Check DNS, Urls + Redirects, Certificates and Content of your Website


 

 

 

1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
cia.gov
A
23.207.8.62
Piscataway/New Jersey/United States (US) - Akamai Technologies, Inc.
Hostname: a23-207-8-62.deploy.static.akamaitechnologies.com
yes
1
0

AAAA
2600:141b:f000:181::184d
Edison/New Jersey/United States (US) - Akamai International B.V.

yes



AAAA
2600:141b:f000:1a5::184d
Edison/New Jersey/United States (US) - Akamai International B.V.

yes


www.cia.gov
CNAME
www.cia.gov.edgekey.net
yes
1
0

CNAME
e6221.dscna.akamaiedge.net
yes


www.cia.gov
A
23.201.180.249
Secaucus/New Jersey/United States (US) - Akamai Technologies
No Hostname found
no


*.cia.gov
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes


 

2. DNSSEC

Zone (*)DNSSEC - Informations


Zone: (root)

(root)
1 DS RR published






DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=






Status: Valid because published






3 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 26470, Flags 256






Public Key with Algorithm 8, KeyTag 61050, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.01.2025, 00:00:00 +, Signature-Inception: 01.01.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: gov

gov
1 DS RR in the parent zone found






DS with Algorithm 13, KeyTag 2536, DigestType 2 and Digest C68mt7vzE6hZBG/Tse5J3fujOTTPs+cXwh4qKTXC8lk=






1 RRSIG RR to validate DS RR found






RRSIG-Owner gov., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 05:00:00 +, Signature-Inception: 10.01.2025, 04:00:00 +, KeyTag 26470, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26470 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 13, KeyTag 2536, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 13, KeyTag 35496, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner gov., Algorithm: 13, 1 Labels, original TTL: 3600 sec, Signature-expiration: 06.03.2025, 11:05:46 +, Signature-Inception: 04.01.2025, 11:05:46 +, KeyTag 2536, Signer-Name: gov






Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2536 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2536, DigestType 2 and Digest "C68mt7vzE6hZBG/Tse5J3fujOTTPs+cXwh4qKTXC8lk=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: cia.gov

cia.gov
2 DS RR in the parent zone found






DS with Algorithm 8, KeyTag 25534, DigestType 2 and Digest T26fiGpkmXYSfTpHRhCMJGHi2RmPHSTIac/Z6R4s9bM=






DS with Algorithm 8, KeyTag 62599, DigestType 2 and Digest 5RrlQBjkFhn5cHalbJadEKcbTQBQ2/Hmq43i+M8COuU=






1 RRSIG RR to validate DS RR found






RRSIG-Owner cia.gov., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 11.01.2025, 13:58:57 +, Signature-Inception: 09.01.2025, 11:58:57 +, KeyTag 35496, Signer-Name: gov






Status: Good - Algorithmus 13 and DNSKEY with KeyTag 35496 used to validate the DS RRSet in the parent zone






4 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 20734, Flags 256






Public Key with Algorithm 8, KeyTag 24358, Flags 256






Public Key with Algorithm 8, KeyTag 48959, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 62599, Flags 257 (SEP = Secure Entry Point)






2 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 48959, Signer-Name: cia.gov






RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 62599, Signer-Name: cia.gov






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 48959 used to validate the DNSKEY RRSet






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 62599 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 62599, DigestType 2 and Digest "5RrlQBjkFhn5cHalbJadEKcbTQBQ2/Hmq43i+M8COuU=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone






RRSIG Type 1 validates the A - Result: 23.207.8.62
Validated: RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 20 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov






RRSIG Type 16 validates the TXT - Result: v=spf1 mx -all
Validated: RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov






RRSIG Type 28 validates the AAAA - Result: 2600:141B:F000:0181:0000:0000:0000:184D 2600:141B:F000:01A5:0000:0000:0000:184D
Validated: RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 20 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov






RRSIG Type 257 validates the CAA - Result: 5|iodefmailto:caanotices@uce.cia.gov 5|issuedigicert.com
Validated: RRSIG-Owner cia.gov., Algorithm: 8, 2 Labels, original TTL: 1800 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov






CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "vbvtihccf48lla86u4fv7ljf5vjmh4jb" equal the hashed NSEC3-owner "vbvtihccf48lla86u4fv7ljf5vjmh4jb" and the hashed NextOwner "0fbeppk5ciddcm0mb7g2626ebk3ldclf". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner vbvtihccf48lla86u4fv7ljf5vjmh4jb.cia.gov., Algorithm: 8, 3 Labels, original TTL: 14400 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov






Status: Good. NoData-Proof required and found.






TLSA-Query (_443._tcp.cia.gov) sends a valid NSEC3 RR as result with the hashed owner name "vbvtihccf48lla86u4fv7ljf5vjmh4jb" (unhashed: cia.gov). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner vbvtihccf48lla86u4fv7ljf5vjmh4jb.cia.gov., Algorithm: 8, 3 Labels, original TTL: 14400 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov






Status: Good. NXDomain-Proof required and found.






TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "5usn7f1lp8msbbh5m7092jljvojnmltr" (unhashed: _tcp.cia.gov) with the owner "5s90q1hdc1geqrgsqoh4g0l2vmiil9oh" and the NextOwner "5vb8gbt76fbvkm6m5se493lumueum6ca". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: A, RRSIG Validated: RRSIG-Owner 5s90q1hdc1geqrgsqoh4g0l2vmiil9oh.cia.gov., Algorithm: 8, 3 Labels, original TTL: 14400 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov






Status: Good. NXDomain-Proof required and found.






TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "q13hfn7cai6aefchhdqo133fs8km2qv5" (unhashed: *.cia.gov) with the owner "p5q8609o7h8q64s1lue3lthekc4g6apd" and the NextOwner "qb31ib9okhpae04gt6vktgg5nkku6cqj". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, RRSIG Validated: RRSIG-Owner p5q8609o7h8q64s1lue3lthekc4g6apd.cia.gov., Algorithm: 8, 3 Labels, original TTL: 14400 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov






Status: Good. NXDomain-Proof required and found.



Zone: www.cia.gov

www.cia.gov
0 DS RR in the parent zone found






RRSIG Type 5 validates the CNAME - Result: www.cia.gov.edgekey.net
Validated: RRSIG-Owner www.cia.gov., Algorithm: 8, 3 Labels, original TTL: 14400 sec, Signature-expiration: 12.01.2025, 16:36:33 +, Signature-Inception: 09.01.2025, 15:36:33 +, KeyTag 24358, Signer-Name: cia.gov



Zone: (root)

(root)
1 DS RR published






DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=






Status: Valid because published






3 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 26470, Flags 256






Public Key with Algorithm 8, KeyTag 61050, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.01.2025, 00:00:00 +, Signature-Inception: 01.01.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: net

net
1 DS RR in the parent zone found






DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=






1 RRSIG RR to validate DS RR found






RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 05:00:00 +, Signature-Inception: 10.01.2025, 04:00:00 +, KeyTag 26470, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26470 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 13, KeyTag 31059, Flags 256






Public Key with Algorithm 13, KeyTag 37331, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner net., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 17.01.2025, 15:10:35 +, Signature-Inception: 02.01.2025, 15:05:35 +, KeyTag 37331, Signer-Name: net






Status: Good - Algorithmus 13 and DNSKEY with KeyTag 37331 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest "LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: edgekey.net

edgekey.net
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "2a0amkj9v4j641a6apq195g5diut3cbc" between the hashed NSEC3-owner "2a0963gvltddogkcji3eujginncdime3" and the hashed NextOwner "2a0dj5vpi8s7nqvoi1idabi5tt0jc7g7". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 2a0963gvltddogkcji3eujginncdime3.net., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 15.01.2025, 03:09:56 +, Signature-Inception: 08.01.2025, 01:59:56 +, KeyTag 31059, Signer-Name: net






DS-Query in the parent zone sends valid NSEC3 RR with the Hash "a1rt98bs5qgc9nfi51s9hci47uljg6jh" as Owner. That's the Hash of "net" with the NextHashedOwnerName "a1rtlnpgulogn7b9a62shje1u3ttp8dr". So that domain name is the Closest Encloser of "edgekey.net". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner a1rt98bs5qgc9nfi51s9hci47uljg6jh.net., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 15.01.2025, 03:05:20 +, Signature-Inception: 08.01.2025, 01:55:20 +, KeyTag 31059, Signer-Name: net






0 DNSKEY RR found









Zone: gov.edgekey.net

gov.edgekey.net
0 DS RR in the parent zone found






0 DNSKEY RR found









Zone: cia.gov.edgekey.net

cia.gov.edgekey.net
0 DS RR in the parent zone found






0 DNSKEY RR found









Zone: www.cia.gov.edgekey.net

www.cia.gov.edgekey.net
0 DS RR in the parent zone found

 

3. Name Servers

DomainNameserverNS-IP
cia.gov
  a1-22.akam.net
193.108.91.22
Seattle/Washington/United States (US) - Akamai International B.V.


 
2600:1401:2::16
Seattle/Washington/United States (US) - Akamai International B.V.


  a12-65.akam.net
184.26.160.65
Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.


 
2600:1480:f000::41
Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.


  a13-65.akam.net
2.22.230.65
Madrid/Spain (ES) - Akamai Technologies


 
2600:1480:800::41
Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.


  a16-67.akam.net
23.211.132.67
Milan/Lombardy/Italy (IT) - Akamai International, BV


 
2600:1406:1b::43
Milan/Lombardy/Italy (IT) - Akamai International B.V.


  a22-66.akam.net
23.211.61.66
Cambridge/Massachusetts/United States (US) - Akamai International B.V.


 
2600:1480:7800::42
Miami/Florida/United States (US) - Akamai International B.V.


  a3-64.akam.net
96.7.49.64
Cambridge/Massachusetts/United States (US) - Akamai International B.V.


 
2600:1408:1c::40
Springfield/Illinois/United States (US) - Akamai International B.V.

gov
  a.ns.gov / 520m156


  b.ns.gov / 556m146


  c.ns.gov / 520m160


  d.ns.gov / 20m713


cia.gov.edgekey.net
  ns1-2.akamai.com

gov.edgekey.net
  ns1-2.akamai.com

edgekey.net
  a10-66.akam.net
96.7.50.66
Cambridge/Massachusetts/United States (US) - Akamai International B.V.


 
2600:1480:d000::42
Los Angeles/California/United States (US) - Akamai International B.V.


  a11-65.akam.net
84.53.139.65
Sterling/Virginia/United States (US) - Akamai Technologies


 
2600:1480:1::41
Learmonth/Western Australia/Australia (AU) - Akamai International B.V.


  a12-65.akam.net
184.26.160.65
Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.


 
2600:1480:f000::41
Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.


  a13-65.akam.net
2.22.230.65
Madrid/Spain (ES) - Akamai Technologies


 
2600:1480:800::41
Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.


  a1-66.akam.net
193.108.91.66
Seattle/Washington/United States (US) - Akamai International B.V.


 
2600:1401:2::42
Seattle/Washington/United States (US) - Akamai International B.V.


  a16-65.akam.net
23.211.132.65
Milan/Lombardy/Italy (IT) - Akamai International, BV


 
2600:1406:1b::41
Milan/Lombardy/Italy (IT) - Akamai International B.V.


  a18-65.akam.net
95.101.36.65
London/England/United Kingdom (GB) - Akamai Technologies


 
2600:1480:4800::41
Cambridge/Massachusetts/United States (US) - Akamai International B.V.


  a28-65.akam.net
95.100.173.65
London/England/United Kingdom (GB) - Akamai Technologies


 
2600:1480:d800::41
Cambridge/Massachusetts/United States (US) - Akamai International B.V.


  a3-65.akam.net
96.7.49.65
Cambridge/Massachusetts/United States (US) - Akamai International B.V.


 
2600:1408:1c::41
Springfield/Illinois/United States (US) - Akamai International B.V.


  a5-65.akam.net
95.100.168.65
Milan/Lombardy/Italy (IT) - Akamai Technologies


 
2600:1480:b000::41
Washington/District of Columbia/United States (US) - Akamai International B.V.


  a6-65.akam.net
23.211.133.65
Washington/District of Columbia/United States (US) - Akamai International B.V.


 
2600:1401:1::41
Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.


  a7-64.akam.net
23.61.199.64
Cambridge/Massachusetts/United States (US) - Akamai International B.V.


 
2600:1406:32::40
San Jose/California/United States (US) - Akamai International B.V.


  a9-65.akam.net
184.85.248.65
Amsterdam/North Holland/The Netherlands (NL) - Akamai International B.V.


 
2a02:26f0:117::41
Cambridge/Massachusetts/United States (US) - Akamai International B.V


  adns1.akam.net
96.7.50.66
Cambridge/Massachusetts/United States (US) - Akamai International B.V.


  ns1-2.akam.net
193.108.91.2
Seattle/Washington/United States (US) - Akamai International B.V.


 
2600:1401:2::2
Seattle/Washington/United States (US) - Akamai International B.V.


  ns1-2.akamai.com


  usw6.akam.net
23.61.199.64
Cambridge/Massachusetts/United States (US) - Akamai International B.V.

net
  a.gtld-servers.net / nnn1-defra-5


  b.gtld-servers.net / nnn1-elwaw4


  c.gtld-servers.net / nnn1-par6


  d.gtld-servers.net / nnn1-defra-5


  e.gtld-servers.net / nnn1-defra-5


  f.gtld-servers.net / nnn1-defra-4


  g.gtld-servers.net / nnn1-defra-4


  h.gtld-servers.net / nnn1-defra-4


  i.gtld-servers.net / nnn1-defra-4


  j.gtld-servers.net / nnn1-frmrs-2


  k.gtld-servers.net / nnn1-frmrs-2


  l.gtld-servers.net / nnn1-nlams-2e


  m.gtld-servers.net / nnn1-ein2

 

4. SOA-Entries


Domain:gov
Zone-Name:gov
Primary:a.ns.gov
Mail:dns.cloudflare.com
Serial:1736513701
Refresh:3600
Retry:900
Expire:604800
TTL:300
num Entries:4


Domain:cia.gov
Zone-Name:cia.gov
Primary:a1-22.akam.net
Mail:monrpt.cia.gov
Serial:2015111800
Refresh:7200
Retry:3600
Expire:2419200
TTL:14400
num Entries:12



Domain:net
Zone-Name:net
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1736513917
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:8


Domain:net
Zone-Name:net
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1736513932
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:5


Domain:edgekey.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:edgekey.net
Zone-Name:edgekey.net
Primary:ns1-2.akamai.com
Mail:hostmaster.akamai.com
Serial:1579386911
Refresh:900
Retry:300
Expire:604800
TTL:180
num Entries:30


Domain:gov.edgekey.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:cia.gov.edgekey.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


5. Screenshots

Startaddress: https://www.cia.gov/, address used: https://www.cia.gov/, Screenshot created 2025-01-10 14:09:39 +00:0

 

Mobil (412px x 732px)

 

1040 milliseconds

 

Screenshot mobile - https://www.cia.gov/
Mobil + Landscape (732px x 412px)

 

1055 milliseconds

 

Screenshot mobile landscape - https://www.cia.gov/
Screen (1280px x 1680px)

 

1132 milliseconds

 

Screenshot Desktop - https://www.cia.gov/

 

Mobile- and other Chrome-Checks


widthheight
visual Viewport412732
content Size412732

 

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

 

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://cia.gov/
23.207.8.62
301
https://cia.gov/

0.200
A
Server: AkamaiGHost
Location: https://cia.gov/
Date: Fri, 10 Jan 2025 13:02:40 GMT
Connection: keep-alive
Content-Length: 0

• http://cia.gov/
2600:141b:f000:181::184d
301
https://cia.gov/

0.203
A
Server: AkamaiGHost
Location: https://cia.gov/
Date: Fri, 10 Jan 2025 13:02:40 GMT
Connection: keep-alive
Content-Length: 0

• http://cia.gov/
2600:141b:f000:1a5::184d
301
https://cia.gov/

0.206
A
Server: AkamaiGHost
Location: https://cia.gov/
Date: Fri, 10 Jan 2025 13:02:40 GMT
Connection: keep-alive
Content-Length: 0

• http://www.cia.gov/
23.201.180.249
301
https://www.cia.gov/

0.203
A
Server: AkamaiGHost
Location: https://www.cia.gov/
Date: Fri, 10 Jan 2025 13:02:40 GMT
Connection: keep-alive
Content-Length: 0

• https://cia.gov/
23.207.8.62
301
https://www.cia.gov/

4.923
B
Location: https://www.cia.gov/
Date: Fri, 10 Jan 2025 13:02:41 GMT
Connection: keep-alive
Set-Cookie: _session_=FB679AE9BEECE5B8D3BB60065C4421B4; path=/; domain=cia.gov; secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Length: 0

• https://cia.gov/
2600:141b:f000:181::184d
301
https://www.cia.gov/

4.737
B
Location: https://www.cia.gov/
Date: Fri, 10 Jan 2025 13:02:47 GMT
Connection: keep-alive
Set-Cookie: _session_=760F55A428411910D3AFD07027F5B984; path=/; domain=cia.gov; secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Length: 0

• https://cia.gov/
2600:141b:f000:1a5::184d
301
https://www.cia.gov/

4.707
B
Location: https://www.cia.gov/
Date: Fri, 10 Jan 2025 13:02:52 GMT
Connection: keep-alive
Set-Cookie: _session_=997758DCAA6C3BEB54EF072580EC65DF; path=/; domain=cia.gov; secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Length: 0

• https://www.cia.gov/
23.201.180.249 gzip used - 56073 / 369882 - 84.84 %
Inline-JavaScript (∑/total): 3/1024 Inline-CSS (∑/total): 4/310540
200

Html is minified: 631.70 %
Other inline scripts (∑/total): 2/1176
5.800
I
Accept-Ranges: bytes
ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
Vary: Accept-Encoding
X-Akamai-Transformed: 9 55987 0 pmb=mNONE,1
Date: Fri, 10 Jan 2025 13:02:58 GMT
Connection: keep-alive
Set-Cookie: _session_=1D00DB5D0E9557AAB31754DEA0C8A0D9; path=/; domain=cia.gov; secure; HttpOnly
ID: f0L5Q7YDhtnMIIk6nUpV3rP7UHImHBgvna7O3Qe3/WDycIg3eX2sof+qaLqKPGie
SESSION: eMSWoKzEhtOM4oeFvWfRVNnblxkQt+hNVrCzwBIc2QJ7ThBhAbYI+L7jqnUTPMvRGJlFLOwuXciGs2U9H1fheg==
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: text/html
Last-Modified: Wed, 08 Jan 2025 17:25:30 GMT
Content-Encoding: gzip
Content-Length: 56073

• http://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
23.207.8.62
301
https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

0.267
A
Visible Content:
Server: AkamaiGHost
Location: https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 10 Jan 2025 13:03:05 GMT
Connection: keep-alive
Content-Length: 0

• http://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2600:141b:f000:181::184d
301
https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

0.557
A
Visible Content:
Server: AkamaiGHost
Location: https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 10 Jan 2025 13:03:07 GMT
Connection: keep-alive
Content-Length: 0

• http://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2600:141b:f000:1a5::184d
301
https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

0.110
A
Visible Content:
Server: AkamaiGHost
Location: https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 10 Jan 2025 13:03:08 GMT
Connection: keep-alive
Content-Length: 0

• http://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
23.201.180.249
301
https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

0.383
A
Visible Content:
Server: AkamaiGHost
Location: https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 10 Jan 2025 13:03:09 GMT
Connection: keep-alive
Content-Length: 0

• https://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

301
https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

6.040
B
Visible Content:
Location: https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 10 Jan 2025 13:03:34 GMT
Connection: keep-alive
Set-Cookie: _session_=44208D43A1A2C31CC610F3C80C5C2AB6; path=/; domain=cia.gov; secure; HttpOnly
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Length: 0

• https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
gzip used - 53531 / 351544 - 84.77 %
Inline-JavaScript (∑/total): 3/1028 Inline-CSS (∑/total): 4/310432
404

Html is minified: 871.56 %
Other inline scripts (∑/total): 1/567
7.014
A
Not Found
Visible Content:
Accept-Ranges: bytes
ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"
Vary: Accept-Encoding
X-Akamai-Transformed: 9 53442 0 pmb=mNONE,1
Date: Fri, 10 Jan 2025 13:03:42 GMT
Connection: keep-alive
ID: nT2z370BbxW1olR2+jvBAFKhI+OONphuBQrmTyRorYFZquLeaivjhdUXeEZC6wvb
SESSION: vj5XAqNj+t2Z8GSUKb6UKIkxyayvBObIh0On6ZrguvsPq8WNETpDr61A4OpRX5Iu+5FHAdDQxXrU7w8QrnvpbQ==
Cache-Control: no-store, no-cache, max-age=0
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: text/html
Last-Modified: Wed, 08 Jan 2025 17:25:30 GMT
Content-Encoding: gzip
Content-Length: 53531

• https://23.207.8.62/
23.207.8.62
400

Html is minified: 101.64 %
4.820
N
Bad Request
Certificate error: RemoteCertificateNameMismatch
Server: AkamaiGHost
Mime-Version: 1.0
Date: Fri, 10 Jan 2025 13:03:11 GMT
Connection: close
Content-Type: text/html
Content-Length: 310
Expires: Fri, 10 Jan 2025 13:03:11 GMT

• https://23.201.180.249/
23.201.180.249
400

Html is minified: 101.63 %
5.113
N
Bad Request
Certificate error: RemoteCertificateNameMismatch
Server: AkamaiGHost
Mime-Version: 1.0
Date: Fri, 10 Jan 2025 13:03:27 GMT
Connection: close
Content-Type: text/html
Content-Length: 312
Expires: Fri, 10 Jan 2025 13:03:27 GMT

• https://[2600:141b:f000:0181:0000:0000:0000:184d]/
2600:141b:f000:181::184d
400

Html is minified: 101.65 %
4.700
N
Bad Request
Certificate error: RemoteCertificateNameMismatch
Server: AkamaiGHost
Mime-Version: 1.0
Date: Fri, 10 Jan 2025 13:03:16 GMT
Connection: close
Content-Type: text/html
Content-Length: 308
Expires: Fri, 10 Jan 2025 13:03:16 GMT

• https://[2600:141b:f000:01a5:0000:0000:0000:184d]/
2600:141b:f000:1a5::184d
400

Html is minified: 101.65 %
4.684
N
Bad Request
Certificate error: RemoteCertificateNameMismatch
Server: AkamaiGHost
Mime-Version: 1.0
Date: Fri, 10 Jan 2025 13:03:22 GMT
Connection: close
Content-Type: text/html
Content-Length: 308
Expires: Fri, 10 Jan 2025 13:03:22 GMT

 

7. Comments


1. General Results, most used to calculate the result

Aname "cia.gov" is domain, public suffix is ".gov", top-level-domain is ".gov", top-level-domain-type is "sponsored", tld-manager is "General Services Administration Attn: QTDC, 2E08 (.gov Domain Registration)", num .gov-domains preloaded: 5110 (complete: 263653)
AGood: All ip addresses are public addresses
AGood: Minimal 2 ip addresses per domain name found: cia.gov has 3 different ip addresses (authoritative).
AGood: Ipv4 and Ipv6 addresses per domain name found: cia.gov has 1 ipv4, 2 ipv6 addresses
AGood: No asked Authoritative Name Server had a timeout
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: www is preferred
AGood: No cookie sent via http.
AGood: every cookie sent via https is marked as secure
AGood: HSTS has preload directive
AExcellent: Domain is in the Google-Preload-List
AExcellent: Domain is in the Mozilla/Firefox-Preload-List
AHSTS-Preload-Status: Preloaded. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):0 complete Content-Type - header (2 urls)
https://www.cia.gov/ 23.201.180.249


Url with incomplete Content-Type - header - missing charset
https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de


Url with incomplete Content-Type - header - missing charset
Ahttp://cia.gov/ 23.207.8.62
301
https://cia.gov/
Correct redirect http - https with the same domain name
Ahttp://cia.gov/ 2600:141b:f000:181::184d
301
https://cia.gov/
Correct redirect http - https with the same domain name
Ahttp://cia.gov/ 2600:141b:f000:1a5::184d
301
https://cia.gov/
Correct redirect http - https with the same domain name
Ahttp://www.cia.gov/ 23.201.180.249
301
https://www.cia.gov/
Correct redirect http - https with the same domain name
Bhttps://cia.gov/ 23.207.8.62
301
_session_=FB679AE9BEECE5B8D3BB60065C4421B4; path=/; domain=cia.gov; secure; HttpOnly
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttps://cia.gov/ 2600:141b:f000:181::184d
301
_session_=760F55A428411910D3AFD07027F5B984; path=/; domain=cia.gov; secure; HttpOnly
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttps://cia.gov/ 2600:141b:f000:1a5::184d
301
_session_=997758DCAA6C3BEB54EF072580EC65DF; path=/; domain=cia.gov; secure; HttpOnly
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttps://www.cia.gov/ 23.201.180.249
200
_session_=1D00DB5D0E9557AAB31754DEA0C8A0D9; path=/; domain=cia.gov; secure; HttpOnly
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttps://cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
301
_session_=44208D43A1A2C31CC610F3C80C5C2AB6; path=/; domain=cia.gov; secure; HttpOnly
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Ihttps://www.cia.gov/ 23.201.180.249
200

Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
Ihttps://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
Mhttps://23.207.8.62/ 23.207.8.62
400

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://[2600:141b:f000:0181:0000:0000:0000:184d]/ 2600:141b:f000:181::184d
400

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://[2600:141b:f000:01a5:0000:0000:0000:184d]/ 2600:141b:f000:1a5::184d
400

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://23.201.180.249/ 23.201.180.249
400

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://23.207.8.62/ 23.207.8.62
400

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://[2600:141b:f000:0181:0000:0000:0000:184d]/ 2600:141b:f000:181::184d
400

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://[2600:141b:f000:01a5:0000:0000:0000:184d]/ 2600:141b:f000:1a5::184d
400

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://23.201.180.249/ 23.201.180.249
400

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Ocia.gov / 23.207.8.62 / 443


Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
Ocia.gov / 2600:141b:f000:181::184d / 443


Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
Ocia.gov / 2600:141b:f000:1a5::184d / 443


Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 6 Cipher Suites without Forward Secrecy found
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain cia.gov, 3 ip addresses.
Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are the same. So that domain doesn't require Server Name Indication (SNI), it's the primary certificate of that set of ip addresses.: Domain cia.gov, 3 ip addresses, 1 different http results.
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.cia.gov

2. Header-Checks

Fwww.cia.gov 23.201.180.249
Content-Security-Policy
Critical: Missing Header:
Fwww.cia.gov 23.201.180.249
X-Content-Type-Options
Critical: Missing Header:
Fwww.cia.gov 23.201.180.249
Referrer-Policy
Critical: Missing Header:
Fwww.cia.gov 23.201.180.249
Permissions-Policy
Critical: Missing Header:
Bwww.cia.gov 23.201.180.249
Cross-Origin-Embedder-Policy
Info: Missing Header
Bwww.cia.gov 23.201.180.249
Cross-Origin-Opener-Policy
Info: Missing Header
Bwww.cia.gov 23.201.180.249
Cross-Origin-Resource-Policy
Info: Missing Header

3. DNS- and NameServer - Checks

AInfo:: 19 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 6 Name Servers.
AInfo:: 19 Queries complete, 19 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
Ok (4 - 8):: An average of 3.2 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 6 different Name Servers found: a1-22.akam.net, a12-65.akam.net, a13-65.akam.net, a16-67.akam.net, a22-66.akam.net, a3-64.akam.net, 6 Name Servers included in Delegation: a1-22.akam.net, a12-65.akam.net, a13-65.akam.net, a16-67.akam.net, a22-66.akam.net, a3-64.akam.net, 6 Name Servers included in 1 Zone definitions: a1-22.akam.net, a12-65.akam.net, a13-65.akam.net, a16-67.akam.net, a22-66.akam.net, a3-64.akam.net, 1 Name Servers listed in SOA.Primary: a1-22.akam.net.
AGood: Only one SOA.Primary Name Server found.: a1-22.akam.net.
AGood: SOA.Primary Name Server included in the delegation set.: a1-22.akam.net.
AGood: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: a1-22.akam.net, a12-65.akam.net, a13-65.akam.net, a16-67.akam.net, a22-66.akam.net, a3-64.akam.net
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AGood: Minimal 2 different name servers (public suffix and public ip address) found: 6 different Name Servers found
AGood: All name servers have ipv4- and ipv6-addresses.: 6 different Name Servers found
Warning: All Name Servers have the same Top Level Domain / Public Suffix. If there is a problem with that Top Level Domain, your domain may be affected. Better: Use Name Servers with different top level domains.: 6 Name Servers, 1 Top Level Domain: net
Warning: All Name Servers have the same domain name. If there is a problem with that domain name (or with the name servers of that domain name), your domain may be affected. Better: Use Name Servers with different domain names / different top level domains.: Only one domain name used: akam.net
AGood: Name servers with different Country locations found: 6 Name Servers, 4 Countries: DE, ES, IT, US
AInfo: Ipv4-Subnet-list: 6 Name Servers, 5 different subnets (first Byte): 184., 193., 2., 23., 96., 5 different subnets (first two Bytes): 184.26., 193.108., 2.22., 23.211., 96.7., 6 different subnets (first three Bytes): 184.26.160., 193.108.91., 2.22.230., 23.211.132., 23.211.61., 96.7.49.
AGood: Name Server IPv4-addresses from different subnet found:
AInfo: IPv6-Subnet-list: 6 Name Servers with IPv6, 1 different subnets (first block): 2600:, 4 different subnets (first two blocks): 2600:1401:, 2600:1406:, 2600:1408:, 2600:1480:, 6 different subnets (first three blocks): 2600:1401:0002:, 2600:1406:001b:, 2600:1408:001c:, 2600:1480:0800:, 2600:1480:7800:, 2600:1480:f000:, 6 different subnets (first four blocks): 2600:1401:0002:0000:, 2600:1406:001b:0000:, 2600:1408:001c:0000:, 2600:1480:0800:0000:, 2600:1480:7800:0000:, 2600:1480:f000:0000:
AGood: Name Server IPv6 addresses from different subnets found.
AGood: Nameserver supports TCP connections: 12 good Nameserver
AGood: Nameserver supports Echo Capitalization: 12 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 12 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 12 good Nameserver
Nameserver doesn't pass all EDNS-Checks: ns1-2.akamai.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: ns1-2.akamai.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: ns1-2.akamai.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
AGood: CAA entries found, creating certificate is limited: digicert.com is allowed to create certificates

4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Every https result with status 200 and greater 1024 Bytes is compressed (gzip, deflate, br checked).
https://www.cia.gov/ 23.201.180.249
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://www.cia.gov/ 23.201.180.249
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
https://www.cia.gov/ 23.201.180.249
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 5 script elements without defer/async.
https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 5 script elements without defer/async.
AGood: All CSS / JavaScript files are sent compressed (gzip, deflate, br checked). That reduces the content of the files. 8 external CSS / JavaScript files found
AGood: All images with internal compression not compressed. Some Images (.png, .jpg, .jpeg, .webp, .gif) are already compressed, so an additional compression isn't helpful. 10 images (type image/png, image/jpg, image/jpeg, image/webp, image/gif) found without additional Compression. Not required because these images are already compressed
Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 6 external CSS / JavaScript files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 4 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 10 complete.
Warning: Images with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 30 image files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 30 complete.
AGood: All checked attribute values are enclosed in quotation marks (" or ').
AGood: Some img-elements have a valid alt-attribute.: 14 img-elements found, 8 img-elements with correct alt-attributes (defined, not an empty value).
Wrong: img-elements without alt-attribute or empty alt-attribute found. The alt-attribute ("alternative") is required and should describe the img. So Screenreader and search engines are able to use these informations.: 0 img-elements without alt-attribute, 6 img-elements with empty alt-attribute found.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
7.014 seconds
Warning: 404 needs more then one second
ADuration: 656850 milliseconds, 656.850 seconds

 

8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
cia.gov
23.207.8.62
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
cia.gov
23.207.8.62
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


cia.gov
2600:141b:f000:181::184d
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok

cia.gov
2600:141b:f000:181::184d
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


cia.gov
2600:141b:f000:1a5::184d
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok

cia.gov
2600:141b:f000:1a5::184d
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


www.cia.gov
23.201.180.249
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok

www.cia.gov
23.201.180.249
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


cia.gov
cia.gov
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok

cia.gov
cia.gov
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


www.cia.gov
www.cia.gov
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok

www.cia.gov
www.cia.gov
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


23.207.8.62
23.207.8.62
443
name does not match
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok

23.207.8.62
23.207.8.62
443
name does not match
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
no http/2 via ALPN 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
no http/2 via ALPN
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


23.201.180.249
23.201.180.249
443
name does not match
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok

23.201.180.249
23.201.180.249
443
name does not match
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
no http/2 via ALPN 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
no http/2 via ALPN
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


[2600:141b:f000:0181:0000:0000:0000:184d]
2600:141b:f000:181::184d
443
name does not match
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok

[2600:141b:f000:0181:0000:0000:0000:184d]
2600:141b:f000:181::184d
443
name does not match
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
no http/2 via ALPN 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
no http/2 via ALPN
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US


[2600:141b:f000:01a5:0000:0000:0000:184d]
2600:141b:f000:1a5::184d
443
name does not match
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok

[2600:141b:f000:01a5:0000:0000:0000:184d]
2600:141b:f000:1a5::184d
443
name does not match
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
no http/2 via ALPN 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
no http/2 via ALPN
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, C=US, ST=Virginia


2CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US

 

9. Certificates

1.
1.
CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, S=Virginia, C=US, SERIALNUMBER=Government Entity, OID.2.5.4.15=Government Entity, OID.1.3.6.1.4.1.311.60.2.1.3=US
22.03.2024
23.04.2025
expires in 93 days
www.cia.gov, cia.gov - 2 entries
1.
1.
CN=www.cia.gov, O=Central Intelligence Agency, L=Mclean, S=Virginia, C=US, SERIALNUMBER=Government Entity, OID.2.5.4.15=Government Entity, OID.1.3.6.1.4.1.311.60.2.1.3=US
22.03.2024

23.04.2025
expires in 93 days


www.cia.gov, cia.gov - 2 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:SHA256 With RSA-Encryption
Serial Number:09FCEF03D1BD3202878992ED4846F413
Thumbprint:08F80792A3622F4C78755106E1B55F44758A6148
SHA256 / Certificate:Qy/7BnW5G75RWhfo1ZBBT2vfESAzzymqEJCyMV4VAAU=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):cdbf2dd7986ca5f3b8106022bb06ae58cbcb1261978f593fe8e5a3594db221df
SHA256 hex / Subject Public Key Information (SPKI):cdbf2dd7986ca5f3b8106022bb06ae58cbcb1261978f593fe8e5a3594db221df (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
02.07.2020
02.07.2030
expires in 1989 days


2.
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
02.07.2020

02.07.2030
expires in 1989 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:01678F1FEF882255D8B0A70E6B7BB220
Thumbprint:090A16F9BA16001B2EC130F80523E5B5EB259158
SHA256 / Certificate:lYjvdBmeRazvzM/AxHAQ6fKjeh3UTGGk4cazNNpa9hQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):c3d23c5aba47af56004b40ee82f2c6b2b23d566d72124640ca594ac5e9975dfe
SHA256 hex / Subject Public Key Information (SPKI):c3d23c5aba47af56004b40ee82f2c6b2b23d566d72124640ca594ac5e9975dfe
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013
15.01.2038
expires in 4743 days


3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013

15.01.2038
expires in 4743 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:033AF1E6A711A9A0BB2864B11D09FAE5
Thumbprint:DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA256 / Certificate:yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=
SHA256 hex / Cert (DANE * 0 1):cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA256 hex / PublicKey (DANE * 1 1):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




 

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuerlast 7 daysactivenum Certs
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
0
5
7

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
7009730856
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2024-03-26 00:00:00
2025-04-26 23:59:59
cia.gov, www.cia.gov - 2 entries


6984874670
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2024-03-22 00:00:00
2025-04-22 23:59:59
www.cia.gov - 1 entries


6984874618
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2024-03-22 00:00:00
2025-04-22 23:59:59
cia.gov, www.cia.gov - 2 entries


6984874636
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2024-03-22 00:00:00
2025-04-22 23:59:59
cia.gov, www.cia.gov - 2 entries


6984874875
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2024-03-22 00:00:00
2025-04-22 23:59:59
cia.gov, www.cia.gov - 2 entries


5018646537
leaf cert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2023-03-30 00:00:00
2024-03-29 23:59:59
cia.gov, www.cia.gov - 2 entries


5018935334
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2023-03-30 00:00:00
2024-04-29 23:59:59
www.cia.gov - 1 entries


 

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuerlast 7 daysactivenum Certs
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
0
5
7

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
12496722130
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2024-03-25 23:00:00
2025-04-26 21:59:59
cia.gov, www.cia.gov
2 entries


12474350248
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2024-03-21 23:00:00
2025-04-22 21:59:59
www.cia.gov
1 entries


12474350005
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2024-03-21 23:00:00
2025-04-22 21:59:59
cia.gov, www.cia.gov
2 entries


12474350007
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2024-03-21 23:00:00
2025-04-22 21:59:59
cia.gov, www.cia.gov
2 entries


13001511357
leaf cert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2024-03-21 23:00:00
2025-04-22 21:59:59
cia.gov, www.cia.gov
2 entries


9034197349
leaf cert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2023-03-29 22:00:00
2024-03-29 22:59:59
cia.gov, www.cia.gov
2 entries


9013118100
precert
CN=DigiCert EV RSA CA G2, O=DigiCert Inc, C=US
2023-03-29 22:00:00
2024-04-29 21:59:59
www.cia.gov
1 entries


 

11. Html-Content - Entries

Summary


Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://www.cia.gov/
23.201.180.249
a

83

0


0
0
0


form

1
53,297 Bytes
0
1
0
0
0
0


img

5
13,426 Bytes
0
1
0
0
0
0


link
other
11
705,228 Bytes
0
9
0
0
0
0


meta
og
4
112,146 Bytes
0
2
0
0
0
0


meta
twitter
4

1


0
0
0


meta
other
8

0


0
0
0


picture

8

8


0
0
0


script

5
104,434 Bytes
5
5
0
0
0
0


style

2

0


0
0
0

https://www.cia.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
a

85

0


0
0
0


form

1
53,297 Bytes
0
1
0
0
0
0


img

1
13,426 Bytes
0
1
0
0
0
0


link
other
11
705,228 Bytes
0
9
0
0
0
0


meta
og
4
107,062 Bytes
2
2
0
0
0
0


meta
twitter
4

1


0
0
0


meta
other
8

0


0
0
0


script

5
104,434 Bytes
5
5
0
0
0
0


style

2

0


0
0
0

 

Details (currently limited to 500 rows - some problems with spam users)

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://www.cia.gov/
23.201.180.249
a

#main-content


1
ok















a

/


1
ok















a

/about/


3
ok















a

/about/director-of-cia/


2
ok















a

/about/mission-vision/


2
ok















a

/about/organization/


2
ok















a

/about/organization/equal-employment-opportunity/elijah-cummings-act


1
ok















a

/about/organization/equal-employment-opportunity/no-fear-act


1
ok















a

/about/organization/inspector-general


1
ok















a

/about/organization/prepublication-classification-review-board/


2
ok















a

/about/organization/privacy-and-civil-liberties


1
ok















a

/about/organization/privacy-and-civil-liberties/


1
ok















a

/careers


1
ok















a

/careers/


2
ok















a

/careers/accommodations/


1
ok















a

/careers/how-we-hire/


2
ok















a

/careers/language-opportunities/


1
ok















a

/careers/student-programs/


2
ok















a

/careers/working-at-cia/benefits/


1
ok















a

/careers/working-at-cia/diversity-and-inclusion/


2
ok















a

/careers/working-at-cia/diversity-and-inclusion/accessibility/


1
ok















a

/careers/working-at-cia/veterans/


1
ok















a

/contact-cia


2
ok















a

/faqs/


1
ok















a

/legacy/


2
ok















a

/legacy/cia-history/


1
ok















a

/legacy/cia-history/cia-trailblazers/


1
ok















a

/legacy/headquarters/


1
ok















a

/legacy/memorial-wall/fallen/


1
ok















a

/legacy/museum/


2
ok















a

/partner-with-cia/


2
ok















a

/podcast/the-langley-files


1
ok















a

/privacy_policy/


1
ok















a

/readingroom/


1
ok















a

/report-information


2
ok















a

/resources/


1
ok















a

/resources/cia-maps/


1
ok















a

/resources/csi/


2
ok















a

/resources/publications/


1
ok















a

/resources/reports/


1
ok















a

/resources/world-leaders/


1
ok















a

/search


1
ok















a

/sitemap


1
ok















a

/site-policies


1
ok















a

/spy-kids/


1
ok















a

/stories/


3
ok















a

/stories/press-releases-and-statements/


1
ok















a

/stories/speeches-and-transcripts/


1
ok















a

/stories/story/ask-molly-cias-mission-centers/


1
ok















a

/stories/story/ask-molly-cia-writing-tips/


1
ok















a

/stories/story/cias-top-5-stories-of-2024/


1
ok















a

/tech/


1
ok















a

/the-world-factbook


1
ok















a

/the-world-factbook/


2
ok















a

https://t.me/s/securelycontactingcia


1
ok















a

https://twitter.com/cia


1
ok















a

https://www.cia.gov/ehl/


1
ok















a

https://www.cia.gov/readingroom/


1
ok















a

https://www.facebook.com/Central.Intelligence.Agency


1
ok















a

https://www.flickr.com/ciagov


1
ok















a

https://www.instagram.com/cia


1
ok















a

https://www.linkedin.com/company/central-intelligence-agency


1
ok















a

https://www.usa.gov/


1
ok















a

https://www.youtube.com/cia


1
ok















form
get
/search
200

1
ok
text/html
missing X-Content-Type-Options nosniff





53297 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



img
src
/static/CIA-Seal-BW@2x@2x-bd6f6da4ab65dc1fe7aeb76fe043f66f.png
200

1
ok
alt: Agency Logoimage/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 13426 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



img
src
data:image/svg+xml;charset=utf-8,%3Csvg%20height='155'%20width='95'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E
Image:


1
ok
no alt-Attribute














img
src
data:image/svg+xml;charset=utf-8,%3Csvg%20height='650'%20width='570'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E
Image:


1
ok
no alt-Attribute














img
src
data:image/svg+xml;charset=utf-8,%3Csvg%20height='780'%20width='780'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E
Image:


1
ok
no alt-Attribute














img
src
data:image/svg+xml;charset=utf-8,%3Csvg%20height='879'%20width='1080'%20xmlns='http://www.w3.org/2000/svg'%20version='1.1'%3E%3C/svg%3E
Image:


1
ok
no alt-Attribute














link
apple-touch-icon
/icons/icon-144x144.png?v=c3853bf09f084a8b1f66c6c2685054a1
200

1
ok
image/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 29854 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



link
apple-touch-icon
/icons/icon-192x192.png?v=c3853bf09f084a8b1f66c6c2685054a1
200

1
ok
image/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 50883 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



link
apple-touch-icon
/icons/icon-256x256.png?v=c3853bf09f084a8b1f66c6c2685054a1
200

1
ok
image/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 87321 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



link
apple-touch-icon
/icons/icon-384x384.png?v=c3853bf09f084a8b1f66c6c2685054a1
200

1
ok
image/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 186762 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



link
apple-touch-icon
/icons/icon-48x48.png?v=c3853bf09f084a8b1f66c6c2685054a1
200

1
ok
image/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 5029 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



link
apple-touch-icon
/icons/icon-512x512.png?v=c3853bf09f084a8b1f66c6c2685054a1
200

1
ok
image/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 319613 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



link
apple-touch-icon
/icons/icon-72x72.png?v=c3853bf09f084a8b1f66c6c2685054a1
200

1
ok
image/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 8663 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



link
apple-touch-icon
/icons/icon-96x96.png?v=c3853bf09f084a8b1f66c6c2685054a1
200

1
ok
image/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 14382 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



link
icon
/favicon-32x32.png?v=c3853bf09f084a8b1f66c6c2685054a1
200

1
ok
image/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 2721 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



link
manifest
/manifest.webmanifest


1
ok















link
sitemap
/sitemap/sitemap-index.xml


1
ok















meta
charset
utf-8


2
ok















meta
og:description



1
ok















meta
og:image

200

1
ok
text/html
missing X-Content-Type-Options nosniff





56073 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



meta
og:title



1
ok















meta
og:url

200

1
ok
text/html
missing X-Content-Type-Options nosniff





56073 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"



meta
onion-location
http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion


1
ok















meta
x-ua-compatible
ie=edge


1
ok















meta
desciription
CIA is the first line of defense for the United States. We collect and analyze intelligence to further national security and preempt threats.


1
ok















meta
generator
Gatsby 5.13.7


1
ok















meta
theme-color
#663399


1
ok















meta
twitter:card



1
content is invalid, only "summary", "summary_large_image", "app" or "player" allowed















meta
twitter:description



1
ok















meta
twitter:image



1
ok















meta
twitter:title



1
ok















meta
viewport
width=device-width, initial-scale=1, shrink-to-fit=no


1
ok















picture


• source

type: image/webp



1
ok














srcset
/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w


1
ok







/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













• img




/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png
200

1
ok
alt: Headquarters Koi Pondimage/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 138528 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"


srcset
/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w


1
ok







/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













picture


• source

type: image/webp



1
ok














srcset
/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w


1
ok







/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













• img




/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png
200

1
ok
alt: Headquarters Koi Pondimage/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 138528 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"


srcset
/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w


1
ok







/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













picture


• source

type: image/webp



1
ok














srcset
/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w


1
ok







/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













• img




/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png
200

1
ok
alt: mission glyphimage/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 1026 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"


srcset
/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w


1
ok







/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













picture


• source

type: image/webp



1
ok














srcset
/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w


1
ok







/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













• img




/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png
200

1
ok
alt: mission glyphimage/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 1026 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"


srcset
/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w


1
ok







/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













picture


• source

type: image/webp



1
ok














srcset
/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w


1
ok







/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













• img




/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png
200

1
ok
no alt-Attributeimage/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 52594 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"


srcset
/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w


1
ok







/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













picture


• source

type: image/webp



1
ok














srcset
/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w


1
ok







/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













• img




/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png
200

1
ok
no alt-Attributeimage/png
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 52594 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"


srcset
/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w


1
ok







/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













picture


• source

type: image/webp



1
ok














srcset
/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w


1
ok







/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













• img




/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg
200

1
ok
alt: Image of the world overlaid with red section lines.image/jpeg
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 95889 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"


srcset
/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w


1
ok







/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













picture


• source

type: image/webp



1
ok














srcset
/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w


1
ok







/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













• img




/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg
200

1
ok
alt: Image of the world overlaid with red section lines.image/jpeg
missing X-Content-Type-Options nosniff





No Cache-Control header
No Compression - 95889 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"


srcset
/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w


1
ok







/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w


1
Only one definition after the url allowed. If you have more then one definition, you **must use** ", " as delimiter, a comma followed by a space. If the space is missing, that's a descriptor with a wrong value.













script
src
/app-7a37c1c46e55a8d4c6e8.js
200

1
Problems with Content-Type - Header - see details
Missing defer / async attribute. application/x-javascript
missing X-Content-Type-Options nosniff


Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml


No Cache-Control - header
Compression (gzip): 27808/84457 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

local SRI possible, possible hash-values:

 

sha256-SpbqERdMweqxuHlFbr6zluwHN20mzYc+LZJjXLxEpYU=
sha384-jZ6EumQOz4h5uEGgbQHPFfjV8NKn673I+ZpU+2D1Zf/3R5Bmk1X2lqZjvf3Hhucc
sha512-4kcfDUxP5ewXSrhLQSzEiicRX0pKwQNLL1e7NYJIY8NLjM19qIghDFsAM9Q7Pc+Q5piIBQ2kUBLbcyCjmc0NLg==

 

<script src="/app-7a37c1c46e55a8d4c6e8.js" crossorigin="anonymous" integrity="sha256-SpbqERdMweqxuHlFbr6zluwHN20mzYc+LZJjXLxEpYU=" />



script
src
/framework-b70d1ce987e15f81a80c.js
200

1
Problems with Content-Type - Header - see details
Missing defer / async attribute. application/x-javascript
missing X-Content-Type-Options nosniff


Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml


No Cache-Control - header
Compression (gzip): 45546/140344 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

local SRI possible, possible hash-values:

 

sha256-oM9Rrgpa8M2w+pvQlzmDLg3ke5OwwCP6h2SVnRXcu5g=
sha384-O9G4UO6LEbyeUCsbqYgdgRtfaXS2saCMm/My8hCR7YtbjDPcQKUo1BCE4UZgjSdg
sha512-WxVUznmByhUck4zJyXUhUOaPvOusz2YPefRHqtycD5kf+2PPEMcF1XhEwyNxu+zVJ2gyvS/uz4U9it1l+PaCaw==

 

<script src="/framework-b70d1ce987e15f81a80c.js" crossorigin="anonymous" integrity="sha256-oM9Rrgpa8M2w+pvQlzmDLg3ke5OwwCP6h2SVnRXcu5g=" />



script
src
/js2/pubkey.js
200

1
Problems with Content-Type - Header - see details
Missing defer / async attribute. application/x-javascript
missing X-Content-Type-Options nosniff


Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml


Cache-Control: max-age=43200 - max-age too short.
406 Bytes






ETag: "7735f7658c904d860e6b22fb15763a2e:1662572154.032686"

local SRI possible, possible hash-values:

 

sha256-R6HEtPEZqyrIPtqAvXI9HWCEZo5WwO+exO6YmLMpGDg=
sha384-UUUO4nfv7I/S8A7ervayOyt3y67qPx1+FJzWm5Ir2p5wka5RU7ZEo2bJ//LDMEtR
sha512-lN31NVBa0XMrX7DY7qKghOwkYa8fVDZOolPreo5R8gmrP0UdrkswRWzgNCUhIiPVSFfTt3xR4aj63hyx/tdq6Q==

 

<script src="/js2/pubkey.js" crossorigin="anonymous" integrity="sha256-R6HEtPEZqyrIPtqAvXI9HWCEZo5WwO+exO6YmLMpGDg=" />



script
src
/js2/verification.js
200

1
Problems with Content-Type - Header - see details
Missing defer / async attribute. application/x-javascript
missing X-Content-Type-Options nosniff


Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml


Cache-Control: max-age=43200 - max-age too short.
Compression (gzip): 28013/83896 Bytes






ETag: "d73d77b86906885dc7b18438b2730494:1710954743.097215"

local SRI possible, possible hash-values:

 

sha256-sWb0ElPkv87K0OWD6zR68e2ay7eIZySd1fzNlBXcXwM=
sha384-cKMSnKCOMEvsu7qJcvUYGEtkKx+KI4o36md2ukKXV6Uwuf6Gqwg45NqNqYpDpqJZ
sha512-S2EC/0cENI35J00wEGBHGcFzo8zjiOB+BtpQ7+Gex8PPl/k1VyBwqo4eV4/7LFvVFX6s3vCwH0eLSMMLqLZZGg==

 

<script src="/js2/verification.js" crossorigin="anonymous" integrity="sha256-sWb0ElPkv87K0OWD6zR68e2ay7eIZySd1fzNlBXcXwM=" />



script
src
/webpack-runtime-632b66757b6ebf7be738.js
200

1
Problems with Content-Type - Header - see details
Missing defer / async attribute. application/x-javascript
missing X-Content-Type-Options nosniff


Unknown Combination of MediaType "application" and Media Sub Type "x-javascript". Combinations must be IANA-registered, see https://www.iana.org/assignments/media-types/media-types.xhtml


No Cache-Control - header
Compression (gzip): 2661/5678 Bytes






ETag: "4ccef5979ce96df2f9ff9896c679be4c:1736357130.869636"

local SRI possible, possible hash-values:

 

sha256-kXAwmLSJtvsoP2G3SL3Y42UIux1GQt5jbs18pN+BA8o=
sha384-Z2ciwIelSZrZ0Cz1ZyfTM2fJcFh7Lov4aJbG9G4bjHRIL4JFhdXfogKydKKeWTFa
sha512-Y1XOWodJIjsGwuQNyMvd1ZOWhb0ldOegnvoPINYE2+MKRinmq4PWpreGA2KvIj4432hgABK4jieWN7AcJrRg5Q==

 

<script src="/webpack-runtime-632b66757b6ebf7be738.js" crossorigin="anonymous" integrity="sha256-kXAwmLSJtvsoP2G3SL3Y42UIux1GQt5jbs18pN+BA8o=" />



style

data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMCIgaGVpZ2h0PSIzMCIgdmlld0JveD0iMCAwIDMwIDMwIj48cG9seWdvbiBmaWxsPSIjZmZmIiBwb2ludHM9IjIyLjcwNyAxNS44NTQgOS45MTQgMTUuODU0IDE2LjA2IDIyIDE1LjM1MyAyMi43MDcgOCAxNS4zNTQgMTUuMzU0IDggMTYuMDYxIDguNzA3IDkuOTE0IDE0Ljg1NCAyMi43MDcgMTQuODU0Ii8+PC9zdmc+
Image:
ok















style

data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMCIgaGVpZ2h0PSIzMCIgdmlld0JveD0iMCAwIDMwIDMwIj48cG9seWdvbiBmaWxsPSIjZmZmIiBwb2ludHM9IjIyLjcwNyAxNS4zNTQgMTUuMzUzIDIyLjcwOCAxNC42NDYgMjIuMDAxIDIwLjc5MiAxNS44NTUgOCAxNS44NTUgOCAxNC44NTUgMjAuNzkzIDE0Ljg1NSAxNC42NDYgOC43MDcgMTUuMzUzIDgiLz48L3N2Zz4=
Image:
ok














 

12. Html-Parsing via https://validator.w3.org/nu/

Url used (first standard-https-result with http status 200): https://www.cia.gov/

Summary

Good: No non-document-errors
78 errors
1 warnings

TypeMessagenum found
1.errorThe element a must not appear as a descendant of an element with the attribute role=button.33
2.errorThe sizes attribute must only be specified if the srcset attribute is also specified.8
3.errorAttribute text not allowed on element button at this point.6
4.errorAn img element which has an alt attribute whose value is the empty string must not have a role attribute.4
5.errorElement source is missing required attribute srcset.4
6.errorElement img is missing required attribute src.4
7.errorCSS: line-height: none is not a line-height value.2
8.errorA document must not include more than one meta element with a charset attribute.1
9.errorA charset attribute on a meta element found after the first 1024 bytes.1
10.errorElement meta is missing one or more of the following attributes: content, property.1
11.errorCSS: background-color: none is not a background-color value.1
12.errorCSS: background: solid is not a background-color value.1
13.errorCSS: line-height: Too many values or values are not recognized.1
14.errorCSS: font-size: only 0 can be a unit. You must put a unit after your number.1
15.errorCSS: column-gap: Parse Error.1
16.errorCSS: padding: Parse Error.1
17.errorCSS: outline-offset: none is not a outline-offset value.1
18.errorBad value onion-location for attribute http-equiv on element meta.1
19.errorNon-space character inside noscript inside head.1
20.errorStray end tag noscript.1
21.errorStray end tag head.1
22.errorStart tag body seen but an element of the same type was already open.1
23.errorBad value Icon/ti-search for attribute id on element g: Not a valid XML 1.0 name.1
24.errorThe aria-controls attribute must point to an element in the same document.1
25.warningEmpty heading.1

Details


TypeMessage + Sample
1errorA document must not include more than one meta element with a charset attribute.

From line 1, column 10211 to line 1, column 10257

#663399"/><meta charSet="utf-8" data-gatsby-head="true"/><meta
2errorA charset attribute on a meta element found after the first 1024 bytes.

From line 1, column 10231 to line 1, column 10231

charSet="utf-8" data-gatsby-h
3errorElement meta is missing one or more of the following attributes: content, property.

From line 1, column 10845 to line 1, column 10896

d="true"/><meta name="twitter:image" data-gatsby-head="true"/><meta
4errorCSS: background-color: none is not a background-color value.

From line 107, column 640 to line 107, column 643

und-color:none;color
5errorCSS: background: solid is not a background-color value.

From line 139, column 10008 to line 139, column 10011

.0625rem #fff;borde
6errorCSS: line-height: none is not a line-height value.

From line 205, column 1103 to line 205, column 1106

ne-height:none;line-
7errorCSS: line-height: Too many values or values are not recognized.

From line 214, column 1428 to line 214, column 1430

-height:1 rem;margi
8errorCSS: line-height: none is not a line-height value.

From line 309, column 8164 to line 309, column 8167

ne-height:none;line-
9errorCSS: font-size: only 0 can be a unit. You must put a unit after your number.

From line 405, column 148 to line 405, column 152

font-size:1.875;line-
10errorCSS: column-gap: Parse Error.

From line 414, column 11695 to line 414, column 11695

_percent, 0)*1%)}.yarl__flex_c
11errorCSS: padding: Parse Error.

From line 414, column 12057 to line 414, column 12057

_percent, 0)*1%);position:rela
12errorCSS: outline-offset: none is not a outline-offset value.

From line 711, column 3885 to line 711, column 3888

ne-offset:none}span[
13errorBad value onion-location for attribute http-equiv on element meta.

From line 762, column 50836 to line 762, column 50951

85054a1"/><meta http-equiv="onion-location" content="http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion" /><title
14errorNon-space character inside noscript inside head.

From line 763, column 7 to line 763, column 10

e"> &lt;style
15errorStray end tag noscript.

From line 773, column 7 to line 773, column 17

gt; </noscript><scrip
16errorStray end tag head.

From line 773, column 148 to line 773, column 154

></script></head><body>
17errorStart tag body seen but an element of the same type was already open.

From line 773, column 155 to line 773, column 160

pt></head><body><div i
18errorAttribute text not allowed on element button at this point.

From line 773, column 867 to line 773, column 1045

"no-show"><button text="Contact" class="button button-default button-stack noShow" style="display:flex;color:white;padding-right:20px;font-size:small;box-shadow:none;border:none;padding:0">Contac
19errorAttribute text not allowed on element button at this point.

From line 773, column 1268 to line 773, column 1457

/noscript><button text="Report Information" class="button button-default button-stack noShow" style="display:flex;color:white;padding-right:20px;font-size:small;box-shadow:none;border:none;padding:0">Report
20errorBad value Icon/ti-search for attribute id on element g: Not a valid XML 1.0 name.

From line 773, column 13296 to line 773, column 13381

t.</title><g id="Icon/ti-search" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><path
21errorThe aria-controls attribute must point to an element in the same document.

From line 773, column 14113 to line 773, column 14240

orm></div><button class="hamburger hamburger--emphatic " type="button" aria-label="Menu" aria-controls="navigation" aria-expanded="false"><span
22errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 14870 to line 773, column 14887

-content"><a href="/about/">About<
23errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 14897 to line 773, column 14930

>About</a><a href="/about/director-of-cia/">Leader
24errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 14945 to line 773, column 14975

ership</a><a href="/about/organization/">Organi
25errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 14992 to line 773, column 15024

zation</a><a href="/about/mission-vision/">Missio
26errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 15049 to line 773, column 15077

Vision</a><a href="/partner-with-cia/">Partne
27errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 15098 to line 773, column 15114

th CIA</a><a href="/tech/">Techno
28errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 15129 to line 773, column 15187

nology</a><a href="/about/organization/privacy-and-civil-liberties/">Privac
29errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 15532 to line 773, column 15591

-content"><a href="/careers" target="_self" rel="noopener noreferrer">Career
30errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 15616 to line 773, column 15647

nities</a><a href="/careers/how-we-hire/">Hiring
31errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 15666 to line 773, column 15709

rocess</a><a href="/careers/working-at-cia/benefits/">Benefi
32errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 15722 to line 773, column 15780

nefits</a><a href="/careers/working-at-cia/diversity-and-inclusion/">Divers
33errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 15810 to line 773, column 15844

lusion</a><a href="/careers/accommodations/">Accomm
34errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 15863 to line 773, column 15905

ations</a><a href="/careers/language-opportunities/">Langua
35errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 15932 to line 773, column 15975

nities</a><a href="/careers/working-at-cia/veterans/">Vetera
36errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 15988 to line 773, column 16024

terans</a><a href="/careers/student-programs/">Studen
37errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 16377 to line 773, column 16395

-content"><a href="/legacy/">Origin
38errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 16406 to line 773, column 16436

Origin</a><a href="/legacy/cia-history/">Histor
39errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 16448 to line 773, column 16473

istory</a><a href="/legacy/museum/">Museum
40errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 16484 to line 773, column 16515

Museum</a><a href="/legacy/headquarters/">Headqu
41errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 16532 to line 773, column 16579

arters</a><a href="/legacy/cia-history/cia-trailblazers/">Trailb
42errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 16596 to line 773, column 16635

lazers</a><a href="/legacy/memorial-wall/fallen/">In Mem
43errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 16985 to line 773, column 17004

-content"><a href="/stories/">News &
44errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 17027 to line 773, column 17076

tories</a><a href="/stories/press-releases-and-statements/">Press
45errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 17112 to line 773, column 17156

ements</a><a href="/stories/speeches-and-transcripts/">Speech
46errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 17187 to line 773, column 17264

cripts</a><a href="/podcast/the-langley-files" target="_self" rel="noopener noreferrer">The La
47errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 17627 to line 773, column 17648

-content"><a href="/resources/">Resour
48errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 17662 to line 773, column 17696

ources</a><a href="/resources/publications/">Public
49errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 17713 to line 773, column 17786

ations</a><a href="/about/organization/prepublication-classification-review-board/">Prepub
50errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 17812 to line 773, column 17837

Review</a><a href="/resources/csi/">Study
51errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 17863 to line 773, column 17893

igence</a><a href="/the-world-factbook/">World
52errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 17912 to line 773, column 17941

ctbook</a><a href="/resources/reports/">CIA Re
53errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 17957 to line 773, column 17987

eports</a><a href="/resources/cia-maps/">CIA Ma
54errorThe element a must not appear as a descendant of an element with the attribute role=button.

From line 773, column 18000 to line 773, column 18023

A Maps</a><a href="/readingroom/">FOIA R
55errorAttribute text not allowed on element button at this point.

From line 773, column 18098 to line 773, column 18185

+ d-none"><button text="Contact CIA" aria-label="Contact CIA" class="button nav-button mr15 mb15">Contac
56errorAttribute text not allowed on element button at this point.

From line 773, column 18206 to line 773, column 18310

A</button><button text="Report Information" aria-label="Report Information" class="button nav-button button-stack">Report
57errorAn img element which has an alt attribute whose value is the empty string must not have a role attribute.

From line 773, column 19649 to line 773, column 19934

ay:block"><img alt="" role="presentation" aria-hidden="true" src="data:image/svg+xml;charset=utf-8,%3Csvg%20height=&#x27;650&#x27;%20width=&#x27;570&#x27;%20xmlns=&#x27;http://www.w3.org/2000/svg&#x27;%20version=&#x27;1.1&#x27;%3E%3C/svg%3E" style="max-width:100%;display:block;position:static"/></div>
58errorElement source is missing required attribute srcset.

From line 773, column 20129 to line 773, column 20407

><picture><source type="image/webp" data-srcset="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w" sizes="(min-width: 570px) 570px, 100vw"/><img d
59errorThe sizes attribute must only be specified if the srcset attribute is also specified.

From line 773, column 20129 to line 773, column 20407

><picture><source type="image/webp" data-srcset="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/ea3dd/koi-pond.webp 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/e25d5/koi-pond.webp 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/20617/koi-pond.webp 570w" sizes="(min-width: 570px) 570px, 100vw"/><img d
60errorElement img is missing required attribute src.

From line 773, column 20408 to line 773, column 20855

, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 570px) 570px, 100vw" decoding="async" loading="lazy" data-src="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png" data-srcset="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w" alt="Headquarters Koi Pond"/></pict
61errorThe sizes attribute must only be specified if the srcset attribute is also specified.

From line 773, column 20408 to line 773, column 20855

, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 570px) 570px, 100vw" decoding="async" loading="lazy" data-src="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png" data-srcset="/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/90420/koi-pond.png 143w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/4f159/koi-pond.png 285w,/static/c4ed1a3968d0287c8b7c8dc6fc7fdef2/cc03f/koi-pond.png 570w" alt="Headquarters Koi Pond"/></pict
62errorAn img element which has an alt attribute whose value is the empty string must not have a role attribute.

From line 773, column 22663 to line 773, column 22947

ay:block"><img alt="" role="presentation" aria-hidden="true" src="data:image/svg+xml;charset=utf-8,%3Csvg%20height=&#x27;155&#x27;%20width=&#x27;95&#x27;%20xmlns=&#x27;http://www.w3.org/2000/svg&#x27;%20version=&#x27;1.1&#x27;%3E%3C/svg%3E" style="max-width:100%;display:block;position:static"/></div>
63errorElement source is missing required attribute srcset.

From line 773, column 23142 to line 773, column 23487

><picture><source type="image/webp" data-srcset="/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w" sizes="(min-width: 95px) 95px, 100vw"/><img d
64errorThe sizes attribute must only be specified if the srcset attribute is also specified.

From line 773, column 23142 to line 773, column 23487

><picture><source type="image/webp" data-srcset="/static/83d054acdea04a2eb2dd7fdf6b758030/5dbef/Glyphs_Mission_Positive-95x155-1.webp 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/eeaa3/Glyphs_Mission_Positive-95x155-1.webp 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/9458e/Glyphs_Mission_Positive-95x155-1.webp 95w" sizes="(min-width: 95px) 95px, 100vw"/><img d
65errorElement img is missing required attribute src.

From line 773, column 23488 to line 773, column 24018

, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 95px) 95px, 100vw" decoding="async" loading="lazy" data-src="/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png" data-srcset="/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w" alt="mission glyph"/></pict
66errorThe sizes attribute must only be specified if the srcset attribute is also specified.

From line 773, column 23488 to line 773, column 24018

, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 95px) 95px, 100vw" decoding="async" loading="lazy" data-src="/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png" data-srcset="/static/83d054acdea04a2eb2dd7fdf6b758030/fbada/Glyphs_Mission_Positive-95x155-1.png 24w,/static/83d054acdea04a2eb2dd7fdf6b758030/b35c3/Glyphs_Mission_Positive-95x155-1.png 48w,/static/83d054acdea04a2eb2dd7fdf6b758030/b7281/Glyphs_Mission_Positive-95x155-1.png 95w" alt="mission glyph"/></pict
67errorAn img element which has an alt attribute whose value is the empty string must not have a role attribute.

From line 773, column 27554 to line 773, column 27839

ay:block"><img alt="" role="presentation" aria-hidden="true" src="data:image/svg+xml;charset=utf-8,%3Csvg%20height=&#x27;780&#x27;%20width=&#x27;780&#x27;%20xmlns=&#x27;http://www.w3.org/2000/svg&#x27;%20version=&#x27;1.1&#x27;%3E%3C/svg%3E" style="max-width:100%;display:block;position:static"/></div>
68errorElement source is missing required attribute srcset.

From line 773, column 28034 to line 773, column 28354

><picture><source type="image/webp" data-srcset="/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w" sizes="(min-width: 780px) 780px, 100vw"/><img d
69errorThe sizes attribute must only be specified if the srcset attribute is also specified.

From line 773, column 28034 to line 773, column 28354

><picture><source type="image/webp" data-srcset="/static/44671e3a40aebb2a7df161164950dbd5/fd1d9/cia_seal_full_color780.webp 195w,/static/44671e3a40aebb2a7df161164950dbd5/e5835/cia_seal_full_color780.webp 390w,/static/44671e3a40aebb2a7df161164950dbd5/2bb5f/cia_seal_full_color780.webp 780w" sizes="(min-width: 780px) 780px, 100vw"/><img d
70errorElement img is missing required attribute src.

From line 773, column 28355 to line 773, column 28837

, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 780px) 780px, 100vw" decoding="async" loading="lazy" data-src="/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png" data-srcset="/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w" alt=""/></pict
71errorThe sizes attribute must only be specified if the srcset attribute is also specified.

From line 773, column 28355 to line 773, column 28837

, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 780px) 780px, 100vw" decoding="async" loading="lazy" data-src="/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png" data-srcset="/static/44671e3a40aebb2a7df161164950dbd5/1f414/cia_seal_full_color780.png 195w,/static/44671e3a40aebb2a7df161164950dbd5/70b5d/cia_seal_full_color780.png 390w,/static/44671e3a40aebb2a7df161164950dbd5/12169/cia_seal_full_color780.png 780w" alt=""/></pict
72errorAn img element which has an alt attribute whose value is the empty string must not have a role attribute.

From line 773, column 35421 to line 773, column 35707

ay:block"><img alt="" role="presentation" aria-hidden="true" src="data:image/svg+xml;charset=utf-8,%3Csvg%20height=&#x27;879&#x27;%20width=&#x27;1080&#x27;%20xmlns=&#x27;http://www.w3.org/2000/svg&#x27;%20version=&#x27;1.1&#x27;%3E%3C/svg%3E" style="max-width:100%;display:block;position:static"/></div>
73errorElement source is missing required attribute srcset.

From line 773, column 35902 to line 773, column 36201

><picture><source type="image/webp" data-srcset="/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w" sizes="(min-width: 1080px) 1080px, 100vw"/><img d
74errorThe sizes attribute must only be specified if the srcset attribute is also specified.

From line 773, column 35902 to line 773, column 36201

><picture><source type="image/webp" data-srcset="/static/c88c317fbb8edccaf843ef6fbed00a00/045ee/WFB-Promo%402x.webp 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/7c8a1/WFB-Promo%402x.webp 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/a7885/WFB-Promo%402x.webp 1080w" sizes="(min-width: 1080px) 1080px, 100vw"/><img d
75errorElement img is missing required attribute src.

From line 773, column 36202 to line 773, column 36706

, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 1080px) 1080px, 100vw" decoding="async" loading="lazy" data-src="/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg" data-srcset="/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w" alt="Image of the world overlaid with red section lines."/></pict
76errorThe sizes attribute must only be specified if the srcset attribute is also specified.

From line 773, column 36202 to line 773, column 36706

, 100vw"/><img data-gatsby-image-ssr="" data-main-image="" style="opacity:0" sizes="(min-width: 1080px) 1080px, 100vw" decoding="async" loading="lazy" data-src="/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg" data-srcset="/static/c88c317fbb8edccaf843ef6fbed00a00/5937f/WFB-Promo%402x.jpg 270w,/static/c88c317fbb8edccaf843ef6fbed00a00/debfc/WFB-Promo%402x.jpg 540w,/static/c88c317fbb8edccaf843ef6fbed00a00/2ea19/WFB-Promo%402x.jpg 1080w" alt="Image of the world overlaid with red section lines."/></pict
77errorAttribute text not allowed on element button at this point.

From line 773, column 41706 to line 773, column 41821

"no-show"><button text="Report Information" class="button button-default button-stack noShow" aria-label="Report Information">Report
78errorAttribute text not allowed on element button at this point.

From line 773, column 42054 to line 773, column 42142

"no-show"><button text="Contact CIA" class="button button-default noShow" aria-label="Contact CIA">Contac
79warningEmpty heading.

From line 773, column 25874 to line 773, column 25877

-teaser "><h2></h2><

 

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: a1-22.akam.net, a12-65.akam.net, a13-65.akam.net, a16-67.akam.net, a22-66.akam.net, a3-64.akam.net

 

QNr.DomainTypeNS used
1
net
NS
h.root-servers.net (2001:500:1::53)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2
a1-22.akam.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net

Answer: a1-67.akam.net
193.108.91.67, 2600:1401:2::43

Answer: a11-67.akam.net
2600:1480:1::43, 84.53.139.67

Answer: a12-67.akam.net
184.26.160.67, 2600:1480:f000::43

Answer: a18-67.akam.net
2600:1480:4800::43, 95.101.36.67

Answer: a22-67.akam.net
23.211.61.67, 2600:1480:7800::43

Answer: a28-67.akam.net
2600:1480:d800::43, 95.100.173.67

Answer: a4-67.akam.net
2600:1480:9000::43, 72.246.46.67

Answer: a6-67.akam.net
23.211.133.67, 2600:1401:1::43
3
a12-65.akam.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net

Answer: a1-67.akam.net
193.108.91.67, 2600:1401:2::43

Answer: a11-67.akam.net
2600:1480:1::43, 84.53.139.67

Answer: a12-67.akam.net
184.26.160.67, 2600:1480:f000::43

Answer: a18-67.akam.net
2600:1480:4800::43, 95.101.36.67

Answer: a22-67.akam.net
23.211.61.67, 2600:1480:7800::43

Answer: a28-67.akam.net
2600:1480:d800::43, 95.100.173.67

Answer: a4-67.akam.net
2600:1480:9000::43, 72.246.46.67

Answer: a6-67.akam.net
23.211.133.67, 2600:1401:1::43
4
a13-65.akam.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net

Answer: a1-67.akam.net
193.108.91.67, 2600:1401:2::43

Answer: a11-67.akam.net
2600:1480:1::43, 84.53.139.67

Answer: a12-67.akam.net
184.26.160.67, 2600:1480:f000::43

Answer: a18-67.akam.net
2600:1480:4800::43, 95.101.36.67

Answer: a22-67.akam.net
23.211.61.67, 2600:1480:7800::43

Answer: a28-67.akam.net
2600:1480:d800::43, 95.100.173.67

Answer: a4-67.akam.net
2600:1480:9000::43, 72.246.46.67

Answer: a6-67.akam.net
23.211.133.67, 2600:1401:1::43
5
a16-67.akam.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net

Answer: a1-67.akam.net
193.108.91.67, 2600:1401:2::43

Answer: a11-67.akam.net
2600:1480:1::43, 84.53.139.67

Answer: a12-67.akam.net
184.26.160.67, 2600:1480:f000::43

Answer: a18-67.akam.net
2600:1480:4800::43, 95.101.36.67

Answer: a22-67.akam.net
23.211.61.67, 2600:1480:7800::43

Answer: a28-67.akam.net
2600:1480:d800::43, 95.100.173.67

Answer: a4-67.akam.net
2600:1480:9000::43, 72.246.46.67

Answer: a6-67.akam.net
23.211.133.67, 2600:1401:1::43
6
a22-66.akam.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net

Answer: a1-67.akam.net
193.108.91.67, 2600:1401:2::43

Answer: a11-67.akam.net
2600:1480:1::43, 84.53.139.67

Answer: a12-67.akam.net
184.26.160.67, 2600:1480:f000::43

Answer: a18-67.akam.net
2600:1480:4800::43, 95.101.36.67

Answer: a22-67.akam.net
23.211.61.67, 2600:1480:7800::43

Answer: a28-67.akam.net
2600:1480:d800::43, 95.100.173.67

Answer: a4-67.akam.net
2600:1480:9000::43, 72.246.46.67

Answer: a6-67.akam.net
23.211.133.67, 2600:1401:1::43
7
a3-64.akam.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: a1-67.akam.net, a11-67.akam.net, a12-67.akam.net, a18-67.akam.net, a22-67.akam.net, a28-67.akam.net, a4-67.akam.net, a6-67.akam.net

Answer: a1-67.akam.net
193.108.91.67, 2600:1401:2::43

Answer: a11-67.akam.net
2600:1480:1::43, 84.53.139.67

Answer: a12-67.akam.net
184.26.160.67, 2600:1480:f000::43

Answer: a18-67.akam.net
2600:1480:4800::43, 95.101.36.67

Answer: a22-67.akam.net
23.211.61.67, 2600:1480:7800::43

Answer: a28-67.akam.net
2600:1480:d800::43, 95.100.173.67

Answer: a4-67.akam.net
2600:1480:9000::43, 72.246.46.67

Answer: a6-67.akam.net
23.211.133.67, 2600:1401:1::43
8
a1-22.akam.net: 193.108.91.22
A
a1-67.akam.net (2600:1401:2::43)
9
a1-22.akam.net: 2600:1401:2::16
AAAA
a1-67.akam.net (2600:1401:2::43)
10
a12-65.akam.net: 184.26.160.65
A
a1-67.akam.net (2600:1401:2::43)
11
a12-65.akam.net: 2600:1480:f000::41
AAAA
a1-67.akam.net (2600:1401:2::43)
12
a13-65.akam.net: 2.22.230.65
A
a1-67.akam.net (2600:1401:2::43)
13
a13-65.akam.net: 2600:1480:800::41
AAAA
a1-67.akam.net (2600:1401:2::43)
14
a16-67.akam.net: 23.211.132.67
A
a1-67.akam.net (2600:1401:2::43)
15
a16-67.akam.net: 2600:1406:1b::43
AAAA
a1-67.akam.net (2600:1401:2::43)
16
a22-66.akam.net: 23.211.61.66
A
a1-67.akam.net (2600:1401:2::43)
17
a22-66.akam.net: 2600:1480:7800::42
AAAA
a1-67.akam.net (2600:1401:2::43)
18
a3-64.akam.net: 96.7.49.64
A
a1-67.akam.net (2600:1401:2::43)
19
a3-64.akam.net: 2600:1408:1c::40
AAAA
a1-67.akam.net (2600:1401:2::43)

 

14. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.cia.gov.edgekey.net



1
0
cia.gov.edgekey.net
0

no CAA entry found
1
0
gov.edgekey.net
0

no CAA entry found
1
0
www.cia.gov



1
0
edgekey.net
0

no CAA entry found
1
0
cia.gov
5
issue
digicert.com
1
0

5
iodef
mailto:caanotices@uce.cia.gov
1
0
gov
0

no CAA entry found
1
0
net
0

no CAA entry found
1
0

 

15. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
cia.gov
v=spf1 mx -all
ok
1
0
www.cia.gov


1
0
_acme-challenge.cia.gov

Name Error - The domain name does not exist
1
0
www.cia.gov.edgekey.net


1
0
_acme-challenge.www.cia.gov

Name Error - The domain name does not exist
1
0
_acme-challenge.cia.gov.cia.gov

Name Error - The domain name does not exist
1
0
_acme-challenge.www.cia.gov.cia.gov

Name Error - The domain name does not exist
1
0
_acme-challenge.www.cia.gov.www.cia.gov

Name Error - The domain name does not exist
1
0
_acme-challenge.www.cia.gov.edgekey.net

Name Error - The domain name does not exist
1
0
_acme-challenge.www.cia.gov.edgekey.net.cia.gov.edgekey.net

Name Error - The domain name does not exist
1
0
_acme-challenge.www.cia.gov.edgekey.net.www.cia.gov.edgekey.net

Name Error - The domain name does not exist
1
0

 

16. DomainService - Entries

TypeDomainPrefValueDNS-errornum AnswersStatusDescription
MX

cia.gov
10
mail3.cia.gov
02ok

A


12.151.182.158
01ok

CNAME


00ok
MX

cia.gov
10
mail4.cia.gov
02ok

A


12.151.182.219
01ok

CNAME


00ok
SPF
TXT
cia.gov

v=spf1 mx -all
ok

MX
cia.gov

mail4.cia.gov
ok

MX-A
mail4.cia.gov

12.151.182.219
ok

MX
cia.gov

mail3.cia.gov
ok

MX-A
mail3.cia.gov

12.151.182.158
ok
_dmarc
TXT
_dmarc.cia.gov

v=DMARC1; p=quarantine; sp=quarantine; pct=100; rua=mailto:demarcreports@uce.cia.gov; ruf=mailto:demarcfailures@uce.cia.gov; ri=86400; aspf=s; adkim=s; fo=1
ok

TXT
cia.gov._report._dmarc.uce.cia.gov

mailto:demarcreports@uce.cia.gov
okMail domain unequal current domain. Check required, if there is a confirming _report._dmarc-Record. See RFC 7489, 7.1.

TXT
cia.gov._report._dmarc.uce.cia.gov

v=DMARC1;
okConfirmed. Sending reports to external domain is allowed.

TXT
cia.gov._report._dmarc.uce.cia.gov

mailto:demarcfailures@uce.cia.gov
okMail domain unequal current domain. Check required, if there is a confirming _report._dmarc-Record. See RFC 7489, 7.1.

TXT
cia.gov._report._dmarc.uce.cia.gov

v=DMARC1;
okConfirmed. Sending reports to external domain is allowed.

 

 

17. Cipher Suites

Summary
DomainIPPortnum CipherstimeStd.ProtocolForward Secrecy
cia.gov
23.207.8.62
443
18 Ciphers101.34 sec
6 without, 12 FS
66.67 %
cia.gov
2600:141b:f000:181::184d
443
18 Ciphers94.74 sec
6 without, 12 FS
66.67 %
cia.gov
2600:141b:f000:1a5::184d
443
18 Ciphers94.77 sec
6 without, 12 FS
66.67 %
Complete

3
54 Ciphers
18.00 Ciphers/Check
290.85 sec96.95 sec/Check
18 without, 36 FS
66.67 %

Details
DomainIPPortCipher (OpenSsl / IANA)
cia.gov
23.207.8.62
443
ECDHE-ECDSA-CHACHA20-POLY1305
(Recommended)
TLSv1.2
0xCC,0xA9
FS
18 Ciphers, 101.34 sec
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

ECDH
ECDSA
CHACHA20/POLY1305(256)
AEAD




ECDHE-ECDSA-AES256-GCM-SHA384
(Recommended)
TLSv1.2
0xC0,0x2C
FS

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

ECDH
ECDSA
AESGCM(256)
AEAD




ECDHE-ECDSA-AES128-GCM-SHA256
(Recommended)
TLSv1.2
0xC0,0x2B
FS

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

ECDH
ECDSA
AESGCM(128)
AEAD




ECDHE-RSA-CHACHA20-POLY1305
(Secure)
TLSv1.2
0xCC,0xA8
FS

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

ECDH
RSA
CHACHA20/POLY1305(256)
AEAD




ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

ECDH
RSA
AESGCM(256)
AEAD




ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ECDH
RSA
AESGCM(128)
AEAD




ECDHE-ECDSA-AES256-SHA384
(Weak)
TLSv1.2
0xC0,0x24
FS

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

ECDH
ECDSA
AES(256)
SHA384




ECDHE-RSA-AES256-SHA384
(Weak)
TLSv1.2
0xC0,0x28
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

ECDH
RSA
AES(256)
SHA384




AES256-GCM-SHA384
(Weak)
TLSv1.2
0x00,0x9D
No FS

TLS_RSA_WITH_AES_256_GCM_SHA384

RSA
RSA
AESGCM(256)
AEAD




AES256-SHA256
(Weak)
TLSv1.2
0x00,0x3D
No FS

TLS_RSA_WITH_AES_256_CBC_SHA256

RSA
RSA
AES(256)
SHA256




ECDHE-ECDSA-AES128-SHA256
(Weak)
TLSv1.2
0xC0,0x23
FS

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

ECDH
ECDSA
AES(128)
SHA256




ECDHE-RSA-AES128-SHA256
(Weak)
TLSv1.2
0xC0,0x27
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

ECDH
RSA
AES(128)
SHA256




AES128-GCM-SHA256
(Weak)
TLSv1.2
0x00,0x9C
No FS

TLS_RSA_WITH_AES_128_GCM_SHA256

RSA
RSA
AESGCM(128)
AEAD




AES128-SHA256
(Weak)
TLSv1.2
0x00,0x3C
No FS

TLS_RSA_WITH_AES_128_CBC_SHA256

RSA
RSA
AES(128)
SHA256




ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

ECDH
RSA
AES(256)
SHA1




ECDHE-RSA-AES128-SHA
(Weak)
TLSv1
0xC0,0x13
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

ECDH
RSA
AES(128)
SHA1




AES256-SHA
(Weak)
SSLv3
0x00,0x35
No FS

TLS_RSA_WITH_AES_256_CBC_SHA

RSA
RSA
AES(256)
SHA1




AES128-SHA
(Weak)
SSLv3
0x00,0x2F
No FS

TLS_RSA_WITH_AES_128_CBC_SHA

RSA
RSA
AES(128)
SHA1


2600:141b:f000:181::184d
443
ECDHE-ECDSA-CHACHA20-POLY1305
(Recommended)
TLSv1.2
0xCC,0xA9
FS
18 Ciphers, 94.74 sec
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

ECDH
ECDSA
CHACHA20/POLY1305(256)
AEAD




ECDHE-ECDSA-AES256-GCM-SHA384
(Recommended)
TLSv1.2
0xC0,0x2C
FS

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

ECDH
ECDSA
AESGCM(256)
AEAD




ECDHE-ECDSA-AES128-GCM-SHA256
(Recommended)
TLSv1.2
0xC0,0x2B
FS

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

ECDH
ECDSA
AESGCM(128)
AEAD




ECDHE-RSA-CHACHA20-POLY1305
(Secure)
TLSv1.2
0xCC,0xA8
FS

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

ECDH
RSA
CHACHA20/POLY1305(256)
AEAD




ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

ECDH
RSA
AESGCM(256)
AEAD




ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ECDH
RSA
AESGCM(128)
AEAD




ECDHE-ECDSA-AES256-SHA384
(Weak)
TLSv1.2
0xC0,0x24
FS

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

ECDH
ECDSA
AES(256)
SHA384




ECDHE-RSA-AES256-SHA384
(Weak)
TLSv1.2
0xC0,0x28
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

ECDH
RSA
AES(256)
SHA384




AES256-GCM-SHA384
(Weak)
TLSv1.2
0x00,0x9D
No FS

TLS_RSA_WITH_AES_256_GCM_SHA384

RSA
RSA
AESGCM(256)
AEAD




AES256-SHA256
(Weak)
TLSv1.2
0x00,0x3D
No FS

TLS_RSA_WITH_AES_256_CBC_SHA256

RSA
RSA
AES(256)
SHA256




ECDHE-ECDSA-AES128-SHA256
(Weak)
TLSv1.2
0xC0,0x23
FS

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

ECDH
ECDSA
AES(128)
SHA256




ECDHE-RSA-AES128-SHA256
(Weak)
TLSv1.2
0xC0,0x27
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

ECDH
RSA
AES(128)
SHA256




AES128-GCM-SHA256
(Weak)
TLSv1.2
0x00,0x9C
No FS

TLS_RSA_WITH_AES_128_GCM_SHA256

RSA
RSA
AESGCM(128)
AEAD




AES128-SHA256
(Weak)
TLSv1.2
0x00,0x3C
No FS

TLS_RSA_WITH_AES_128_CBC_SHA256

RSA
RSA
AES(128)
SHA256




ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

ECDH
RSA
AES(256)
SHA1




ECDHE-RSA-AES128-SHA
(Weak)
TLSv1
0xC0,0x13
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

ECDH
RSA
AES(128)
SHA1




AES256-SHA
(Weak)
SSLv3
0x00,0x35
No FS

TLS_RSA_WITH_AES_256_CBC_SHA

RSA
RSA
AES(256)
SHA1




AES128-SHA
(Weak)
SSLv3
0x00,0x2F
No FS

TLS_RSA_WITH_AES_128_CBC_SHA

RSA
RSA
AES(128)
SHA1


2600:141b:f000:1a5::184d
443
ECDHE-ECDSA-CHACHA20-POLY1305
(Recommended)
TLSv1.2
0xCC,0xA9
FS
18 Ciphers, 94.77 sec
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

ECDH
ECDSA
CHACHA20/POLY1305(256)
AEAD




ECDHE-ECDSA-AES256-GCM-SHA384
(Recommended)
TLSv1.2
0xC0,0x2C
FS

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

ECDH
ECDSA
AESGCM(256)
AEAD




ECDHE-ECDSA-AES128-GCM-SHA256
(Recommended)
TLSv1.2
0xC0,0x2B
FS

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

ECDH
ECDSA
AESGCM(128)
AEAD




ECDHE-RSA-CHACHA20-POLY1305
(Secure)
TLSv1.2
0xCC,0xA8
FS

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

ECDH
RSA
CHACHA20/POLY1305(256)
AEAD




ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

ECDH
RSA
AESGCM(256)
AEAD




ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

ECDH
RSA
AESGCM(128)
AEAD




ECDHE-ECDSA-AES256-SHA384
(Weak)
TLSv1.2
0xC0,0x24
FS

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

ECDH
ECDSA
AES(256)
SHA384




ECDHE-RSA-AES256-SHA384
(Weak)
TLSv1.2
0xC0,0x28
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

ECDH
RSA
AES(256)
SHA384




AES256-GCM-SHA384
(Weak)
TLSv1.2
0x00,0x9D
No FS

TLS_RSA_WITH_AES_256_GCM_SHA384

RSA
RSA
AESGCM(256)
AEAD




AES256-SHA256
(Weak)
TLSv1.2
0x00,0x3D
No FS

TLS_RSA_WITH_AES_256_CBC_SHA256

RSA
RSA
AES(256)
SHA256




ECDHE-ECDSA-AES128-SHA256
(Weak)
TLSv1.2
0xC0,0x23
FS

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

ECDH
ECDSA
AES(128)
SHA256




ECDHE-RSA-AES128-SHA256
(Weak)
TLSv1.2
0xC0,0x27
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

ECDH
RSA
AES(128)
SHA256




AES128-GCM-SHA256
(Weak)
TLSv1.2
0x00,0x9C
No FS

TLS_RSA_WITH_AES_128_GCM_SHA256

RSA
RSA
AESGCM(128)
AEAD




AES128-SHA256
(Weak)
TLSv1.2
0x00,0x3C
No FS

TLS_RSA_WITH_AES_128_CBC_SHA256

RSA
RSA
AES(128)
SHA256




ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

ECDH
RSA
AES(256)
SHA1




ECDHE-RSA-AES128-SHA
(Weak)
TLSv1
0xC0,0x13
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

ECDH
RSA
AES(128)
SHA1




AES256-SHA
(Weak)
SSLv3
0x00,0x35
No FS

TLS_RSA_WITH_AES_256_CBC_SHA

RSA
RSA
AES(256)
SHA1




AES128-SHA
(Weak)
SSLv3
0x00,0x2F
No FS

TLS_RSA_WITH_AES_128_CBC_SHA

RSA
RSA
AES(128)
SHA1

 

18. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.

 

 

Permalink: https://check-your-website.server-daten.de/?i=edc56e61-f74e-4552-a865-73c740a43cee

 

Last Result: https://check-your-website.server-daten.de/?q=cia.gov - 2025-01-10 13:58:49

 

Do you like this page? Support this tool, add a link on your page:

 

<a href="https://check-your-website.server-daten.de/?q=cia.gov" target="_blank">Check this Site: cia.gov</a>

 

 

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

 

QR-Code of this page - https://check-your-website.server-daten.de/?d=cia.gov