Check DNS, Urls + Redirects, Certificates and Content of your Website

...

skip EDNS-Check

skip Content-Check

check links

Tls-Protocol error

Checked:
03.09.2025 08:25:40

Older results

No older results found

1. IP-Addresses

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
froth.zone	A	95.216.99.249 Helsinki/Uusimaa/Finland (FI) - Hetzner Online GmbH Hostname: froth.zone	yes	1	0
	A	95.216.99.249 Helsinki/Uusimaa/Finland (FI) - Hetzner Online GmbH Hostname: froth.zone	yes	1	0
	AAAA	2a01:4f9:2b:1305::2 Helsinki/Uusimaa/Finland (FI) - Hetzner Online GmbH	yes
www.froth.zone	CNAME	kaguya.froth.zone	yes	1	0
	A	95.216.99.249 Helsinki/Uusimaa/Finland (FI) - Hetzner Online GmbH Hostname: froth.zone	yes
	AAAA	2a01:4f9:2b:1305::2 Helsinki/Uusimaa/Finland (FI) - Hetzner Online GmbH	yes
*.froth.zone	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes

2. DNSSEC

Zone (*)	DNSSEC - Informations

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	4 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 46441, Flags 256


	Public Key with Algorithm 8, KeyTag 53148, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 20.09.2025, 00:00:00 +, Signature-Inception: 30.08.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: zone
zone	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 12136, DigestType 2 and Digest RIU+ByqgxZA1G4IrmiP/lWMUEqNYMigWOplVmO92S68=


	2 RRSIG RR to validate DS RR found


	RRSIG-Owner zone., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 16.09.2025, 05:00:00 +, Signature-Inception: 03.09.2025, 04:00:00 +, KeyTag 46441, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 46441 used to validate the DS RRSet in the parent zone


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 11901, Flags 256


	Public Key with Algorithm 8, KeyTag 12136, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 40608, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner zone., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2025, 15:36:23 +, Signature-Inception: 01.09.2025, 14:36:23 +, KeyTag 12136, Signer-Name: zone


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 12136 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 12136, DigestType 2 and Digest "RIU+ByqgxZA1G4IrmiP/lWMUEqNYMigWOplVmO92S68=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: froth.zone
froth.zone	1 DS RR in the parent zone found


	DS with Algorithm 13, KeyTag 59105, DigestType 2 and Digest srfSCjuZfcxHHvgDKOpiYyOOX9U/pchqkNfPTmXbtNY=


	2 RRSIG RR to validate DS RR found


	RRSIG-Owner froth.zone., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2025, 15:36:23 +, Signature-Inception: 01.09.2025, 14:36:23 +, KeyTag 11901, Signer-Name: zone


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 11901 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 13, KeyTag 59105, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 13, KeyTag 59615, Flags 257 (SEP = Secure Entry Point)


	2 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner froth.zone., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 11.09.2025, 18:08:49 +, Signature-Inception: 28.08.2025, 06:22:41 +, KeyTag 59105, Signer-Name: froth.zone


	RRSIG-Owner froth.zone., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 11.09.2025, 18:08:49 +, Signature-Inception: 28.08.2025, 06:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 59105 used to validate the DNSKEY RRSet


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 59615 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 59105, DigestType 2 and Digest "srfSCjuZfcxHHvgDKOpiYyOOX9U/pchqkNfPTmXbtNY=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	RRSIG Type 1 validates the A - Result: 95.216.99.249 Validated: RRSIG-Owner froth.zone., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 08.09.2025, 18:27:17 +, Signature-Inception: 25.08.2025, 08:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	RRSIG Type 16 validates the TXT - Result: v=spf1 mx a:mail.froth.zone -all google-site-verification=3ykMfvqt_9Sa5e2IUewTNT6sbLc63JqDeprZEBSJlbA Validated: RRSIG-Owner froth.zone., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 08.09.2025, 12:32:44 +, Signature-Inception: 25.08.2025, 22:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	RRSIG Type 28 validates the AAAA - Result: 2A01:04F9:002B:1305:0000:0000:0000:0002 Validated: RRSIG-Owner froth.zone., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 10.09.2025, 09:50:26 +, Signature-Inception: 27.08.2025, 00:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	RRSIG Type 257 validates the CAA - Result: 5\|issueletsencrypt.org 5\|issuesectigo.com Validated: RRSIG-Owner froth.zone., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 10.09.2025, 18:31:37 +, Signature-Inception: 27.08.2025, 22:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "acqkn793l4h0bbbt4eth9sj0oe5frjee" equal the hashed NSEC3-owner "acqkn793l4h0bbbt4eth9sj0oe5frjee" and the hashed NextOwner "amhe1d2kj1ksa5qt1jqhr93fa7a2dac1". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner acqkn793l4h0bbbt4eth9sj0oe5frjee.froth.zone., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 09.09.2025, 00:11:07 +, Signature-Inception: 26.08.2025, 10:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	Status: Good. NoData-Proof required and found.


	TLSA-Query (_443._tcp.froth.zone) sends a valid NSEC3 RR as result with the hashed owner name "fbvoc4dm75sm734tqh9p8gmba9btnluo" (unhashed: _tcp.froth.zone). So that's the Closest Encloser of the query name. Bitmap: No Bitmap? Validated: RRSIG-Owner fbvoc4dm75sm734tqh9p8gmba9btnluo.froth.zone., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 09.09.2025, 15:23:01 +, Signature-Inception: 27.08.2025, 02:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "jbbsondv8c7mpifre8rieb3614cn3svt" (unhashed: *._tcp.froth.zone) with the owner "gt2sjqa5ofl4u5qa9av2dn5aik732u14" and the NextOwner "jiili93gfmfb65umuip1t3lgg75o0ldi". So that NSEC3 confirms the not-existence of the Wildcard expansion. Bitmap: A, TXT, AAAA, RRSIG Validated: RRSIG-Owner gt2sjqa5ofl4u5qa9av2dn5aik732u14.froth.zone., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2025, 02:52:35 +, Signature-Inception: 27.08.2025, 00:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query (_443._tcp.froth.zone) sends a valid NSEC3 RR as result with the hashed query name "nurfidv6gknqpmelakgt1jhjdtff7447" between the hashed NSEC3-owner "mpbut4a1c06nkpd07dgqm1jbqbf58b8r" and the hashed NextOwner "o9mmrd49smhgv7cejhlqgk046l2kfpob". So the zone confirmes the not-existence of that TLSA RR. Bitmap: CNAME, RRSIG Validated: RRSIG-Owner mpbut4a1c06nkpd07dgqm1jbqbf58b8r.froth.zone., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2025, 13:00:18 +, Signature-Inception: 27.08.2025, 14:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	Status: Good. NXDomain-Proof required and found.

Zone: www.froth.zone
www.froth.zone	0 DS RR in the parent zone found


	RRSIG Type 5 validates the CNAME - Result: kaguya.froth.zone Validated: RRSIG-Owner www.froth.zone., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 09.09.2025, 06:47:41 +, Signature-Inception: 25.08.2025, 20:22:41 +, KeyTag 59615, Signer-Name: froth.zone

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	4 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 46441, Flags 256


	Public Key with Algorithm 8, KeyTag 53148, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 20.09.2025, 00:00:00 +, Signature-Inception: 30.08.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: zone
zone	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 12136, DigestType 2 and Digest RIU+ByqgxZA1G4IrmiP/lWMUEqNYMigWOplVmO92S68=


	2 RRSIG RR to validate DS RR found


	RRSIG-Owner zone., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 16.09.2025, 05:00:00 +, Signature-Inception: 03.09.2025, 04:00:00 +, KeyTag 46441, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 46441 used to validate the DS RRSet in the parent zone


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 11901, Flags 256


	Public Key with Algorithm 8, KeyTag 12136, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 40608, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner zone., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2025, 15:36:23 +, Signature-Inception: 01.09.2025, 14:36:23 +, KeyTag 12136, Signer-Name: zone


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 12136 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 12136, DigestType 2 and Digest "RIU+ByqgxZA1G4IrmiP/lWMUEqNYMigWOplVmO92S68=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: froth.zone
froth.zone	1 DS RR in the parent zone found


	DS with Algorithm 13, KeyTag 59105, DigestType 2 and Digest srfSCjuZfcxHHvgDKOpiYyOOX9U/pchqkNfPTmXbtNY=


	2 RRSIG RR to validate DS RR found


	RRSIG-Owner froth.zone., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2025, 15:36:23 +, Signature-Inception: 01.09.2025, 14:36:23 +, KeyTag 11901, Signer-Name: zone


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 11901 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 13, KeyTag 59105, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 13, KeyTag 59615, Flags 257 (SEP = Secure Entry Point)


	2 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner froth.zone., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 11.09.2025, 18:08:49 +, Signature-Inception: 28.08.2025, 06:22:41 +, KeyTag 59105, Signer-Name: froth.zone


	RRSIG-Owner froth.zone., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 11.09.2025, 18:08:49 +, Signature-Inception: 28.08.2025, 06:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 59105 used to validate the DNSKEY RRSet


	• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 59615 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 59105, DigestType 2 and Digest "srfSCjuZfcxHHvgDKOpiYyOOX9U/pchqkNfPTmXbtNY=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: kaguya.froth.zone
kaguya.froth.zone	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "te1lh92p6b2uhb4hrglc33s4etc88div" between the hashed NSEC3-owner "te1lh92p6b2uhb4hrglc33s4etc88div" and the hashed NextOwner "tj6es5ie6k23ee6nf9glklcufu4osaj2". So the parent zone confirmes the not-existence of a DS RR. Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner te1lh92p6b2uhb4hrglc33s4etc88div.froth.zone., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 11.09.2025, 00:45:58 +, Signature-Inception: 28.08.2025, 06:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	0 DNSKEY RR found





	RRSIG Type 1 validates the A - Result: 95.216.99.249 Validated: RRSIG-Owner kaguya.froth.zone., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 09.09.2025, 12:28:12 +, Signature-Inception: 26.08.2025, 00:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	RRSIG Type 28 validates the AAAA - Result: 2A01:04F9:002B:1305:0000:0000:0000:0002 Validated: RRSIG-Owner kaguya.froth.zone., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 10.09.2025, 04:36:07 +, Signature-Inception: 27.08.2025, 08:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "te1lh92p6b2uhb4hrglc33s4etc88div" equal the hashed NSEC3-owner "te1lh92p6b2uhb4hrglc33s4etc88div" and the hashed NextOwner "tj6es5ie6k23ee6nf9glklcufu4osaj2". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner te1lh92p6b2uhb4hrglc33s4etc88div.froth.zone., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 11.09.2025, 00:45:58 +, Signature-Inception: 28.08.2025, 06:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	Status: Good. NoData-Proof required and found.


	TXT-Query sends a valid NSEC3 RR as result with the hashed query name "te1lh92p6b2uhb4hrglc33s4etc88div" equal the hashed NSEC3-owner "te1lh92p6b2uhb4hrglc33s4etc88div" and the hashed NextOwner "tj6es5ie6k23ee6nf9glklcufu4osaj2". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner te1lh92p6b2uhb4hrglc33s4etc88div.froth.zone., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 11.09.2025, 00:45:58 +, Signature-Inception: 28.08.2025, 06:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	Status: Good. NoData-Proof required and found.


	TLSA-Query (_443._tcp.kaguya.froth.zone) sends a valid NSEC3 RR as result with the hashed owner name "te1lh92p6b2uhb4hrglc33s4etc88div" (unhashed: kaguya.froth.zone). So that's the Closest Encloser of the query name. Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner te1lh92p6b2uhb4hrglc33s4etc88div.froth.zone., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 11.09.2025, 00:45:58 +, Signature-Inception: 28.08.2025, 06:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "qumegjko351vht03c9h6c66o009km34u" (unhashed: _tcp.kaguya.froth.zone) with the owner "qlg643ogkeut8pdq07ptfmelkonjvstj" and the NextOwner "rqfbcica5u2gsunrif8d0jb4hkiuvv4s". So that NSEC3 confirms the not-existence of the Next Closer Name. Bitmap: CNAME, RRSIG Validated: RRSIG-Owner qlg643ogkeut8pdq07ptfmelkonjvstj.froth.zone., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 11.09.2025, 06:51:21 +, Signature-Inception: 28.08.2025, 02:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	Status: Good. NXDomain-Proof required and found.


	TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "lu98cliaa7l19pm1urrto3ogubms4b2c" (unhashed: *.kaguya.froth.zone) with the owner "lmpb961tmar8m0lbeecj3ggo1tamhfbf" and the NextOwner "mpbut4a1c06nkpd07dgqm1jbqbf58b8r". So that NSEC3 confirms the not-existence of the Wildcard expansion. Bitmap: CNAME, RRSIG Validated: RRSIG-Owner lmpb961tmar8m0lbeecj3ggo1tamhfbf.froth.zone., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 09.09.2025, 08:08:05 +, Signature-Inception: 26.08.2025, 18:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	Status: Good. NXDomain-Proof required and found.


	CAA-Query sends a valid NSEC3 RR as result with the hashed query name "te1lh92p6b2uhb4hrglc33s4etc88div" equal the hashed NSEC3-owner "te1lh92p6b2uhb4hrglc33s4etc88div" and the hashed NextOwner "tj6es5ie6k23ee6nf9glklcufu4osaj2". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists). Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner te1lh92p6b2uhb4hrglc33s4etc88div.froth.zone., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 11.09.2025, 00:45:58 +, Signature-Inception: 28.08.2025, 06:22:41 +, KeyTag 59615, Signer-Name: froth.zone


	Status: Good. NoData-Proof required and found.

3. Name Servers

Domain	Nameserver	NS-IP
froth.zone	• illya.froth.zone / illya	129.213.157.255 Ashburn/Virginia/United States (US) - Oracle Corporation	•
	•	2603:c020:4004:62ee::8888 Ashburn/Virginia/United States (US) - Oracle Corporation	•
	• rin.froth.zone / rin	158.69.1.114 Montreal/Quebec/Canada (CA) - OVH SAS	•
	•	2607:5300:201:3100::931b Montreal/Quebec/Canada (CA) - OVH SAS	•
	• saber.froth.zone / saber	188.245.39.26 Nuremberg/Bavaria/Germany (DE) - Hetzner Online GmbH	•
	•	2a01:4f8:1c1a:f4ff::1 Nuremberg/Bavaria/Germany (DE) - Hetzner Online GmbH	•
	• sakura.froth.zone / sakura	141.94.206.97 Saint-Martin-le-Vinoux/Auvergne-Rhône-Alpes/France (FR) - OVH SAS	•
	•	2001:41d0:304:200::d12b Gravelines/Hauts-de-France/France (FR) - OVH SAS	•
	• sdns2.ovh.ca	167.114.154.31 Montreal/Quebec/Canada (CA) - OVH SAS	•
zone	• v0n0.nic.zone / app8.nrt1.hosts.meta.redstone.afilias-nst.info-1615580861		•
	• v0n1.nic.zone / app10.lax1.hosts.meta.redstone.afilias-nst.info-1633102198		•
	• v0n2.nic.zone / app6.nrt1.hosts.meta.redstone.afilias-nst.info-1615580861		•
	• v0n3.nic.zone / app4.lax1.hosts.meta.redstone.afilias-nst.info-1633102198		•
	• v2n0.nic.zone / FRA4		•
	• v2n1.nic.zone / FRA4		•

kaguya.froth.zone	• rin.froth.zone / rin	158.69.1.114 Montreal/Quebec/Canada (CA) - OVH SAS	•
	•	2607:5300:201:3100::931b Montreal/Quebec/Canada (CA) - OVH SAS	•
froth.zone	• illya.froth.zone / illya	129.213.157.255 Ashburn/Virginia/United States (US) - Oracle Corporation	•
	•	2603:c020:4004:62ee::8888 Ashburn/Virginia/United States (US) - Oracle Corporation	•
	• rin.froth.zone / rin	158.69.1.114 Montreal/Quebec/Canada (CA) - OVH SAS	•
	•	2607:5300:201:3100::931b Montreal/Quebec/Canada (CA) - OVH SAS	•
	• saber.froth.zone / saber	188.245.39.26 Nuremberg/Bavaria/Germany (DE) - Hetzner Online GmbH	•
	•	2a01:4f8:1c1a:f4ff::1 Nuremberg/Bavaria/Germany (DE) - Hetzner Online GmbH	•
	• sakura.froth.zone / sakura	141.94.206.97 Saint-Martin-le-Vinoux/Auvergne-Rhône-Alpes/France (FR) - OVH SAS	•
	•	2001:41d0:304:200::d12b Gravelines/Hauts-de-France/France (FR) - OVH SAS	•
	• sdns2.ovh.ca	167.114.154.31 Montreal/Quebec/Canada (CA) - OVH SAS	•
zone	• v0n0.nic.zone / app11.nrt1.hosts.meta.redstone.afilias-nst.info-1615580861		•
	• v0n1.nic.zone / app4.lax1.hosts.meta.redstone.afilias-nst.info-1633102198		•
	• v0n2.nic.zone / app8.nrt1.hosts.meta.redstone.afilias-nst.info-1615580861		•
	• v0n3.nic.zone / app24.lax1.hosts.meta.redstone.afilias-nst.info-1633102198		•
	• v2n0.nic.zone / FRA3		•
	• v2n1.nic.zone / FRA4		•

4. SOA-Entries

Domain:	zone
Zone-Name:	zone
Primary:	v0n0.nic.zone
Mail:	hostmaster.donuts.email
Serial:	1756880150
Refresh:	7200
Retry:	900
Expire:	1209600
TTL:	3600
num Entries:	6

Domain:	froth.zone
Zone-Name:	froth.zone
Primary:	rin.froth.zone
Mail:	sam.samtherapy.net
Serial:	2025083000
Refresh:	3600
Retry:	900
Expire:	1209600
TTL:	3600
num Entries:	1

Domain:	froth.zone
Zone-Name:	froth.zone
Primary:	rin.froth.zone
Mail:	sam.samtherapy.net
Serial:	2025090300
Refresh:	3600
Retry:	900
Expire:	1209600
TTL:	3600
num Entries:	8


Domain:	zone
Zone-Name:	zone
Primary:	v0n0.nic.zone
Mail:	hostmaster.donuts.email
Serial:	1756880150
Refresh:	7200
Retry:	900
Expire:	1209600
TTL:	3600
num Entries:	6

Domain:	froth.zone
Zone-Name:	froth.zone
Primary:	rin.froth.zone
Mail:	sam.samtherapy.net
Serial:	2025083000
Refresh:	3600
Retry:	900
Expire:	1209600
TTL:	3600
num Entries:	1

Domain:	froth.zone
Zone-Name:	froth.zone
Primary:	rin.froth.zone
Mail:	sam.samtherapy.net
Serial:	2025090300
Refresh:	3600
Retry:	900
Expire:	1209600
TTL:	3600
num Entries:	8

Domain:	kaguya.froth.zone
Zone-Name:	froth.zone
Primary:	rin.froth.zone
Mail:	sam.samtherapy.net
Serial:	2025090300
Refresh:	3600
Retry:	900
Expire:	1209600
TTL:	3600
num Entries:	2

5. Screenshots

Startaddress: https://froth.zone/, address used: https://froth.zone/main/all, Screenshot created 2025-09-03 08:32:02 +00:0

Mobil (412px x 732px)

1241 milliseconds

Screenshot mobile - https://froth.zone/main/all

Mobil + Landscape (732px x 412px)

1233 milliseconds

Screenshot mobile landscape - https://froth.zone/main/all

Screen (1280px x 1680px)

1881 milliseconds

Screenshot Desktop - https://froth.zone/main/all

Mobile- and other Chrome-Checks

	width	height
visual Viewport	397	732
content Size	397	4691

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

6. Url-Checks

show header:

Domainname	Http-Status	redirect	Sec.	G
• http://froth.zone/ 95.216.99.249	308	https://froth.zone/	0.067	A
Connection: close
Location: https://froth.zone/
Server: Caddy
Date: Wed, 03 Sep 2025 06:28:24 GMT
Content-Length: 0

• http://froth.zone/ 2a01:4f9:2b:1305::2	308	https://froth.zone/	0.073	A
Connection: close
Location: https://froth.zone/
Server: Caddy
Date: Wed, 03 Sep 2025 06:28:24 GMT
Content-Length: 0

• http://www.froth.zone/ 95.216.99.249	308	https://www.froth.zone/	0.066	A
Connection: close
Location: https://www.froth.zone/
Server: Caddy
Date: Wed, 03 Sep 2025 06:28:24 GMT
Content-Length: 0

• http://www.froth.zone/ 2a01:4f9:2b:1305::2	308	https://www.froth.zone/	0.070	A
Connection: close
Location: https://www.froth.zone/
Server: Caddy
Date: Wed, 03 Sep 2025 06:28:24 GMT
Content-Length: 0

• https://froth.zone/ 95.216.99.249 gzip used - 44676 / 238736 - 81.29 % Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	200	Html is minified: 100.27 % Other inline scripts (∑/total): 1/236197	2.990	I
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id,Idempotency-Key
Alt-Svc: h3=":443"; ma=2592000
Cache-Control: must-revalidate, max-age=0, private
Content-Security-Policy: upgrade-insecure-requests;style-src 'self' 'nonce-um_BiUJchiLnEtn';font-src 'self';script-src 'self' 'nonce-um_BiUJchiLnEtn' ;connect-src 'self' https://froth.zone wss://froth.zone https://cdn.froth.zone https://proxy.froth.zone;media-src 'self' https://cdn.froth.zone https://proxy.froth.zone;img-src 'self' data: blob: https://cdn.froth.zone https://proxy.froth.zone;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self';
Date: Wed, 03 Sep 2025 06:28:24 GMT
Onion-Location: http://froth5px5mpxckho357mtx62v5dmttrlp7prhs7nwppmmi5napuouiad.onion/
Permissions-Policy: interest-cohort=()
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
Via: 1.1 Caddy
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: GGGx39x7_gOKmOwAAzdG
X-XSS-Protection: 0
Transfer-Encoding: chunked
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Content-Length: 44676

• https://froth.zone/ 2a01:4f9:2b:1305::2 gzip used - 44676 / 238736 - 81.29 % Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	200	Html is minified: 100.27 % Other inline scripts (∑/total): 1/236197	2.880	I
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id,Idempotency-Key
Alt-Svc: h3=":443"; ma=2592000
Cache-Control: must-revalidate, max-age=0, private
Content-Security-Policy: upgrade-insecure-requests;style-src 'self' 'nonce-hS4SaK_Don0rlLq';font-src 'self';script-src 'self' 'nonce-hS4SaK_Don0rlLq' ;connect-src 'self' https://froth.zone wss://froth.zone https://cdn.froth.zone https://proxy.froth.zone;media-src 'self' https://cdn.froth.zone https://proxy.froth.zone;img-src 'self' data: blob: https://cdn.froth.zone https://proxy.froth.zone;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self';
Date: Wed, 03 Sep 2025 06:28:29 GMT
Onion-Location: http://froth5px5mpxckho357mtx62v5dmttrlp7prhs7nwppmmi5napuouiad.onion/
Permissions-Policy: interest-cohort=()
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
Via: 1.1 Caddy
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: GGGx4PnIUigAVvQAAziG
X-XSS-Protection: 0
Transfer-Encoding: chunked
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Content-Length: 44676

• https://www.froth.zone/ 95.216.99.249	-103		0.080	P
SecureConnectionError (3, 0x80131501). The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'InternalError' (FF: SSL_ERROR_INTERNAL_ERROR_ALERT)

• https://www.froth.zone/ 2a01:4f9:2b:1305::2	-103		0.097	P
SecureConnectionError (3, 0x80131501). The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'InternalError' (FF: SSL_ERROR_INTERNAL_ERROR_ALERT)

• http://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 95.216.99.249	308	https://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.067	A
Visible Content:
Connection: close
Location: https://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Server: Caddy
Date: Wed, 03 Sep 2025 06:28:34 GMT
Content-Length: 0

• http://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f9:2b:1305::2	308	https://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.070	A
Visible Content:
Connection: close
Location: https://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Server: Caddy
Date: Wed, 03 Sep 2025 06:28:34 GMT
Content-Length: 0

• http://www.froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 95.216.99.249	308	https://www.froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.066	A
Visible Content:
Connection: close
Location: https://www.froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Server: Caddy
Date: Wed, 03 Sep 2025 06:28:34 GMT
Content-Length: 0

• http://www.froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f9:2b:1305::2	308	https://www.froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.070	A
Visible Content:
Connection: close
Location: https://www.froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Server: Caddy
Date: Wed, 03 Sep 2025 06:28:34 GMT
Content-Length: 0

• https://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de gzip used - 44676 / 238736 - 81.29 % Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	200	Html is minified: 100.27 % Other inline scripts (∑/total): 1/236197	2.956
Visible Content:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: ,
Access-Control-Expose-Headers: Link,X-RateLimit-Reset,X-RateLimit-Limit,X-RateLimit-Remaining,X-Request-Id,Idempotency-Key
Alt-Svc: h3=":443"; ma=2592000
Cache-Control: must-revalidate, max-age=0, private
Content-Security-Policy: upgrade-insecure-requests;style-src 'self' 'nonce-pK5buOG8dgfq7DV';font-src 'self';script-src 'self' 'nonce-pK5buOG8dgfq7DV' ;connect-src 'self' https://froth.zone wss://froth.zone https://cdn.froth.zone https://proxy.froth.zone;media-src 'self' https://cdn.froth.zone https://proxy.froth.zone;img-src 'self' data: blob: https://cdn.froth.zone https://proxy.froth.zone;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self';
Date: Wed, 03 Sep 2025 06:28:35 GMT
Onion-Location: http://froth5px5mpxckho357mtx62v5dmttrlp7prhs7nwppmmi5napuouiad.onion/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Permissions-Policy: interest-cohort=()
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding
Via: 1.1 Caddy
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: GGGx4j0OHMnYTBUAAzpG
X-XSS-Protection: 0
Transfer-Encoding: chunked
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Content-Length: 44676

• https://www.froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	-103		0.096	P
SecureConnectionError (3, 0x80131501). The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'InternalError' (FF: SSL_ERROR_INTERNAL_ERROR_ALERT)
Visible Content:

• https://95.216.99.249/ 95.216.99.249	-103		0.084	P
SecureConnectionError (3, 0x80131501). The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'InternalError' (FF: SSL_ERROR_INTERNAL_ERROR_ALERT)

• https://[2a01:04f9:002b:1305:0000:0000:0000:0002]/ 2a01:4f9:2b:1305::2	-103		0.090	P
SecureConnectionError (3, 0x80131501). The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'InternalError' (FF: SSL_ERROR_INTERNAL_ERROR_ALERT)

7. Comments

	1. General Results, most used to calculate the result
A	name "froth.zone" is domain, public suffix is ".zone", top-level-domain is ".zone", top-level-domain-type is "generic", tld-manager is "Binky Moon, LLC", num .zone-domains preloaded: 86 (complete: 276475)
A	Good: All ip addresses are public addresses
A	Good: Minimal 2 ip addresses per domain name found: froth.zone has 3 different ip addresses (authoritative).
A	Good: Minimal 2 ip addresses per domain name found: www.froth.zone has 2 different ip addresses (authoritative).
A	Good: Ipv4 and Ipv6 addresses per domain name found: froth.zone has 2 ipv4, 1 ipv6 addresses
A	Good: Ipv4 and Ipv6 addresses per domain name found: www.froth.zone has 1 ipv4, 1 ipv6 addresses
A	Good: No asked Authoritative Name Server had a timeout
A	Good: destination is https
A	Good - only one version with Http-Status 200
A	Good: one preferred version: non-www is preferred
A	Good: No cookie sent via http.
	Warning: HSTS preload sent, but not in Preload-List. Never send a preload directive if you don't know what preload means. Check https://hstspreload.org/ to learn the basics about the Google-Preload list. If you send a preload directive, you should immediately add your domain to the HSTS preload list via https://hstspreload.org/ . If Google accepts the domain, so the status is "pending": Note that new entries are hardcoded into the Chrome source code and can take several months before they reach the stable version. So you will see this message some months. If you don't want that or if you don't understand "preload", but if you send a preload directive and if you have correct A-redirects, everybody can add your domain to that list. Then you may have problems, it's not easy to undo that. So if you don't want your domain preloaded, remove the preload directive.
	HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
A	Good: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
A	http://froth.zone/ 95.216.99.249	308	https://froth.zone/	Correct redirect http - https with the same domain name
A	http://froth.zone/ 2a01:4f9:2b:1305::2	308	https://froth.zone/	Correct redirect http - https with the same domain name
I	https://froth.zone/ 95.216.99.249	200		Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
I	https://froth.zone/ 2a01:4f9:2b:1305::2	200		Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
I	https://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	200		Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain froth.zone, 2 ip addresses.
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain www.froth.zone, 2 ip addresses.
	Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain froth.zone, 2 ip addresses.
	Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain www.froth.zone, 2 ip addresses.
B	No _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.froth.zone
	2. Header-Checks
A	froth.zone 95.216.99.249	Content-Security-Policy		Ok: Header without syntax errors found: upgrade-insecure-requests;style-src 'self' 'nonce-um_BiUJchiLnEtn';font-src 'self';script-src 'self' 'nonce-um_BiUJchiLnEtn' ;connect-src 'self' https://froth.zone wss://froth.zone https://cdn.froth.zone https://proxy.froth.zone;media-src 'self' https://cdn.froth.zone https://proxy.froth.zone;img-src 'self' data: blob: https://cdn.froth.zone https://proxy.froth.zone;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self';
A				Good: default-src directive only with 'none' or 'self', additional sources are blocked.
A				Good: default-src without 'unsafe-inline' or 'unsave-eval'.
E				Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
A				Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
A				Good: base-uri directive found. That limits the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
A				Good: No object-src found, but the default-src used as fallback is defined and restricted.
A				Good: script-src without 'unsafe-inline' and 'unsafe-eval' found. That's the recommended configuration.
A				Good: script-src without * and a scheme found.
A				Good: script-src without data: schema found. Why is this important? The data: schema allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
A				Good: frame-src without data: defined or frame-src missing and the default-src used as fallback not allows the data: schema. That blocks hidden code injection. Insert <iframe src="data:text/html;charset=utf-8;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHA+YmVmb3JlPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmFsZXJ0KCdYU1MnKTwvc2NyaXB0PjxwPmFmdGVyPC9ib2R5PjwvaHRtbD4="></iframe> in your page and see what happens.
A				Ok: Nonce found. (Element: style-src)
A				Ok: Nonce found.
A		X-Content-Type-Options		Ok: Header without syntax errors found: nosniff
A		Referrer-Policy		Ok: Header without syntax errors found: same-origin
A		Permissions-Policy		Ok: Header without syntax errors found: interest-cohort=()
A		X-Frame-Options		Ok: Header without syntax errors found: DENY
B				Info: Header is deprecated. May not longer work in modern browsers. DENY. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A		X-Xss-Protection		Ok: Header without syntax errors found: 0
B				Info: Header is deprecated. May not longer work in modern browsers. 0
A	froth.zone 2a01:4f9:2b:1305::2	Content-Security-Policy		Ok: Header without syntax errors found: upgrade-insecure-requests;style-src 'self' 'nonce-hS4SaK_Don0rlLq';font-src 'self';script-src 'self' 'nonce-hS4SaK_Don0rlLq' ;connect-src 'self' https://froth.zone wss://froth.zone https://cdn.froth.zone https://proxy.froth.zone;media-src 'self' https://cdn.froth.zone https://proxy.froth.zone;img-src 'self' data: blob: https://cdn.froth.zone https://proxy.froth.zone;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self';
A				Good: default-src directive only with 'none' or 'self', additional sources are blocked.
A				Good: default-src without 'unsafe-inline' or 'unsave-eval'.
E				Bad: No form-action directive found. Use one to limit the form - action - destinations. form-action is a navigation-directive, so default-src isn't used.
A				Good: frame-ancestors directive found. That limits pages who are allowed to use this page in a frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
A				Good: base-uri directive found. That limits the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
A				Good: No object-src found, but the default-src used as fallback is defined and restricted.
A				Good: script-src without 'unsafe-inline' and 'unsafe-eval' found. That's the recommended configuration.
A				Good: script-src without * and a scheme found.
A				Good: script-src without data: schema found. Why is this important? The data: schema allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
A				Good: frame-src without data: defined or frame-src missing and the default-src used as fallback not allows the data: schema. That blocks hidden code injection. Insert <iframe src="data:text/html;charset=utf-8;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHA+YmVmb3JlPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmFsZXJ0KCdYU1MnKTwvc2NyaXB0PjxwPmFmdGVyPC9ib2R5PjwvaHRtbD4="></iframe> in your page and see what happens.
A				Ok: Nonce found.
A				Ok: Nonce found.
A		X-Content-Type-Options		Ok: Header without syntax errors found: nosniff
A		Referrer-Policy		Ok: Header without syntax errors found: same-origin
A		Permissions-Policy		Ok: Header without syntax errors found: interest-cohort=()
A		X-Frame-Options		Ok: Header without syntax errors found: DENY
B				Info: Header is deprecated. May not longer work in modern browsers. DENY. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A		X-Xss-Protection		Ok: Header without syntax errors found: 0
B				Info: Header is deprecated. May not longer work in modern browsers. 0
B	froth.zone 95.216.99.249	Cross-Origin-Embedder-Policy		Info: Missing Header
B	froth.zone 95.216.99.249	Cross-Origin-Opener-Policy		Info: Missing Header
B	froth.zone 95.216.99.249	Cross-Origin-Resource-Policy		Info: Missing Header
B	froth.zone 2a01:4f9:2b:1305::2	Cross-Origin-Embedder-Policy		Info: Missing Header
B	froth.zone 2a01:4f9:2b:1305::2	Cross-Origin-Opener-Policy		Info: Missing Header
B	froth.zone 2a01:4f9:2b:1305::2	Cross-Origin-Resource-Policy		Info: Missing Header
A				Good: Different combinations of domain names and ip addresses checked, Content-Security-Policy - Header with a nonce declaration sent: Every combination domain + ip with an own, unique nonce.
	3. DNS- and NameServer - Checks
A	Info:: 13 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 5 Name Servers.
A	Info:: 13 Queries complete, 13 with IPv6, 0 with IPv4.
A	Good: All DNS Queries done via IPv6.
A	Good: Some ip addresses of name servers found with the minimum of two DNS Queries. One to find the TLD-Zone, one to ask the TLD-Zone.illya.froth.zone (129.213.157.255, 2603:c020:4004:62ee::8888), rin.froth.zone (158.69.1.114, 2607:5300:201:3100::931b), saber.froth.zone (185.196.220.241, 2a0f:ca80:0:2a4::5:4b32), sakura.froth.zone (141.94.206.97, 2001:41d0:304:200::d12b)
A	Good (1 - 3.0):: An average of 2.6 queries per domain name server required to find all ip addresses of all name servers.
A	Info:: 5 different Name Servers found: illya.froth.zone, rin.froth.zone, saber.froth.zone, sakura.froth.zone, sdns2.ovh.ca, 5 Name Servers included in Delegation: illya.froth.zone, rin.froth.zone, saber.froth.zone, sakura.froth.zone, sdns2.ovh.ca, 5 Name Servers included in 1 Zone definitions: illya.froth.zone, rin.froth.zone, saber.froth.zone, sakura.froth.zone, sdns2.ovh.ca, 1 Name Servers listed in SOA.Primary: rin.froth.zone.
A	Good: Only one SOA.Primary Name Server found.: rin.froth.zone.
A	Good: SOA.Primary Name Server included in the delegation set.: rin.froth.zone.
A	Good: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: illya.froth.zone, rin.froth.zone, saber.froth.zone, sakura.froth.zone, sdns2.ovh.ca
A	Good: All Name Server Domain Names have a Public Suffix.
A	Good: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
A	Good: All Name Server ip addresses are public.
A	Good: Minimal 2 different name servers (public suffix and public ip address) found: 5 different Name Servers found
A	Good: Some Name Servers have IPv6 addresses: 4 Name Servers with IPv6 found (1 Name Servers without IPv6)
A	Good: Name servers with different Top Level Domains / Public Suffix List entries found: 5 Name Servers, 2 Top Level Domains: ca, zone
A	Good: Name Servers with different domain names found.: 2 different Domains found
A	Good: Name servers with different Country locations found: 5 Name Servers, 4 Countries: CA, DE, FR, US
A	Info: Ipv4-Subnet-list: 5 Name Servers, 5 different subnets (first Byte): 129., 141., 158., 167., 188., 5 different subnets (first two Bytes): 129.213., 141.94., 158.69., 167.114., 188.245., 5 different subnets (first three Bytes): 129.213.157., 141.94.206., 158.69.1., 167.114.154., 188.245.39.
A	Excellent: Every Name Server IPv4-address starts with an unique Byte.
A	Info: IPv6-Subnet-list: 4 Name Servers with IPv6, 4 different subnets (first block): 2001:, 2603:, 2607:, 2a01:, 4 different subnets (first two blocks): 2001:41d0:, 2603:c020:, 2607:5300:, 2a01:04f8:, 4 different subnets (first three blocks): 2001:41d0:0304:, 2603:c020:4004:, 2607:5300:0201:, 2a01:04f8:1c1a:, 4 different subnets (first four blocks): 2001:41d0:0304:0200:, 2603:c020:4004:62ee:, 2607:5300:0201:3100:, 2a01:04f8:1c1a:f4ff:
A	Excellent: Every Name Server IPv6-address starts with an unique Hex-block
A	Good: Nameserver supports TCP connections: 18 good Nameserver
A	Info: Nameserver mit different domain names found. May be a problem with DNS-Updates
A	Good: Nameserver supports Echo Capitalization: 18 good Nameserver
A	Good: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 18 good Nameserver
A	Good: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 18 good Nameserver
	Nameserver doesn't pass all EDNS-Checks: v2n1.nic.zone: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found (FRA4). COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
X	Fatal error: Nameservers with different SOA Serial Numbers
A	Good: CAA entries found, creating certificate is limited: letsencrypt.org is allowed to create certificates
A	Good: CAA entries found, creating certificate is limited: sectigo.com is allowed to create certificates
	4. Content- and Performance-critical Checks
	https://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	200		Warning: Not existing ACME-file, but Server sends 200, not 404 or redirect. May be a problem creating a Letsencrypt certificate. Checking /.well-known/acme-challenge/random-filename - a http status 404 - Not Found - is expected. If your server sends content and a http status 200, the validation file (87 bytes, token, dot and the hash of the public part of the account key) may be invisible, so Letsencrypt can't validate your domain. If it is an application that sends this content, perhaps create an exception, so /.well-known/acme-challenge sends raw files. Or create a redirect to another domain and / or port 443, but your Letsencrypt client must support such a solution. Certbot: Use webroot as authenticator - https://certbot.eff.org/docs/using.html Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
	https://www.froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	-103		Fatal: Check of /.well-known/acme-challenge/random-filename is blocked, http connection error. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
A	Good: Every https result with status 200 and greater 1024 Bytes is compressed (gzip, deflate, br checked).
A	Good: No https + http status 200 with inline CSS / JavaScript found
A	Good: Every https result with status 200 has a minified Html-Content with a quota lower then 110 %.
A	Good: Every https connection via port 443 supports the http/2 protocol via ALPN.
	https://froth.zone/ 95.216.99.249	200		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 1 script elements without defer/async.
	https://froth.zone/ 2a01:4f9:2b:1305::2	200		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 1 script elements without defer/async.
	https://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	200		Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 1 script elements without defer/async.
A	Good: All CSS / JavaScript files are sent compressed (gzip, deflate, br checked). That reduces the content of the files. 9 external CSS / JavaScript files found
A	Good: All images with internal compression not compressed. Some Images (.png, .jpg, .jpeg, .webp, .gif) are already compressed, so an additional compression isn't helpful. 3 images (type image/png, image/jpg, image/jpeg, image/webp, image/gif) found without additional Compression. Not required because these images are already compressed
	Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 0 external CSS / JavaScript files without Cache-Control-Header, 12 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 12 complete.
	Warning: Images with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 0 image files without Cache-Control-Header, 3 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 3 complete.
A	Good: All checked attribute values are enclosed in quotation marks (" or ').
	Wrong: img-elements without alt-attribute or empty alt-attribute found. The alt-attribute ("alternative") is required and should describe the img. So Screenreader and search engines are able to use these informations.: 3 img-elements without alt-attribute, 0 img-elements with empty alt-attribute found.
A	Good: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
A	Duration: 392680 milliseconds, 392.680 seconds

8. Connections

Domain

Port

Cert.

Protocol

KeyExchange

Strength

Cipher

Strength

HashAlgorithm

OCSP stapling

Domain/KeyExchange

IP/Strength

Port/Cipher

Cert./Strength

Protocol/HashAlgorithm

OCSP stapling

froth.zone

95.216.99.249

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

froth.zone

95.216.99.249

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=froth.zone
	2	CN=E5, O=Let's Encrypt, C=US

froth.zone

2a01:4f9:2b:1305::2

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

froth.zone

2a01:4f9:2b:1305::2

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=froth.zone
	2	CN=E5, O=Let's Encrypt, C=US

froth.zone

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

froth.zone

443

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=froth.zone
	2	CN=E5, O=Let's Encrypt, C=US

9. Certificates

CN=froth.zone

15.08.2025

13.11.2025
186 days expired

froth.zone - 1 entry

CN=froth.zone

15.08.2025

13.11.2025
186 days expired

froth.zone - 1 entry

Keyalgorithm	EC Public Key (256 bit, prime256v1)
Signatur:	ECDSA SHA384
Serial Number:	05BC09651F2FF1436F6F87BEBD0E0F3F1640
Thumbprint:	901B185EE429D3AFA4E5952F169E0D3EABC42311
SHA256 / Certificate:	+7zxXWvPExWrkWuzjozO5W4ZMPKoOW3OLR/44ConCeA=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	b4c29504322ef5ac4fa5f5a3bb913640b30d27352c780ffffab3bdfd9e04ce71
SHA256 hex / Subject Public Key Information (SPKI):	b4c29504322ef5ac4fa5f5a3bb913640b30d27352c780ffffab3bdfd9e04ce71 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=E5, O=Let's Encrypt, C=US

13.03.2024

13.03.2027
expires in 299 days

CN=E5, O=Let's Encrypt, C=US

13.03.2024

13.03.2027
expires in 299 days

Keyalgorithm	EC Public Key (384 bit, secp384r1)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	00838F6C63CEB1398C6206628315C9FDDE
Thumbprint:	5F28D9C589EE4BF31A11B78C72B8D13F079DDC45
SHA256 / Certificate:	Xf2zzzGybyPYfAnzoM72QvZAaan7fP4pJwu13A8eFrs=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	3586d4ecf070578cbd27aedce20b964e48bc149faeb9dad72f46b857869172b8
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

CN=ISRG Root X1, O=Internet Security Research Group, C=US

04.06.2015

04.06.2035
expires in 3304 days

CN=ISRG Root X1, O=Internet Security Research Group, C=US

04.06.2015

04.06.2035
expires in 3304 days

Keyalgorithm	RSA encryption (4096 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	008210CFB0D240E3594463E0BB63828B00
Thumbprint:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:	lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):	96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):	0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):	0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuer				last 7 days	active	num Certs
CN=E6, O=Let's Encrypt, C=US				0	0	1
CN=E5, O=Let's Encrypt, C=US				0	0	1

CertSpotter-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
11503033332 leaf cert	CN=E5, O=Let's Encrypt, C=US	2025-08-15 13:02:50	2025-11-13 13:02:49	froth.zone - 1 entries
10777032516 leaf cert	CN=E6, O=Let's Encrypt, C=US	2025-06-16 13:54:55	2025-09-14 13:54:54	froth.zone - 1 entries

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

No CRT - CT-Log entries found

11. Html-Content - Entries

Summary

							Subresource Integrity (SRI)
Domainname	HtmlElement	rel/property	∑	∑ size	∑ problems	∑ int.	∑ ext.	∑ Origin poss.	∑ SRI ParseErrors	∑ SRI valid	∑ SRI missing
https://froth.zone/ 95.216.99.249	img		1	43,520 Bytes	0	1	0	0	0	0
	link	stylesheet	3	30,856 Bytes	0	3	0	0	0	0
	link	other	8	725,426 Bytes	2	7	0	0	0	0
	meta	other	3		0			0	0	0
	script		1	437,428 Bytes	0	1	0	0	0	0
https://froth.zone/ 2a01:4f9:2b:1305::2	img		1	43,520 Bytes	0	1	0	0	0	0
	link	stylesheet	3	30,856 Bytes	0	3	0	0	0	0
	link	other	8	725,426 Bytes	2	7	0	0	0	0
	meta	other	3		0			0	0	0
	script		1	437,428 Bytes	0	1	0	0	0	0
https://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	img		1	43,520 Bytes	0	1	0	0	0	0
	link	stylesheet	3	30,856 Bytes	0	3	0	0	0	0
	link	other	8	725,426 Bytes	2	7	0	0	0	0
	meta	other	3		0			0	0	0
	script		1	437,428 Bytes	0	1	0	0	0	0

Details (currently limited to 500 rows - some problems with spam users)

Domainname	Html-Element	name/equiv/ property/rel	href/src/content	HttpStatus	∑	Status
https://froth.zone/ 95.216.99.249	img	src	/static/pleromatan_apology_small.webp		200		1	ok
	no alt-Attribute			image/webp X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			No Compression - 43520 Bytes
	ETag: "13763F6"

	link	icon	/favicon.png		200		1	ok
				image/png X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			No Compression - 662120 Bytes
	ETag: "333ACBB"

	link	manifest	/manifest.json				1	ok
								ok


	link	preload	/api/pleroma/frontend_configurations		200		1	ok
				application/json; charset=utf-8 X-Content-Type-Options nosniff found				ok
				1262 Bytes

	link	preload	/api/v1/instance		200		1	ok
				application/json; charset=utf-8 X-Content-Type-Options nosniff found				ok
				1697 Bytes

	link	preload	/nodeinfo/2.0.json		200		1	Problems with Content-Type - Header - see details
				application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.0#"; charset=utf-8 X-Content-Type-Options nosniff found		Unkown parameter. Only charset/boundary allowed.		Problems with Content-Type - Header - see details
				1822 Bytes

	link	preload	/nodeinfo/2.1.json		200		1	Problems with Content-Type - Header - see details
				application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.1#"; charset=utf-8 X-Content-Type-Options nosniff found		Unkown parameter. Only charset/boundary allowed.		Problems with Content-Type - Header - see details
				1842 Bytes

	link	preload	/static/config.json		200		1	ok
				application/json X-Content-Type-Options nosniff found				ok
				411 Bytes
	ETag: "482BED8-gzip"

	link	preload	/static/pleromatan_apology_fox_small.webp		200		1	ok
				image/webp X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			No Compression - 56272 Bytes
	ETag: "7BC5256"

	link	stylesheet	/static/css/main.DfnspklD.css		200		1	ok
				text/css X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			Compression (gzip): 29994/171524 Bytes
	ETag: "5B4ABC4-gzip"
	local SRI possible, possible hash-values: sha256-N2z7IRla0Qo9YcSPiMQfI78C6CCP03Xk1eKmfY1BtL4= sha384-/CoRtZkd4OkE3RiB558e0NygPyPEOhHPsYL4LlHWfkMW4aGMOy2WzczotvvMK8PR sha512-2oNhwJik4dEYC7He7wkLogpDfXxU7M0NcBJezWtYyqwGFiTO0R/tQDwyS8K8JNDfCcSfAO3sfsOikgXYPj3Gaw== <link rel="stylesheet" href="/static/css/main.DfnspklD.css" crossorigin="anonymous" integrity="sha256-N2z7IRla0Qo9YcSPiMQfI78C6CCP03Xk1eKmfY1BtL4=" />

	link	stylesheet	/static/empty.css		200		1	ok
				text/css X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			0 Bytes
	ETag: "3746ED2"
	local SRI possible, possible hash-values: sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= sha384-OLBgp1GsljhM2TJ+sbHjaiH9txEUvgdDTAzHv2P24donTt6/529l+9Ua0vFImLlb sha512-z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg== <link rel="stylesheet" href="/static/empty.css" crossorigin="anonymous" integrity="sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" />

	link	stylesheet	/static/splash.css		200		1	ok
				text/css X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			Compression (gzip): 862/2456 Bytes
	ETag: "2E28AFD-gzip"
	local SRI possible, possible hash-values: sha256-iO3/QcDdqJeHk6iO7urT14qXfNAdtu/Qt7UwTdlFztQ= sha384-iqXbCx808b2pbIGtpBqDAqRo2KnO9uA0bZBOCrPn4R6nEww1EczEbZx27kmNUEI4 sha512-9bHg8wpa+auiKuNvI8QhR7DcOahpEdXmLLvXYXLpz62tzOiiIA6DReH7DwjoqUEjaPUcnKtc5Yu1r95CPqITBA== <link rel="stylesheet" href="/static/splash.css" crossorigin="anonymous" integrity="sha256-iO3/QcDdqJeHk6iO7urT14qXfNAdtu/Qt7UwTdlFztQ=" />

	meta	charset	utf-8				1	ok
								ok


	meta	theme-color	#593196				1	ok
								ok


	meta	viewport	width=device-width, initial-scale=1,user-scalable=no				1	ok
								ok


	script	src	/static/js/main.CHo0LUKE.js		200		1	ok
	Missing defer / async attribute.			text/javascript X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			Compression (gzip): 437428/1386444 Bytes
	ETag: "31BBCE2-gzip"
	local SRI possible, possible hash-values: sha256-x7kpnQzVkFCg7Rh1F/Siatf3TpRIuYntB4y8sFJ9hDs= sha384-S06X3Fqw6Iyvmf4zCFTgvgBZgduP5DKdj658Y+j7yWZ+Z+8c4OU0+rtaKBkIB35d sha512-D79uSN0+3l29zcuhoLLpTXol6uct6VPHKfK7bgzDSZCDDX4zJb4elKu9XUcdWC1AIJvPGKhh4xa05Cy+UvMiOw== <script src="/static/js/main.CHo0LUKE.js" crossorigin="anonymous" integrity="sha256-x7kpnQzVkFCg7Rh1F/Siatf3TpRIuYntB4y8sFJ9hDs=" />

2a01:4f9:2b:1305::2	img	src	/static/pleromatan_apology_small.webp		200		1	ok
	no alt-Attribute			image/webp X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			No Compression - 43520 Bytes
	ETag: "13763F6"

	link	icon	/favicon.png		200		1	ok
				image/png X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			No Compression - 662120 Bytes
	ETag: "333ACBB"

	link	manifest	/manifest.json				1	ok
								ok


	link	preload	/api/pleroma/frontend_configurations		200		1	ok
				application/json; charset=utf-8 X-Content-Type-Options nosniff found				ok
				1262 Bytes

	link	preload	/api/v1/instance		200		1	ok
				application/json; charset=utf-8 X-Content-Type-Options nosniff found				ok
				1697 Bytes

	link	preload	/nodeinfo/2.0.json		200		1	Problems with Content-Type - Header - see details
				application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.0#"; charset=utf-8 X-Content-Type-Options nosniff found		Unkown parameter. Only charset/boundary allowed.		Problems with Content-Type - Header - see details
				1822 Bytes

	link	preload	/nodeinfo/2.1.json		200		1	Problems with Content-Type - Header - see details
				application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.1#"; charset=utf-8 X-Content-Type-Options nosniff found		Unkown parameter. Only charset/boundary allowed.		Problems with Content-Type - Header - see details
				1842 Bytes

	link	preload	/static/config.json		200		1	ok
				application/json X-Content-Type-Options nosniff found				ok
				411 Bytes
	ETag: "482BED8-gzip"

	link	preload	/static/pleromatan_apology_fox_small.webp		200		1	ok
				image/webp X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			No Compression - 56272 Bytes
	ETag: "7BC5256"

	link	stylesheet	/static/css/main.DfnspklD.css		200		1	ok
				text/css X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			Compression (gzip): 29994/171524 Bytes
	ETag: "5B4ABC4-gzip"
	local SRI possible, possible hash-values: sha256-N2z7IRla0Qo9YcSPiMQfI78C6CCP03Xk1eKmfY1BtL4= sha384-/CoRtZkd4OkE3RiB558e0NygPyPEOhHPsYL4LlHWfkMW4aGMOy2WzczotvvMK8PR sha512-2oNhwJik4dEYC7He7wkLogpDfXxU7M0NcBJezWtYyqwGFiTO0R/tQDwyS8K8JNDfCcSfAO3sfsOikgXYPj3Gaw== <link rel="stylesheet" href="/static/css/main.DfnspklD.css" crossorigin="anonymous" integrity="sha256-N2z7IRla0Qo9YcSPiMQfI78C6CCP03Xk1eKmfY1BtL4=" />

	link	stylesheet	/static/empty.css		200		1	ok
				text/css X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			0 Bytes
	ETag: "3746ED2"
	local SRI possible, possible hash-values: sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= sha384-OLBgp1GsljhM2TJ+sbHjaiH9txEUvgdDTAzHv2P24donTt6/529l+9Ua0vFImLlb sha512-z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg== <link rel="stylesheet" href="/static/empty.css" crossorigin="anonymous" integrity="sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" />

	link	stylesheet	/static/splash.css		200		1	ok
				text/css X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			Compression (gzip): 862/2456 Bytes
	ETag: "2E28AFD-gzip"
	local SRI possible, possible hash-values: sha256-iO3/QcDdqJeHk6iO7urT14qXfNAdtu/Qt7UwTdlFztQ= sha384-iqXbCx808b2pbIGtpBqDAqRo2KnO9uA0bZBOCrPn4R6nEww1EczEbZx27kmNUEI4 sha512-9bHg8wpa+auiKuNvI8QhR7DcOahpEdXmLLvXYXLpz62tzOiiIA6DReH7DwjoqUEjaPUcnKtc5Yu1r95CPqITBA== <link rel="stylesheet" href="/static/splash.css" crossorigin="anonymous" integrity="sha256-iO3/QcDdqJeHk6iO7urT14qXfNAdtu/Qt7UwTdlFztQ=" />

	meta	charset	utf-8				1	ok
								ok


	meta	theme-color	#593196				1	ok
								ok


	meta	viewport	width=device-width, initial-scale=1,user-scalable=no				1	ok
								ok


	script	src	/static/js/main.CHo0LUKE.js		200		1	ok
	Missing defer / async attribute.			text/javascript X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			Compression (gzip): 437428/1386444 Bytes
	ETag: "31BBCE2-gzip"
	local SRI possible, possible hash-values: sha256-x7kpnQzVkFCg7Rh1F/Siatf3TpRIuYntB4y8sFJ9hDs= sha384-S06X3Fqw6Iyvmf4zCFTgvgBZgduP5DKdj658Y+j7yWZ+Z+8c4OU0+rtaKBkIB35d sha512-D79uSN0+3l29zcuhoLLpTXol6uct6VPHKfK7bgzDSZCDDX4zJb4elKu9XUcdWC1AIJvPGKhh4xa05Cy+UvMiOw== <script src="/static/js/main.CHo0LUKE.js" crossorigin="anonymous" integrity="sha256-x7kpnQzVkFCg7Rh1F/Siatf3TpRIuYntB4y8sFJ9hDs=" />

https://froth.zone/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	img	src	/static/pleromatan_apology_small.webp		200		1	ok
	no alt-Attribute			image/webp X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			No Compression - 43520 Bytes
	ETag: "13763F6"

	link	icon	/favicon.png		200		1	ok
				image/png X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			No Compression - 662120 Bytes
	ETag: "333ACBB"

	link	manifest	/manifest.json				1	ok
								ok


	link	preload	/api/pleroma/frontend_configurations		200		1	ok
				application/json; charset=utf-8 X-Content-Type-Options nosniff found				ok
				1262 Bytes

	link	preload	/api/v1/instance		200		1	ok
				application/json; charset=utf-8 X-Content-Type-Options nosniff found				ok
				1697 Bytes

	link	preload	/nodeinfo/2.0.json		200		1	Problems with Content-Type - Header - see details
				application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.0#"; charset=utf-8 X-Content-Type-Options nosniff found		Unkown parameter. Only charset/boundary allowed.		Problems with Content-Type - Header - see details
				1822 Bytes

	link	preload	/nodeinfo/2.1.json		200		1	Problems with Content-Type - Header - see details
				application/json; profile="http://nodeinfo.diaspora.software/ns/schema/2.1#"; charset=utf-8 X-Content-Type-Options nosniff found		Unkown parameter. Only charset/boundary allowed.		Problems with Content-Type - Header - see details
				1842 Bytes

	link	preload	/static/config.json		200		1	ok
				application/json X-Content-Type-Options nosniff found				ok
				411 Bytes
	ETag: "482BED8-gzip"

	link	preload	/static/pleromatan_apology_fox_small.webp		200		1	ok
				image/webp X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			No Compression - 56272 Bytes
	ETag: "7BC5256"

	link	stylesheet	/static/css/main.DfnspklD.css		200		1	ok
				text/css X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			Compression (gzip): 29994/171524 Bytes
	ETag: "5B4ABC4-gzip"
	local SRI possible, possible hash-values: sha256-N2z7IRla0Qo9YcSPiMQfI78C6CCP03Xk1eKmfY1BtL4= sha384-/CoRtZkd4OkE3RiB558e0NygPyPEOhHPsYL4LlHWfkMW4aGMOy2WzczotvvMK8PR sha512-2oNhwJik4dEYC7He7wkLogpDfXxU7M0NcBJezWtYyqwGFiTO0R/tQDwyS8K8JNDfCcSfAO3sfsOikgXYPj3Gaw== <link rel="stylesheet" href="/static/css/main.DfnspklD.css" crossorigin="anonymous" integrity="sha256-N2z7IRla0Qo9YcSPiMQfI78C6CCP03Xk1eKmfY1BtL4=" />

	link	stylesheet	/static/empty.css		200		1	ok
				text/css X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			0 Bytes
	ETag: "3746ED2"
	local SRI possible, possible hash-values: sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= sha384-OLBgp1GsljhM2TJ+sbHjaiH9txEUvgdDTAzHv2P24donTt6/529l+9Ua0vFImLlb sha512-z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg== <link rel="stylesheet" href="/static/empty.css" crossorigin="anonymous" integrity="sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" />

	link	stylesheet	/static/splash.css		200		1	ok
				text/css X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			Compression (gzip): 862/2456 Bytes
	ETag: "2E28AFD-gzip"
	local SRI possible, possible hash-values: sha256-iO3/QcDdqJeHk6iO7urT14qXfNAdtu/Qt7UwTdlFztQ= sha384-iqXbCx808b2pbIGtpBqDAqRo2KnO9uA0bZBOCrPn4R6nEww1EczEbZx27kmNUEI4 sha512-9bHg8wpa+auiKuNvI8QhR7DcOahpEdXmLLvXYXLpz62tzOiiIA6DReH7DwjoqUEjaPUcnKtc5Yu1r95CPqITBA== <link rel="stylesheet" href="/static/splash.css" crossorigin="anonymous" integrity="sha256-iO3/QcDdqJeHk6iO7urT14qXfNAdtu/Qt7UwTdlFztQ=" />

	meta	charset	utf-8				1	ok
								ok


	meta	theme-color	#593196				1	ok
								ok


	meta	viewport	width=device-width, initial-scale=1,user-scalable=no				1	ok
								ok


	script	src	/static/js/main.CHo0LUKE.js		200		1	ok
	Missing defer / async attribute.			text/javascript X-Content-Type-Options nosniff found				ok
	Cache-Control: public, no-cache - max-age missing.			Compression (gzip): 437428/1386444 Bytes
	ETag: "31BBCE2-gzip"
	local SRI possible, possible hash-values: sha256-x7kpnQzVkFCg7Rh1F/Siatf3TpRIuYntB4y8sFJ9hDs= sha384-S06X3Fqw6Iyvmf4zCFTgvgBZgduP5DKdj658Y+j7yWZ+Z+8c4OU0+rtaKBkIB35d sha512-D79uSN0+3l29zcuhoLLpTXol6uct6VPHKfK7bgzDSZCDDX4zJb4elKu9XUcdWC1AIJvPGKhh4xa05Cy+UvMiOw== <script src="/static/js/main.CHo0LUKE.js" crossorigin="anonymous" integrity="sha256-x7kpnQzVkFCg7Rh1F/Siatf3TpRIuYntB4y8sFJ9hDs=" />

12. Html-Parsing via https://validator.w3.org/nu/

	Type	Message	num found
Url used (first standard-https-result with http status 200): https://froth.zone/

Summary
	Good: No non-document-errors
	1 errors
	1 warnings
1.	error	An `img` element must have an `alt` attribute, except under certain conditions. For details, consult guidance on providing text alternatives for images.	1
2.	warning	Consider avoiding viewport values that prevent users from resizing documents.	1
Details
	Type	Message + Sample
1	error	An `img` element must have an `alt` attribute, except under certain conditions. For details, consult guidance on providing text alternatives for images.
		From line 38, column 11 to line 38, column 71
		<img id="mascot" src="/static/pleromatan_apology_small.webp">
2	warning	Consider avoiding viewport values that prevent users from resizing documents.
		From line 5, column 5 to line 5, column 89
		f-8"> <meta name="viewport" content="width=device-width, initial-scale=1,user-scalable=no"> <

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: illya.froth.zone, rin.froth.zone, saber.froth.zone, sakura.froth.zone, sdns2.ovh.ca

QNr.	Domain	Type	NS used
1	zone	NS	b.root-servers.net (2001:500:200::b)
	Answer: v0n0.nic.zone, v0n1.nic.zone, v0n2.nic.zone, v0n3.nic.zone, v2n0.nic.zone, v2n1.nic.zone
2	illya.froth.zone: 129.213.157.255, 2603:c020:4004:62ee::8888	NS	v0n0.nic.zone (2a01:8840:1e::5)
	Answer: rin.froth.zone 158.69.1.114, 2607:5300:201:3100::931b
	Answer: saber.froth.zone 185.196.220.241, 2a0f:ca80:0:2a4::5:4b32
	Answer: sakura.froth.zone 141.94.206.97, 2001:41d0:304:200::d12b
3	ca	NS	k.root-servers.net (2001:7fd::1)
	Answer: any.ca-servers.ca, c.ca-servers.ca, d.ca-servers.ca, j.ca-servers.ca
4	sdns2.ovh.ca	NS	any.ca-servers.ca (2001:500:a7::2)
	Answer: dns19.ovh.net, ns19.ovh.net
5	net	NS	a.root-servers.net (2001:503:ba3e::2:30)
	Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
6	dns19.ovh.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: dns10.ovh.net, dns11.ovh.net, dns12.ovh.net, dns13.ovh.net, dns15.ovh.net, ns10.ovh.net, ns11.ovh.net, ns12.ovh.net, ns13.ovh.net, ns15.ovh.net
	Answer: dns10.ovh.net 2001:41d0:d00:6100::2, 5.135.85.109
	Answer: dns11.ovh.net 2001:41d0:d00:f000::2, 5.135.86.61
	Answer: dns12.ovh.net 2001:41d0:d00:f100::2, 5.135.86.81
	Answer: dns13.ovh.net 2001:41d0:d00:f200::2, 5.135.98.29
	Answer: dns15.ovh.net 2001:41d0:d00:f400::2, 5.135.110.101
	Answer: ns10.ovh.net 2001:41d0:b00:3a00::2, 5.39.20.253
	Answer: ns11.ovh.net 2001:41d0:b00:d000::2, 5.39.27.169
	Answer: ns12.ovh.net 2001:41d0:b00:eb00::2, 5.39.102.21
	Answer: ns13.ovh.net 2001:41d0:b00:ec00::2, 5.39.112.241
	Answer: ns15.ovh.net 2001:41d0:b00:ee00::2, 5.39.114.9
7	ns19.ovh.net	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: dns10.ovh.net, dns11.ovh.net, dns12.ovh.net, dns13.ovh.net, dns15.ovh.net, ns10.ovh.net, ns11.ovh.net, ns12.ovh.net, ns13.ovh.net, ns15.ovh.net
	Answer: dns10.ovh.net 2001:41d0:d00:6100::2, 5.135.85.109
	Answer: dns11.ovh.net 2001:41d0:d00:f000::2, 5.135.86.61
	Answer: dns12.ovh.net 2001:41d0:d00:f100::2, 5.135.86.81
	Answer: dns13.ovh.net 2001:41d0:d00:f200::2, 5.135.98.29
	Answer: dns15.ovh.net 2001:41d0:d00:f400::2, 5.135.110.101
	Answer: ns10.ovh.net 2001:41d0:b00:3a00::2, 5.39.20.253
	Answer: ns11.ovh.net 2001:41d0:b00:d000::2, 5.39.27.169
	Answer: ns12.ovh.net 2001:41d0:b00:eb00::2, 5.39.102.21
	Answer: ns13.ovh.net 2001:41d0:b00:ec00::2, 5.39.112.241
	Answer: ns15.ovh.net 2001:41d0:b00:ee00::2, 5.39.114.9
8	dns19.ovh.net: 5.135.216.9	A	dns10.ovh.net (2001:41d0:d00:6100::2)
9	dns19.ovh.net: 2001:41d0:d00:f800::2	AAAA	dns10.ovh.net (2001:41d0:d00:6100::2)
10	ns19.ovh.net: 5.135.36.129	A	dns10.ovh.net (2001:41d0:d00:6100::2)
11	ns19.ovh.net: 2001:41d0:b00:f200::2	AAAA	dns10.ovh.net (2001:41d0:d00:6100::2)
12	sdns2.ovh.ca: 167.114.154.31	A	dns19.ovh.net (2001:41d0:d00:f800::2)
13	sdns2.ovh.ca: No AAAA record found	AAAA	dns19.ovh.net (2001:41d0:d00:f800::2)

14. CAA - Entries

Domainname	flag	Name	Value	∑ Queries
kaguya.froth.zone	0		no CAA entry found	1
www.froth.zone				1
froth.zone	5	issue	letsencrypt.org	1
	5	issue	letsencrypt.org	1
	5	issue	sectigo.com	1
	5	issue	sectigo.com	1
zone	0		no CAA entry found	1
	0		no CAA entry found	1

15. TXT - Entries

Domainname	TXT Entry	Status	∑ Queries
froth.zone	google-site-verification=3ykMfvqt_9Sa5e2IUewTNT6sbLc63JqDeprZEBSJlbA	ok	1
froth.zone	v=spf1 mx a:mail.froth.zone -all	ok	1
www.froth.zone			1
kaguya.froth.zone		ok	1
_acme-challenge.froth.zone		Name Error - The domain name does not exist	1
_acme-challenge.www.froth.zone		Name Error - The domain name does not exist	1
_acme-challenge.kaguya.froth.zone		Name Error - The domain name does not exist	1
_acme-challenge.froth.zone.froth.zone		Name Error - The domain name does not exist	1
_acme-challenge.www.froth.zone.froth.zone		Name Error - The domain name does not exist	1
_acme-challenge.www.froth.zone.www.froth.zone		Name Error - The domain name does not exist	1
_acme-challenge.kaguya.froth.zone.kaguya.froth.zone		Name Error - The domain name does not exist	1

16. DomainService - Entries

Type		Domain	Pref	Value	DNS-error	num Answers	Status	Description
MX		froth.zone	0	mail.froth.zone	0	1	ok
	A			158.69.1.114	0	1	ok
	AAAA			2607:5300:201:3100::931b	0	1	ok
	CNAME				0	0	ok
SPF	TXT	froth.zone		v=spf1 mx a:mail.froth.zone -all			ok
	MX	froth.zone		mail.froth.zone			ok
	MX-A	mail.froth.zone		158.69.1.114			8192	Duplicated ipv4 found.
	MX-AAAA	mail.froth.zone		2607:5300:201:3100::931b			16384	Duplicated ipv6 found.
	A	mail.froth.zone		158.69.1.114			8192	Duplicated ipv4 found.
	AAAA	mail.froth.zone		2607:5300:201:3100::931b			16384	Duplicated ipv6 found.
_dmarc	TXT	_dmarc.froth.zone		v=DMARC1; p=reject; sp=reject; rua=mailto:dmarc@froth.zone; adkim=r; fo=1			ok

17. Cipher Suites

Summary
Domain	IP	Port	num Ciphers	time	Std.Protocol	Forward Secrecy
froth.zone	95.216.99.249	443	3 Ciphers	34.01 sec		0 without, 3 FS	100.00 %
froth.zone	2a01:4f9:2b:1305::2	443	3 Ciphers	30.18 sec		0 without, 3 FS	100.00 %
Complete		2	6 Ciphers 3.00 Ciphers/Check	64.19 sec	32.10 sec/Check	0 without, 6 FS	100.00 %

Details
Domain	IP	Port	Cipher (OpenSsl / IANA)
froth.zone	95.216.99.249	443	ECDHE-ECDSA-CHACHA20-POLY1305		(Recommended)	TLSv1.2	0xCC,0xA9	FS
3 Ciphers, 34.01 sec			TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		ECDSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-ECDSA-AES256-GCM-SHA384		(Recommended)	TLSv1.2	0xC0,0x2C	FS
			TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
			ECDH		ECDSA	AESGCM(256)	AEAD
			ECDHE-ECDSA-AES128-GCM-SHA256		(Recommended)	TLSv1.2	0xC0,0x2B	FS
			TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
			ECDH		ECDSA	AESGCM(128)	AEAD
	2a01:4f9:2b:1305::2	443	ECDHE-ECDSA-CHACHA20-POLY1305		(Recommended)	TLSv1.2	0xCC,0xA9	FS
3 Ciphers, 30.18 sec			TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH		ECDSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-ECDSA-AES256-GCM-SHA384		(Recommended)	TLSv1.2	0xC0,0x2C	FS
			TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
			ECDH		ECDSA	AESGCM(256)	AEAD
			ECDHE-ECDSA-AES128-GCM-SHA256		(Recommended)	TLSv1.2	0xC0,0x2B	FS
			TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
			ECDH		ECDSA	AESGCM(128)	AEAD

18. Portchecks

Domain	IP	Port	Description	Result	Answer
froth.zone	95.216.99.249	21	FTP

froth.zone	95.216.99.249	21	FTP
froth.zone	95.216.99.249	22	SSH	open
SSH-2.0-OpenSSH_10.0p2 Debian-8
froth.zone	95.216.99.249	22	SSH	open	SSH-2.0-OpenSSH_10.0p2 Debian-8	Bad: SSH without DNS SSHFP Record found
froth.zone	95.216.99.249	25	SMTP

froth.zone	95.216.99.249	25	SMTP
froth.zone	95.216.99.249	53	DNS	open

froth.zone	95.216.99.249	53	DNS	open
froth.zone	95.216.99.249	110	POP3

froth.zone	95.216.99.249	110	POP3
froth.zone	95.216.99.249	143	IMAP

froth.zone	95.216.99.249	143	IMAP
froth.zone	95.216.99.249	465	SMTP (encrypted)

froth.zone	95.216.99.249	465	SMTP (encrypted)
froth.zone	95.216.99.249	587	SMTP (encrypted, submission)

froth.zone	95.216.99.249	587	SMTP (encrypted, submission)
froth.zone	95.216.99.249	993	IMAP (encrypted)

froth.zone	95.216.99.249	993	IMAP (encrypted)
froth.zone	95.216.99.249	995	POP3 (encrypted)

froth.zone	95.216.99.249	995	POP3 (encrypted)
froth.zone	95.216.99.249	1433	MS SQL

froth.zone	95.216.99.249	1433	MS SQL
froth.zone	95.216.99.249	2082	cPanel (http)

froth.zone	95.216.99.249	2082	cPanel (http)
froth.zone	95.216.99.249	2083	cPanel (https)

froth.zone	95.216.99.249	2083	cPanel (https)
froth.zone	95.216.99.249	2086	WHM (http)

froth.zone	95.216.99.249	2086	WHM (http)
froth.zone	95.216.99.249	2087	WHM (https)

froth.zone	95.216.99.249	2087	WHM (https)
froth.zone	95.216.99.249	2089	cPanel Licensing

froth.zone	95.216.99.249	2089	cPanel Licensing
froth.zone	95.216.99.249	2095	cPanel Webmail (http)

froth.zone	95.216.99.249	2095	cPanel Webmail (http)
froth.zone	95.216.99.249	2096	cPanel Webmail (https)

froth.zone	95.216.99.249	2096	cPanel Webmail (https)
froth.zone	95.216.99.249	2222	DirectAdmin (http)	open
http://95.216.99.249:2222/ Http-Status: -14 Timeout - The operation has timed out.
froth.zone	95.216.99.249	2222	DirectAdmin (http)	open	http://95.216.99.249:2222/ Http-Status: -14 Timeout - The operation has timed out.
froth.zone	95.216.99.249	2222	DirectAdmin (https)	open
https://95.216.99.249:2222/ Http-Status: -14 Timeout - The operation has timed out.
froth.zone	95.216.99.249	2222	DirectAdmin (https)	open	https://95.216.99.249:2222/ Http-Status: -14 Timeout - The operation has timed out.
froth.zone	95.216.99.249	3306	mySql

froth.zone	95.216.99.249	3306	mySql
froth.zone	95.216.99.249	5224	Plesk Licensing

froth.zone	95.216.99.249	5224	Plesk Licensing
froth.zone	95.216.99.249	5432	PostgreSQL

froth.zone	95.216.99.249	5432	PostgreSQL
froth.zone	95.216.99.249	8080	Ookla Speedtest (http)

froth.zone	95.216.99.249	8080	Ookla Speedtest (http)
froth.zone	95.216.99.249	8080	Ookla Speedtest (https)

froth.zone	95.216.99.249	8080	Ookla Speedtest (https)
froth.zone	95.216.99.249	8083	VestaCP http

froth.zone	95.216.99.249	8083	VestaCP http
froth.zone	95.216.99.249	8083	VestaCP https

froth.zone	95.216.99.249	8083	VestaCP https
froth.zone	95.216.99.249	8443	Plesk Administration (https)

froth.zone	95.216.99.249	8443	Plesk Administration (https)
froth.zone	95.216.99.249	8447	Plesk Installer + Updates

froth.zone	95.216.99.249	8447	Plesk Installer + Updates
froth.zone	95.216.99.249	8880	Plesk Administration (http)

froth.zone	95.216.99.249	8880	Plesk Administration (http)
froth.zone	95.216.99.249	10000	Webmin (http)

froth.zone	95.216.99.249	10000	Webmin (http)
froth.zone	95.216.99.249	10000	Webmin (https)

froth.zone	95.216.99.249	10000	Webmin (https)
froth.zone	2a01:4f9:2b:1305::2	21	FTP

froth.zone	2a01:4f9:2b:1305::2	21	FTP
froth.zone	2a01:4f9:2b:1305::2	22	SSH	open
SSH-2.0-OpenSSH_10.0p2 Debian-8
froth.zone	2a01:4f9:2b:1305::2	22	SSH	open	SSH-2.0-OpenSSH_10.0p2 Debian-8	Bad: SSH without DNS SSHFP Record found
froth.zone	2a01:4f9:2b:1305::2	25	SMTP

froth.zone	2a01:4f9:2b:1305::2	25	SMTP
froth.zone	2a01:4f9:2b:1305::2	53	DNS	open

froth.zone	2a01:4f9:2b:1305::2	53	DNS	open
froth.zone	2a01:4f9:2b:1305::2	110	POP3

froth.zone	2a01:4f9:2b:1305::2	110	POP3
froth.zone	2a01:4f9:2b:1305::2	143	IMAP

froth.zone	2a01:4f9:2b:1305::2	143	IMAP
froth.zone	2a01:4f9:2b:1305::2	465	SMTP (encrypted)

froth.zone	2a01:4f9:2b:1305::2	465	SMTP (encrypted)
froth.zone	2a01:4f9:2b:1305::2	587	SMTP (encrypted, submission)

froth.zone	2a01:4f9:2b:1305::2	587	SMTP (encrypted, submission)
froth.zone	2a01:4f9:2b:1305::2	993	IMAP (encrypted)

froth.zone	2a01:4f9:2b:1305::2	993	IMAP (encrypted)
froth.zone	2a01:4f9:2b:1305::2	995	POP3 (encrypted)

froth.zone	2a01:4f9:2b:1305::2	995	POP3 (encrypted)
froth.zone	2a01:4f9:2b:1305::2	1433	MS SQL

froth.zone	2a01:4f9:2b:1305::2	1433	MS SQL
froth.zone	2a01:4f9:2b:1305::2	2082	cPanel (http)

froth.zone	2a01:4f9:2b:1305::2	2082	cPanel (http)
froth.zone	2a01:4f9:2b:1305::2	2083	cPanel (https)

froth.zone	2a01:4f9:2b:1305::2	2083	cPanel (https)
froth.zone	2a01:4f9:2b:1305::2	2086	WHM (http)

froth.zone	2a01:4f9:2b:1305::2	2086	WHM (http)
froth.zone	2a01:4f9:2b:1305::2	2087	WHM (https)

froth.zone	2a01:4f9:2b:1305::2	2087	WHM (https)
froth.zone	2a01:4f9:2b:1305::2	2089	cPanel Licensing

froth.zone	2a01:4f9:2b:1305::2	2089	cPanel Licensing
froth.zone	2a01:4f9:2b:1305::2	2095	cPanel Webmail (http)

froth.zone	2a01:4f9:2b:1305::2	2095	cPanel Webmail (http)
froth.zone	2a01:4f9:2b:1305::2	2096	cPanel Webmail (https)

froth.zone	2a01:4f9:2b:1305::2	2096	cPanel Webmail (https)
froth.zone	2a01:4f9:2b:1305::2	2222	DirectAdmin (http)	open
http://[2a01:4f9:2b:1305::2]:2222/ Http-Status: -14 Timeout - The operation has timed out.
froth.zone	2a01:4f9:2b:1305::2	2222	DirectAdmin (http)	open	http://[2a01:4f9:2b:1305::2]:2222/ Http-Status: -14 Timeout - The operation has timed out.
froth.zone	2a01:4f9:2b:1305::2	2222	DirectAdmin (https)	open
https://[2a01:4f9:2b:1305::2]:2222/ Http-Status: -14 Timeout - The operation has timed out.
froth.zone	2a01:4f9:2b:1305::2	2222	DirectAdmin (https)	open	https://[2a01:4f9:2b:1305::2]:2222/ Http-Status: -14 Timeout - The operation has timed out.
froth.zone	2a01:4f9:2b:1305::2	3306	mySql

froth.zone	2a01:4f9:2b:1305::2	3306	mySql
froth.zone	2a01:4f9:2b:1305::2	5224	Plesk Licensing

froth.zone	2a01:4f9:2b:1305::2	5224	Plesk Licensing
froth.zone	2a01:4f9:2b:1305::2	5432	PostgreSQL

froth.zone	2a01:4f9:2b:1305::2	5432	PostgreSQL
froth.zone	2a01:4f9:2b:1305::2	8080	Ookla Speedtest (http)

froth.zone	2a01:4f9:2b:1305::2	8080	Ookla Speedtest (http)
froth.zone	2a01:4f9:2b:1305::2	8080	Ookla Speedtest (https)

froth.zone	2a01:4f9:2b:1305::2	8080	Ookla Speedtest (https)
froth.zone	2a01:4f9:2b:1305::2	8083	VestaCP http

froth.zone	2a01:4f9:2b:1305::2	8083	VestaCP http
froth.zone	2a01:4f9:2b:1305::2	8083	VestaCP https

froth.zone	2a01:4f9:2b:1305::2	8083	VestaCP https
froth.zone	2a01:4f9:2b:1305::2	8443	Plesk Administration (https)

froth.zone	2a01:4f9:2b:1305::2	8443	Plesk Administration (https)
froth.zone	2a01:4f9:2b:1305::2	8447	Plesk Installer + Updates

froth.zone	2a01:4f9:2b:1305::2	8447	Plesk Installer + Updates
froth.zone	2a01:4f9:2b:1305::2	8880	Plesk Administration (http)

froth.zone	2a01:4f9:2b:1305::2	8880	Plesk Administration (http)
froth.zone	2a01:4f9:2b:1305::2	10000	Webmin (http)

froth.zone	2a01:4f9:2b:1305::2	10000	Webmin (http)
froth.zone	2a01:4f9:2b:1305::2	10000	Webmin (https)

froth.zone	2a01:4f9:2b:1305::2	10000	Webmin (https)
www.froth.zone	95.216.99.249	21	FTP

www.froth.zone	95.216.99.249	21	FTP
www.froth.zone	95.216.99.249	22	SSH	open
SSH-2.0-OpenSSH_10.0p2 Debian-8
www.froth.zone	95.216.99.249	22	SSH	open	SSH-2.0-OpenSSH_10.0p2 Debian-8	Bad: SSH without DNS SSHFP Record found
www.froth.zone	95.216.99.249	25	SMTP

www.froth.zone	95.216.99.249	25	SMTP
www.froth.zone	95.216.99.249	53	DNS	open

www.froth.zone	95.216.99.249	53	DNS	open
www.froth.zone	95.216.99.249	110	POP3

www.froth.zone	95.216.99.249	110	POP3
www.froth.zone	95.216.99.249	143	IMAP

www.froth.zone	95.216.99.249	143	IMAP
www.froth.zone	95.216.99.249	465	SMTP (encrypted)

www.froth.zone	95.216.99.249	465	SMTP (encrypted)
www.froth.zone	95.216.99.249	587	SMTP (encrypted, submission)

www.froth.zone	95.216.99.249	587	SMTP (encrypted, submission)
www.froth.zone	95.216.99.249	993	IMAP (encrypted)

www.froth.zone	95.216.99.249	993	IMAP (encrypted)
www.froth.zone	95.216.99.249	995	POP3 (encrypted)

www.froth.zone	95.216.99.249	995	POP3 (encrypted)
www.froth.zone	95.216.99.249	1433	MS SQL

www.froth.zone	95.216.99.249	1433	MS SQL
www.froth.zone	95.216.99.249	2082	cPanel (http)

www.froth.zone	95.216.99.249	2082	cPanel (http)
www.froth.zone	95.216.99.249	2083	cPanel (https)

www.froth.zone	95.216.99.249	2083	cPanel (https)
www.froth.zone	95.216.99.249	2086	WHM (http)

www.froth.zone	95.216.99.249	2086	WHM (http)
www.froth.zone	95.216.99.249	2087	WHM (https)

www.froth.zone	95.216.99.249	2087	WHM (https)
www.froth.zone	95.216.99.249	2089	cPanel Licensing

www.froth.zone	95.216.99.249	2089	cPanel Licensing
www.froth.zone	95.216.99.249	2095	cPanel Webmail (http)

www.froth.zone	95.216.99.249	2095	cPanel Webmail (http)
www.froth.zone	95.216.99.249	2096	cPanel Webmail (https)

www.froth.zone	95.216.99.249	2096	cPanel Webmail (https)
www.froth.zone	95.216.99.249	2222	DirectAdmin (http)	open
http://95.216.99.249:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.froth.zone	95.216.99.249	2222	DirectAdmin (http)	open	http://95.216.99.249:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.froth.zone	95.216.99.249	2222	DirectAdmin (https)	open
https://95.216.99.249:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.froth.zone	95.216.99.249	2222	DirectAdmin (https)	open	https://95.216.99.249:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.froth.zone	95.216.99.249	3306	mySql

www.froth.zone	95.216.99.249	3306	mySql
www.froth.zone	95.216.99.249	5224	Plesk Licensing

www.froth.zone	95.216.99.249	5224	Plesk Licensing
www.froth.zone	95.216.99.249	5432	PostgreSQL

www.froth.zone	95.216.99.249	5432	PostgreSQL
www.froth.zone	95.216.99.249	8080	Ookla Speedtest (http)

www.froth.zone	95.216.99.249	8080	Ookla Speedtest (http)
www.froth.zone	95.216.99.249	8080	Ookla Speedtest (https)

www.froth.zone	95.216.99.249	8080	Ookla Speedtest (https)
www.froth.zone	95.216.99.249	8083	VestaCP http

www.froth.zone	95.216.99.249	8083	VestaCP http
www.froth.zone	95.216.99.249	8083	VestaCP https

www.froth.zone	95.216.99.249	8083	VestaCP https
www.froth.zone	95.216.99.249	8443	Plesk Administration (https)

www.froth.zone	95.216.99.249	8443	Plesk Administration (https)
www.froth.zone	95.216.99.249	8447	Plesk Installer + Updates

www.froth.zone	95.216.99.249	8447	Plesk Installer + Updates
www.froth.zone	95.216.99.249	8880	Plesk Administration (http)

www.froth.zone	95.216.99.249	8880	Plesk Administration (http)
www.froth.zone	95.216.99.249	10000	Webmin (http)

www.froth.zone	95.216.99.249	10000	Webmin (http)
www.froth.zone	95.216.99.249	10000	Webmin (https)

www.froth.zone	95.216.99.249	10000	Webmin (https)
www.froth.zone	2a01:4f9:2b:1305::2	21	FTP

www.froth.zone	2a01:4f9:2b:1305::2	21	FTP
www.froth.zone	2a01:4f9:2b:1305::2	22	SSH	open
SSH-2.0-OpenSSH_10.0p2 Debian-8
www.froth.zone	2a01:4f9:2b:1305::2	22	SSH	open	SSH-2.0-OpenSSH_10.0p2 Debian-8	Bad: SSH without DNS SSHFP Record found
www.froth.zone	2a01:4f9:2b:1305::2	25	SMTP

www.froth.zone	2a01:4f9:2b:1305::2	25	SMTP
www.froth.zone	2a01:4f9:2b:1305::2	53	DNS	open

www.froth.zone	2a01:4f9:2b:1305::2	53	DNS	open
www.froth.zone	2a01:4f9:2b:1305::2	110	POP3

www.froth.zone	2a01:4f9:2b:1305::2	110	POP3
www.froth.zone	2a01:4f9:2b:1305::2	143	IMAP

www.froth.zone	2a01:4f9:2b:1305::2	143	IMAP
www.froth.zone	2a01:4f9:2b:1305::2	465	SMTP (encrypted)

www.froth.zone	2a01:4f9:2b:1305::2	465	SMTP (encrypted)
www.froth.zone	2a01:4f9:2b:1305::2	587	SMTP (encrypted, submission)

www.froth.zone	2a01:4f9:2b:1305::2	587	SMTP (encrypted, submission)
www.froth.zone	2a01:4f9:2b:1305::2	993	IMAP (encrypted)

www.froth.zone	2a01:4f9:2b:1305::2	993	IMAP (encrypted)
www.froth.zone	2a01:4f9:2b:1305::2	995	POP3 (encrypted)

www.froth.zone	2a01:4f9:2b:1305::2	995	POP3 (encrypted)
www.froth.zone	2a01:4f9:2b:1305::2	1433	MS SQL

www.froth.zone	2a01:4f9:2b:1305::2	1433	MS SQL
www.froth.zone	2a01:4f9:2b:1305::2	2082	cPanel (http)

www.froth.zone	2a01:4f9:2b:1305::2	2082	cPanel (http)
www.froth.zone	2a01:4f9:2b:1305::2	2083	cPanel (https)

www.froth.zone	2a01:4f9:2b:1305::2	2083	cPanel (https)
www.froth.zone	2a01:4f9:2b:1305::2	2086	WHM (http)

www.froth.zone	2a01:4f9:2b:1305::2	2086	WHM (http)
www.froth.zone	2a01:4f9:2b:1305::2	2087	WHM (https)

www.froth.zone	2a01:4f9:2b:1305::2	2087	WHM (https)
www.froth.zone	2a01:4f9:2b:1305::2	2089	cPanel Licensing

www.froth.zone	2a01:4f9:2b:1305::2	2089	cPanel Licensing
www.froth.zone	2a01:4f9:2b:1305::2	2095	cPanel Webmail (http)

www.froth.zone	2a01:4f9:2b:1305::2	2095	cPanel Webmail (http)
www.froth.zone	2a01:4f9:2b:1305::2	2096	cPanel Webmail (https)

www.froth.zone	2a01:4f9:2b:1305::2	2096	cPanel Webmail (https)
www.froth.zone	2a01:4f9:2b:1305::2	2222	DirectAdmin (http)	open
http://[2a01:4f9:2b:1305::2]:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.froth.zone	2a01:4f9:2b:1305::2	2222	DirectAdmin (http)	open	http://[2a01:4f9:2b:1305::2]:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.froth.zone	2a01:4f9:2b:1305::2	2222	DirectAdmin (https)	open
https://[2a01:4f9:2b:1305::2]:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.froth.zone	2a01:4f9:2b:1305::2	2222	DirectAdmin (https)	open	https://[2a01:4f9:2b:1305::2]:2222/ Http-Status: -14 Timeout - The operation has timed out.
www.froth.zone	2a01:4f9:2b:1305::2	3306	mySql

www.froth.zone	2a01:4f9:2b:1305::2	3306	mySql
www.froth.zone	2a01:4f9:2b:1305::2	5224	Plesk Licensing

www.froth.zone	2a01:4f9:2b:1305::2	5224	Plesk Licensing
www.froth.zone	2a01:4f9:2b:1305::2	5432	PostgreSQL

www.froth.zone	2a01:4f9:2b:1305::2	5432	PostgreSQL
www.froth.zone	2a01:4f9:2b:1305::2	8080	Ookla Speedtest (http)

www.froth.zone	2a01:4f9:2b:1305::2	8080	Ookla Speedtest (http)
www.froth.zone	2a01:4f9:2b:1305::2	8080	Ookla Speedtest (https)

www.froth.zone	2a01:4f9:2b:1305::2	8080	Ookla Speedtest (https)
www.froth.zone	2a01:4f9:2b:1305::2	8083	VestaCP http

www.froth.zone	2a01:4f9:2b:1305::2	8083	VestaCP http
www.froth.zone	2a01:4f9:2b:1305::2	8083	VestaCP https

www.froth.zone	2a01:4f9:2b:1305::2	8083	VestaCP https
www.froth.zone	2a01:4f9:2b:1305::2	8443	Plesk Administration (https)

www.froth.zone	2a01:4f9:2b:1305::2	8443	Plesk Administration (https)
www.froth.zone	2a01:4f9:2b:1305::2	8447	Plesk Installer + Updates

www.froth.zone	2a01:4f9:2b:1305::2	8447	Plesk Installer + Updates
www.froth.zone	2a01:4f9:2b:1305::2	8880	Plesk Administration (http)

www.froth.zone	2a01:4f9:2b:1305::2	8880	Plesk Administration (http)
www.froth.zone	2a01:4f9:2b:1305::2	10000	Webmin (http)

www.froth.zone	2a01:4f9:2b:1305::2	10000	Webmin (http)
www.froth.zone	2a01:4f9:2b:1305::2	10000	Webmin (https)

www.froth.zone	2a01:4f9:2b:1305::2	10000	Webmin (https)

Permalink: https://check-your-website.server-daten.de/?i=c25b8d99-e478-49e9-964d-ac73c4134ed3

Last Result: https://check-your-website.server-daten.de/?q=froth.zone - 2025-09-03 08:25:40

Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=froth.zone" target="_blank">Check this Site: froth.zone</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

QR-Code of this page - https://check-your-website.server-daten.de/?d=froth.zone

Check DNS, Urls + Redirects, Certificates and Content of your Website

Older results

1. IP-Addresses

2. DNSSEC

3. Name Servers

4. SOA-Entries

5. Screenshots

Mobile- and other Chrome-Checks

6. Url-Checks

7. Comments

1. General Results, most used to calculate the result

2. Header-Checks

3. DNS- and NameServer - Checks

4. Content- and Performance-critical Checks

8. Connections

9. Certificates

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

11. Html-Content - Entries

Summary

Details (currently limited to 500 rows - some problems with spam users)

12. Html-Parsing via https://validator.w3.org/nu/

Summary

Details

13. Nameserver - IP-Adresses

14. CAA - Entries

15. TXT - Entries

16. DomainService - Entries

17. Cipher Suites

18. Portchecks