv6-Subnet-list: 6 Name Servers with IPv6, 1 different subnets (first block): 2600:, 4 different subnets (first two blocks): 2600:1401:, 2600:1406:, 2600:1408:, 2600:1480:, 6 different subnets (first three blocks): 2600:1401:0002:, 2600:1406:001b:, 2600:1408:001c:, 2600:1480:0800:, 2600:1480:7800:, 2600:1480:f000:, 6 different subnets (first four blocks): 2600:1401:0002:0000:, 2600:1406:001b:0000:, 2600:1408:001c:0000:, 2600:1480:0800:0000:, 2600:1480:7800:0000:, 2600:1480:f000:0000:
A	Good: Name Server IPv6 addresses from different subnets found.
A	Good: Nameserver supports TCP connections: 12 good Nameserver
A	Good: Nameserver supports Echo Capitalization: 12 good Nameserver
A	Good: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 12 good Nameserver
A	Good: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 12 good Nameserver
	Nameserver doesn't pass all EDNS-Checks: ns1-2.akamai.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: ns1-2.akamai.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
	Nameserver doesn't pass all EDNS-Checks: ns1-2.akamai.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
A	Good: All SOA have the same Serial Number
A	Good: CAA entries found, creating certificate is limited: digicert.com is allowed to create certificates
	4. Content- and Performance-critical Checks
A	Good: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
A	Good: Every https result with status 200 and greater 1024 Bytes is compressed (gzip, deflate, br checked).
	https://www.cia.gov/ 23.201.180.249	200		Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
	https://www.cia.gov/ 23.201.180.249	200		Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
A	Good: Every https connection via port 443 supports the http/2 protocol via ALPN.
	https://www.cia.gov/ 23.201.180.249	200		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 5 script elements without defer/async.
	https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 5 script elements without defer/async.
A	Good: All CSS / JavaScript files are sent compressed (gzip, deflate, br checked). That reduces the content of the files. 8 external CSS / JavaScript files found
A	Good: All images with internal compression not compressed. Some Images (.png, .jpg, .jpeg, .webp, .gif) are already compressed, so an additional compression isn't helpful. 10 images (type image/png, image/jpg, image/jpeg, image/webp, image/gif) found without additional Compression. Not required because these images are already compressed
	Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 6 external CSS / JavaScript files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 4 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 10 complete.
	Warning: Images with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 30 image files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 30 complete.
A	Good: All checked attribute values are enclosed in quotation marks (" or ').
A	Good: Some img-elements have a valid alt-attribute.: 14 img-elements found, 8 img-elements with correct alt-attributes (defined, not an empty value).
	Wrong: img-elements without alt-attribute or empty alt-attribute found. The alt-attribute ("alternative") is required and should describe the img. So Screenreader and search engines are able to use these informations.: 0 img-elements without alt-attribute, 6 img-elements with empty alt-attribute found.
A	Good: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
	https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404	7.014 seconds	Warning: 404 needs more then one second
A	Duration: 656850 milliseconds, 656.850 seconds

8. Connections

Domain

Port

Cert.

Protocol

KeyExchange

Strength

Cipher

Strength

HashAlgorithm

OCSP stapling

Domain/KeyExchange

IP/Strength

Port/Cipher

Cert./Strength

Protocol/HashAlgorithm

OCSP stapling

cia.gov

23.207.8.62

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

cia.gov

23.207.8.62

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

http/2 via ALPN supported
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia
	2	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

cia.gov

2600:141b:f000:181::184d

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

cia.gov

2600:141b:f000:181::184d

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

http/2 via ALPN supported
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia
	2	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

cia.gov

2600:141b:f000:1a5::184d

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

cia.gov

2600:141b:f000:1a5::184d

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

http/2 via ALPN supported
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia
	2	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

www.cia.gov

23.201.180.249

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

www.cia.gov

23.201.180.249

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

http/2 via ALPN supported
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported
No SNI required - domain included in main certificate

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia
	2	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

cia.gov

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

cia.gov

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia
	2	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

www.cia.gov

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

www.cia.gov

443

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia
	2	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

23.207.8.62

443

name does not match

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

23.207.8.62

443

name does not match

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia
	2	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

23.201.180.249

443

name does not match

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

23.201.180.249

443

name does not match

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia
	2	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

[2600:141b:f000:0181:0000:0000:0000:184d]

2600:141b:f000:181::184d

443

name does not match

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

[2600:141b:f000:0181:0000:0000:0000:184d]

2600:141b:f000:181::184d

443

name does not match

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia
	2	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

[2600:141b:f000:01a5:0000:0000:0000:184d]

2600:141b:f000:1a5::184d

443

name does not match

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

[2600:141b:f000:01a5:0000:0000:0000:184d]

2600:141b:f000:1a5::184d

443

name does not match

Tls12

ECDH Ephermal

256

Aes256

256

Sha384

supported

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

no http/2 via ALPN
Cert sent without SNI

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia
	2	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

9. Certificates

CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, S=Virginia, C=US, SERIALNUMBER=Government Entity, OID.2.5.4.15=Government Entity, OID.1.3.6.1.4.1.311.60.2.1.3=US

22.03.2024

23.04.2025
78 days expired

www.cia.gov, cia.gov - 2 entries

CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, S=Virginia, C=US, SERIALNUMBER=Government Entity, OID.2.5.4.15=Government Entity, OID.1.3.6.1.4.1.311.60.2.1.3=US

22.03.2024

23.04.2025
78 days expired

www.cia.gov, cia.gov - 2 entries

Keyalgorithm	EC Public Key (256 bit, prime256v1)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	09FCEF03D1BD3202878992ED4846F413
Thumbprint:	08F80792A3622F4C78755106E1B55F44758A6148
SHA256 / Certificate:	Qy/7BnW5G75RWhfo1ZBBT2vfESAzzymqEJCyMV4VAAU=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	cdbf2dd7986ca5f3b8106022bb06ae58cbcb1261978f593fe8e5a3594db221df
SHA256 hex / Subject Public Key Information (SPKI):	cdbf2dd7986ca5f3b8106022bb06ae58cbcb1261978f593fe8e5a3594db221df (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

02.07.2020

02.07.2030
expires in 1818 days

CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

02.07.2020

02.07.2030
expires in 1818 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	01678F1FEF882255D8B0A70E6B7BB220
Thumbprint:	090A16F9BA16001B2EC130F80523E5B5EB259158
SHA256 / Certificate:	lYjvdBmeRazvzM/AxHAQ6fKjeh3UTGGk4cazNNpa9hQ=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	c3d23c5aba47af56004b40ee82f2c6b2b23d566d72124640ca594ac5e9975dfe
SHA256 hex / Subject Public Key Information (SPKI):	c3d23c5aba47af56004b40ee82f2c6b2b23d566d72124640ca594ac5e9975dfe
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.digicert.com
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

01.08.2013

15.01.2038
expires in 4572 days

CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

01.08.2013

15.01.2038
expires in 4572 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	033AF1E6A711A9A0BB2864B11D09FAE5
Thumbprint:	DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA256 / Certificate:	yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=
SHA256 hex / Cert (DANE * 0 1):	cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA256 hex / PublicKey (DANE * 1 1):	8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):	8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuer				last 7 days	active	num Certs
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US				0	0	7

CertSpotter-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
7009730856 precert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2024-03-26 00:00:00	2025-04-26 23:59:59	cia.gov, www.cia.gov - 2 entries
6984874670 precert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2024-03-22 00:00:00	2025-04-22 23:59:59	www.cia.gov - 1 entries
6984874618 precert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2024-03-22 00:00:00	2025-04-22 23:59:59	cia.gov, www.cia.gov - 2 entries
6984874636 precert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2024-03-22 00:00:00	2025-04-22 23:59:59	cia.gov, www.cia.gov - 2 entries
6984874875 precert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2024-03-22 00:00:00	2025-04-22 23:59:59	cia.gov, www.cia.gov - 2 entries
5018646537 leaf cert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2023-03-30 00:00:00	2024-03-29 23:59:59	cia.gov, www.cia.gov - 2 entries
5018935334 precert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2023-03-30 00:00:00	2024-04-29 23:59:59	www.cia.gov - 1 entries

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuer				last 7 days	active	num Certs
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US				0	0	7

CRT-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
12496722130 precert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2024-03-25 23:00:00	2025-04-26 21:59:59	cia.gov, www.cia.gov 2 entries
12474350248 precert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2024-03-21 23:00:00	2025-04-22 21:59:59	www.cia.gov 1 entries
12474350005 precert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2024-03-21 23:00:00	2025-04-22 21:59:59	cia.gov, www.cia.gov 2 entries
12474350007 precert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2024-03-21 23:00:00	2025-04-22 21:59:59	cia.gov, www.cia.gov 2 entries
13001511357 leaf cert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2024-03-21 23:00:00	2025-04-22 21:59:59	cia.gov, www.cia.gov 2 entries
9034197349 leaf cert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2023-03-29 22:00:00	2024-03-29 22:59:59	cia.gov, www.cia.gov 2 entries
9013118100 precert	CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US	2023-03-29 22:00:00	2024-04-29 21:59:59	www.cia.gov 1 entries

11. Html-Content - Entries

Summary

							Subresource Integrity (SRI)
Domainname	HtmlElement	rel/property	∑	∑ size	∑ problems	∑ int.	∑ ext.	∑ Origin poss.	∑ SRI ParseErrors	∑ SRI valid	∑ SRI missing
https://www.cia.gov/ 23.201.180.249	a		83		0			0	0	0
	form		1	53,297 Bytes	0	1	0	0	0	0
	img		5	13,426 Bytes	0	1	0	0	0	0
	link	other	11	705,228 Bytes	0	9	0	0	0	0
	meta	og	4	112,146 Bytes	0	2	0	0	0	0
	meta	twitter	4		1			0	0	0
	meta	other	8		0			0	0	0
	picture		8		8			0	0	0
	script		5	104,434 Bytes	5	5	0	0	0	0
	style		2		0			0	0	0
https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	a		85		0			0	0	0
	form		1	53,297 Bytes	0	1	0	0	0	0
	img		1	13,426 Bytes	0	1	0	0	0	0
	link	other	11	705,228 Bytes	0	9	0	0	0	0
	meta	og	4	107,062 Bytes	2	2	0	0	0	0
	meta	twitter	4		1			0	0	0
	meta	other	8		0			0	0	0
	script		5	104,434 Bytes	5	5	0	0	0	0
	style		2		0			0	0	0

Details (currently limited to 500 rows - some problems with spam users)

Domainname	Html-Element	name/equiv/ property/rel	href/src/content	HttpStatus	∑	Status
https://www.cia.gov/ 23.201.180.249	a		#main-content				1	ok
								ok


	a		/				1	ok
								ok


	a		/about/				3	ok
								ok


	a		/about/director-of-cia/				2	ok
								ok


	a		/about/mission-vision/				2	ok
								ok


	a		/about/organization/				2	ok
								ok


	a		/about/organization/equal-employment-opportunity/elijah-cummings-act				1	ok
								ok


	a		/about/organization/equal-employment-opportunity/no-fear-act				1	ok
								ok


	a		/about/organization/inspector-general				1	ok
								ok


	a		/about/organization/prepublication-classification-review-board/				2	ok
								ok


	a		/about/organization/privacy-and-civil-liberties				1	ok
								ok


	a		/about/organization/privacy-and-civil-liberties/				1	ok
								ok


	a		/careers				1	ok
								ok


	a		/careers/				2	ok
								ok


	a		/careers/accommodations/				1	ok
								ok


	a		/careers/how-we-hire/				2	ok
								ok


	a		/careers/language-opportunities/				1	ok
								ok


	a		/careers/student-programs/				2	ok
								ok


	a		/careers/working-at-cia/benefits/				1	ok
								ok


	a		/careers/working-at-cia/diversity-and-inclusion/				2	ok
								ok


	a		/careers/working-at-cia/diversity-and-inclusion/accessibility/				1	ok
								ok


	a		/careers/working-at-cia/veterans/				1	ok
								ok


	a		/contact-cia				2	ok
								ok


	a		/faqs/				1	ok
								ok


	a		/legacy/				2	ok
								ok


	a		/legacy/cia-history/				1	ok
								ok


	a		/legacy/cia-history/cia-trailblazers/				1	ok
								ok


	a		/legacy/headquarters/				1	ok
								ok


	a		/legacy/memorial-wall/fallen/				1	ok
								ok


	a		/legacy/museum/				2	ok
								ok


	a		/partner-with-cia/				2	ok
								ok


	a		/podcast/the-langley-files				1	ok
								ok


	a		/privacy_policy/				1	ok
								ok


	a		/readingroom/				1	ok
								ok


	a		/report-information				2	ok
								ok


	a		/resources/				1	ok
								ok


	a		/resources/cia-maps/				1	ok
								ok


	a		/resources/csi/				2	ok
								ok


	a		/resources/publications/				1	ok
								ok


	a		/resources/reports/				1	ok
								ok


	a		/resources/world-leaders/				1	ok
								ok


	a		/search				1	ok
								ok


	a		/sitemap				1	ok
								ok


	a		/site-policies				1	ok
								ok


	a		/spy-kids/				1	ok
								ok


	a		/stories/				3	ok
								ok


	a		/stories/press-releases-and-statements/				1	ok
								ok


	a		/stories/speeches-and-transcripts/				1	ok
								ok


	a		/stories/story/ask-molly-cias-mission-centers/				1	ok
								ok


	a		/stories/story/ask-molly-cia-writing-tips/				1	ok
								ok


	a		/stories/story/cias-top-5-stories-of-2024/				1	ok
								ok


	a		/tech/				1	ok
								ok


	a		/the-world-factbook				1	ok
								ok


	a		/the-world-factbook/				2	ok
								ok


	a		https://t.me/s/securelycontactingcia				1	ok
								ok


	a		https://twitter.com/cia				1	ok
								ok


	a		https://www.cia.gov/ehl/				1	ok
								ok


	a		https://www.cia.gov/readingroom/				1	ok
								ok


	a		https://www.facebook.com/Central.Intelligence.Agency				1	ok
								ok


	a		https://www.flickr.com/ciagov				1	ok
								ok


	a		https://www.instagram.com/cia				1	ok
								ok


	a		https://www.linkedin.com/company/central-intelligence-agency				1	ok
								ok


	a		https://www.usa.gov/				1	ok
								ok


	a		https://www.youtube.com/cia				1	ok
								ok


	form	get	/search		200		1	ok
				text/html missing X-Content-Type-Options nosniff				ok
				53297 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	img	src	/static/CIA-Seal-BW@2x@2x-bd6f6da4ab65dc1fe7aeb76fe043f66f.png		200		1	ok
	alt: Agency Logo			image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 13426 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	img	src	data:image/svg+xml;charset=utf-8,%3Csvg%20height='155'%20width='95'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E Image:				1	ok
	no alt-Attribute							ok


	img	src	data:image/svg+xml;charset=utf-8,%3Csvg%20height='650'%20width='570'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E Image:				1	ok
	no alt-Attribute							ok


	img	src	data:image/svg+xml;charset=utf-8,%3Csvg%20height='780'%20width='780'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E Image:				1	ok
	no alt-Attribute							ok


	img	src	data:image/svg+xml;charset=utf-8,%3Csvg%20height='879'%20width='1080'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E Image:				1	ok
	no alt-Attribute							ok


	link	apple-touch-icon	/icons/icon-144x144.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 29854 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-192x192.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 50883 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-256x256.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 87321 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-384x384.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 186762 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-48x48.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 5029 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-512x512.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 319613 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-72x72.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 8663 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-96x96.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 14382 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	icon	/favicon-32x32.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 2721 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	manifest	/manifest.webmanifest				1	ok
								ok


	link	sitemap	/sitemap/sitemap-index.xml				1	ok
								ok


	meta	charset	utf-8				2	ok
								ok


	meta	og:description					1	ok
								ok


	meta	og:image			200		1	ok
				text/html missing X-Content-Type-Options nosniff				ok
				56073 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	meta	og:title					1	ok
								ok


	meta	og:url			200		1	ok
				text/html missing X-Content-Type-Options nosniff				ok
				56073 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	meta	onion-location	http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion				1	ok
								ok


	meta	x-ua-compatible	ie=edge				1	ok
								ok


	meta	desciription	CIA is the first line of defense for the United States. We collect and analyze intelligence to further national security and preempt threats.				1	ok
								ok


	meta	generator	Gatsby 5.13.7				1	ok
								ok


	meta	theme-color	#663399				1	ok
								ok


	meta	twitter:card					1	content is invalid, only "summary", "summary_large_image", "app" or "player" allowed



	meta	twitter:description					1	ok
								ok


	meta	twitter:image					1	ok
								ok


	meta	twitter:title					1	ok
								ok


	meta	viewport	width=device-width, initial-scale=1, shrink-to-fit=no				1	ok
								ok


	picture
		• source		type: image/webp			1	ok
								ok

		srcset	/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w				1	ok
								ok
		/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


		• img
			/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png		200		1	ok
	alt: Headquarters Koi Pond			image/png missing X-Content-Type-Options nosniff				ok
		No Cache-Control header		No Compression - 138528 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
		srcset	/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w				1	ok
								ok
		/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


	picture
		• source		type: image/webp			1	ok
								ok

		srcset	/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w				1	ok
								ok
		/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


		• img
			/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png		200		1	ok
	alt: Headquarters Koi Pond			image/png missing X-Content-Type-Options nosniff				ok
		No Cache-Control header		No Compression - 138528 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
		srcset	/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w				1	ok
								ok
		/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


	picture
		• source		type: image/webp			1	ok
								ok

		srcset	/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w				1	ok
								ok
		/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


		• img
			/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png		200		1	ok
	alt: mission glyph			image/png missing X-Content-Type-Options nosniff				ok
		No Cache-Control header		No Compression - 1026 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
		srcset	/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w				1	ok
								ok
		/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


	picture
		• source		type: image/webp			1	ok
								ok

		srcset	/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w				1	ok
								ok
		/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


		• img
			/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png		200		1	ok
	alt: mission glyph			image/png missing X-Content-Type-Options nosniff				ok
		No Cache-Control header		No Compression - 1026 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
		srcset	/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w				1	ok
								ok
		/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


	picture
		• source		type: image/webp			1	ok
								ok

		srcset	/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w				1	ok
								ok
		/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


		• img
			/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png		200		1	ok
	no alt-Attribute			image/png missing X-Content-Type-Options nosniff				ok
		No Cache-Control header		No Compression - 52594 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
		srcset	/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w				1	ok
								ok
		/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


	picture
		• source		type: image/webp			1	ok
								ok

		srcset	/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w				1	ok
								ok
		/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


		• img
			/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png		200		1	ok
	no alt-Attribute			image/png missing X-Content-Type-Options nosniff				ok
		No Cache-Control header		No Compression - 52594 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
		srcset	/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w				1	ok
								ok
		/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


	picture
		• source		type: image/webp			1	ok
								ok

		srcset	/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w				1	ok
								ok
		/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


		• img
			/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg		200		1	ok
	alt: Image of the world overlaid with red section lines.			image/jpeg missing X-Content-Type-Options nosniff				ok
		No Cache-Control header		No Compression - 95889 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
		srcset	/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w				1	ok
								ok
		/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


	picture
		• source		type: image/webp			1	ok
								ok

		srcset	/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w				1	ok
								ok
		/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


		• img
			/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg		200		1	ok
	alt: Image of the world overlaid with red section lines.			image/jpeg missing X-Content-Type-Options nosniff				ok
		No Cache-Control header		No Compression - 95889 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
		srcset	/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w				1	ok
								ok
		/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w					1	Only one definition after the url allowed. If you have more then one definition, you must use ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.


	script	src	/app-7a37c1c46e55a8d4c6e8.js		200		1	Problems with Content-Type - Header - see details
	Missing defer / async attribute.			application/x-javascript missing X-Content-Type-Options nosniff		Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml		Problems with Content-Type - Header - see details
	No Cache-Control - header			Compression (gzip): 27808/84457 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
	local SRI possible, possible hash-values: sha256-SpbqERdMweqxuHlFbr6zluwHN20mzYc+LZJjXLxEpYU= sha384-jZ6EumQOz4h5uEGgbQHPFfjV8NKn673I+ZpU+2D1Zf/3R5Bmk1X2lqZjvf3Hhucc sha512-4kcfDUxP5ewXSrhLQSzEiicRX0pKwQNLL1e7NYJIY8NLjM19qIghDFsAM9Q7Pc+Q5piIBQ2kUBLbcyCjmc0NLg== <script src="/app-7a37c1c46e55a8d4c6e8.js" crossorigin="anonymous" integrity="sha256-SpbqERdMweqxuHlFbr6zluwHN20mzYc+LZJjXLxEpYU=" />

	script	src	/framework-b70d1ce987e15f81a80c.js		200		1	Problems with Content-Type - Header - see details
	Missing defer / async attribute.			application/x-javascript missing X-Content-Type-Options nosniff		Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml		Problems with Content-Type - Header - see details
	No Cache-Control - header			Compression (gzip): 45546/140344 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
	local SRI possible, possible hash-values: sha256-oM9Rrgpa8M2w+pvQlzmDLg3ke5OwwCP6h2SVnRXcu5g= sha384-O9G4UO6LEbyeUCsbqYgdgRtfaXS2saCMm/My8hCR7YtbjDPcQKUo1BCE4UZgjSdg sha512-WxVUznmByhUck4zJyXUhUOaPvOusz2YPefRHqtycD5kf+2PPEMcF1XhEwyNxu+zVJ2gyvS/uz4U9it1l+PaCaw== <script src="/framework-b70d1ce987e15f81a80c.js" crossorigin="anonymous" integrity="sha256-oM9Rrgpa8M2w+pvQlzmDLg3ke5OwwCP6h2SVnRXcu5g=" />

	script	src	/js2/pubkey.js		200		1	Problems with Content-Type - Header - see details
	Missing defer / async attribute.			application/x-javascript missing X-Content-Type-Options nosniff		Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml		Problems with Content-Type - Header - see details
	Cache-Control: max-age=43200 - max-age too short.			406 Bytes
	ETag: "7735f7658c904d860e6b22fb15763a2e:1662572154.032686"
	local SRI possible, possible hash-values: sha256-R6HEtPEZqyrIPtqAvXI9HWCEZo5WwO+exO6YmLMpGDg= sha384-UUUO4nfv7I/S8A7ervayOyt3y67qPx1+FJzWm5Ir2p5wka5RU7ZEo2bJ//LDMEtR sha512-lN31NVBa0XMrX7DY7qKghOwkYa8fVDZOolPreo5R8gmrP0UdrkswRWzgNCUhIiPVSFfTt3xR4aj63hyx/tdq6Q== <script src="/js2/pubkey.js" crossorigin="anonymous" integrity="sha256-R6HEtPEZqyrIPtqAvXI9HWCEZo5WwO+exO6YmLMpGDg=" />

	script	src	/js2/verification.js		200		1	Problems with Content-Type - Header - see details
	Missing defer / async attribute.			application/x-javascript missing X-Content-Type-Options nosniff		Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml		Problems with Content-Type - Header - see details
	Cache-Control: max-age=43200 - max-age too short.			Compression (gzip): 28013/83896 Bytes
	ETag: "d73d77b86906885dc7b18438b2730494:1710954743.097215"
	local SRI possible, possible hash-values: sha256-sWb0ElPkv87K0OWD6zR68e2ay7eIZySd1fzNlBXcXwM= sha384-cKMSnKCOMEvsu7qJcvUYGEtkKx+KI4o36md2ukKXV6Uwuf6Gqwg45NqNqYpDpqJZ sha512-S2EC/0cENI35J00wEGBHGcFzo8zjiOB+BtpQ7+Gex8PPl/k1VyBwqo4eV4/7LFvVFX6s3vCwH0eLSMMLqLZZGg== <script src="/js2/verification.js" crossorigin="anonymous" integrity="sha256-sWb0ElPkv87K0OWD6zR68e2ay7eIZySd1fzNlBXcXwM=" />

	script	src	/webpack-runtime-632b66757b6ebf7be738.js		200		1	Problems with Content-Type - Header - see details
	Missing defer / async attribute.			application/x-javascript missing X-Content-Type-Options nosniff		Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml		Problems with Content-Type - Header - see details
	No Cache-Control - header			Compression (gzip): 2661/5678 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
	local SRI possible, possible hash-values: sha256-kXAwmLSJtvsoP2G3SL3Y42UIux1GQt5jbs18pN+BA8o= sha384-Z2ciwIelSZrZ0Cz1ZyfTM2fJcFh7Lov4aJbG9G4bjHRIL4JFhdXfogKydKKeWTFa sha512-Y1XOWodJIjsGwuQNyMvd1ZOWhb0ldOegnvoPINYE2+MKRinmq4PWpreGA2KvIj4432hgABK4jieWN7AcJrRg5Q== <script src="/webpack-runtime-632b66757b6ebf7be738.js" crossorigin="anonymous" integrity="sha256-kXAwmLSJtvsoP2G3SL3Y42UIux1GQt5jbs18pN+BA8o=" />

	style		data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMCIgaGVpZ2h0PSIzMCIgdmlld0JveD0iMCAwIDMwIDMwIj48cG9seWdvbiBmaWxsPSIjZmZmIiBwb2ludHM9IjIyLjcwNyAxNS44NTQgOS45MTQgMTUuODU0IDE2LjA2IDIyIDE1LjM1MyAyMi43MDcgOCAxNS4zNTQgMTUuMzU0IDggMTYuMDYxIDguNzA3IDkuOTE0IDE0Ljg1NCAyMi43MDcgMTQuODU0Ii8+PC9zdmc+ Image:					ok
								ok


	style		data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMCIgaGVpZ2h0PSIzMCIgdmlld0JveD0iMCAwIDMwIDMwIj48cG9seWdvbiBmaWxsPSIjZmZmIiBwb2ludHM9IjIyLjcwNyAxNS4zNTQgMTUuMzUzIDIyLjcwOCAxNC42NDYgMjIuMDAxIDIwLjc5MiAxNS44NTUgOCAxNS44NTUgOCAxNC44NTUgMjAuNzkzIDE0Ljg1NSAxNC42NDYgOC43MDcgMTUuMzUzIDgiLz48L3N2Zz4= Image:					ok
								ok


https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	a		#main-content				1	ok
								ok


	a		/				2	ok
								ok


	a		/about/				2	ok
								ok


	a		/about/director-of-cia/				2	ok
								ok


	a		/about/mission-vision/				2	ok
								ok


	a		/about/organization/				2	ok
								ok


	a		/about/organization/equal-employment-opportunity/elijah-cummings-act				1	ok
								ok


	a		/about/organization/equal-employment-opportunity/no-fear-act				1	ok
								ok


	a		/about/organization/inspector-general				1	ok
								ok


	a		/about/organization/prepublication-classification-review-board/				2	ok
								ok


	a		/about/organization/privacy-and-civil-liberties				1	ok
								ok


	a		/about/organization/privacy-and-civil-liberties/				1	ok
								ok


	a		/careers				1	ok
								ok


	a		/careers/				2	ok
								ok


	a		/careers/accommodations/				1	ok
								ok


	a		/careers/how-we-hire/				2	ok
								ok


	a		/careers/language-opportunities/				1	ok
								ok


	a		/careers/student-programs/				2	ok
								ok


	a		/careers/working-at-cia/benefits/				1	ok
								ok


	a		/careers/working-at-cia/diversity-and-inclusion/				2	ok
								ok


	a		/careers/working-at-cia/diversity-and-inclusion/accessibility/				1	ok
								ok


	a		/careers/working-at-cia/veterans/				1	ok
								ok


	a		/contact-cia				2	ok
								ok


	a		/contact-cia/				1	ok
								ok


	a		/faqs/				1	ok
								ok


	a		/legacy/				1	ok
								ok


	a		/legacy/cia-history/				1	ok
								ok


	a		/legacy/cia-history/cia-trailblazers/				1	ok
								ok


	a		/legacy/headquarters/				1	ok
								ok


	a		/legacy/memorial-wall/fallen/				1	ok
								ok


	a		/legacy/museum/				2	ok
								ok


	a		/partner-with-cia/				2	ok
								ok


	a		/podcast/the-langley-files				1	ok
								ok


	a		/podcast/the-langley-files/				1	ok
								ok


	a		/privacy_policy/				1	ok
								ok


	a		/readingroom/				2	ok
								ok


	a		/report-information				2	ok
								ok


	a		/resources/				1	ok
								ok


	a		/resources/cia-maps/				1	ok
								ok


	a		/resources/csi/				3	ok
								ok


	a		/resources/publications/				1	ok
								ok


	a		/resources/reports/				1	ok
								ok


	a		/resources/world-leaders/				2	ok
								ok


	a		/search				1	ok
								ok


	a		/sitemap				1	ok
								ok


	a		/site-policies				1	ok
								ok


	a		/spy-kids/				2	ok
								ok


	a		/stories/				3	ok
								ok


	a		/stories/press-releases-and-statements/				1	ok
								ok


	a		/stories/speeches-and-transcripts/				1	ok
								ok


	a		/tech/				1	ok
								ok


	a		/the-world-factbook/				3	ok
								ok


	a		https://t.me/s/securelycontactingcia				1	ok
								ok


	a		https://twitter.com/cia				1	ok
								ok


	a		https://www.cia.gov/ehl/				1	ok
								ok


	a		https://www.cia.gov/readingroom/				1	ok
								ok


	a		https://www.facebook.com/Central.Intelligence.Agency				1	ok
								ok


	a		https://www.flickr.com/ciagov				1	ok
								ok


	a		https://www.instagram.com/cia				1	ok
								ok


	a		https://www.linkedin.com/company/central-intelligence-agency				1	ok
								ok


	a		https://www.usa.gov/				1	ok
								ok


	a		https://www.youtube.com/cia				1	ok
								ok


	form	get	/search		200		1	ok
				text/html missing X-Content-Type-Options nosniff				ok
				53297 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	img	src	/static/CIA-Seal-BW@2x@2x-bd6f6da4ab65dc1fe7aeb76fe043f66f.png		200		1	ok
	alt: Agency Logo			image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 13426 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-144x144.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 29854 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-192x192.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 50883 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-256x256.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 87321 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-384x384.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 186762 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-48x48.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 5029 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-512x512.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 319613 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-72x72.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 8663 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	apple-touch-icon	/icons/icon-96x96.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 14382 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	icon	/favicon-32x32.png?v=c3853bf09f084a8b1f66c6c2685054a1		200		1	ok
				image/png missing X-Content-Type-Options nosniff				ok
	No Cache-Control header			No Compression - 2721 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	link	manifest	/manifest.webmanifest				1	ok
								ok


	link	sitemap	/sitemap/sitemap-index.xml				1	ok
								ok


	meta	charset	utf-8				2	ok
								ok


	meta	og:description					1	ok
								ok


	meta	og:image			404	Not Found	1	missing file
				text/html missing X-Content-Type-Options nosniff				missing file
				53531 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	meta	og:title					1	ok
								ok


	meta	og:url			404	Not Found	1	missing file
				text/html missing X-Content-Type-Options nosniff				missing file
				53531 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

	meta	onion-location	http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion				1	ok
								ok


	meta	x-ua-compatible	ie=edge				1	ok
								ok


	meta	desciription					1	ok
								ok


	meta	generator	Gatsby 5.13.7				1	ok
								ok


	meta	theme-color	#663399				1	ok
								ok


	meta	twitter:card					1	content is invalid, only "summary", "summary_large_image", "app" or "player" allowed



	meta	twitter:description					1	ok
								ok


	meta	twitter:image					1	ok
								ok


	meta	twitter:title					1	ok
								ok


	meta	viewport	width=device-width, initial-scale=1, shrink-to-fit=no				1	ok
								ok


	script	src	/app-7a37c1c46e55a8d4c6e8.js		200		1	Problems with Content-Type - Header - see details
	Missing defer / async attribute.			application/x-javascript missing X-Content-Type-Options nosniff		Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml		Problems with Content-Type - Header - see details
	No Cache-Control - header			Compression (gzip): 27808/84457 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
	local SRI possible, possible hash-values: sha256-SpbqERdMweqxuHlFbr6zluwHN20mzYc+LZJjXLxEpYU= sha384-jZ6EumQOz4h5uEGgbQHPFfjV8NKn673I+ZpU+2D1Zf/3R5Bmk1X2lqZjvf3Hhucc sha512-4kcfDUxP5ewXSrhLQSzEiicRX0pKwQNLL1e7NYJIY8NLjM19qIghDFsAM9Q7Pc+Q5piIBQ2kUBLbcyCjmc0NLg== <script src="/app-7a37c1c46e55a8d4c6e8.js" crossorigin="anonymous" integrity="sha256-SpbqERdMweqxuHlFbr6zluwHN20mzYc+LZJjXLxEpYU=" />

	script	src	/framework-b70d1ce987e15f81a80c.js		200		1	Problems with Content-Type - Header - see details
	Missing defer / async attribute.			application/x-javascript missing X-Content-Type-Options nosniff		Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml		Problems with Content-Type - Header - see details
	No Cache-Control - header			Compression (gzip): 45546/140344 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
	local SRI possible, possible hash-values: sha256-oM9Rrgpa8M2w+pvQlzmDLg3ke5OwwCP6h2SVnRXcu5g= sha384-O9G4UO6LEbyeUCsbqYgdgRtfaXS2saCMm/My8hCR7YtbjDPcQKUo1BCE4UZgjSdg sha512-WxVUznmByhUck4zJyXUhUOaPvOusz2YPefRHqtycD5kf+2PPEMcF1XhEwyNxu+zVJ2gyvS/uz4U9it1l+PaCaw== <script src="/framework-b70d1ce987e15f81a80c.js" crossorigin="anonymous" integrity="sha256-oM9Rrgpa8M2w+pvQlzmDLg3ke5OwwCP6h2SVnRXcu5g=" />

	script	src	/js2/pubkey.js		200		1	Problems with Content-Type - Header - see details
	Missing defer / async attribute.			application/x-javascript missing X-Content-Type-Options nosniff		Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml		Problems with Content-Type - Header - see details
	Cache-Control: max-age=43200 - max-age too short.			406 Bytes
	ETag: "7735f7658c904d860e6b22fb15763a2e:1662572154.032686"
	local SRI possible, possible hash-values: sha256-R6HEtPEZqyrIPtqAvXI9HWCEZo5WwO+exO6YmLMpGDg= sha384-UUUO4nfv7I/S8A7ervayOyt3y67qPx1+FJzWm5Ir2p5wka5RU7ZEo2bJ//LDMEtR sha512-lN31NVBa0XMrX7DY7qKghOwkYa8fVDZOolPreo5R8gmrP0UdrkswRWzgNCUhIiPVSFfTt3xR4aj63hyx/tdq6Q== <script src="/js2/pubkey.js" crossorigin="anonymous" integrity="sha256-R6HEtPEZqyrIPtqAvXI9HWCEZo5WwO+exO6YmLMpGDg=" />

	script	src	/js2/verification.js		200		1	Problems with Content-Type - Header - see details
	Missing defer / async attribute.			application/x-javascript missing X-Content-Type-Options nosniff		Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml		Problems with Content-Type - Header - see details
	Cache-Control: max-age=43200 - max-age too short.			Compression (gzip): 28013/83896 Bytes
	ETag: "d73d77b86906885dc7b18438b2730494:1710954743.097215"
	local SRI possible, possible hash-values: sha256-sWb0ElPkv87K0OWD6zR68e2ay7eIZySd1fzNlBXcXwM= sha384-cKMSnKCOMEvsu7qJcvUYGEtkKx+KI4o36md2ukKXV6Uwuf6Gqwg45NqNqYpDpqJZ sha512-S2EC/0cENI35J00wEGBHGcFzo8zjiOB+BtpQ7+Gex8PPl/k1VyBwqo4eV4/7LFvVFX6s3vCwH0eLSMMLqLZZGg== <script src="/js2/verification.js" crossorigin="anonymous" integrity="sha256-sWb0ElPkv87K0OWD6zR68e2ay7eIZySd1fzNlBXcXwM=" />

	script	src	/webpack-runtime-632b66757b6ebf7be738.js		200		1	Problems with Content-Type - Header - see details
	Missing defer / async attribute.			application/x-javascript missing X-Content-Type-Options nosniff		Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml		Problems with Content-Type - Header - see details
	No Cache-Control - header			Compression (gzip): 2661/5678 Bytes
	ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
	local SRI possible, possible hash-values: sha256-kXAwmLSJtvsoP2G3SL3Y42UIux1GQt5jbs18pN+BA8o= sha384-Z2ciwIelSZrZ0Cz1ZyfTM2fJcFh7Lov4aJbG9G4bjHRIL4JFhdXfogKydKKeWTFa sha512-Y1XOWodJIjsGwuQNyMvd1ZOWhb0ldOegnvoPINYE2+MKRinmq4PWpreGA2KvIj4432hgABK4jieWN7AcJrRg5Q== <script src="/webpack-runtime-632b66757b6ebf7be738.js" crossorigin="anonymous" integrity="sha256-kXAwmLSJtvsoP2G3SL3Y42UIux1GQt5jbs18pN+BA8o=" />

	style		data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMCIgaGVpZ2h0PSIzMCIgdmlld0JveD0iMCAwIDMwIDMwIj48cG9seWdvbiBmaWxsPSIjZmZmIiBwb2ludHM9IjIyLjcwNyAxNS44NTQgOS45MTQgMTUuODU0IDE2LjA2IDIyIDE1LjM1MyAyMi43MDcgOCAxNS4zNTQgMTUuMzU0IDggMTYuMDYxIDguNzA3IDkuOTE0IDE0Ljg1NCAyMi43MDcgMTQuODU0Ii8+PC9zdmc+ Image:					ok
								ok


	style		data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMCIgaGVpZ2h0PSIzMCIgdmlld0JveD0iMCAwIDMwIDMwIj48cG9seWdvbiBmaWxsPSIjZmZmIiBwb2ludHM9IjIyLjcwNyAxNS4zNTQgMTUuMzUzIDIyLjcwOCAxNC42NDYgMjIuMDAxIDIwLjc5MiAxNS44NTUgOCAxNS44NTUgOCAxNC44NTUgMjAuNzkzIDE0Ljg1NSAxNC42NDYgOC43MDcgMTUuMzUzIDgiLz48L3N2Zz4= Image:					ok
								ok

12. Html-Parsing via https://validator.w3.org/nu/

	Type	Message	num found
Url used (first standard-https-result with http status 200): https://www.cia.gov/

Summary
	Good: No non-document-errors
	78 errors
	1 warnings
1.	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.	33
2.	error	The `sizes` attribute must only be specified if the `srcset` attribute is also specified.	8
3.	error	Attribute `text` not allowed on element `button` at this point.	6
4.	error	An `img` element which has an `alt` attribute whose value is the empty string must not have a `role` attribute.	4
5.	error	Element `source` is missing required attribute `srcset`.	4
6.	error	Element `img` is missing required attribute `src`.	4
7.	error	CSS: `line-height`: `none` is not a `line-height` value.	2
8.	error	A document must not include more than one `meta` element with a `charset` attribute.	1
9.	error	A `charset` attribute on a `meta` element found after the first 1024 bytes.	1
10.	error	Element `meta` is missing one or more of the following attributes: `content`, `property`.	1
11.	error	CSS: `background-color`: `none` is not a `background-color` value.	1
12.	error	CSS: `background`: `solid` is not a `background-color` value.	1
13.	error	CSS: `line-height`: Too many values or values are not recognized.	1
14.	error	CSS: `font-size`: only `0` can be a `unit`. You must put a unit after your number.	1
15.	error	CSS: `column-gap`: Parse Error.	1
16.	error	CSS: `padding`: Parse Error.	1
17.	error	CSS: `outline-offset`: `none` is not a `outline-offset` value.	1
18.	error	Bad value `onion-location` for attribute `http-equiv` on element `meta`.	1
19.	error	Non-space character inside `noscript` inside `head`.	1
20.	error	Stray end tag `noscript`.	1
21.	error	Stray end tag `head`.	1
22.	error	Start tag `body` seen but an element of the same type was already open.	1
23.	error	Bad value `Icon/ti-search` for attribute `id` on element `g`: Not a valid XML 1.0 name.	1
24.	error	The `aria-controls` attribute must point to an element in the same document.	1
25.	warning	Empty heading.	1
Details
	Type	Message + Sample
1	error	A document must not include more than one `meta` element with a `charset` attribute.
		From line 1, column 10211 to line 1, column 10257
		#663399"/><meta charSet="utf-8" data-gatsby-head="true"/><meta
2	error	A `charset` attribute on a `meta` element found after the first 1024 bytes.
		From line 1, column 10231 to line 1, column 10231
		charSet="utf-8" data-gatsby-h
3	error	Element `meta` is missing one or more of the following attributes: `content`, `property`.
		From line 1, column 10845 to line 1, column 10896
		d="true"/><meta name="twitter:image" data-gatsby-head="true"/><meta
4	error	CSS: `background-color`: `none` is not a `background-color` value.
		From line 107, column 640 to line 107, column 643
		und-color:none;color
5	error	CSS: `background`: `solid` is not a `background-color` value.
		From line 139, column 10008 to line 139, column 10011
		.0625rem #fff;borde
6	error	CSS: `line-height`: `none` is not a `line-height` value.
		From line 205, column 1103 to line 205, column 1106
		ne-height:none;line-
7	error	CSS: `line-height`: Too many values or values are not recognized.
		From line 214, column 1428 to line 214, column 1430
		-height:1 rem;margi
8	error	CSS: `line-height`: `none` is not a `line-height` value.
		From line 309, column 8164 to line 309, column 8167
		ne-height:none;line-
9	error	CSS: `font-size`: only `0` can be a `unit`. You must put a unit after your number.
		From line 405, column 148 to line 405, column 152
		font-size:1.875;line-
10	error	CSS: `column-gap`: Parse Error.
		From line 414, column 11695 to line 414, column 11695
		_percent, 0)*1%)}.yarl__flex_c
11	error	CSS: `padding`: Parse Error.
		From line 414, column 12057 to line 414, column 12057
		_percent, 0)*1%);position:rela
12	error	CSS: `outline-offset`: `none` is not a `outline-offset` value.
		From line 711, column 3885 to line 711, column 3888
		ne-offset:none}span[
13	error	Bad value `onion-location` for attribute `http-equiv` on element `meta`.
		From line 762, column 50836 to line 762, column 50951
		85054a1"/><meta http-equiv="onion-location" content="http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion" /><title
14	error	Non-space character inside `noscript` inside `head`.
		From line 763, column 7 to line 763, column 10
		e"> <style
15	error	Stray end tag `noscript`.
		From line 773, column 7 to line 773, column 17
		gt; </noscript><scrip
16	error	Stray end tag `head`.
		From line 773, column 148 to line 773, column 154
		></script></head><body>
17	error	Start tag `body` seen but an element of the same type was already open.
		From line 773, column 155 to line 773, column 160
		pt></head><body><div i
18	error	Attribute `text` not allowed on element `button` at this point.
		From line 773, column 867 to line 773, column 1045
		"no-show"><button text="Contact" class="button button-default button-stack noShow" style="display:flex;color:white;padding-right:20px;font-size:small;box-shadow:none;border:none;padding:0">Contac
19	error	Attribute `text` not allowed on element `button` at this point.
		From line 773, column 1268 to line 773, column 1457
		/noscript><button text="Report Information" class="button button-default button-stack noShow" style="display:flex;color:white;padding-right:20px;font-size:small;box-shadow:none;border:none;padding:0">Report
20	error	Bad value `Icon/ti-search` for attribute `id` on element `g`: Not a valid XML 1.0 name.
		From line 773, column 13296 to line 773, column 13381
		t.</title><g id="Icon/ti-search" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><path
21	error	The `aria-controls` attribute must point to an element in the same document.
		From line 773, column 14113 to line 773, column 14240
		orm></div><button class="hamburger hamburger--emphatic " type="button" aria-label="Menu" aria-controls="navigation" aria-expanded="false"><span
22	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 14870 to line 773, column 14887
		-content"><a href="/about/">About<
23	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 14897 to line 773, column 14930
		>About</a><a href="/about/director-of-cia/">Leader
24	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 14945 to line 773, column 14975
		ership</a><a href="/about/organization/">Organi
25	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 14992 to line 773, column 15024
		zation</a><a href="/about/mission-vision/">Missio
26	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 15049 to line 773, column 15077
		Vision</a><a href="/partner-with-cia/">Partne
27	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 15098 to line 773, column 15114
		th CIA</a><a href="/tech/">Techno
28	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 15129 to line 773, column 15187
		nology</a><a href="/about/organization/privacy-and-civil-liberties/">Privac
29	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 15532 to line 773, column 15591
		-content"><a href="/careers" target="_self" rel="noopener noreferrer">Career
30	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 15616 to line 773, column 15647
		nities</a><a href="/careers/how-we-hire/">Hiring
31	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 15666 to line 773, column 15709
		rocess</a><a href="/careers/working-at-cia/benefits/">Benefi
32	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 15722 to line 773, column 15780
		nefits</a><a href="/careers/working-at-cia/diversity-and-inclusion/">Divers
33	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 15810 to line 773, column 15844
		lusion</a><a href="/careers/accommodations/">Accomm
34	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 15863 to line 773, column 15905
		ations</a><a href="/careers/language-opportunities/">Langua
35	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 15932 to line 773, column 15975
		nities</a><a href="/careers/working-at-cia/veterans/">Vetera
36	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 15988 to line 773, column 16024
		terans</a><a href="/careers/student-programs/">Studen
37	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 16377 to line 773, column 16395
		-content"><a href="/legacy/">Origin
38	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 16406 to line 773, column 16436
		Origin</a><a href="/legacy/cia-history/">Histor
39	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 16448 to line 773, column 16473
		istory</a><a href="/legacy/museum/">Museum
40	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 16484 to line 773, column 16515
		Museum</a><a href="/legacy/headquarters/">Headqu
41	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 16532 to line 773, column 16579
		arters</a><a href="/legacy/cia-history/cia-trailblazers/">Trailb
42	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 16596 to line 773, column 16635
		lazers</a><a href="/legacy/memorial-wall/fallen/">In Mem
43	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 16985 to line 773, column 17004
		-content"><a href="/stories/">News &
44	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 17027 to line 773, column 17076
		tories</a><a href="/stories/press-releases-and-statements/">Press
45	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 17112 to line 773, column 17156
		ements</a><a href="/stories/speeches-and-transcripts/">Speech
46	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 17187 to line 773, column 17264
		cripts</a><a href="/podcast/the-langley-files" target="_self" rel="noopener noreferrer">The La
47	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 17627 to line 773, column 17648
		-content"><a href="/resources/">Resour
48	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 17662 to line 773, column 17696
		ources</a><a href="/resources/publications/">Public
49	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 17713 to line 773, column 17786
		ations</a><a href="/about/organization/prepublication-classification-review-board/">Prepub
50	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 17812 to line 773, column 17837
		Review</a><a href="/resources/csi/">Study
51	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 17863 to line 773, column 17893
		igence</a><a href="/the-world-factbook/">World
52	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 17912 to line 773, column 17941
		ctbook</a><a href="/resources/reports/">CIA Re
53	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 17957 to line 773, column 17987
		eports</a><a href="/resources/cia-maps/">CIA Ma
54	error	The element `a` must not appear as a descendant of an element with the attribute `role=button`.
		From line 773, column 18000 to line 773, column 18023
		A Maps</a><a href="/readingroom/">FOIA R
55	error	Attribute `text` not allowed on element `button` at this point.
		From line 773, column 18098 to line 773, column 18185
		+ d-none"><button text="Contact CIA" aria-label="Contact CIA" class="button nav-button mr15 mb15">Contac
56	error	Attribute `text` not allowed on element `button` at this point.
		From line 773, column 18206 to line 773, column 18310
		A</button><button text="Report Information" aria-label="Report Information" class="button nav-button button-stack">Report
57	error	An `img` element which has an `alt` attribute whose value is the empty string must not have a `role` attribute.
		From line 773, column 19649 to line 773, column 19934
		ay:block"><img alt="" role="presentation" aria-hidden="true" src="data:image/svg+xml;charset=utf-8,%3Csvg%20height='650'%20width='570'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E" style="max-width:100%;display:block;position:static"/></div>
58	error	Element `source` is missing required attribute `srcset`.
		From line 773, column 20129 to line 773, column 20407
		><picture><source type="image/webp" data-srcset="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w" sizes="(min-width: 570px) 570px, 100vw"/><img d
59	error	The `sizes` attribute must only be specified if the `srcset` attribute is also specified.
		From line 773, column 20129 to line 773, column 20407
		><picture><source type="image/webp" data-srcset="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w" sizes="(min-width: 570px) 570px, 100vw"/><img d
60	error	Element `img` is missing required attribute `src`.
		From line 773, column 20408 to line 773, column 20855
		, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 570px) 570px, 100vw" decoding="async" loading="lazy" data-src="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png" data-srcset="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w" alt="Headquarters Koi Pond"/></pict
61	error	The `sizes` attribute must only be specified if the `srcset` attribute is also specified.
		From line 773, column 20408 to line 773, column 20855
		, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 570px) 570px, 100vw" decoding="async" loading="lazy" data-src="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png" data-srcset="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w" alt="Headquarters Koi Pond"/></pict
62	error	An `img` element which has an `alt` attribute whose value is the empty string must not have a `role` attribute.
		From line 773, column 22663 to line 773, column 22947
		ay:block"><img alt="" role="presentation" aria-hidden="true" src="data:image/svg+xml;charset=utf-8,%3Csvg%20height='155'%20width='95'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E" style="max-width:100%;display:block;position:static"/></div>
63	error	Element `source` is missing required attribute `srcset`.
		From line 773, column 23142 to line 773, column 23487
		><picture><source type="image/webp" data-srcset="/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w" sizes="(min-width: 95px) 95px, 100vw"/><img d
64	error	The `sizes` attribute must only be specified if the `srcset` attribute is also specified.
		From line 773, column 23142 to line 773, column 23487
		><picture><source type="image/webp" data-srcset="/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w" sizes="(min-width: 95px) 95px, 100vw"/><img d
65	error	Element `img` is missing required attribute `src`.
		From line 773, column 23488 to line 773, column 24018
		, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 95px) 95px, 100vw" decoding="async" loading="lazy" data-src="/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png" data-srcset="/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w" alt="mission glyph"/></pict
66	error	The `sizes` attribute must only be specified if the `srcset` attribute is also specified.
		From line 773, column 23488 to line 773, column 24018
		, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 95px) 95px, 100vw" decoding="async" loading="lazy" data-src="/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png" data-srcset="/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w" alt="mission glyph"/></pict
67	error	An `img` element which has an `alt` attribute whose value is the empty string must not have a `role` attribute.
		From line 773, column 27554 to line 773, column 27839
		ay:block"><img alt="" role="presentation" aria-hidden="true" src="data:image/svg+xml;charset=utf-8,%3Csvg%20height='780'%20width='780'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E" style="max-width:100%;display:block;position:static"/></div>
68	error	Element `source` is missing required attribute `srcset`.
		From line 773, column 28034 to line 773, column 28354
		><picture><source type="image/webp" data-srcset="/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w" sizes="(min-width: 780px) 780px, 100vw"/><img d
69	error	The `sizes` attribute must only be specified if the `srcset` attribute is also specified.
		From line 773, column 28034 to line 773, column 28354
		><picture><source type="image/webp" data-srcset="/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w" sizes="(min-width: 780px) 780px, 100vw"/><img d
70	error	Element `img` is missing required attribute `src`.
		From line 773, column 28355 to line 773, column 28837
		, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 780px) 780px, 100vw" decoding="async" loading="lazy" data-src="/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png" data-srcset="/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w" alt=""/></pict
71	error	The `sizes` attribute must only be specified if the `srcset` attribute is also specified.
		From line 773, column 28355 to line 773, column 28837
		, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 780px) 780px, 100vw" decoding="async" loading="lazy" data-src="/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png" data-srcset="/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w" alt=""/></pict
72	error	An `img` element which has an `alt` attribute whose value is the empty string must not have a `role` attribute.
		From line 773, column 35421 to line 773, column 35707
		ay:block"><img alt="" role="presentation" aria-hidden="true" src="data:image/svg+xml;charset=utf-8,%3Csvg%20height='879'%20width='1080'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E" style="max-width:100%;display:block;position:static"/></div>
73	error	Element `source` is missing required attribute `srcset`.
		From line 773, column 35902 to line 773, column 36201
		><picture><source type="image/webp" data-srcset="/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w" sizes="(min-width: 1080px) 1080px, 100vw"/><img d
74	error	The `sizes` attribute must only be specified if the `srcset` attribute is also specified.
		From line 773, column 35902 to line 773, column 36201
		><picture><source type="image/webp" data-srcset="/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w" sizes="(min-width: 1080px) 1080px, 100vw"/><img d
75	error	Element `img` is missing required attribute `src`.
		From line 773, column 36202 to line 773, column 36706
		, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 1080px) 1080px, 100vw" decoding="async" loading="lazy" data-src="/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg" data-srcset="/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w" alt="Image of the world overlaid with red section lines."/></pict
76	error	The `sizes` attribute must only be specified if the `srcset` attribute is also specified.
		From line 773, column 36202 to line 773, column 36706
		, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 1080px) 1080px, 100vw" decoding="async" loading="lazy" data-src="/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg" data-srcset="/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w" alt="Image of the world overlaid with red section lines."/></pict
77	error	Attribute `text` not allowed on element `button` at this point.
		From line 773, column 41706 to line 773, column 41821
		"no-show"><button text="Report Information" class="button button-default button-stack noShow" aria-label="Report Information">Report
78	error	Attribute `text` not allowed on element `button` at this point.
		From line 773, column 42054 to line 773, column 42142
		"no-show"><button text="Contact CIA" class="button button-default noShow" aria-label="Contact CIA">Contac
79	warning	Empty heading.
		From line 773, column 25874 to line 773, column 25877
		-teaser "><h2></h2><

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: a1-22.akam.net, a12-65.akam.net, a13-65.akam.net, a16-67.akam.net, a22-66.akam.net, a3-64.akam.net

QNr.	Domain	Type	NS used
1	net	NS	h.root-servers.net (2001:500:1::53)
	Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2	a1-22.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
3	a12-65.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
4	a13-65.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
5	a16-67.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
6	a22-66.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
7	a3-64.akam.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net
	Answer: a1-67.akam.net 193.108.91.67, 2600:1401:2::43
	Answer: a11-67.akam.net 2600:1480:1::43, 84.53.139.67
	Answer: a12-67.akam.net 184.26.160.67, 2600:1480:f000::43
	Answer: a18-67.akam.net 2600:1480:4800::43, 95.101.36.67
	Answer: a22-67.akam.net 23.211.61.67, 2600:1480:7800::43
	Answer: a28-67.akam.net 2600:1480:d800::43, 95.100.173.67
	Answer: a4-67.akam.net 2600:1480:9000::43, 72.246.46.67
	Answer: a6-67.akam.net 23.211.133.67, 2600:1401:1::43
8	a1-22.akam.net: 193.108.91.22	A	a1-67.akam.net (2600:1401:2::43)
9	a1-22.akam.net: 2600:1401:2::16	AAAA	a1-67.akam.net (2600:1401:2::43)
10	a12-65.akam.net: 184.26.160.65	A	a1-67.akam.net (2600:1401:2::43)
11	a12-65.akam.net: 2600:1480:f000::41	AAAA	a1-67.akam.net (2600:1401:2::43)
12	a13-65.akam.net: 2.22.230.65	A	a1-67.akam.net (2600:1401:2::43)
13	a13-65.akam.net: 2600:1480:800::41	AAAA	a1-67.akam.net (2600:1401:2::43)
14	a16-67.akam.net: 23.211.132.67	A	a1-67.akam.net (2600:1401:2::43)
15	a16-67.akam.net: 2600:1406:1b::43	AAAA	a1-67.akam.net (2600:1401:2::43)
16	a22-66.akam.net: 23.211.61.66	A	a1-67.akam.net (2600:1401:2::43)
17	a22-66.akam.net: 2600:1480:7800::42	AAAA	a1-67.akam.net (2600:1401:2::43)
18	a3-64.akam.net: 96.7.49.64	A	a1-67.akam.net (2600:1401:2::43)
19	a3-64.akam.net: 2600:1408:1c::40	AAAA	a1-67.akam.net (2600:1401:2::43)

14. CAA - Entries

Domainname	flag	Name	Value	∑ Queries
www.cia.gov.edgekey.net				1
cia.gov.edgekey.net	0		no CAA entry found	1
gov.edgekey.net	0		no CAA entry found	1
www.cia.gov				1
edgekey.net	0		no CAA entry found	1
cia.gov	5	issue	digicert.com	1
	5	iodef	mailto:caanotices@uce.cia.gov	1
gov	0		no CAA entry found	1
net	0		no CAA entry found	1

15. TXT - Entries

Domainname	TXT Entry	Status	∑ Queries
cia.gov	v=spf1 mx -all	ok	1
www.cia.gov			1
_acme-challenge.cia.gov		Name Error - The domain name does not exist	1
www.cia.gov.edgekey.net			1
_acme-challenge.www.cia.gov		Name Error - The domain name does not exist	1
_acme-challenge.cia.gov.cia.gov		Name Error - The domain name does not exist	1
_acme-challenge.www.cia.gov.cia.gov		Name Error - The domain name does not exist	1
_acme-challenge.www.cia.gov.www.cia.gov		Name Error - The domain name does not exist	1
_acme-challenge.www.cia.gov.edgekey.net		Name Error - The domain name does not exist	1
_acme-challenge.www.cia.gov.edgekey.net.cia.gov.edgekey.net		Name Error - The domain name does not exist	1
_acme-challenge.www.cia.gov.edgekey.net.www.cia.gov.edgekey.net		Name Error - The domain name does not exist	1

16. DomainService - Entries

Type		Domain	Pref	Value	DNS-error	num Answers	Status	Description
MX		cia.gov	10	mail3.cia.gov	0	2	ok
	A			12.151.182.158	0	1	ok
	CNAME				0	0	ok
MX		cia.gov	10	mail4.cia.gov	0	2	ok
	A			12.151.182.219	0	1	ok
	CNAME				0	0	ok
SPF	TXT	cia.gov		v=spf1 mx -all			ok
	MX	cia.gov		mail4.cia.gov			ok
	MX-A	mail4.cia.gov		12.151.182.219			ok
	MX	cia.gov		mail3.cia.gov			ok
	MX-A	mail3.cia.gov		12.151.182.158			ok
_dmarc	TXT	_dmarc.cia.gov		v=DMARC1; p=quarantine; sp=quarantine; pct=100; rua=mailto:demarcreports@uce.cia.gov; ruf=mailto:demarcfailures@uce.cia.gov; ri=86400; aspf=s; adkim=s; fo=1			ok
	TXT	cia.gov._report._dmarc.uce.cia.gov		mailto:demarcreports@uce.cia.gov			ok	Mail domain unequal current domain. Check required, if there is a confirming _report._dmarc-Record. See RFC 7489, 7.1.
	TXT	cia.gov._report._dmarc.uce.cia.gov		v=DMARC1;			ok	Confirmed. Sending reports to external domain is allowed.
	TXT	cia.gov._report._dmarc.uce.cia.gov		mailto:demarcfailures@uce.cia.gov			ok	Mail domain unequal current domain. Check required, if there is a confirming _report._dmarc-Record. See RFC 7489, 7.1.
	TXT	cia.gov._report._dmarc.uce.cia.gov		v=DMARC1;			ok	Confirmed. Sending reports to external domain is allowed.

17. Cipher Suites

Summary
Domain	IP	Port	num Ciphers	time	Std.Protocol	Forward Secrecy
cia.gov	23.207.8.62	443	18 Ciphers	101.34 sec		6 without, 12 FS	66.67 %
cia.gov	2600:141b:f000:181::184d	443	18 Ciphers	94.74 sec		6 without, 12 FS	66.67 %
cia.gov	2600:141b:f000:1a5::184d	443	18 Ciphers	94.77 sec		6 without, 12 FS	66.67 %
Complete		3	54 Ciphers 18.00 Ciphers/Check	290.85 sec	96.95 sec/Check	18 without, 36 FS	66.67 %

Details
Domain	IP	Port	Cipher (OpenSsl / IANA)
cia.gov	23.207.8.62	443	ECDHE-ECDSA-CHACHA20-POLY1305		(Recommended)	TLSv1.2	0xCC,0xA9	FS
18 Ciphers, 101.34 sec			TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		ECDSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-ECDSA-AES256-GCM-SHA384		(Recommended)	TLSv1.2	0xC0,0x2C	FS
			TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
			ECDH		ECDSA	AESGCM(256)	AEAD
			ECDHE-ECDSA-AES128-GCM-SHA256		(Recommended)	TLSv1.2	0xC0,0x2B	FS
			TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
			ECDH		ECDSA	AESGCM(128)	AEAD
			ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-ECDSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x24	FS
			TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
			ECDH		ECDSA	AES(256)	SHA384
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-ECDSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x23	FS
			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
			ECDH		ECDSA	AES(128)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
	2600:141b:f000:181::184d	443	ECDHE-ECDSA-CHACHA20-POLY1305		(Recommended)	TLSv1.2	0xCC,0xA9	FS
18 Ciphers, 94.74 sec			TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		ECDSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-ECDSA-AES256-GCM-SHA384		(Recommended)	TLSv1.2	0xC0,0x2C	FS
			TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
			ECDH		ECDSA	AESGCM(256)	AEAD
			ECDHE-ECDSA-AES128-GCM-SHA256		(Recommended)	TLSv1.2	0xC0,0x2B	FS
			TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
			ECDH		ECDSA	AESGCM(128)	AEAD
			ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-ECDSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x24	FS
			TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
			ECDH		ECDSA	AES(256)	SHA384
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-ECDSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x23	FS
			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
			ECDH		ECDSA	AES(128)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1
	2600:141b:f000:1a5::184d	443	ECDHE-ECDSA-CHACHA20-POLY1305		(Recommended)	TLSv1.2	0xCC,0xA9	FS
18 Ciphers, 94.77 sec			TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		ECDSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-ECDSA-AES256-GCM-SHA384		(Recommended)	TLSv1.2	0xC0,0x2C	FS
			TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
			ECDH		ECDSA	AESGCM(256)	AEAD
			ECDHE-ECDSA-AES128-GCM-SHA256		(Recommended)	TLSv1.2	0xC0,0x2B	FS
			TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
			ECDH		ECDSA	AESGCM(128)	AEAD
			ECDHE-RSA-CHACHA20-POLY1305		(Secure)	TLSv1.2	0xCC,0xA8	FS
			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384		(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH		RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256		(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH		RSA	AESGCM(128)	AEAD
			ECDHE-ECDSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x24	FS
			TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
			ECDH		ECDSA	AES(256)	SHA384
			ECDHE-RSA-AES256-SHA384		(Weak)	TLSv1.2	0xC0,0x28	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
			ECDH		RSA	AES(256)	SHA384
			AES256-GCM-SHA384		(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA		RSA	AESGCM(256)	AEAD
			AES256-SHA256		(Weak)	TLSv1.2	0x00,0x3D	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA256
			RSA		RSA	AES(256)	SHA256
			ECDHE-ECDSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x23	FS
			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
			ECDH		ECDSA	AES(128)	SHA256
			ECDHE-RSA-AES128-SHA256		(Weak)	TLSv1.2	0xC0,0x27	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
			ECDH		RSA	AES(128)	SHA256
			AES128-GCM-SHA256		(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA		RSA	AESGCM(128)	AEAD
			AES128-SHA256		(Weak)	TLSv1.2	0x00,0x3C	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA256
			RSA		RSA	AES(128)	SHA256
			ECDHE-RSA-AES256-SHA		(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH		RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA		(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH		RSA	AES(128)	SHA1
			AES256-SHA		(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA		RSA	AES(256)	SHA1
			AES128-SHA		(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA		RSA	AES(128)	SHA1

18. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.

Permalink: https://check-your-website.server-daten.de/?i=edc56e61-f74e-4552-a865-73c740a43cee

Last Result: https://check-your-website.server-daten.de/?q=cia.gov - 2025-01-10 13:58:49

Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=cia.gov" target="_blank">Check this Site: cia.gov</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

QR-Code of this page - https://check-your-website.server-daten.de/?d=cia.gov

Check DNS, Urls + Redirects, Certificates and Content of your Website

Older results

1. IP-Addresses

2. DNSSEC

3. Name Servers

4. SOA-Entries

5. Screenshots

Mobile- and other Chrome-Checks

6. Url-Checks

7. Comments

1. General Results, most used to calculate the result

2. Header-Checks

3. DNS- and NameServer - Checks

4. Content- and Performance-critical Checks

8. Connections

9. Certificates

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

11. Html-Content - Entries

Summary

Details (currently limited to 500 rows - some problems with spam users)

12. Html-Parsing via https://validator.w3.org/nu/

Summary

Details

13. Nameserver - IP-Adresses

14. CAA - Entries

15. TXT - Entries

16. DomainService - Entries

17. Cipher Suites

18. Portchecks