Check DNS, Urls + Redirects, Certificates and Content of your Website




K

different ip addresses with diff. status

Checked:
05.02.2024 19:46:24


Older results


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
dnsforge.de
A
176.9.1.117
Falkenstein/Saxony/Germany (DE) - Hetzner Online GmbH
Hostname: dnsforge.de
yes
2
0

A
176.9.93.198
Falkenstein/Saxony/Germany (DE) - Hetzner Online GmbH
Hostname: dnsforge.de
yes
2
0

AAAA
2a01:4f8:141:316d::117
Falkenstein/Saxony/Germany (DE) - Hetzner

yes



AAAA
2a01:4f8:151:34aa::198
Falkenstein/Saxony/Germany (DE) - Hetzner

yes


www.dnsforge.de
CNAME
dnsforge.de
yes
1
0

A
176.9.1.117
Falkenstein/Saxony/Germany (DE) - Hetzner Online GmbH
Hostname: dnsforge.de
yes



A
176.9.93.198
Falkenstein/Saxony/Germany (DE) - Hetzner Online GmbH
Hostname: dnsforge.de
yes



AAAA
2a01:4f8:141:316d::117
Falkenstein/Saxony/Germany (DE) - Hetzner

yes



AAAA
2a01:4f8:151:34aa::198
Falkenstein/Saxony/Germany (DE) - Hetzner

yes


*.dnsforge.de
A
176.9.1.117
yes



A
176.9.93.198
yes



AAAA
2a01:4f8:141:316d::117
yes



AAAA
2a01:4f8:151:34aa::198
yes



CNAME

yes



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



Status: Valid because published



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 30903, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.02.2024, 00:00:00 +, Signature-Inception: 31.01.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: de
de
1 DS RR in the parent zone found



DS with Algorithm 8, KeyTag 26755, DigestType 2 and Digest 80E1eAmllUMRzLgq3hFMbB1ySnXAOVE3qjl4A1Ql540=



1 RRSIG RR to validate DS RR found



RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 18.02.2024, 05:00:00 +, Signature-Inception: 05.02.2024, 04:00:00 +, KeyTag 30903, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30903 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 19854, Flags 256



Public Key with Algorithm 8, KeyTag 26755, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 13.02.2024, 08:40:28 +, Signature-Inception: 30.01.2024, 07:10:28 +, KeyTag 26755, Signer-Name: de



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26755 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26755, DigestType 2 and Digest "80E1eAmllUMRzLgq3hFMbB1ySnXAOVE3qjl4A1Ql540=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: dnsforge.de
dnsforge.de
1 DS RR in the parent zone found



DS with Algorithm 13, KeyTag 43604, DigestType 2 and Digest j/4ILSbWkyB73xDrP0S8rLdm7Eg1uFI0ajSlXtVXX7I=



1 RRSIG RR to validate DS RR found



RRSIG-Owner dnsforge.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 13.02.2024, 09:40:37 +, Signature-Inception: 30.01.2024, 08:10:37 +, KeyTag 19854, Signer-Name: de



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 19854 used to validate the DS RRSet in the parent zone



1 DNSKEY RR found



Public Key with Algorithm 13, KeyTag 43604, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner dnsforge.de., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.02.2024, 00:00:00 +, Signature-Inception: 25.01.2024, 00:00:00 +, KeyTag 43604, Signer-Name: dnsforge.de



Status: Good - Algorithmus 13 and DNSKEY with KeyTag 43604 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 43604, DigestType 2 and Digest "j/4ILSbWkyB73xDrP0S8rLdm7Eg1uFI0ajSlXtVXX7I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



RRSIG Type 1 validates the A - Result: 176.9.1.117 176.9.93.198
Validated: RRSIG-Owner dnsforge.de., Algorithm: 13, 2 Labels, original TTL: 30 sec, Signature-expiration: 15.02.2024, 00:00:00 +, Signature-Inception: 25.01.2024, 00:00:00 +, KeyTag 43604, Signer-Name: dnsforge.de



RRSIG Type 16 validates the TXT - Result: v=spf1 mx -all
Validated: RRSIG-Owner dnsforge.de., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 15.02.2024, 00:00:00 +, Signature-Inception: 25.01.2024, 00:00:00 +, KeyTag 43604, Signer-Name: dnsforge.de



RRSIG Type 28 validates the AAAA - Result: 2A01:04F8:0141:316D:0000:0000:0000:0117 2A01:04F8:0151:34AA:0000:0000:0000:0198
Validated: RRSIG-Owner dnsforge.de., Algorithm: 13, 2 Labels, original TTL: 30 sec, Signature-expiration: 15.02.2024, 00:00:00 +, Signature-Inception: 25.01.2024, 00:00:00 +, KeyTag 43604, Signer-Name: dnsforge.de



RRSIG Type 52 validates the TLSA - Result (_443._tcp.dnsforge.de): _443._tcp.dnsforge.de: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector: 1 (SPKI, SubjectPublicKeyInfo), Matching: 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c
Validated: RRSIG-Owner _443._tcp.dnsforge.de., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 15.02.2024, 00:00:00 +, Signature-Inception: 25.01.2024, 00:00:00 +, KeyTag 43604, Signer-Name: dnsforge.de



RRSIG Type 257 validates the CAA - Result: 5|issueletsencrypt.org
Validated: RRSIG-Owner dnsforge.de., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 15.02.2024, 00:00:00 +, Signature-Inception: 25.01.2024, 00:00:00 +, KeyTag 43604, Signer-Name: dnsforge.de



CNAME-Query sends a valid NSEC RR as result with the query name "dnsforge.de" equal the NSEC-owner "dnsforge.de" and the NextOwner "*.dnsforge.de". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY, CAA Validated: RRSIG-Owner dnsforge.de., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 15.02.2024, 00:00:00 +, Signature-Inception: 25.01.2024, 00:00:00 +, KeyTag 43604, Signer-Name: dnsforge.de



Status: Good. NoData-Proof required and found.

Zone: www.dnsforge.de
www.dnsforge.de
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "dnsforge.de" and the NextOwner "*.dnsforge.de". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY, CAA



RRSIG Type 5 validates the CNAME - Result: dnsforge.de
Validated: RRSIG-Owner www.dnsforge.de., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 15.02.2024, 00:00:00 +, Signature-Inception: 25.01.2024, 00:00:00 +, KeyTag 43604, Signer-Name: dnsforge.de


3. Name Servers

DomainNameserverNS-IP
dnsforge.de
  ns1.cdom.de / ns1.cdom.de
176.9.1.103
Falkenstein/Saxony/Germany (DE) - Hetzner Online GmbH


 
2a01:4f8:141:316d::103
Falkenstein/Saxony/Germany (DE) - Hetzner


  ns3.cdom.de / ns3.cdom.de
176.9.93.183
Falkenstein/Saxony/Germany (DE) - Hetzner Online GmbH


 
2a01:4f8:151:34aa::183
Falkenstein/Saxony/Germany (DE) - Hetzner

de
  a.nic.de / ns-1.de.de8


  f.nic.de / ns-1.de.de1


  l.de.net / ns-1.de.fr1


  n.de.net / s3.amx


  s.de.net / ns-2.de.de9


  z.nic.de / ns-1.de.de2.bind


4. SOA-Entries


Domain:de
Zone-Name:de
Primary:f.nic.de
Mail:dns-operations.denic.de
Serial:1707158688
Refresh:7200
Retry:7200
Expire:3600000
TTL:7200
num Entries:6


Domain:dnsforge.de
Zone-Name:dnsforge.de
Primary:ns1.cdom.de
Mail:hostmaster.cdom.de
Serial:2024012105
Refresh:3600
Retry:600
Expire:1209600
TTL:3600
num Entries:4


5. Screenshots

Startaddress: https://dnsforge.de/, address used: https://dnsforge.de/, Screenshot created 2024-02-05 19:50:51 +00:0

Mobil (412px x 732px)

1075 milliseconds

Screenshot mobile - https://dnsforge.de/
Mobil + Landscape (732px x 412px)

1082 milliseconds

Screenshot mobile landscape - https://dnsforge.de/
Screen (1280px x 1680px)

1198 milliseconds

Screenshot Desktop - https://dnsforge.de/

Mobile- and other Chrome-Checks

widthheight
visual Viewport396732
content Size4376147

Fatal: Horizontal scrollbar detected. Content-size width is greater then visual Viewport width.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://dnsforge.de/
176.9.1.117
301
https://dnsforge.de/
Html is minified: 100.00 %
0.043
A
Date: Mon, 05 Feb 2024 18:46:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: https://dnsforge.de/
Cache-Control: max-age=3600
Connection: close
Expires: Mon, 05 Feb 2024 19:46:53 GMT
Content-Length: 228
Content-Type: text/html; charset=iso-8859-1

• http://dnsforge.de/
176.9.93.198
301
https://dnsforge.de/
Html is minified: 109.46 %
0.040
A
Server: nginx
Date: Mon, 05 Feb 2024 18:46:53 GMT
Connection: close
Location: https://dnsforge.de/
Content-Type: text/html
Content-Length: 162

• http://dnsforge.de/
2a01:4f8:141:316d::117
301
https://dnsforge.de/
Html is minified: 100.00 %
0.036
A
Date: Mon, 05 Feb 2024 18:46:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: https://dnsforge.de/
Cache-Control: max-age=3600
Connection: close
Expires: Mon, 05 Feb 2024 19:46:53 GMT
Content-Length: 228
Content-Type: text/html; charset=iso-8859-1

• http://dnsforge.de/
2a01:4f8:151:34aa::198
301
https://dnsforge.de/
Html is minified: 109.46 %
0.037
A
Server: nginx
Date: Mon, 05 Feb 2024 18:46:54 GMT
Connection: close
Location: https://dnsforge.de/
Content-Type: text/html
Content-Length: 162

• http://www.dnsforge.de/
176.9.1.117
301
http://dnsforge.de/
Html is minified: 100.00 %
0.044
D
Date: Mon, 05 Feb 2024 18:46:54 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: http://dnsforge.de/
Cache-Control: max-age=3600
Connection: close
Expires: Mon, 05 Feb 2024 19:46:54 GMT
Content-Length: 227
Content-Type: text/html; charset=iso-8859-1

• http://www.dnsforge.de/
176.9.93.198
301
https://dnsforge.de/
Html is minified: 109.46 %
0.037
E
Server: nginx
Date: Mon, 05 Feb 2024 18:46:54 GMT
Connection: close
Location: https://dnsforge.de/
Content-Type: text/html
Content-Length: 162

• http://www.dnsforge.de/
2a01:4f8:141:316d::117
301
http://dnsforge.de/
Html is minified: 100.00 %
0.037
D
Date: Mon, 05 Feb 2024 18:46:54 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: http://dnsforge.de/
Cache-Control: max-age=3600
Connection: close
Expires: Mon, 05 Feb 2024 19:46:54 GMT
Content-Length: 227
Content-Type: text/html; charset=iso-8859-1

• http://www.dnsforge.de/
2a01:4f8:151:34aa::198
301
https://dnsforge.de/
Html is minified: 109.46 %
0.037
E
Server: nginx
Date: Mon, 05 Feb 2024 18:46:54 GMT
Connection: close
Location: https://dnsforge.de/
Content-Type: text/html
Content-Length: 162

• https://www.dnsforge.de/
176.9.1.117
301
https://dnsforge.de/
Html is minified: 100.00 %
3.154
B
Date: Mon, 05 Feb 2024 18:47:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: https://dnsforge.de/
Cache-Control: max-age=3600
Connection: close
Expires: Mon, 05 Feb 2024 19:47:10 GMT
Content-Length: 228
Content-Type: text/html; charset=iso-8859-1

• https://www.dnsforge.de/
176.9.93.198
301
https://dnsforge.de/
Html is minified: 109.46 %
2.220
B
Server: nginx
Date: Mon, 05 Feb 2024 18:47:14 GMT
Connection: close
Location: https://dnsforge.de/
Content-Type: text/html
Content-Length: 162

• https://www.dnsforge.de/
2a01:4f8:141:316d::117
301
https://dnsforge.de/
Html is minified: 100.00 %
3.137
B
Date: Mon, 05 Feb 2024 18:47:17 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: https://dnsforge.de/
Cache-Control: max-age=3600
Connection: close
Expires: Mon, 05 Feb 2024 19:47:17 GMT
Content-Length: 228
Content-Type: text/html; charset=iso-8859-1

• https://www.dnsforge.de/
2a01:4f8:151:34aa::198
301
https://dnsforge.de/
Html is minified: 109.46 %
2.147
B
Server: nginx
Date: Mon, 05 Feb 2024 18:47:21 GMT
Connection: close
Location: https://dnsforge.de/
Content-Type: text/html
Content-Length: 162

• https://dnsforge.de/
176.9.1.117 GZip used - 4694 / 15319 - 69.36 %
Inline-JavaScript (∑/total): 3/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 101.36 %
3.197
I
Date: Mon, 05 Feb 2024 18:46:54 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Connection: Upgrade, close
ETag: "3bd7-61096510e289d-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=3600
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Expect-CT: enforce, max-age=21600
Content-Security-Policy: default-src 'none'; img-src 'self' https://piwik.dnsforge.de; style-src 'self'; script-src 'self' https://piwik.dnsforge.de; connect-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content
Feature-Policy: payment none
Access-Control-Allow-Origin: *
Last-Modified: Sun, 04 Feb 2024 23:00:51 GMT
Expires: Mon, 05 Feb 2024 19:46:54 GMT
Content-Encoding: gzip
Content-Length: 4694
Content-Type: text/html

• https://dnsforge.de/
176.9.93.198 No GZip used - 5628 / 15319 - 36.74 % possible
Inline-JavaScript (∑/total): 3/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 101.36 %
3.193
I
Server: nginx
Date: Mon, 05 Feb 2024 18:46:58 GMT
Connection: close
ETag: "65c01723-3bd7"
Cache-Control: max-age=315360000
Content-Security-Policy: default-src 'none'; img-src 'self' https://piwik.dnsforge.de; style-src 'self'; script-src 'self' https://piwik.dnsforge.de; connect-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Feature-Policy: payment none
Expect-CT: enforce, max-age=21600
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 15319
Last-Modified: Sun, 04 Feb 2024 23:00:51 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT

• https://dnsforge.de/
2a01:4f8:141:316d::117 GZip used - 4694 / 15319 - 69.36 %
Inline-JavaScript (∑/total): 3/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 101.36 %
3.133
I
Date: Mon, 05 Feb 2024 18:47:02 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Connection: Upgrade, close
ETag: "3bd7-61096510e289d-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=3600
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Expect-CT: enforce, max-age=21600
Content-Security-Policy: default-src 'none'; img-src 'self' https://piwik.dnsforge.de; style-src 'self'; script-src 'self' https://piwik.dnsforge.de; connect-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content
Feature-Policy: payment none
Access-Control-Allow-Origin: *
Last-Modified: Sun, 04 Feb 2024 23:00:51 GMT
Expires: Mon, 05 Feb 2024 19:47:02 GMT
Content-Encoding: gzip
Content-Length: 4694
Content-Type: text/html

• https://dnsforge.de/
2a01:4f8:151:34aa::198 No GZip used - 5628 / 15319 - 36.74 % possible
Inline-JavaScript (∑/total): 3/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 101.36 %
3.170
I
Server: nginx
Date: Mon, 05 Feb 2024 18:47:06 GMT
Connection: close
ETag: "65c01723-3bd7"
Cache-Control: max-age=315360000
Content-Security-Policy: default-src 'none'; img-src 'self' https://piwik.dnsforge.de; style-src 'self'; script-src 'self' https://piwik.dnsforge.de; connect-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Feature-Policy: payment none
Expect-CT: enforce, max-age=21600
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 15319
Last-Modified: Sun, 04 Feb 2024 23:00:51 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT

• http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
176.9.93.198
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
301
https://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 109.46 %
0.037
E
Visible Content: 301 Moved Permanently nginx
Server: nginx
Date: Mon, 05 Feb 2024 18:47:24 GMT
Connection: close
Location: https://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Content-Type: text/html
Content-Length: 162

• http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:4f8:151:34aa::198
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
301
https://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 109.46 %
0.040
E
Visible Content: 301 Moved Permanently nginx
Server: nginx
Date: Mon, 05 Feb 2024 18:47:24 GMT
Connection: close
Location: https://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Content-Type: text/html
Content-Length: 162

• http://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
176.9.1.117
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
0.043
A
Not Found
Visible Content: Not Found The requested URL was not found on this server.
Date: Mon, 05 Feb 2024 18:47:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

• http://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
176.9.93.198
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 110.61 %
0.053
A
Not Found
Visible Content: 404 Not Found nginx
Server: nginx
Date: Mon, 05 Feb 2024 18:47:24 GMT
Connection: close
Content-Type: text/html
Content-Length: 146

• http://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:4f8:141:316d::117
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
0.037
A
Not Found
Visible Content: Not Found The requested URL was not found on this server.
Date: Mon, 05 Feb 2024 18:47:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

• http://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:4f8:151:34aa::198
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 110.61 %
0.040
A
Not Found
Visible Content: 404 Not Found nginx
Server: nginx
Date: Mon, 05 Feb 2024 18:47:24 GMT
Connection: close
Content-Type: text/html
Content-Length: 146

• http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
176.9.1.117
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
0.040
A
Not Found
Visible Content: Not Found The requested URL was not found on this server.
Date: Mon, 05 Feb 2024 18:47:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

• http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:4f8:141:316d::117
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 100.00 %
0.036
A
Not Found
Visible Content: Not Found The requested URL was not found on this server.
Date: Mon, 05 Feb 2024 18:47:24 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Length: 196
Content-Type: text/html; charset=iso-8859-1

• https://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 110.61 %
3.190
A
Not Found
Visible Content: 404 Not Found nginx
Server: nginx
Date: Mon, 05 Feb 2024 18:47:40 GMT
Connection: close
Content-Type: text/html
Content-Length: 146

• https://176.9.1.117/
176.9.1.117
302
https://dnsforge.de/login/
2.220
N-
Certificate error: RemoteCertificateNameMismatch
Date: Mon, 05 Feb 2024 18:47:25 GMT
Server: Apache
Cache-Control: no-store, must-revalidate, no-cache
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: ISPCSESS=h9cv0r05ljgrvhcehdilav4a9q; path=/; secure; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval', default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubdomains; preload
X-XSS-Protection: 1; mode=block, 1; mode=block
X-Content-Type-Options: nosniff, nosniff
Upgrade: h2, h2c
Connection: Upgrade, close
Location: /login/
Referrer-Policy: no-referrer
Expect-CT: enforce, max-age=21600
Transfer-Encoding: chunked
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8

• https://176.9.93.198/
176.9.93.198
502

Html is minified: 187.53 %
3.164
N
Bad Gateway
Certificate error: RemoteCertificateNameMismatch
Server: nginx
Date: Mon, 05 Feb 2024 18:47:28 GMT
Connection: close
ETag: "5ebe49c7-2ff"
Content-Type: text/html
Content-Length: 767

• https://[2a01:04f8:0141:316d:0000:0000:0000:0117]/
2a01:4f8:141:316d::117 GZip used - 4694 / 15319 - 69.36 %
Inline-JavaScript (∑/total): 3/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 101.36 %
3.180
N
Certificate error: RemoteCertificateNameMismatch
Date: Mon, 05 Feb 2024 18:47:32 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Upgrade: h2
Connection: Upgrade, close
ETag: "3bd7-61096510e289d-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=3600
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Expect-CT: enforce, max-age=21600
Content-Security-Policy: default-src 'none'; img-src 'self' https://piwik.dnsforge.de; style-src 'self'; script-src 'self' https://piwik.dnsforge.de; connect-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content
Feature-Policy: payment none
Access-Control-Allow-Origin: *
Last-Modified: Sun, 04 Feb 2024 23:00:51 GMT
Expires: Mon, 05 Feb 2024 19:47:32 GMT
Content-Encoding: gzip
Content-Length: 4694
Content-Type: text/html

• https://[2a01:04f8:0151:34aa:0000:0000:0000:0198]/
2a01:4f8:151:34aa::198
502

Html is minified: 187.53 %
3.150
N
Bad Gateway
Certificate error: RemoteCertificateNameMismatch
Server: nginx
Date: Mon, 05 Feb 2024 18:47:36 GMT
Connection: close
ETag: "5ebe49c7-2ff"
Content-Type: text/html
Content-Length: 767

• https://dnsforge.de/login/

Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
404

Html is minified: 110.61 %
3.140
M
Not Found
small visible content (num chars: 19)
404 Not Found nginx
Server: nginx
Date: Mon, 05 Feb 2024 18:47:44 GMT
Connection: close
Content-Type: text/html
Content-Length: 146

7. Comments


1. General Results, most used to calculate the result

Aname "dnsforge.de" is domain, public suffix is ".de", top-level-domain is ".de", top-level-domain-type is "country-code", Country is Germany, tld-manager is "DENIC eG", num .de-domains preloaded: 9496 (complete: 239099)
AGood: All ip addresses are public addresses
AGood: Minimal 2 ip addresses per domain name found: dnsforge.de has 4 different ip addresses (authoritative).
AGood: Minimal 2 ip addresses per domain name found: www.dnsforge.de has 4 different ip addresses (authoritative).
AGood: Ipv4 and Ipv6 addresses per domain name found: dnsforge.de has 2 ipv4, 2 ipv6 addresses
AGood: Ipv4 and Ipv6 addresses per domain name found: www.dnsforge.de has 2 ipv4, 2 ipv6 addresses
AGood: No asked Authoritative Name Server had a timeout
Ahttps://dnsforge.de/ 176.9.1.117


Good: Valid DANE - entry found: signed Data _443._tcp.dnsforge.de: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c confirms the Certificate with the same value
Ahttps://dnsforge.de/ 176.9.93.198


Good: Valid DANE - entry found: signed Data _443._tcp.dnsforge.de: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c confirms the Certificate with the same value
Ahttps://dnsforge.de/ 2a01:4f8:141:316d::117


Good: Valid DANE - entry found: signed Data _443._tcp.dnsforge.de: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c confirms the Certificate with the same value
Ahttps://dnsforge.de/ 2a01:4f8:151:34aa::198


Good: Valid DANE - entry found: signed Data _443._tcp.dnsforge.de: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c confirms the Certificate with the same value
Ahttps://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de


Good: Valid DANE - entry found: signed Data _443._tcp.dnsforge.de: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c confirms the Certificate with the same value
Ahttps://176.9.1.117/ 176.9.1.117


Good: Valid DANE - entry found: signed Data _443._tcp.dnsforge.de: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c confirms the Certificate with the same value
Ahttps://dnsforge.de/login/


Good: Valid DANE - entry found: signed Data _443._tcp.dnsforge.de: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c confirms the Certificate with the same value
Ahttps://176.9.93.198/ 176.9.93.198


Good: Valid DANE - entry found: signed Data _443._tcp.dnsforge.de: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c confirms the Certificate with the same value
Ahttps://[2a01:04f8:0141:316d:0000:0000:0000:0117]/ 2a01:4f8:141:316d::117


Good: Valid DANE - entry found: signed Data _443._tcp.dnsforge.de: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c confirms the Certificate with the same value
Ahttps://[2a01:04f8:0151:34aa:0000:0000:0000:0198]/ 2a01:4f8:151:34aa::198


Good: Valid DANE - entry found: signed Data _443._tcp.dnsforge.de: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector 1 (SPKI, SubjectPublicKeyInfo), Matching 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c confirms the Certificate with the same value
Ahttps://176.9.1.117/ 176.9.1.117
302
https://dnsforge.de/login/
Correct redirect https to https
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: non-www is preferred
AGood: No cookie sent via http.
AGood: every cookie sent via https is marked as secure
AGood: Every cookie has a SameSite Attribute with a correct value Strict/Lax/None
Warning: HSTS preload sent, but not in Preload-List. Never send a preload directive if you don't know what preload means. Check https://hstspreload.org/ to learn the basics about the Google-Preload list. If you send a preload directive, you should **immediately** add your domain to the HSTS preload list via https://hstspreload.org/ . If Google accepts the domain, so the status is "pending": Note that new entries are hardcoded into the Chrome source code and can take several months before they reach the stable version. So you will see this message some months. If you don't want that or if you don't understand "preload", but if you send a preload directive and if you have correct A-redirects, everybody can add your domain to that list. Then you may have problems, it's not easy to undo that. So if you don't want your domain preloaded, remove the preload directive.
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):4 complete Content-Type - header (13 urls)
https://dnsforge.de/ 176.9.1.117


Url with incomplete Content-Type - header - missing charset
https://dnsforge.de/ 176.9.93.198


Url with incomplete Content-Type - header - missing charset
https://dnsforge.de/ 2a01:4f8:141:316d::117


Url with incomplete Content-Type - header - missing charset
https://dnsforge.de/ 2a01:4f8:151:34aa::198


Url with incomplete Content-Type - header - missing charset
http://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 176.9.93.198


Url with incomplete Content-Type - header - missing charset
http://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:151:34aa::198


Url with incomplete Content-Type - header - missing charset
https://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de


Url with incomplete Content-Type - header - missing charset
https://dnsforge.de/login/


Url with incomplete Content-Type - header - missing charset
https://[2a01:04f8:0141:316d:0000:0000:0000:0117]/ 2a01:4f8:141:316d::117


Url with incomplete Content-Type - header - missing charset
Ahttp://dnsforge.de/ 176.9.1.117
301
https://dnsforge.de/
Correct redirect http - https with the same domain name
Ahttp://dnsforge.de/ 176.9.93.198
301
https://dnsforge.de/
Correct redirect http - https with the same domain name
Ahttp://dnsforge.de/ 2a01:4f8:141:316d::117
301
https://dnsforge.de/
Correct redirect http - https with the same domain name
Ahttp://dnsforge.de/ 2a01:4f8:151:34aa::198
301
https://dnsforge.de/
Correct redirect http - https with the same domain name
Bhttps://www.dnsforge.de/ 176.9.1.117
301

Missing HSTS-Header
Bhttps://www.dnsforge.de/ 176.9.93.198
301

Missing HSTS-Header
Bhttps://www.dnsforge.de/ 2a01:4f8:141:316d::117
301

Missing HSTS-Header
Bhttps://www.dnsforge.de/ 2a01:4f8:151:34aa::198
301

Missing HSTS-Header
Bhttps://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Missing HSTS-Header
Bhttps://176.9.1.117/ 176.9.1.117
302
max-age=31536000; includeSubDomains, max-age=31536000; includeSubdomains; preload
Critical: HSTS-Header has Parse-Errors. Comma found, but Comma not allowed. Perhaps more then one HSTS-Header., Unknown directive found. Only max-age (with value), includeSubdomains or preload allowed.
Dhttp://www.dnsforge.de/ 176.9.1.117
301
http://dnsforge.de/
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Dhttp://www.dnsforge.de/ 2a01:4f8:141:316d::117
301
http://dnsforge.de/
Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Ehttp://www.dnsforge.de/ 176.9.93.198
301
https://dnsforge.de/
Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Ehttp://www.dnsforge.de/ 2a01:4f8:151:34aa::198
301
https://dnsforge.de/
Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Khttp://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 176.9.1.117, Status 404

http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 176.9.93.198, Status 301
Configuration problem - different ip addresses with different status
Khttp://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 176.9.1.117, Status 404

http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:151:34aa::198, Status 301
Configuration problem - different ip addresses with different status
Khttp://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 176.9.93.198, Status 301

http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:141:316d::117, Status 404
Configuration problem - different ip addresses with different status
Khttp://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:141:316d::117, Status 404

http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:151:34aa::198, Status 301
Configuration problem - different ip addresses with different status
Mhttps://dnsforge.de/login/
404

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://176.9.1.117/ 176.9.1.117
302
https://dnsforge.de/login/
Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://176.9.93.198/ 176.9.93.198
502

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://[2a01:04f8:0141:316d:0000:0000:0000:0117]/ 2a01:4f8:141:316d::117
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://[2a01:04f8:0151:34aa:0000:0000:0000:0198]/ 2a01:4f8:151:34aa::198
502

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Fatal: More then one ip address per domain name found, but checking all ip addresses different http status found.: Domain dnsforge.de, 4 ip addresses, 2 different http results.
Fatal: More then one ip address per domain name found, but checking all ip addresses different http status found.: Domain www.dnsforge.de, 4 ip addresses, 2 different http results.
Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain dnsforge.de, 4 ip addresses.
Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain www.dnsforge.de, 4 ip addresses.
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.dnsforge.de

2. Header-Checks (Cross-Origin-* headers are alpha - started 2024-06-05)

Adnsforge.de 176.9.1.117
Content-Security-Policy
Ok: Header without syntax errors found: default-src 'none'; img-src 'self' https://piwik.dnsforge.de; style-src 'self'; script-src 'self' https://piwik.dnsforge.de; connect-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content
B

Info: Header-Element is deprecated. block-all-mixed-content
A

Good: default-src directive only with 'none' or 'self', additional sources are blocked.
A

Good: default-src without 'unsafe-inline' or 'unsave-eval'.
A

Good: form-action directive found. That reduces the risk sending data to unwanted domains. form-action is a navigation-directive, so default-src isn't used.
A

Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
A

Good: base-uri directive found. That limits the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
A

Good: No object-src found, but the default-src used as fallback is defined and restricted.
A

Good: script-src without 'unsafe-inline' and 'unsafe-eval' found. That's the recommended configuration.
A

Good: script-src without * and a scheme found.
A

Good: script-src without data: schema found. Why is this important? The data: schema allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
A

Good: frame-src without data: defined or frame-src missing and the default-src used as fallback not allows the data: schema. That blocks hidden code injection. Insert <iframe src="data:text/html;charset=utf-8;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHA+YmVmb3JlPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmFsZXJ0KCdYU1MnKTwvc2NyaXB0PjxwPmFmdGVyPC9ib2R5PjwvaHRtbD4="></iframe> in your page and see what happens.
A
X-Content-Type-Options
Ok: Header without syntax errors found: nosniff
A
Referrer-Policy
Ok: Header without syntax errors found: no-referrer
A
X-Frame-Options
Ok: Header without syntax errors found: SAMEORIGIN
B

Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A
Expect-CT
Ok: Header without syntax errors found: enforce, max-age=21600
B

Info: Header is deprecated. May not longer work in modern browsers. enforce, max-age=21600
A
Feature-Policy
Ok: Header without syntax errors found: payment none
B

Info: Header is deprecated. May not longer work in modern browsers. payment none
A
X-Xss-Protection
Ok: Header without syntax errors found: 1; mode=block
B

Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block
Adnsforge.de 176.9.93.198
Content-Security-Policy
Ok: Header without syntax errors found: default-src 'none'; img-src 'self' https://piwik.dnsforge.de; style-src 'self'; script-src 'self' https://piwik.dnsforge.de; connect-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content
B

Info: Header-Element is deprecated. block-all-mixed-content
A

Good: default-src directive only with 'none' or 'self', additional sources are blocked.
A

Good: default-src without 'unsafe-inline' or 'unsave-eval'.
A

Good: form-action directive found. That reduces the risk sending data to unwanted domains. form-action is a navigation-directive, so default-src isn't used.
A

Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
A

Good: base-uri directive found. That limits the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
A

Good: No object-src found, but the default-src used as fallback is defined and restricted.
A

Good: script-src without 'unsafe-inline' and 'unsafe-eval' found. That's the recommended configuration.
A

Good: script-src without * and a scheme found.
A

Good: script-src without data: schema found. Why is this important? The data: schema allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
A

Good: frame-src without data: defined or frame-src missing and the default-src used as fallback not allows the data: schema. That blocks hidden code injection. Insert <iframe src="data:text/html;charset=utf-8;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHA+YmVmb3JlPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmFsZXJ0KCdYU1MnKTwvc2NyaXB0PjxwPmFmdGVyPC9ib2R5PjwvaHRtbD4="></iframe> in your page and see what happens.
A
X-Content-Type-Options
Ok: Header without syntax errors found: nosniff
A
Referrer-Policy
Ok: Header without syntax errors found: same-origin
A
X-Frame-Options
Ok: Header without syntax errors found: SAMEORIGIN
B

Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A
Expect-CT
Ok: Header without syntax errors found: enforce, max-age=21600
B

Info: Header is deprecated. May not longer work in modern browsers. enforce, max-age=21600
A
Feature-Policy
Ok: Header without syntax errors found: payment none
B

Info: Header is deprecated. May not longer work in modern browsers. payment none
A
X-Xss-Protection
Ok: Header without syntax errors found: 1; mode=block
B

Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block
Adnsforge.de 2a01:4f8:141:316d::117
Content-Security-Policy
Ok: Header without syntax errors found: default-src 'none'; img-src 'self' https://piwik.dnsforge.de; style-src 'self'; script-src 'self' https://piwik.dnsforge.de; connect-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content
B

Info: Header-Element is deprecated. block-all-mixed-content
A

Good: default-src directive only with 'none' or 'self', additional sources are blocked.
A

Good: default-src without 'unsafe-inline' or 'unsave-eval'.
A

Good: form-action directive found. That reduces the risk sending data to unwanted domains. form-action is a navigation-directive, so default-src isn't used.
A

Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
A

Good: base-uri directive found. That limits the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
A

Good: No object-src found, but the default-src used as fallback is defined and restricted.
A

Good: script-src without 'unsafe-inline' and 'unsafe-eval' found. That's the recommended configuration.
A

Good: script-src without * and a scheme found.
A

Good: script-src without data: schema found. Why is this important? The data: schema allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
A

Good: frame-src without data: defined or frame-src missing and the default-src used as fallback not allows the data: schema. That blocks hidden code injection. Insert <iframe src="data:text/html;charset=utf-8;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHA+YmVmb3JlPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmFsZXJ0KCdYU1MnKTwvc2NyaXB0PjxwPmFmdGVyPC9ib2R5PjwvaHRtbD4="></iframe> in your page and see what happens.
A
X-Content-Type-Options
Ok: Header without syntax errors found: nosniff
A
Referrer-Policy
Ok: Header without syntax errors found: no-referrer
A
X-Frame-Options
Ok: Header without syntax errors found: SAMEORIGIN
B

Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A
Expect-CT
Ok: Header without syntax errors found: enforce, max-age=21600
B

Info: Header is deprecated. May not longer work in modern browsers. enforce, max-age=21600
A
Feature-Policy
Ok: Header without syntax errors found: payment none
B

Info: Header is deprecated. May not longer work in modern browsers. payment none
A
X-Xss-Protection
Ok: Header without syntax errors found: 1; mode=block
B

Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block
Adnsforge.de 2a01:4f8:151:34aa::198
Content-Security-Policy
Ok: Header without syntax errors found: default-src 'none'; img-src 'self' https://piwik.dnsforge.de; style-src 'self'; script-src 'self' https://piwik.dnsforge.de; connect-src 'self'; font-src 'self'; base-uri 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content
B

Info: Header-Element is deprecated. block-all-mixed-content
A

Good: default-src directive only with 'none' or 'self', additional sources are blocked.
A

Good: default-src without 'unsafe-inline' or 'unsave-eval'.
A

Good: form-action directive found. That reduces the risk sending data to unwanted domains. form-action is a navigation-directive, so default-src isn't used.
A

Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
A

Good: base-uri directive found. That limits the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
A

Good: No object-src found, but the default-src used as fallback is defined and restricted.
A

Good: script-src without 'unsafe-inline' and 'unsafe-eval' found. That's the recommended configuration.
A

Good: script-src without * and a scheme found.
A

Good: script-src without data: schema found. Why is this important? The data: schema allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
A

Good: frame-src without data: defined or frame-src missing and the default-src used as fallback not allows the data: schema. That blocks hidden code injection. Insert <iframe src="data:text/html;charset=utf-8;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHA+YmVmb3JlPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmFsZXJ0KCdYU1MnKTwvc2NyaXB0PjxwPmFmdGVyPC9ib2R5PjwvaHRtbD4="></iframe> in your page and see what happens.
A
X-Content-Type-Options
Ok: Header without syntax errors found: nosniff
A
Referrer-Policy
Ok: Header without syntax errors found: same-origin
A
X-Frame-Options
Ok: Header without syntax errors found: SAMEORIGIN
B

Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A
Expect-CT
Ok: Header without syntax errors found: enforce, max-age=21600
B

Info: Header is deprecated. May not longer work in modern browsers. enforce, max-age=21600
A
Feature-Policy
Ok: Header without syntax errors found: payment none
B

Info: Header is deprecated. May not longer work in modern browsers. payment none
A
X-Xss-Protection
Ok: Header without syntax errors found: 1; mode=block
B

Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block
Fdnsforge.de 176.9.1.117
Permissions-Policy
Critical: Missing Header:
Fdnsforge.de 176.9.93.198
Permissions-Policy
Critical: Missing Header:
Fdnsforge.de 2a01:4f8:141:316d::117
Permissions-Policy
Critical: Missing Header:
Fdnsforge.de 2a01:4f8:151:34aa::198
Permissions-Policy
Critical: Missing Header:

3. DNS- and NameServer - Checks

AInfo:: 2 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 2 Name Servers.
AInfo:: 2 Queries complete, 2 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
AGood: Some ip addresses of name servers found with the minimum of two DNS Queries. One to find the TLD-Zone, one to ask the TLD-Zone.ns1.cdom.de (176.9.1.103), ns3.cdom.de (176.9.93.183)
AGood (1 - 3.0):: An average of 1.0 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 2 different Name Servers found: ns1.cdom.de, ns3.cdom.de, 2 Name Servers included in Delegation: ns1.cdom.de, ns3.cdom.de, 2 Name Servers included in 1 Zone definitions: ns1.cdom.de, ns3.cdom.de, 1 Name Servers listed in SOA.Primary: ns1.cdom.de.
AGood: Only one SOA.Primary Name Server found.: ns1.cdom.de.
AGood: SOA.Primary Name Server included in the delegation set.: ns1.cdom.de.
AGood: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: ns1.cdom.de, ns3.cdom.de
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AGood: Minimal 2 different name servers (public suffix and public ip address) found: 2 different Name Servers found
AGood: All name servers have ipv4- and ipv6-addresses.: 2 different Name Servers found
Warning: All Name Servers have the same Top Level Domain / Public Suffix. If there is a problem with that Top Level Domain, your domain may be affected. Better: Use Name Servers with different top level domains.: 2 Name Servers, 1 Top Level Domain: de
Warning: All Name Servers have the same domain name. If there is a problem with that domain name (or with the name servers of that domain name), your domain may be affected. Better: Use Name Servers with different domain names / different top level domains.: Only one domain name used: cdom.de
Warning: All Name Servers from the same Country / IP location.: 2 Name Servers, 1 Countries: DE
AInfo: Ipv4-Subnet-list: 2 Name Servers, 1 different subnets (first Byte): 176., 1 different subnets (first two Bytes): 176.9., 2 different subnets (first three Bytes): 176.9.1., 176.9.93.
AGood: Name Server IPv4-addresses from different subnet found:
AInfo: IPv6-Subnet-list: 2 Name Servers with IPv6, 1 different subnets (first block): 2a01:, 1 different subnets (first two blocks): 2a01:04f8:, 2 different subnets (first three blocks): 2a01:04f8:0141:, 2a01:04f8:0151:, 2 different subnets (first four blocks): 2a01:04f8:0141:316d:, 2a01:04f8:0151:34aa:
AGood: Name Server IPv6 addresses from different subnets found.
AGood: Nameserver supports TCP connections: 4 good Nameserver
AGood: Nameserver supports Echo Capitalization: 4 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 4 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 4 good Nameserver
AGood: All SOA have the same Serial Number
AGood: CAA entries found, creating certificate is limited: letsencrypt.org is allowed to create certificates

4. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:141:316d::117, Status 404

http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 176.9.93.198, Status 301
Fatal: Check of /.well-known/acme-challenge/random-filename has different answers checking ipv6 / ipv4. Ipv6 doesn't have the expected result http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 validation may not work. Checking the validation file in /.well-known/acme-challenge Letsencrypt prefers ipv6. Two options: Remove your ipv6 / AAAA DNS entry or (better) fix your ipv6, so your webserver handles ipv6 correct. Perhaps add "Listen [::]:80". Don't use <VirtualHost ip-address:80>, switch to <VirtualHost *:80>. If you use IIS, check your bindings. Don't select a single ip address. Use this tool to check your raw ipv6 address. Add your domain name in the "Hostname" - field. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:151:34aa::198, Status 301

http://www.dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 176.9.1.117, Status 404
Fatal: Check of /.well-known/acme-challenge/random-filename has different answers checking ipv6 / ipv4. Ipv6 doesn't have the expected result http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 validation may not work. Checking the validation file in /.well-known/acme-challenge Letsencrypt prefers ipv6. Two options: Remove your ipv6 / AAAA DNS entry or (better) fix your ipv6, so your webserver handles ipv6 correct. Perhaps add "Listen [::]:80". Don't use <VirtualHost ip-address:80>, switch to <VirtualHost *:80>. If you use IIS, check your bindings. Don't select a single ip address. Use this tool to check your raw ipv6 address. Add your domain name in the "Hostname" - field. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
https://dnsforge.de/ 176.9.93.198
200

Warning: https result with status 200 and size greater then 1024 Bytes without GZip found. Add GZip support so the html content is compressed.
https://dnsforge.de/ 2a01:4f8:151:34aa::198
200

Warning: https result with status 200 and size greater then 1024 Bytes without GZip found. Add GZip support so the html content is compressed.
https://dnsforge.de/ 176.9.1.117
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://dnsforge.de/ 176.9.93.198
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://dnsforge.de/ 2a01:4f8:141:316d::117
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://dnsforge.de/ 2a01:4f8:151:34aa::198
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://[2a01:04f8:0141:316d:0000:0000:0000:0117]/ 2a01:4f8:141:316d::117
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
AGood: Every https result with status 200 has a minified Html-Content with a quota lower then 110 %.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
AGood: Some script Elements (type text/javascript) with a src-Attribute have a defer / async - Attribute. So loading and executing these JavaScripts doesn't block parsing and rendering the Html-Output.
https://dnsforge.de/ 176.9.1.117
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 3 script elements without defer/async.
https://dnsforge.de/ 176.9.93.198
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 3 script elements without defer/async.
https://dnsforge.de/ 2a01:4f8:141:316d::117
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 3 script elements without defer/async.
https://dnsforge.de/ 2a01:4f8:151:34aa::198
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 3 script elements without defer/async.
https://[2a01:04f8:0141:316d:0000:0000:0000:0117]/ 2a01:4f8:141:316d::117
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 3 script elements without defer/async.
Warning: CSS / JavaScript found without GZip support. Send these ressources with GZip. 8 external CSS / JavaScript files without GZip found - 12 with GZip, 20 complete
AGood: All images with internal compression not sent via GZip. Images (.png, .jpg) are already compressed, so an additional GZip isn't helpful. 32 images (type image/png, image/jpg) found without additional GZip. Not required because these images are already compressed
Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 5 external CSS / JavaScript files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 20 with Cache-Control long enough, 25 complete.
Warning: Images with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 9 image files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 36 with Cache-Control long enough, 45 complete.
AGood: Some checked attribute values are enclosed in quotation marks (" or ').: 255 Html-Elements checked, 250 without problems.
IWrong: Attribute values found, not enclosed in quotation marks (" or ').: 5 Html-Elements with attributes and missing enclosed quotation marks found. 5 wrong attributes.
AGood: Some img-elements have a valid alt-attribute.: 45 img-elements found, 25 img-elements with correct alt-attributes (defined, not an empty value).
Wrong: img-elements without alt-attribute or empty alt-attribute found. The alt-attribute ("alternative") is required and should describe the img. So Screenreader and search engines are able to use these informations.: 20 img-elements without alt-attribute, 0 img-elements with empty alt-attribute found.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
https://176.9.1.117/ 176.9.1.117
302
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubdomains; preload
Parse Error - Header can't be parsed
https://dnsforge.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
3.190 seconds
Warning: 404 needs more then one second
https://dnsforge.de/login/
404
3.140 seconds
Warning: 404 needs more then one second
AInfo: Different Server-Headers found
ADuration: 282650 milliseconds, 282.650 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
dnsforge.de
176.9.1.117
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
dnsforge.de
176.9.1.117
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=dnsforge.de

2CN=R3, O=Let's Encrypt, C=US


dnsforge.de
176.9.93.198
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

dnsforge.de
176.9.93.198
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=dnsforge.de

2CN=R3, O=Let's Encrypt, C=US


dnsforge.de
2a01:4f8:141:316d::117
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

dnsforge.de
2a01:4f8:141:316d::117
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=dnsforge.de

2CN=R3, O=Let's Encrypt, C=US


dnsforge.de
2a01:4f8:151:34aa::198
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

dnsforge.de
2a01:4f8:151:34aa::198
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=dnsforge.de

2CN=R3, O=Let's Encrypt, C=US


www.dnsforge.de
176.9.1.117
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

www.dnsforge.de
176.9.1.117
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=dnsforge.de

2CN=R3, O=Let's Encrypt, C=US


www.dnsforge.de
176.9.93.198
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok

www.dnsforge.de
176.9.93.198
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=dnsforge.de

2CN=R3, O=Let's Encrypt, C=US


www.dnsforge.de
2a01:4f8:141:316d::117
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

www.dnsforge.de
2a01:4f8:141:316d::117
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
No SNI required - domain included in main certificate
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=dnsforge.de

2CN=R3, O=Let's Encrypt, C=US


www.dnsforge.de
2a01:4f8:151:34aa::198
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok

www.dnsforge.de
2a01:4f8:151:34aa::198
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=dnsforge.de

2CN=R3, O=Let's Encrypt, C=US


dnsforge.de
dnsforge.de
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

dnsforge.de
dnsforge.de
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=dnsforge.de

2CN=R3, O=Let's Encrypt, C=US


dnsforge.de
dnsforge.de
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

dnsforge.de
dnsforge.de
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=dnsforge.de

2CN=R3, O=Let's Encrypt, C=US


176.9.1.117
176.9.1.117
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

176.9.1.117
176.9.1.117
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=kunden.giebel.it

2CN=R3, O=Let's Encrypt, C=US


176.9.93.198
176.9.93.198
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

176.9.93.198
176.9.93.198
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=chat.cdom.de

2CN=R3, O=Let's Encrypt, C=US


[2a01:04f8:0141:316d:0000:0000:0000:0117]
2a01:4f8:141:316d::117
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

[2a01:04f8:0141:316d:0000:0000:0000:0117]
2a01:4f8:141:316d::117
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=dnsforge.de

2CN=R3, O=Let's Encrypt, C=US


[2a01:04f8:0151:34aa:0000:0000:0000:0198]
2a01:4f8:151:34aa::198
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
supported
ok

[2a01:04f8:0151:34aa:0000:0000:0000:0198]
2a01:4f8:151:34aa::198
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=chat.cdom.de

2CN=R3, O=Let's Encrypt, C=US


9. Certificates

1.
1.
CN=dnsforge.de
27.01.2024
27.04.2024
49 days expired
dnsforge.de, www.dnsforge.de - 2 entries
1.
1.
CN=dnsforge.de
27.01.2024

27.04.2024
49 days expired
dnsforge.de, www.dnsforge.de - 2 entries

KeyalgorithmEC Public Key (384 bit, secp384r1)
Signatur:SHA256 With RSA-Encryption
Serial Number:044DD35E26F62DA6D5BECDF770EEAC285A20
Thumbprint:53B8A99463B8550317027E5E1B011047411CCF95
SHA256 / Certificate:O15dVfz+Z4coIQ/FAHS8cC15P+8/z/XVDvokkJ5yE/U=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c
SHA256 hex / Subject Public Key Information (SPKI):9b9d50c0087334349adc6edcd58e9e384b2c933a7ac92cde3aacb42ca729b43c (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://r3.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020
15.09.2025
expires in 457 days


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020

15.09.2025
expires in 457 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00912B084ACF0C18A753F6D62E25A75F5A
Thumbprint:A053375BFE84E8B748782C7CEE15827A6AF5A405
SHA256 / Certificate:Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SHA256 hex / Subject Public Key Information (SPKI):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 4006 days


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 4006 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


2.
1.
CN=kunden.giebel.it
30.12.2023
29.03.2024
78 days expired
kunden.giebel.it - 1 entry
2.
1.
CN=kunden.giebel.it
30.12.2023

29.03.2024
78 days expired
kunden.giebel.it - 1 entry

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:SHA256 With RSA-Encryption
Serial Number:03C6DAE3314CB3C3B8EC4F9EFB3DD54B915F
Thumbprint:5164E8E14D6C7AD22212484419C509EC807FAE4C
SHA256 / Certificate:o00CUaB275VgnOBVT5uIXYOJNVdxY+esyQsPVhZXsRY=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):44a49dcbf9a4f9c81f63e9cf6224c7088cc43040845a63e1253337154bd7a5ac
SHA256 hex / Subject Public Key Information (SPKI):44a49dcbf9a4f9c81f63e9cf6224c7088cc43040845a63e1253337154bd7a5ac (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://r3.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020
15.09.2025
expires in 457 days


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020

15.09.2025
expires in 457 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00912B084ACF0C18A753F6D62E25A75F5A
Thumbprint:A053375BFE84E8B748782C7CEE15827A6AF5A405
SHA256 / Certificate:Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SHA256 hex / Subject Public Key Information (SPKI):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 4006 days


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 4006 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


3.
1.
CN=chat.cdom.de
08.01.2024
08.04.2024
68 days expired
chat.cdom.de - 1 entry
3.
1.
CN=chat.cdom.de
08.01.2024

08.04.2024
68 days expired
chat.cdom.de - 1 entry

KeyalgorithmEC Public Key (384 bit, secp384r1)
Signatur:SHA256 With RSA-Encryption
Serial Number:035394C8A8E5695916FD6770C74C5C9981DF
Thumbprint:600EC74386AF13284531951D18E8D2A472441C4E
SHA256 / Certificate:dGPdGfdys2jsOeezPqAI6Z0JwaYbdUPemF0Ax/vXEdw=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):220d2545611c8c1f5aee1765102f9d4156d8c6c38420d6d980bcb177abaa6993
SHA256 hex / Subject Public Key Information (SPKI):220d2545611c8c1f5aee1765102f9d4156d8c6c38420d6d980bcb177abaa6993 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://r3.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020
15.09.2025
expires in 457 days


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020

15.09.2025
expires in 457 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00912B084ACF0C18A753F6D62E25A75F5A
Thumbprint:A053375BFE84E8B748782C7CEE15827A6AF5A405
SHA256 / Certificate:Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SHA256 hex / Subject Public Key Information (SPKI):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 4006 days


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 4006 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuerlast 7 daysactivenum Certs
CN=R3, O=Let's Encrypt, C=US
0
0
2

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
6644287670
leaf cert
CN=R3, O=Let's Encrypt, C=US
2024-01-27 22:18:17
2024-04-26 22:18:16
dnsforge.de, www.dnsforge.de - 2 entries


6260618442
leaf cert
CN=R3, O=Let's Encrypt, C=US
2023-11-26 22:18:22
2024-02-24 22:18:21
dnsforge.de, www.dnsforge.de - 2 entries



2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuerlast 7 daysactivenum Certs
CN=R3, O=Let's Encrypt, C=US
0 /0 new
0
2

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
11889546551
leaf cert
CN=R3, O=Let's Encrypt, C=US
2024-01-27 21:18:17
2024-04-26 20:18:16
dnsforge.de, www.dnsforge.de
2 entries


11231090993
leaf cert
CN=R3, O=Let's Encrypt, C=US
2023-11-26 21:18:22
2024-02-24 21:18:21
dnsforge.de, www.dnsforge.de
2 entries



11. Html-Content - Entries

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://dnsforge.de/
176.9.1.117
a

32

0


0
0
0


form

1

0


0
0
0


img

9
131,224 Bytes
0
9
0
0
0
0


link
stylesheet
1
26,173 Bytes
0
1
0
0
0
0


link
other
1
32,139 Bytes
0
1
0
0
0
0


meta (1)
other
3

0


0
0
0


script

4
36,409 Bytes
0
4
0
0
0
0

https://dnsforge.de/
176.9.93.198
a

32

0


0
0
0


form

1

0


0
0
0


img

9
131,224 Bytes
0
9
0
0
0
0


link
stylesheet
1
194,425 Bytes
0
1
0
0
0
0


link
other
1
32,139 Bytes
0
1
0
0
0
0


meta (1)
other
3

0


0
0
0


script

4
71,392 Bytes
0
4
0
0
0
0

https://dnsforge.de/
2a01:4f8:141:316d::117
a

32

0


0
0
0


form

1

0


0
0
0


img

9
131,224 Bytes
0
9
0
0
0
0


link
stylesheet
1
26,173 Bytes
0
1
0
0
0
0


link
other
1
32,139 Bytes
0
1
0
0
0
0


meta (1)
other
3

0


0
0
0


script

4
36,409 Bytes
0
4
0
0
0
0

https://dnsforge.de/
2a01:4f8:151:34aa::198
a

32

0


0
0
0


form

1

0


0
0
0


img

9
131,224 Bytes
0
9
0
0
0
0


link
stylesheet
1
194,425 Bytes
0
1
0
0
0
0


link
other
1
32,139 Bytes
0
1
0
0
0
0


meta (1)
other
3

0


0
0
0


script

4
71,392 Bytes
0
4
0
0
0
0

https://[2a01:04f8:0141:316d:0000:0000:0000:0117]/
2a01:4f8:141:316d::117
a

32

0


0
0
0


form

1

0


0
0
0


img

9

0


0
0
0


link
stylesheet
1

0


0
0
0


link
other
1

0


0
0
0


meta (1)
other
3

0


0
0
0


script

4

0


0
0
0

Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://dnsforge.de/
176.9.1.117
a

#blocklist


1
ok








a

#listen-clean


2
ok








a

/clean-dnsforge-doh.mobileconfig


1
ok








a

/clean-dnsforge-dot.mobileconfig


1
ok








a

/dnsforge-doh.mobileconfig


1
ok








a

/dnsforge-dot.mobileconfig


1
ok








a

http://dnssec.vs.uni-due.de/


1
ok








a

https://adminforge.de/


2
ok








a

https://adminforge.de/chat/


1
ok








a

https://adminforge.de/datenschutz/


1
ok








a

https://adminforge.de/impressum/


1
ok








a

https://adminforge.de/unterstuetzen/


3
ok








a

https://apps.apple.com/app/dnscloak-secure-dns-client/id1452162351


1
ok








a

https://community.adminforge.de


1
ok








a

https://community.adminforge.de/c/services/5


1
ok








a

https://de.wikipedia.org/wiki/DNS_over_HTTPS


1
ok








a

https://de.wikipedia.org/wiki/DNS_over_TLS


1
ok








a

https://dnsleaktest.com/


1
ok








a

https://matrix.to/#/#adminforge:cdom.de


1
ok








a

https://play.google.com/store/apps/details?id=app.intra


1
ok








a

https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen


1
ok








a

https://privacy-handbuch.de/handbuch_21w.htm


1
ok








a

https://stats.adminforge.de/d/000000023/adminforge-dns-resolver


1
ok








a

https://status.adminforge.de/


1
ok








a

https://www.giebel.it/


1
ok








a

https://www.kanoa.de/@adminforge


1
ok








a

https://www.powerdns.com/


1
ok








a

whitelist.list


1
ok








form




1
ok








img
src
adblock.png
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 32139 Bytes






img
src
adblock.png
200

1
ok
alt: Domain Checkimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 32139 Bytes






img
src
adblock.png
200

1
ok
alt: Pi-holeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 32139 Bytes






img
src
checkmark.png
200

1
ok
alt: DNSSEC Resolver Testimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 3399 Bytes






img
src
de.png
200

1
ok
alt: Germanyimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 126 Bytes






img
src
dns_queries_24h.png?c=0
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 21312 Bytes






img
src
herz_small.png
200

1
ok
alt: Unterst&uuml;tzenimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 2361 Bytes






img
src
https://piwik.dnsforge.de/matomo.php?idsite=20&rec=1
200

1
ok
no alt-Attributeimage/gif, X-Content-Type-Options nosniff found

Cache-Control: no-store, max-age=2592000 with long duration found.
No GZip - 43 Bytes






img
src
powerdns.png
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 7609 Bytes






link
shortcut icon
favicon.png
200

1
ok
image/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 32139 Bytes






link
stylesheet
styles.css
200

1
ok
text/css, X-Content-Type-Options nosniff found

Cache-Control: max-age=604800 - with long duration found.
GZip: 26173/194425 Bytes




local SRI possible, possible hash-values:

sha256-HXvvNwqoUQ9NBVlnA6bhHuvaZynbrZD/AQJi/9Dou7E=
sha384-dM/cf53k4HWoYiCvXkumfWRGC64f/9UEDKNa0oACFQP80a9TN0W9wleJnU2mKLr8
sha512-LWAMAbHnrhd+d7vlsIgK4LN3/p2uB4htxIE3XXuOKHFpcheZxMJcnAAlya+SnXJIOUFsNHgIaA/JA3DBfeqVlA==

<link rel="stylesheet" href="styles.css" crossorigin="anonymous" integrity="sha256-HXvvNwqoUQ9NBVlnA6bhHuvaZynbrZD/AQJi/9Dou7E=" />




meta
Content-Type
text/html; charset=utf-8


1
ok








meta (1)
description
DNS-over-TLS und DNS-over-HTTPS: Zensurfreier, sicherer und redundanter DNS Resolver ohne Logging, dafür mit Werbeblocker.


1
ok








meta
viewport
width=device-width, initial-scale=1, viewport-fit=cover


1
ok








script
src
/tracking.js
200

1
ok
Missing defer / async attribute. text/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=604800 - with long duration found.
GZip: 194/297 Bytes




local SRI possible, possible hash-values:

sha256-OFpguvlctrZxBamAjzCxlEqA4P8nn5psuAfnazYRBTo=
sha384-xLpin+5+XIR8dfITTeeosG80y5g85uuYO0is3a7a1Q+AI7s+DRuJkDmgR7kFWH3E
sha512-sx8GGKIDeR17YaxPZ0BLX1LTSKaxGgIOWN0BsEXooe21iUqGQ9+akVuYnXiOnKTk3m3Biu2jWXPCnhqmyFq47g==

<script src="/tracking.js" crossorigin="anonymous" integrity="sha256-OFpguvlctrZxBamAjzCxlEqA4P8nn5psuAfnazYRBTo=" />




script
src
bundle.js
200

1
ok
Missing defer / async attribute. text/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=604800 - with long duration found.
GZip: 13897/47746 Bytes




local SRI possible, possible hash-values:

sha256-jkOfGed6II2vfNNdxbGDysnOY0hy5iEjbs1gMzck6iM=
sha384-F9i2Zy7xW4wBoMtYjRw6gA5aZZdtICfBd/Z/5yB7VmYWZruEt0OS8EiDZyZi02EA
sha512-FMnXM1okhBvH+L7PIT1m92zT+dm0Fa8eXFzcf2ivgXjAzmILSAFYgPRJzXfW1auHyKPdsIS0DtDAd+CzHgRmHg==

<script src="bundle.js" crossorigin="anonymous" integrity="sha256-jkOfGed6II2vfNNdxbGDysnOY0hy5iEjbs1gMzck6iM=" />




script
src
check.js
200

1
ok
Missing defer / async attribute. text/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=604800 - with long duration found.
GZip: 609/1640 Bytes




local SRI possible, possible hash-values:

sha256-PjySa00VbIyEOhQmfdbUgJgi2X5QkVDmBUYISwE++pk=
sha384-j9II1jmJza6TJAYEmwnVIPmIwaKv+exWjD6efyou1VGkF0NuyS8C8Ts/H+ieRenE
sha512-iU7LRxc96dR2fUMXqr8Olnk3IglLUqP62fTGJyLOJdFTvpCiFqw4yImTaArZCqZry6N9Q174lj70ZJEjNfILxQ==

<script src="check.js" crossorigin="anonymous" integrity="sha256-PjySa00VbIyEOhQmfdbUgJgi2X5QkVDmBUYISwE++pk=" />




script
src
https://piwik.dnsforge.de/matomo.js
200

1
ok
async attribute found text/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=2592000 - with long duration found.
GZip: 21709/66607 Bytes




local SRI possible, possible hash-values:

sha256-s5q9kDX3A7dt/tlAiY1XK5hk9nbrGRKpFC8GOdymss4=
sha384-buLZhX5gphRMBz8yqfPG1sc4efi0k00jMA/K81OeLnKxEbGvTAeH9wnsHDt9wYSW
sha512-QiVnkC+izMMkrcLn8lxo4JiNc2kSCoCleFJk2AKV6Lyt+/p/gxN0EfUVaUyjLNu2S6bheEdyQfD6/aTDTNWpGQ==

<script src="https://piwik.dnsforge.de/matomo.js" crossorigin="anonymous" integrity="sha256-s5q9kDX3A7dt/tlAiY1XK5hk9nbrGRKpFC8GOdymss4=" />



176.9.93.198
a

#blocklist


1
ok








a

#listen-clean


2
ok








a

/clean-dnsforge-doh.mobileconfig


1
ok








a

/clean-dnsforge-dot.mobileconfig


1
ok








a

/dnsforge-doh.mobileconfig


1
ok








a

/dnsforge-dot.mobileconfig


1
ok








a

http://dnssec.vs.uni-due.de/


1
ok








a

https://adminforge.de/


2
ok








a

https://adminforge.de/chat/


1
ok








a

https://adminforge.de/datenschutz/


1
ok








a

https://adminforge.de/impressum/


1
ok








a

https://adminforge.de/unterstuetzen/


3
ok








a

https://apps.apple.com/app/dnscloak-secure-dns-client/id1452162351


1
ok








a

https://community.adminforge.de


1
ok








a

https://community.adminforge.de/c/services/5


1
ok








a

https://de.wikipedia.org/wiki/DNS_over_HTTPS


1
ok








a

https://de.wikipedia.org/wiki/DNS_over_TLS


1
ok








a

https://dnsleaktest.com/


1
ok








a

https://matrix.to/#/#adminforge:cdom.de


1
ok








a

https://play.google.com/store/apps/details?id=app.intra


1
ok








a

https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen


1
ok








a

https://privacy-handbuch.de/handbuch_21w.htm


1
ok








a

https://stats.adminforge.de/d/000000023/adminforge-dns-resolver


1
ok








a

https://status.adminforge.de/


1
ok








a

https://www.giebel.it/


1
ok








a

https://www.kanoa.de/@adminforge


1
ok








a

https://www.powerdns.com/


1
ok








a

whitelist.list


1
ok








form




1
ok








img
src
adblock.png
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 32139 Bytes






img
src
adblock.png
200

1
ok
alt: Domain Checkimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 32139 Bytes






img
src
adblock.png
200

1
ok
alt: Pi-holeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 32139 Bytes






img
src
checkmark.png
200

1
ok
alt: DNSSEC Resolver Testimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 3399 Bytes






img
src
de.png
200

1
ok
alt: Germanyimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 126 Bytes






img
src
dns_queries_24h.png?c=0
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 21312 Bytes






img
src
herz_small.png
200

1
ok
alt: Unterst&uuml;tzenimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 2361 Bytes






img
src
https://piwik.dnsforge.de/matomo.php?idsite=20&rec=1
200

1
ok
no alt-Attributeimage/gif, X-Content-Type-Options nosniff found

Cache-Control: no-store, max-age=2592000 with long duration found.
No GZip - 43 Bytes






img
src
powerdns.png
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 7609 Bytes






link
shortcut icon
favicon.png
200

1
ok
image/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 32139 Bytes






link
stylesheet
styles.css
200

1
ok
text/css, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 - with long duration found.
GZip required: 194425 Bytes




local SRI possible, possible hash-values:

sha256-HXvvNwqoUQ9NBVlnA6bhHuvaZynbrZD/AQJi/9Dou7E=
sha384-dM/cf53k4HWoYiCvXkumfWRGC64f/9UEDKNa0oACFQP80a9TN0W9wleJnU2mKLr8
sha512-LWAMAbHnrhd+d7vlsIgK4LN3/p2uB4htxIE3XXuOKHFpcheZxMJcnAAlya+SnXJIOUFsNHgIaA/JA3DBfeqVlA==

<link rel="stylesheet" href="styles.css" crossorigin="anonymous" integrity="sha256-HXvvNwqoUQ9NBVlnA6bhHuvaZynbrZD/AQJi/9Dou7E=" />




meta
Content-Type
text/html; charset=utf-8


1
ok








meta (1)
description
DNS-over-TLS und DNS-over-HTTPS: Zensurfreier, sicherer und redundanter DNS Resolver ohne Logging, dafür mit Werbeblocker.


1
ok








meta
viewport
width=device-width, initial-scale=1, viewport-fit=cover


1
ok








script
src
/tracking.js
200

1
ok
Missing defer / async attribute. application/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 - with long duration found.
GZip required: 297 Bytes




local SRI possible, possible hash-values:

sha256-OFpguvlctrZxBamAjzCxlEqA4P8nn5psuAfnazYRBTo=
sha384-xLpin+5+XIR8dfITTeeosG80y5g85uuYO0is3a7a1Q+AI7s+DRuJkDmgR7kFWH3E
sha512-sx8GGKIDeR17YaxPZ0BLX1LTSKaxGgIOWN0BsEXooe21iUqGQ9+akVuYnXiOnKTk3m3Biu2jWXPCnhqmyFq47g==

<script src="/tracking.js" crossorigin="anonymous" integrity="sha256-OFpguvlctrZxBamAjzCxlEqA4P8nn5psuAfnazYRBTo=" />




script
src
bundle.js
200

1
ok
Missing defer / async attribute. application/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 - with long duration found.
GZip required: 47746 Bytes




local SRI possible, possible hash-values:

sha256-jkOfGed6II2vfNNdxbGDysnOY0hy5iEjbs1gMzck6iM=
sha384-F9i2Zy7xW4wBoMtYjRw6gA5aZZdtICfBd/Z/5yB7VmYWZruEt0OS8EiDZyZi02EA
sha512-FMnXM1okhBvH+L7PIT1m92zT+dm0Fa8eXFzcf2ivgXjAzmILSAFYgPRJzXfW1auHyKPdsIS0DtDAd+CzHgRmHg==

<script src="bundle.js" crossorigin="anonymous" integrity="sha256-jkOfGed6II2vfNNdxbGDysnOY0hy5iEjbs1gMzck6iM=" />




script
src
check.js
200

1
ok
Missing defer / async attribute. application/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 - with long duration found.
GZip required: 1640 Bytes




local SRI possible, possible hash-values:

sha256-PjySa00VbIyEOhQmfdbUgJgi2X5QkVDmBUYISwE++pk=
sha384-j9II1jmJza6TJAYEmwnVIPmIwaKv+exWjD6efyou1VGkF0NuyS8C8Ts/H+ieRenE
sha512-iU7LRxc96dR2fUMXqr8Olnk3IglLUqP62fTGJyLOJdFTvpCiFqw4yImTaArZCqZry6N9Q174lj70ZJEjNfILxQ==

<script src="check.js" crossorigin="anonymous" integrity="sha256-PjySa00VbIyEOhQmfdbUgJgi2X5QkVDmBUYISwE++pk=" />




script
src
https://piwik.dnsforge.de/matomo.js
200

1
ok
async attribute found text/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=2592000 - with long duration found.
GZip: 21709/66607 Bytes




local SRI possible, possible hash-values:

sha256-s5q9kDX3A7dt/tlAiY1XK5hk9nbrGRKpFC8GOdymss4=
sha384-buLZhX5gphRMBz8yqfPG1sc4efi0k00jMA/K81OeLnKxEbGvTAeH9wnsHDt9wYSW
sha512-QiVnkC+izMMkrcLn8lxo4JiNc2kSCoCleFJk2AKV6Lyt+/p/gxN0EfUVaUyjLNu2S6bheEdyQfD6/aTDTNWpGQ==

<script src="https://piwik.dnsforge.de/matomo.js" crossorigin="anonymous" integrity="sha256-s5q9kDX3A7dt/tlAiY1XK5hk9nbrGRKpFC8GOdymss4=" />



2a01:4f8:141:316d::117
a

#blocklist


1
ok








a

#listen-clean


2
ok








a

/clean-dnsforge-doh.mobileconfig


1
ok








a

/clean-dnsforge-dot.mobileconfig


1
ok








a

/dnsforge-doh.mobileconfig


1
ok








a

/dnsforge-dot.mobileconfig


1
ok








a

http://dnssec.vs.uni-due.de/


1
ok








a

https://adminforge.de/


2
ok








a

https://adminforge.de/chat/


1
ok








a

https://adminforge.de/datenschutz/


1
ok








a

https://adminforge.de/impressum/


1
ok








a

https://adminforge.de/unterstuetzen/


3
ok








a

https://apps.apple.com/app/dnscloak-secure-dns-client/id1452162351


1
ok








a

https://community.adminforge.de


1
ok








a

https://community.adminforge.de/c/services/5


1
ok








a

https://de.wikipedia.org/wiki/DNS_over_HTTPS


1
ok








a

https://de.wikipedia.org/wiki/DNS_over_TLS


1
ok








a

https://dnsleaktest.com/


1
ok








a

https://matrix.to/#/#adminforge:cdom.de


1
ok








a

https://play.google.com/store/apps/details?id=app.intra


1
ok








a

https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen


1
ok








a

https://privacy-handbuch.de/handbuch_21w.htm


1
ok








a

https://stats.adminforge.de/d/000000023/adminforge-dns-resolver


1
ok








a

https://status.adminforge.de/


1
ok








a

https://www.giebel.it/


1
ok








a

https://www.kanoa.de/@adminforge


1
ok








a

https://www.powerdns.com/


1
ok








a

whitelist.list


1
ok








form




1
ok








img
src
adblock.png
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 32139 Bytes






img
src
adblock.png
200

1
ok
alt: Domain Checkimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 32139 Bytes






img
src
adblock.png
200

1
ok
alt: Pi-holeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 32139 Bytes






img
src
checkmark.png
200

1
ok
alt: DNSSEC Resolver Testimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 3399 Bytes






img
src
de.png
200

1
ok
alt: Germanyimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 126 Bytes






img
src
dns_queries_24h.png?c=0
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 21312 Bytes






img
src
herz_small.png
200

1
ok
alt: Unterst&uuml;tzenimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 2361 Bytes






img
src
https://piwik.dnsforge.de/matomo.php?idsite=20&rec=1
200

1
ok
no alt-Attributeimage/gif, X-Content-Type-Options nosniff found

Cache-Control: no-store, max-age=2592000 with long duration found.
No GZip - 43 Bytes






img
src
powerdns.png
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 7609 Bytes






link
shortcut icon
favicon.png
200

1
ok
image/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=5184000 with long duration found.
No GZip - 32139 Bytes






link
stylesheet
styles.css
200

1
ok
text/css, X-Content-Type-Options nosniff found

Cache-Control: max-age=604800 - with long duration found.
GZip: 26173/194425 Bytes




local SRI possible, possible hash-values:

sha256-HXvvNwqoUQ9NBVlnA6bhHuvaZynbrZD/AQJi/9Dou7E=
sha384-dM/cf53k4HWoYiCvXkumfWRGC64f/9UEDKNa0oACFQP80a9TN0W9wleJnU2mKLr8
sha512-LWAMAbHnrhd+d7vlsIgK4LN3/p2uB4htxIE3XXuOKHFpcheZxMJcnAAlya+SnXJIOUFsNHgIaA/JA3DBfeqVlA==

<link rel="stylesheet" href="styles.css" crossorigin="anonymous" integrity="sha256-HXvvNwqoUQ9NBVlnA6bhHuvaZynbrZD/AQJi/9Dou7E=" />




meta
Content-Type
text/html; charset=utf-8


1
ok








meta (1)
description
DNS-over-TLS und DNS-over-HTTPS: Zensurfreier, sicherer und redundanter DNS Resolver ohne Logging, dafür mit Werbeblocker.


1
ok








meta
viewport
width=device-width, initial-scale=1, viewport-fit=cover


1
ok








script
src
/tracking.js
200

1
ok
Missing defer / async attribute. text/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=604800 - with long duration found.
GZip: 194/297 Bytes




local SRI possible, possible hash-values:

sha256-OFpguvlctrZxBamAjzCxlEqA4P8nn5psuAfnazYRBTo=
sha384-xLpin+5+XIR8dfITTeeosG80y5g85uuYO0is3a7a1Q+AI7s+DRuJkDmgR7kFWH3E
sha512-sx8GGKIDeR17YaxPZ0BLX1LTSKaxGgIOWN0BsEXooe21iUqGQ9+akVuYnXiOnKTk3m3Biu2jWXPCnhqmyFq47g==

<script src="/tracking.js" crossorigin="anonymous" integrity="sha256-OFpguvlctrZxBamAjzCxlEqA4P8nn5psuAfnazYRBTo=" />




script
src
bundle.js
200

1
ok
Missing defer / async attribute. text/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=604800 - with long duration found.
GZip: 13897/47746 Bytes




local SRI possible, possible hash-values:

sha256-jkOfGed6II2vfNNdxbGDysnOY0hy5iEjbs1gMzck6iM=
sha384-F9i2Zy7xW4wBoMtYjRw6gA5aZZdtICfBd/Z/5yB7VmYWZruEt0OS8EiDZyZi02EA
sha512-FMnXM1okhBvH+L7PIT1m92zT+dm0Fa8eXFzcf2ivgXjAzmILSAFYgPRJzXfW1auHyKPdsIS0DtDAd+CzHgRmHg==

<script src="bundle.js" crossorigin="anonymous" integrity="sha256-jkOfGed6II2vfNNdxbGDysnOY0hy5iEjbs1gMzck6iM=" />




script
src
check.js
200

1
ok
Missing defer / async attribute. text/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=604800 - with long duration found.
GZip: 609/1640 Bytes




local SRI possible, possible hash-values:

sha256-PjySa00VbIyEOhQmfdbUgJgi2X5QkVDmBUYISwE++pk=
sha384-j9II1jmJza6TJAYEmwnVIPmIwaKv+exWjD6efyou1VGkF0NuyS8C8Ts/H+ieRenE
sha512-iU7LRxc96dR2fUMXqr8Olnk3IglLUqP62fTGJyLOJdFTvpCiFqw4yImTaArZCqZry6N9Q174lj70ZJEjNfILxQ==

<script src="check.js" crossorigin="anonymous" integrity="sha256-PjySa00VbIyEOhQmfdbUgJgi2X5QkVDmBUYISwE++pk=" />




script
src
https://piwik.dnsforge.de/matomo.js
200

1
ok
async attribute found text/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=2592000 - with long duration found.
GZip: 21709/66607 Bytes




local SRI possible, possible hash-values:

sha256-s5q9kDX3A7dt/tlAiY1XK5hk9nbrGRKpFC8GOdymss4=
sha384-buLZhX5gphRMBz8yqfPG1sc4efi0k00jMA/K81OeLnKxEbGvTAeH9wnsHDt9wYSW
sha512-QiVnkC+izMMkrcLn8lxo4JiNc2kSCoCleFJk2AKV6Lyt+/p/gxN0EfUVaUyjLNu2S6bheEdyQfD6/aTDTNWpGQ==

<script src="https://piwik.dnsforge.de/matomo.js" crossorigin="anonymous" integrity="sha256-s5q9kDX3A7dt/tlAiY1XK5hk9nbrGRKpFC8GOdymss4=" />



2a01:4f8:151:34aa::198
a

#blocklist


1
ok








a

#listen-clean


2
ok








a

/clean-dnsforge-doh.mobileconfig


1
ok








a

/clean-dnsforge-dot.mobileconfig


1
ok








a

/dnsforge-doh.mobileconfig


1
ok








a

/dnsforge-dot.mobileconfig


1
ok








a

http://dnssec.vs.uni-due.de/


1
ok








a

https://adminforge.de/


2
ok








a

https://adminforge.de/chat/


1
ok








a

https://adminforge.de/datenschutz/


1
ok








a

https://adminforge.de/impressum/


1
ok








a

https://adminforge.de/unterstuetzen/


3
ok








a

https://apps.apple.com/app/dnscloak-secure-dns-client/id1452162351


1
ok








a

https://community.adminforge.de


1
ok








a

https://community.adminforge.de/c/services/5


1
ok








a

https://de.wikipedia.org/wiki/DNS_over_HTTPS


1
ok








a

https://de.wikipedia.org/wiki/DNS_over_TLS


1
ok








a

https://dnsleaktest.com/


1
ok








a

https://matrix.to/#/#adminforge:cdom.de


1
ok








a

https://play.google.com/store/apps/details?id=app.intra


1
ok








a

https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen


1
ok








a

https://privacy-handbuch.de/handbuch_21w.htm


1
ok








a

https://stats.adminforge.de/d/000000023/adminforge-dns-resolver


1
ok








a

https://status.adminforge.de/


1
ok








a

https://www.giebel.it/


1
ok








a

https://www.kanoa.de/@adminforge


1
ok








a

https://www.powerdns.com/


1
ok








a

whitelist.list


1
ok








form




1
ok








img
src
adblock.png
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 32139 Bytes






img
src
adblock.png
200

1
ok
alt: Domain Checkimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 32139 Bytes






img
src
adblock.png
200

1
ok
alt: Pi-holeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 32139 Bytes






img
src
checkmark.png
200

1
ok
alt: DNSSEC Resolver Testimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 3399 Bytes






img
src
de.png
200

1
ok
alt: Germanyimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 126 Bytes






img
src
dns_queries_24h.png?c=0
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 21312 Bytes






img
src
herz_small.png
200

1
ok
alt: Unterst&uuml;tzenimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 2361 Bytes






img
src
https://piwik.dnsforge.de/matomo.php?idsite=20&rec=1
200

1
ok
no alt-Attributeimage/gif, X-Content-Type-Options nosniff found

Cache-Control: no-store, max-age=2592000 with long duration found.
No GZip - 43 Bytes






img
src
powerdns.png
200

1
ok
no alt-Attributeimage/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 7609 Bytes






link
shortcut icon
favicon.png
200

1
ok
image/png, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 with long duration found.
No GZip - 32139 Bytes






link
stylesheet
styles.css
200

1
ok
text/css, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 - with long duration found.
GZip required: 194425 Bytes




local SRI possible, possible hash-values:

sha256-HXvvNwqoUQ9NBVlnA6bhHuvaZynbrZD/AQJi/9Dou7E=
sha384-dM/cf53k4HWoYiCvXkumfWRGC64f/9UEDKNa0oACFQP80a9TN0W9wleJnU2mKLr8
sha512-LWAMAbHnrhd+d7vlsIgK4LN3/p2uB4htxIE3XXuOKHFpcheZxMJcnAAlya+SnXJIOUFsNHgIaA/JA3DBfeqVlA==

<link rel="stylesheet" href="styles.css" crossorigin="anonymous" integrity="sha256-HXvvNwqoUQ9NBVlnA6bhHuvaZynbrZD/AQJi/9Dou7E=" />




meta
Content-Type
text/html; charset=utf-8


1
ok








meta (1)
description
DNS-over-TLS und DNS-over-HTTPS: Zensurfreier, sicherer und redundanter DNS Resolver ohne Logging, dafür mit Werbeblocker.


1
ok








meta
viewport
width=device-width, initial-scale=1, viewport-fit=cover


1
ok








script
src
/tracking.js
200

1
ok
Missing defer / async attribute. application/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 - with long duration found.
GZip required: 297 Bytes




local SRI possible, possible hash-values:

sha256-OFpguvlctrZxBamAjzCxlEqA4P8nn5psuAfnazYRBTo=
sha384-xLpin+5+XIR8dfITTeeosG80y5g85uuYO0is3a7a1Q+AI7s+DRuJkDmgR7kFWH3E
sha512-sx8GGKIDeR17YaxPZ0BLX1LTSKaxGgIOWN0BsEXooe21iUqGQ9+akVuYnXiOnKTk3m3Biu2jWXPCnhqmyFq47g==

<script src="/tracking.js" crossorigin="anonymous" integrity="sha256-OFpguvlctrZxBamAjzCxlEqA4P8nn5psuAfnazYRBTo=" />




script
src
bundle.js
200

1
ok
Missing defer / async attribute. application/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 - with long duration found.
GZip required: 47746 Bytes




local SRI possible, possible hash-values:

sha256-jkOfGed6II2vfNNdxbGDysnOY0hy5iEjbs1gMzck6iM=
sha384-F9i2Zy7xW4wBoMtYjRw6gA5aZZdtICfBd/Z/5yB7VmYWZruEt0OS8EiDZyZi02EA
sha512-FMnXM1okhBvH+L7PIT1m92zT+dm0Fa8eXFzcf2ivgXjAzmILSAFYgPRJzXfW1auHyKPdsIS0DtDAd+CzHgRmHg==

<script src="bundle.js" crossorigin="anonymous" integrity="sha256-jkOfGed6II2vfNNdxbGDysnOY0hy5iEjbs1gMzck6iM=" />




script
src
check.js
200

1
ok
Missing defer / async attribute. application/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=315360000 - with long duration found.
GZip required: 1640 Bytes




local SRI possible, possible hash-values:

sha256-PjySa00VbIyEOhQmfdbUgJgi2X5QkVDmBUYISwE++pk=
sha384-j9II1jmJza6TJAYEmwnVIPmIwaKv+exWjD6efyou1VGkF0NuyS8C8Ts/H+ieRenE
sha512-iU7LRxc96dR2fUMXqr8Olnk3IglLUqP62fTGJyLOJdFTvpCiFqw4yImTaArZCqZry6N9Q174lj70ZJEjNfILxQ==

<script src="check.js" crossorigin="anonymous" integrity="sha256-PjySa00VbIyEOhQmfdbUgJgi2X5QkVDmBUYISwE++pk=" />




script
src
https://piwik.dnsforge.de/matomo.js
200

1
ok
async attribute found text/javascript, X-Content-Type-Options nosniff found

Cache-Control: max-age=2592000 - with long duration found.
GZip: 21709/66607 Bytes




local SRI possible, possible hash-values:

sha256-s5q9kDX3A7dt/tlAiY1XK5hk9nbrGRKpFC8GOdymss4=
sha384-buLZhX5gphRMBz8yqfPG1sc4efi0k00jMA/K81OeLnKxEbGvTAeH9wnsHDt9wYSW
sha512-QiVnkC+izMMkrcLn8lxo4JiNc2kSCoCleFJk2AKV6Lyt+/p/gxN0EfUVaUyjLNu2S6bheEdyQfD6/aTDTNWpGQ==

<script src="https://piwik.dnsforge.de/matomo.js" crossorigin="anonymous" integrity="sha256-s5q9kDX3A7dt/tlAiY1XK5hk9nbrGRKpFC8GOdymss4=" />



https://[2a01:04f8:0141:316d:0000:0000:0000:0117]/
2a01:4f8:141:316d::117
a

#blocklist


1
ok








a

#listen-clean


2
ok








a

/clean-dnsforge-doh.mobileconfig


1
ok








a

/clean-dnsforge-dot.mobileconfig


1
ok








a

/dnsforge-doh.mobileconfig


1
ok








a

/dnsforge-dot.mobileconfig


1
ok








a

http://dnssec.vs.uni-due.de/


1
ok








a

https://adminforge.de/


2
ok








a

https://adminforge.de/chat/


1
ok








a

https://adminforge.de/datenschutz/


1
ok








a

https://adminforge.de/impressum/


1
ok








a

https://adminforge.de/unterstuetzen/


3
ok








a

https://apps.apple.com/app/dnscloak-secure-dns-client/id1452162351


1
ok








a

https://community.adminforge.de


1
ok








a

https://community.adminforge.de/c/services/5


1
ok








a

https://de.wikipedia.org/wiki/DNS_over_HTTPS


1
ok








a

https://de.wikipedia.org/wiki/DNS_over_TLS


1
ok








a

https://dnsleaktest.com/


1
ok








a

https://matrix.to/#/#adminforge:cdom.de


1
ok








a

https://play.google.com/store/apps/details?id=app.intra


1
ok








a

https://play.google.com/store/apps/details?id=com.frostnerd.smokescreen


1
ok








a

https://privacy-handbuch.de/handbuch_21w.htm


1
ok








a

https://stats.adminforge.de/d/000000023/adminforge-dns-resolver


1
ok








a

https://status.adminforge.de/


1
ok








a

https://www.giebel.it/


1
ok








a

https://www.kanoa.de/@adminforge


1
ok








a

https://www.powerdns.com/


1
ok








a

whitelist.list


1
ok








form




1
ok








img
src
adblock.png


1
ok
no alt-Attribute








img
src
adblock.png


1
ok
alt: Domain Check








img
src
adblock.png


1
ok
alt: Pi-hole








img
src
checkmark.png


1
ok
alt: DNSSEC Resolver Test








img
src
de.png


1
ok
alt: Germany








img
src
dns_queries_24h.png?c=0


1
ok
no alt-Attribute








img
src
herz_small.png


1
ok
alt: Unterst&uuml;tzen








img
src
https://piwik.dnsforge.de/matomo.php?idsite=20&rec=1


1
ok
no alt-Attribute








img
src
powerdns.png


1
ok
no alt-Attribute








link
shortcut icon
favicon.png


1
ok








link
stylesheet
styles.css


1
ok








meta
Content-Type
text/html; charset=utf-8


1
ok








meta (1)
description
DNS-over-TLS und DNS-over-HTTPS: Zensurfreier, sicherer und redundanter DNS Resolver ohne Logging, dafür mit Werbeblocker.


1
ok








meta
viewport
width=device-width, initial-scale=1, viewport-fit=cover


1
ok








script
src
/tracking.js


1
ok
Missing defer / async attribute.








script
src
bundle.js


1
ok
Missing defer / async attribute.








script
src
check.js


1
ok
Missing defer / async attribute.








script
src
https://piwik.dnsforge.de/matomo.js


1
ok
async attribute found








12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns1.cdom.de, ns3.cdom.de

QNr.DomainTypeNS used
1
de
NS
l.root-servers.net (2001:500:9f::42)

Answer: a.nic.de, f.nic.de, l.de.net, n.de.net, s.de.net, z.nic.de
2
ns1.cdom.de: 176.9.1.103
NS
a.nic.de (2001:678:2::53)

Answer: ns3.cdom.de
176.9.93.183


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.dnsforge.de
5
issue
letsencrypt.org
1
0
dnsforge.de
5
issue
letsencrypt.org
1
0
de
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
dnsforge.de
v=spf1 mx -all
ok
1
0
www.dnsforge.de
v=spf1 mx -all
ok
1
0
_acme-challenge.dnsforge.de

missing entry or wrong length
1
0
_acme-challenge.www.dnsforge.de

Name Error - The domain name does not exist
1
0
_acme-challenge.dnsforge.de.dnsforge.de

perhaps wrong
1
0
_acme-challenge.www.dnsforge.de.dnsforge.de

perhaps wrong
1
0
_acme-challenge.www.dnsforge.de.www.dnsforge.de

Name Error - The domain name does not exist
1
0


15. DomainService - Entries

TypeDomainPrefValueDNS-errornum AnswersStatusDescription
MX

dnsforge.de
10
mail.unbox.at
01ok

A


159.69.72.33
01ok

AAAA


2a01:4f8:231:1726::33
01ok

CNAME


00ok
_dmarc
TXT
_dmarc.dnsforge.de

v=DMARC1; p=quarantine; adkim=s
01ok



16. Cipher Suites




Skipped, CDN used or too many ip addresses






17. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.



Permalink: https://check-your-website.server-daten.de/?i=cad94d52-d26d-4c79-9dcf-8108fd3f3194


Last Result: https://check-your-website.server-daten.de/?q=dnsforge.de - 2024-02-05 19:46:24


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=dnsforge.de" target="_blank">Check this Site: dnsforge.de</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro