Check DNS, Urls + Redirects, Certificates and Content of your Website

0 in Queue, 0 of max. 8 Checks (02:24:29)
Why should you only use Prefix - Cookies? |
Hall of Fame - A+ and A

 

Shortcuts: 1. IP-Addresses | 2. DNSSEC | 3. Name Servers | 4. SOA-Entries | 5. Screenshots | 6. Url-Checks | 7. Comments | 8. Connections | 9. Certificates | 10. CT-Logs | 11. Html-Content | 12. Html-Parsing | 13. NameServer-IPAddresses | 14. CAA | 15. TXT | 16. DomainServiceEntries | 17. Cipher Suites | 18. Portchecks |

 

M

 

Misconfiguration - http-status 400 - 499

 

Checked:
17.02.2025 13:08:47

 

Older results

 

M - 27.01.2025 03:22:55
M - 23.01.2025 15:11:05
M - 17.01.2025 03:33:51
M - 16.01.2025 11:05:24
M - 03.01.2025 10:08:03
M - 24.12.2024 04:12:11
M - 21.12.2024 17:14:18
M - 20.12.2024 17:51:20
M - 18.12.2024 11:44:32
M - 16.12.2024 11:43:29

 

1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
image-cdn-ak.spotifycdn.com
CNAME
common-eipb-ak.spotifycdn.com.edgesuite.net
yes
1
0

CNAME
squadcdn.scdn.co.splitter-eip.akadns.net
yes


www.image-cdn-ak.spotifycdn.com

Name Error
yes
1
0
image-cdn-ak.spotifycdn.com
A
2.21.245.185
Berlin/Land Berlin/Germany (DE) - Akamai Technologies
No Hostname found
no



A
2.22.231.122
Berlin/Land Berlin/Germany (DE) - Akamai Technologies
No Hostname found
no


*.spotifycdn.com
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes


*.image-cdn-ak.spotifycdn.com
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes


 

2. DNSSEC

Zone (*)DNSSEC - Informations


Zone: (root)

(root)
1 DS RR published






DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=






 Status: Valid because published






3 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 26470, Flags 256






Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 03.03.2025, 00:00:00 +, Signature-Inception: 10.02.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






 Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






 Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: com

com
1 DS RR in the parent zone found






DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=






1 RRSIG RR to validate DS RR found






RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 02.03.2025, 05:00:00 +, Signature-Inception: 17.02.2025, 04:00:00 +, KeyTag 26470, Signer-Name: (root)






 Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26470 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 13, KeyTag 19718, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 13, KeyTag 23202, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner com., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 26.02.2025, 15:02:35 +, Signature-Inception: 11.02.2025, 14:57:35 +, KeyTag 19718, Signer-Name: com






 Status: Good - Algorithmus 13 and DNSKEY with KeyTag 19718 used to validate the DNSKEY RRSet






 Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest "isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: spotifycdn.com

spotifycdn.com
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "39sa8is5plsupe4oondo7jv97ma4u04b" between the hashed NSEC3-owner "39sa88jk3ntko77k9lpqgitl0d6c3m01" and the hashed NextOwner "39saci6nqpfaj3h66gtmqme3gvbateba". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 39sa88jk3ntko77k9lpqgitl0d6c3m01.com., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 21.02.2025, 00:24:28 +, Signature-Inception: 13.02.2025, 23:14:28 +, KeyTag 23202, Signer-Name: com






DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q3udg8cekkae7rukpgct1dvssh8ll". So that domain name is the Closest Encloser of "spotifycdn.com". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 24.02.2025, 00:26:34 +, Signature-Inception: 16.02.2025, 23:16:34 +, KeyTag 23202, Signer-Name: com






0 DNSKEY RR found









Zone: image-cdn-ak.spotifycdn.com

image-cdn-ak.spotifycdn.com
0 DS RR in the parent zone found



Zone: www.image-cdn-ak.spotifycdn.com

www.image-cdn-ak.spotifycdn.com
0 DS RR in the parent zone found



Zone: (root)

(root)
1 DS RR published






DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=






 Status: Valid because published






3 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 26470, Flags 256






Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 03.03.2025, 00:00:00 +, Signature-Inception: 10.02.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






 Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






 Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: net

net
1 DS RR in the parent zone found






DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=






1 RRSIG RR to validate DS RR found






RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 02.03.2025, 05:00:00 +, Signature-Inception: 17.02.2025, 04:00:00 +, KeyTag 26470, Signer-Name: (root)






 Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26470 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 13, KeyTag 10024, Flags 256






Public Key with Algorithm 13, KeyTag 37331, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner net., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 26.02.2025, 15:10:35 +, Signature-Inception: 11.02.2025, 15:05:35 +, KeyTag 37331, Signer-Name: net






 Status: Good - Algorithmus 13 and DNSKEY with KeyTag 37331 used to validate the DNSKEY RRSet






 Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest "LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: edgesuite.net

edgesuite.net
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "b5jlejrq6ofj80h5u7q4o81i7nvel95j" between the hashed NSEC3-owner "b5jjd28mfhk2qeo58rnoojnf8s5loi6t" and the hashed NextOwner "b5jlj08h2hp07depkrj85j6007rejmpe". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner b5jjd28mfhk2qeo58rnoojnf8s5loi6t.net., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 24.02.2025, 03:01:19 +, Signature-Inception: 17.02.2025, 01:51:19 +, KeyTag 10024, Signer-Name: net






DS-Query in the parent zone sends valid NSEC3 RR with the Hash "a1rt98bs5qgc9nfi51s9hci47uljg6jh" as Owner. That's the Hash of "net" with the NextHashedOwnerName "a1rtlnpgulogn7b9a62shje1u3ttp8dr". So that domain name is the Closest Encloser of "edgesuite.net". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner a1rt98bs5qgc9nfi51s9hci47uljg6jh.net., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 24.02.2025, 03:08:43 +, Signature-Inception: 17.02.2025, 01:58:43 +, KeyTag 10024, Signer-Name: net






0 DNSKEY RR found









Zone: com.edgesuite.net

com.edgesuite.net
0 DS RR in the parent zone found



Zone: spotifycdn.com.edgesuite.net

spotifycdn.com.edgesuite.net
0 DS RR in the parent zone found






0 DNSKEY RR found









Zone: common-eipb-ak.spotifycdn.com.edgesuite.net

common-eipb-ak.spotifycdn.com.edgesuite.net
0 DS RR in the parent zone found

 

3. Name Servers

DomainNameserverNS-IP
www.image-cdn-ak.spotifycdn.com
  dns1.p07.nsone.net

spotifycdn.com
  dns1.p07.nsone.net / ns1dns-fra03-912-5305-0
198.51.44.7
Toronto/Ohio/United States (US) - NSONE Inc

 
2620:4d:4000:6259:7:7:0:1
New York/United States (US) - NSONE Inc

  dns2.p07.nsone.net / ns1dns-fra03-911-5312-0
198.51.45.7
Kimball/Nebraska/United States (US) - NSONE Inc

 
2a00:edc0:6259:7:7::2
Amsterdam/North Holland/The Netherlands (NL) - NS1

  dns3.p07.nsone.net / ns1dns-fra03-912-5313-0
198.51.44.71
Toronto/Ohio/United States (US) - NSONE Inc

 
2620:4d:4000:6259:7:7:0:3
New York/United States (US) - NSONE Inc

  dns4.p07.nsone.net / ns1dns-fra03-913-5315-0
198.51.45.71
Kimball/Nebraska/United States (US) - NSONE Inc

 
2a00:edc0:6259:7:7::4
Amsterdam/North Holland/The Netherlands (NL) - NS1

  ns-cloud-b1.googledomains.com
216.239.32.107
Mountain View/California/United States (US) - Google LLC

 
2001:4860:4802:32::6b
Mountain View/California/United States (US) - Google LLC

  ns-cloud-b2.googledomains.com
216.239.34.107
Mountain View/California/United States (US) - Google LLC

 
2001:4860:4802:34::6b
Mountain View/California/United States (US) - Google LLC

  ns-cloud-b3.googledomains.com
216.239.36.107
Mountain View/California/United States (US) - Google LLC

 
2001:4860:4802:36::6b
Mountain View/California/United States (US) - Google LLC

  ns-cloud-b4.googledomains.com
216.239.38.107
Mountain View/California/United States (US) - Google LLC

 
2001:4860:4802:38::6b
Mountain View/California/United States (US) - Google LLC
com
  a.gtld-servers.net / nnn1-par6


  b.gtld-servers.net / nnn1-elwaw4


  c.gtld-servers.net / nnn1-defra-5


  d.gtld-servers.net / nnn1-defra-5


  e.gtld-servers.net / nnn1-defra-5


  f.gtld-servers.net / nnn1-defra-4


  g.gtld-servers.net / nnn1-defra-4


  h.gtld-servers.net / nnn1-defra-4


  i.gtld-servers.net / nnn1-defra-4


  j.gtld-servers.net / nnn1-ein3


  k.gtld-servers.net / nnn1-frmrs-2


  l.gtld-servers.net / nnn1-frmrs-2


  m.gtld-servers.net / nnn1-frmrs-2

spotifycdn.com.edgesuite.net
  ns1-2.akamai.com

edgesuite.net
  a11-64.akam.net
84.53.139.64
Los Angeles/California/United States (US) - Akamai Technologies

 
2600:1480:1::40
Learmonth/Western Australia/Australia (AU) - Akamai International B.V.

  a1-2.akam.net
193.108.91.2
Seattle/Washington/United States (US) - Akamai International B.V.

 
2600:1401:2::2
Seattle/Washington/United States (US) - Akamai International B.V.

  a12-64.akam.net
184.26.160.64
Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.

 
2600:1480:f000::40
Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.

  a13-64.akam.net
2.22.230.64
Madrid/Spain (ES) - Akamai Technologies

 
2600:1480:800::40
Cambridge/Massachusetts/United States (US) - Akamai International B.V.

  a14-67.akam.net
184.26.161.67
Newark/New Jersey/United States (US) - Akamai International B.V.

 
2600:1480:1800::43
Cambridge/Massachusetts/United States (US) - Akamai International B.V.

  a18-64.akam.net
95.101.36.64
London/England/United Kingdom (GB) - Akamai Technologies

 
2600:1480:4800::40
Cambridge/Massachusetts/United States (US) - Akamai International B.V.

  a24-64.akam.net
2.16.130.64
Frankfurt am Main/Hesse/Germany (DE) - Akamai Technologies

 
2600:1480:9800::40
Los Angeles/California/United States (US) - Akamai International B.V.

  a28-64.akam.net
95.100.173.64
London/England/United Kingdom (GB) - Akamai Technologies

 
2600:1480:d800::40
Cambridge/Massachusetts/United States (US) - Akamai International B.V.

  a3-64.akam.net
96.7.49.64
Cambridge/Massachusetts/United States (US) - Akamai International B.V.

 
2600:1408:1c::40
Springfield/Illinois/United States (US) - Akamai International B.V.

  a5-64.akam.net
95.100.168.64
Milan/Lombardy/Italy (IT) - Akamai Technologies

 
2600:1480:b000::40
Washington/District of Columbia/United States (US) - Akamai International B.V.

  a6-64.akam.net
23.211.133.64
Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.

 
2600:1401:1::40
Frankfurt am Main/Hesse/Germany (DE) - Akamai International B.V.

  a9-64.akam.net
184.85.248.64
Amsterdam/North Holland/The Netherlands (NL) - Akamai International B.V.

 
2a02:26f0:117::40
Cambridge/Massachusetts/United States (US) - Akamai International B.V

  a9-65.akam.net
184.85.248.65
Amsterdam/North Holland/The Netherlands (NL) - Akamai International B.V.

 
2a02:26f0:117::41
Cambridge/Massachusetts/United States (US) - Akamai International B.V

  adns3.akam.net
184.26.161.67
Newark/New Jersey/United States (US) - Akamai International B.V.

  ns1-2.akam.net
193.108.91.2
Seattle/Washington/United States (US) - Akamai International B.V.

 
2600:1401:2::2
Seattle/Washington/United States (US) - Akamai International B.V.

  ns1-2.akamai.com


  usw6.akam.net
23.61.199.64
Cambridge/Massachusetts/United States (US) - Akamai International B.V.
net
  a.gtld-servers.net / nnn1-defra-5


  b.gtld-servers.net / nnn1-elwaw4


  c.gtld-servers.net / nnn1-par6


  d.gtld-servers.net / nnn1-par6


  e.gtld-servers.net / nnn1-par6


  f.gtld-servers.net / nnn1-defra-4


  g.gtld-servers.net / nnn1-defra-4


  h.gtld-servers.net / nnn1-defra-4


  i.gtld-servers.net / nnn1-defra-4


  j.gtld-servers.net / nnn1-nlams-2e


  k.gtld-servers.net / nnn1-frmrs-2


  l.gtld-servers.net / nnn1-ein3


  m.gtld-servers.net / nnn1-frmrs-2

 

4. SOA-Entries


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1739794102
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:4


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1739794117
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:9


Domain:spotifycdn.com
Zone-Name:spotifycdn.com
Primary:dns1.p07.nsone.net
Mail:hostmaster.nsone.net
Serial:1655888800
Refresh:43200
Retry:7200
Expire:1209600
TTL:3600
num Entries:8


Domain:spotifycdn.com
Zone-Name:spotifycdn.com
Primary:ns-cloud-b1.googledomains.com
Mail:cloud-dns-hostmaster.google.com
Serial:1
Refresh:21600
Retry:3600
Expire:259200
TTL:300
num Entries:8


Domain:www.image-cdn-ak.spotifycdn.com
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:net
Zone-Name:net
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1739794132
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:10


Domain:net
Zone-Name:net
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1739794147
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:3


Domain:edgesuite.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:edgesuite.net
Zone-Name:edgesuite.net
Primary:ns1-2.akamai.com
Mail:hostmaster.akamai.com
Serial:1579823477
Refresh:900
Retry:300
Expire:604800
TTL:180
num Entries:30


Domain:spotifycdn.com.edgesuite.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


5. Screenshots

Startaddress: https://image-cdn-ak.spotifycdn.com/, address used: https://image-cdn-ak.spotifycdn.com/, Screenshot created 2025-02-17 13:13:56 +00:0

 

Mobil (412px x 732px)

 

1062 milliseconds

 

Screenshot mobile - https://image-cdn-ak.spotifycdn.com/
Mobil + Landscape (732px x 412px)

 

1058 milliseconds

 

Screenshot mobile landscape - https://image-cdn-ak.spotifycdn.com/
Screen (1280px x 1680px)

 

1136 milliseconds

 

Screenshot Desktop - https://image-cdn-ak.spotifycdn.com/

 

Mobile- and other Chrome-Checks


widthheight
visual Viewport412716
content Size415716

 

Fatal: Horizontal scrollbar detected. Content-size width is greater then visual Viewport width.

 

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://image-cdn-ak.spotifycdn.com/
2.21.245.185
403

Html is minified: 102.11 %
0.010
M
Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Date: Mon, 17 Feb 2025 12:12:45 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Headers: range
Access-Control-Allow-Methods: GET
Content-Type: text/html
Content-Length: 387
Expires: Mon, 17 Feb 2025 12:12:45 GMT

• http://image-cdn-ak.spotifycdn.com/
2.22.231.122
403

Html is minified: 102.10 %
0.007
M
Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Date: Mon, 17 Feb 2025 12:12:45 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Headers: range
Access-Control-Allow-Methods: GET
Content-Type: text/html
Content-Length: 389
Expires: Mon, 17 Feb 2025 12:12:45 GMT

• https://image-cdn-ak.spotifycdn.com/
2.21.245.185
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		403

Html is minified: 102.10 %
Other inline scripts (∑/total): 0/0		2.893
M
Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Date: Mon, 17 Feb 2025 12:12:45 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Headers: range
Access-Control-Allow-Methods: GET
Content-Type: text/html
Content-Length: 389
Expires: Mon, 17 Feb 2025 12:12:45 GMT

• https://image-cdn-ak.spotifycdn.com/
2.22.231.122
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		403

Html is minified: 102.10 %
Other inline scripts (∑/total): 0/0		2.844
M
Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Date: Mon, 17 Feb 2025 12:12:50 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Headers: range
Access-Control-Allow-Methods: GET
Content-Type: text/html
Content-Length: 389
Expires: Mon, 17 Feb 2025 12:12:50 GMT

• http://image-cdn-ak.spotifycdn.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2.21.245.185
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		400

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0		0.360
M
Bad Request
Visible Content:
Cache-Control: no-cache, max-age=0
Pragma: no-cache
Date: Mon, 17 Feb 2025 12:12:55 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Headers: range
Access-Control-Allow-Methods: GET
Content-Type: application/xml; charset=UTF-8
Content-Length: 199
Expires: Mon, 17 Feb 2025 12:12:55 GMT

• http://image-cdn-ak.spotifycdn.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2.22.231.122
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		400

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0		0.170
M
Bad Request
Visible Content:
Cache-Control: no-cache, max-age=0
Pragma: no-cache
Date: Mon, 17 Feb 2025 12:12:55 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Headers: range
Access-Control-Allow-Methods: GET
Content-Type: application/xml; charset=UTF-8
Content-Length: 199
Expires: Mon, 17 Feb 2025 12:12:55 GMT

• https://2.21.245.185/
2.21.245.185
400

Html is minified: 101.64 %
2.930
N
Bad Request
Certificate error: RemoteCertificateNameMismatch
Server: AkamaiGHost
Mime-Version: 1.0
Date: Mon, 17 Feb 2025 12:12:55 GMT
Connection: close
Content-Type: text/html
Content-Length: 310
Expires: Mon, 17 Feb 2025 12:12:55 GMT

• https://2.22.231.122/
2.22.231.122
400

Html is minified: 101.63 %
2.910
N
Bad Request
Certificate error: RemoteCertificateNameMismatch
Server: AkamaiGHost
Mime-Version: 1.0
Date: Mon, 17 Feb 2025 12:13:00 GMT
Connection: close
Content-Type: text/html
Content-Length: 312
Expires: Mon, 17 Feb 2025 12:13:00 GMT

 

7. Comments


1. General Results, most used to calculate the result

Aname "image-cdn-ak.spotifycdn.com" is subdomain, public suffix is ".com", top-level-domain is ".com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .com-domains preloaded: 103088 (complete: 263653)
AGood: All ip addresses are public addresses
AGood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
AGood: No cookie sent via http.
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):0 complete Content-Type - header (4 urls)
http://image-cdn-ak.spotifycdn.com/ 2.21.245.185


Url with incomplete Content-Type - header - missing charset
http://image-cdn-ak.spotifycdn.com/ 2.22.231.122


Url with incomplete Content-Type - header - missing charset
https://image-cdn-ak.spotifycdn.com/ 2.21.245.185


Url with incomplete Content-Type - header - missing charset
https://image-cdn-ak.spotifycdn.com/ 2.22.231.122


Url with incomplete Content-Type - header - missing charset
Bhttps://image-cdn-ak.spotifycdn.com/ 2.21.245.185
403

Missing HSTS-Header
Bhttps://image-cdn-ak.spotifycdn.com/ 2.22.231.122
403

Missing HSTS-Header
CError - no version with Http-Status 200
HFatal error: No https - result with http-status 200, no encryption
Mhttp://image-cdn-ak.spotifycdn.com/ 2.21.245.185
403

Misconfiguration - main pages should never send http status 400 - 499
Mhttp://image-cdn-ak.spotifycdn.com/ 2.22.231.122
403

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://image-cdn-ak.spotifycdn.com/ 2.21.245.185
403

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://image-cdn-ak.spotifycdn.com/ 2.22.231.122
403

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://2.21.245.185/ 2.21.245.185
400

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://2.22.231.122/ 2.22.231.122
400

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://2.21.245.185/ 2.21.245.185
400

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://2.22.231.122/ 2.22.231.122
400

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.image-cdn-ak.spotifycdn.com

2. Header-Checks

Fimage-cdn-ak.spotifycdn.com 2.21.245.185
Content-Security-Policy
Critical: Missing Header:
Fimage-cdn-ak.spotifycdn.com 2.21.245.185
X-Content-Type-Options
Critical: Missing Header:
Fimage-cdn-ak.spotifycdn.com 2.21.245.185
Referrer-Policy
Critical: Missing Header:
Fimage-cdn-ak.spotifycdn.com 2.21.245.185
Permissions-Policy
Critical: Missing Header:
Bimage-cdn-ak.spotifycdn.com 2.21.245.185
Cross-Origin-Embedder-Policy
Info: Missing Header
Bimage-cdn-ak.spotifycdn.com 2.21.245.185
Cross-Origin-Opener-Policy
Info: Missing Header
Bimage-cdn-ak.spotifycdn.com 2.21.245.185
Cross-Origin-Resource-Policy
Info: Missing Header
Fimage-cdn-ak.spotifycdn.com 2.22.231.122
Content-Security-Policy
Critical: Missing Header:
Fimage-cdn-ak.spotifycdn.com 2.22.231.122
X-Content-Type-Options
Critical: Missing Header:
Fimage-cdn-ak.spotifycdn.com 2.22.231.122
Referrer-Policy
Critical: Missing Header:
Fimage-cdn-ak.spotifycdn.com 2.22.231.122
Permissions-Policy
Critical: Missing Header:
Bimage-cdn-ak.spotifycdn.com 2.22.231.122
Cross-Origin-Embedder-Policy
Info: Missing Header
Bimage-cdn-ak.spotifycdn.com 2.22.231.122
Cross-Origin-Opener-Policy
Info: Missing Header
Bimage-cdn-ak.spotifycdn.com 2.22.231.122
Cross-Origin-Resource-Policy
Info: Missing Header

3. DNS- and NameServer - Checks

AInfo:: 26 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 8 Name Servers.
AInfo:: 26 Queries complete, 26 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
Ok (4 - 8):: An average of 3.3 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 8 different Name Servers found: dns1.p07.nsone.net, dns2.p07.nsone.net, dns3.p07.nsone.net, dns4.p07.nsone.net, ns-cloud-b1.googledomains.com, ns-cloud-b2.googledomains.com, ns-cloud-b3.googledomains.com, ns-cloud-b4.googledomains.com, 8 Name Servers included in Delegation: dns1.p07.nsone.net, dns2.p07.nsone.net, dns3.p07.nsone.net, dns4.p07.nsone.net, ns-cloud-b1.googledomains.com, ns-cloud-b2.googledomains.com, ns-cloud-b3.googledomains.com, ns-cloud-b4.googledomains.com, 8 Name Servers included in 1 Zone definitions: dns1.p07.nsone.net, dns2.p07.nsone.net, dns3.p07.nsone.net, dns4.p07.nsone.net, ns-cloud-b1.googledomains.com, ns-cloud-b2.googledomains.com, ns-cloud-b3.googledomains.com, ns-cloud-b4.googledomains.com, 2 Name Servers listed in SOA.Primary: dns1.p07.nsone.net, ns-cloud-b1.googledomains.com.
Error: Different SOA.Primary Name Servers found, different SOA Definitions.: dns1.p07.nsone.net,ns-cloud-b1.googledomains.com.
Error: SOA.Primary Name Server not included in the delegation set.: dns1.p07.nsone.net,ns-cloud-b1.googledomains.com.
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AInfo: Ipv4-Subnet-list: 8 Name Servers, 2 different subnets (first Byte): 198., 216., 2 different subnets (first two Bytes): 198.51., 216.239., 6 different subnets (first three Bytes): 198.51.44., 198.51.45., 216.239.32., 216.239.34., 216.239.36., 216.239.38.
AGood: Name Server IPv4-addresses from different subnet found:
AInfo: IPv6-Subnet-list: 8 Name Servers with IPv6, 3 different subnets (first block): 2001:, 2620:, 2a00:, 3 different subnets (first two blocks): 2001:4860:, 2620:004d:, 2a00:edc0:, 3 different subnets (first three blocks): 2001:4860:4802:, 2620:004d:4000:, 2a00:edc0:6259:, 6 different subnets (first four blocks): 2001:4860:4802:0032:, 2001:4860:4802:0034:, 2001:4860:4802:0036:, 2001:4860:4802:0038:, 2620:004d:4000:6259:, 2a00:edc0:6259:0007:
AGood: Name Server IPv6 addresses from different subnets found.
AGood: Nameserver supports TCP connections: 16 good Nameserver
AGood: Nameserver supports Echo Capitalization: 16 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 16 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 16 good Nameserver
Nameserver doesn't pass all EDNS-Checks: dns1.p07.nsone.net: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: ns1-2.akamai.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: ns1-2.akamai.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

4. Content- and Performance-critical Checks

http://image-cdn-ak.spotifycdn.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2.21.245.185
400

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status between 400 and 499, but not 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://image-cdn-ak.spotifycdn.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2.22.231.122
400

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status between 400 and 499, but not 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AInfo: No img element found, no alt attribute checked
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 315843 milliseconds, 315.843 seconds

 

8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
image-cdn-ak.spotifycdn.com
2.21.245.185
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
image-cdn-ak.spotifycdn.com
2.21.245.185
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.spotifycdn.com, O=Spotify AB, L=Stockholm, C=SE


2CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US


image-cdn-ak.spotifycdn.com
2.22.231.122
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
supported
ok

image-cdn-ak.spotifycdn.com
2.22.231.122
443
ok
Tls12

ECDH Ephermal
256
Aes256
256
Sha384
supported
ok
http/2 via ALPN supported 
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required 		Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=*.spotifycdn.com, O=Spotify AB, L=Stockholm, C=SE


2CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US


2.21.245.185
2.21.245.185
443
name does not match
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
supported
ok

2.21.245.185
2.21.245.185
443
name does not match
Tls12

ECDH Ephermal
256
Aes128
128
Sha256
supported
ok
no http/2 via ALPN 
Cert sent without SNI 		Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
no http/2 via ALPN
Cert sent without SNI 		Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain - incomplete

1CN=a248.e.akamai.net, O="Akamai Technologies, Inc.", L=Cambridge, C=US, ST=Massachusetts


2CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US


2.22.231.122
2.22.231.122
443
name does not match
Tls12
ECDH Ephermal
256
Aes128
128
Sha256
supported
ok

2.22.231.122
2.22.231.122
443
name does not match
Tls12

ECDH Ephermal
256
Aes128
128
Sha256
supported
ok
no http/2 via ALPN 
Cert sent without SNI 		Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
no http/2 via ALPN
Cert sent without SNI 		Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2
Chain - incomplete

1CN=a248.e.akamai.net, O="Akamai Technologies, Inc.", L=Cambridge, C=US, ST=Massachusetts


2CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

 

9. Certificates

1.
1.
CN=*.spotifycdn.com, O=Spotify AB, L=Stockholm, C=SE
09.07.2024
10.08.2025
expires in 137 days		*.spotifycdn.com, spotifycdn.com - 2 entries
1.
1.
CN=*.spotifycdn.com, O=Spotify AB, L=Stockholm, C=SE
09.07.2024

10.08.2025
expires in 137 days


*.spotifycdn.com, spotifycdn.com - 2 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:SHA256 With RSA-Encryption
Serial Number:05D9FCB02B4CB0E67AAF20929CDF6FDB
Thumbprint:99DAE576D8E82B2D9A2C0E80DFD8CC9AD37D3335
SHA256 / Certificate:/CZ6VciAvu0ZpQR9Pp/+7O28uTNfMB94o5HbWkDlwRw=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):cbdd453ad8a7859a6e8317f6cc06567426bbefb161099314b3c2fff84d3efd8d
SHA256 hex / Subject Public Key Information (SPKI):cbdd453ad8a7859a6e8317f6cc06567426bbefb161099314b3c2fff84d3efd8d (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
30.03.2021
30.03.2031
expires in 2195 days

2.
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
30.03.2021

30.03.2031
expires in 2195 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0CF5BD062B5602F47AB8502C23CCF066
Thumbprint:1B511ABEAD59C6CE207077C0BF0E0043B1382612
SHA256 / Certificate:yAJfn8Zf38lbPKjMeGe5pYe1J3lzlXkXRj/IE9C2Jak=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):59e738e674221702af1edb87c5200c1a4b75f64fae3d2c3d265124c61bd83c79
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013
15.01.2038
expires in 4678 days

3.
CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
01.08.2013

15.01.2038
expires in 4678 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:033AF1E6A711A9A0BB2864B11D09FAE5
Thumbprint:DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA256 / Certificate:yzzLt2Ax5eATj43TmiP53kf/w15DwRRM6ifUalqxy18=
SHA256 hex / Cert (DANE * 0 1):cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA256 hex / PublicKey (DANE * 1 1):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SHA256 hex / Subject Public Key Information (SPKI):8bb593a93be1d0e8a822bb887c547890c3e706aad2dab76254f97fb36b82fc26
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




2.
1.
CN=a248.e.akamai.net, O="Akamai Technologies, Inc.", L=Cambridge, S=Massachusetts, C=US
18.04.2024
20.04.2025
expires in 25 days		a248.e.akamai.net, *.akamaized.net, *.akamaized-staging.net, *.akamaihd.net, *.akamaihd-staging.net - 5 entries
2.
1.
CN=a248.e.akamai.net, O="Akamai Technologies, Inc.", L=Cambridge, S=Massachusetts, C=US
18.04.2024

20.04.2025
expires in 25 days


a248.e.akamai.net, *.akamaized.net, *.akamaized-staging.net, *.akamaihd.net, *.akamaihd-staging.net - 5 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:SHA256 With RSA-Encryption
Serial Number:0B0EFA6998487092A5D64EC0E7A56EF2
Thumbprint:2839AF637D02E8F71723A0EEE0C92F9C6417680A
SHA256 / Certificate:QLn5+ugGtVcDvAfznkAKbT1hZHO63QSAtAVMMp14vxk=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):42dbf007812700e8e65a03dfbd061fd5f52143942f7d95a15c5c1a2f64204543
SHA256 hex / Subject Public Key Information (SPKI):42dbf007812700e8e65a03dfbd061fd5f52143942f7d95a15c5c1a2f64204543 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=a248.e.akamai.net, O="Akamai Technologies, Inc.", L=Cambridge, S=Massachusetts, C=US
18.04.2024
20.04.2025
expires in 25 days		a248.e.akamai.net, *.akamaized.net, *.akamaized-staging.net, *.akamaihd.net, *.akamaihd-staging.net - 5 entries

2.
CN=a248.e.akamai.net, O="Akamai Technologies, Inc.", L=Cambridge, S=Massachusetts, C=US
18.04.2024

20.04.2025
expires in 25 days


a248.e.akamai.net, *.akamaized.net, *.akamaized-staging.net, *.akamaihd.net, *.akamaihd-staging.net - 5 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:SHA256 With RSA-Encryption
Serial Number:0B0EFA6998487092A5D64EC0E7A56EF2
Thumbprint:2839AF637D02E8F71723A0EEE0C92F9C6417680A
SHA256 / Certificate:QLn5+ugGtVcDvAfznkAKbT1hZHO63QSAtAVMMp14vxk=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):42dbf007812700e8e65a03dfbd061fd5f52143942f7d95a15c5c1a2f64204543
SHA256 hex / Subject Public Key Information (SPKI):42dbf007812700e8e65a03dfbd061fd5f52143942f7d95a15c5c1a2f64204543 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




3.
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
14.04.2021
14.04.2031
expires in 2210 days

3.
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
14.04.2021

14.04.2031
expires in 2210 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:06D8D904D5584346F68A2FA754227EC4
Thumbprint:1C58A3A8518E8759BF075B76B750D4F2DF264FCD
SHA256 / Certificate:UidMV85N7jtJ23p/9wjAQPdxiYs76IclqG+0QwGC/hQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):450799901e36ce751fb0320815621189811c2a5ee71f0345c160ab9cc3096d57
SHA256 hex / Subject Public Key Information (SPKI):450799901e36ce751fb0320815621189811c2a5ee71f0345c160ab9cc3096d57
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




4.
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
14.04.2021
14.04.2031
expires in 2210 days

4.
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
14.04.2021

14.04.2031
expires in 2210 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:06D8D904D5584346F68A2FA754227EC4
Thumbprint:1C58A3A8518E8759BF075B76B750D4F2DF264FCD
SHA256 / Certificate:UidMV85N7jtJ23p/9wjAQPdxiYs76IclqG+0QwGC/hQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):450799901e36ce751fb0320815621189811c2a5ee71f0345c160ab9cc3096d57
SHA256 hex / Subject Public Key Information (SPKI):450799901e36ce751fb0320815621189811c2a5ee71f0345c160ab9cc3096d57
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




5.
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
10.11.2006
10.11.2031
expires in 2420 days

5.
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
10.11.2006

10.11.2031
expires in 2420 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:083BE056904246B1A1756AC95991C74A
Thumbprint:A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
SHA256 / Certificate:Q0ig6URMeMsmXgWNXolEtNhPlmK9Jtslf4k0pEPHAWE=
SHA256 hex / Cert (DANE * 0 1):4348a0e9444c78cb265e058d5e8944b4d84f9662bd26db257f8934a443c70161
SHA256 hex / PublicKey (DANE * 1 1):aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SHA256 hex / Subject Public Key Information (SPKI):aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:





6.
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
07.12.2016
10.05.2025
expires in 45 days

6.
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
07.12.2016

10.05.2025
expires in 45 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0F5BC3A176CB789E2020C7893C8167B4
Thumbprint:FB20FA8A6A93B375F054814F9E00273EA51A6138
SHA256 / Certificate:bay7iUUTex2tQhGwQ2774G8SrONpBJc7Ra4ldAgj02k=
SHA256 hex / Cert (DANE * 0 1):6dacbb8945137b1dad4211b0436efbe06f12ace36904973b45ae25740823d369
SHA256 hex / PublicKey (DANE * 1 1):aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SHA256 hex / Subject Public Key Information (SPKI):aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.digicert.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




7.
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
12.05.2000
13.05.2025
expires in 48 days

7.
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
12.05.2000

13.05.2025
expires in 48 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:020000B9
Thumbprint:D4DE20D05E66FC53FE1A50882C78DB2852CAE474
SHA256 / Certificate:Fq9XqfZ2sKsSYJWqXrre8iqzERnWRKyVzUuT2/Pyaus=
SHA256 hex / Cert (DANE * 0 1):16af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb
SHA256 hex / PublicKey (DANE * 1 1):63d9af9b47b1064d49a10e7b7fd566dbc8caa399459bfc2829c571ad8c6ef34a
SHA256 hex / Subject Public Key Information (SPKI):63d9af9b47b1064d49a10e7b7fd566dbc8caa399459bfc2829c571ad8c6ef34a
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




 

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found

 

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuerlast 7 daysactivenum Certs
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
0
2
4
CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2, O=GlobalSign nv-sa, C=BE
0
1
1
CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE
0
0
1

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
13762832363
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-07-15 22:00:00
2025-08-09 21:59:59
*.spotifycdn.com, spotifycdn.com
2 entries


13672328945
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-07-08 22:00:00
2025-08-09 21:59:59
*.spotifycdn.com, spotifycdn.com
2 entries


12667842339
precert		CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2, O=GlobalSign nv-sa, C=BE
2024-04-09 09:45:12
2025-05-11 09:45:11
*.spotifycdn.com
1 entries


10030945960
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-07-30 22:00:00
2024-08-21 21:59:59
*.spotifycdn.com, spotifycdn.com
2 entries


10031422310
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-07-30 22:00:00
2024-07-30 21:59:59
*.spotifycdn.com, spotifycdn.com
2 entries


9848133321
precert		CN=GlobalSign Atlas R3 DV TLS CA 2023 Q2, O=GlobalSign nv-sa, C=BE
2023-07-07 09:41:09
2024-08-07 09:41:08
*.spotifycdn.com
1 entries


 

11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404

 

12. Html-Parsing via https://validator.w3.org/nu/


No https result http status 200 and Content-Type text/html or text/xml found, no Html-Parsing - Check

 

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: dns1.p07.nsone.net, dns2.p07.nsone.net, dns3.p07.nsone.net, dns4.p07.nsone.net, ns-cloud-b1.googledomains.com, ns-cloud-b2.googledomains.com, ns-cloud-b3.googledomains.com, ns-cloud-b4.googledomains.com

 

QNr.DomainTypeNS used
1
net
NS
k.root-servers.net (2001:7fd::1)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2
dns1.p07.nsone.net
NS
e.gtld-servers.net (2001:502:1ca1::30)

Answer: dns1.p01.nsone.net, dns2.p01.nsone.net, dns3.p01.nsone.net, dns4.p01.nsone.net

Answer: dns1.p01.nsone.net
198.51.44.1, 2620:4d:4000:6259:7:1:0:1

Answer: dns2.p01.nsone.net
198.51.45.1, 2a00:edc0:6259:7:1::2

Answer: dns3.p01.nsone.net
198.51.44.65, 2620:4d:4000:6259:7:1:0:3

Answer: dns4.p01.nsone.net
198.51.45.65, 2a00:edc0:6259:7:1::4
3
dns2.p07.nsone.net
NS
e.gtld-servers.net (2001:502:1ca1::30)

Answer: dns1.p01.nsone.net, dns2.p01.nsone.net, dns3.p01.nsone.net, dns4.p01.nsone.net

Answer: dns1.p01.nsone.net
198.51.44.1, 2620:4d:4000:6259:7:1:0:1

Answer: dns2.p01.nsone.net
198.51.45.1, 2a00:edc0:6259:7:1::2

Answer: dns3.p01.nsone.net
198.51.44.65, 2620:4d:4000:6259:7:1:0:3

Answer: dns4.p01.nsone.net
198.51.45.65, 2a00:edc0:6259:7:1::4
4
dns3.p07.nsone.net
NS
e.gtld-servers.net (2001:502:1ca1::30)

Answer: dns1.p01.nsone.net, dns2.p01.nsone.net, dns3.p01.nsone.net, dns4.p01.nsone.net

Answer: dns1.p01.nsone.net
198.51.44.1, 2620:4d:4000:6259:7:1:0:1

Answer: dns2.p01.nsone.net
198.51.45.1, 2a00:edc0:6259:7:1::2

Answer: dns3.p01.nsone.net
198.51.44.65, 2620:4d:4000:6259:7:1:0:3

Answer: dns4.p01.nsone.net
198.51.45.65, 2a00:edc0:6259:7:1::4
5
dns4.p07.nsone.net
NS
e.gtld-servers.net (2001:502:1ca1::30)

Answer: dns1.p01.nsone.net, dns2.p01.nsone.net, dns3.p01.nsone.net, dns4.p01.nsone.net

Answer: dns1.p01.nsone.net
198.51.44.1, 2620:4d:4000:6259:7:1:0:1

Answer: dns2.p01.nsone.net
198.51.45.1, 2a00:edc0:6259:7:1::2

Answer: dns3.p01.nsone.net
198.51.44.65, 2620:4d:4000:6259:7:1:0:3

Answer: dns4.p01.nsone.net
198.51.45.65, 2a00:edc0:6259:7:1::4
6
com
NS
d.root-servers.net (2001:500:2d::d)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
7
ns-cloud-b1.googledomains.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com

Answer: ns5.googledomains.com
2001:4860:4802:32::a, 216.239.32.10

Answer: ns6.googledomains.com
2001:4860:4802:34::a, 216.239.34.10

Answer: ns7.googledomains.com
2001:4860:4802:36::a, 216.239.36.10

Answer: ns8.googledomains.com
2001:4860:4802:38::a, 216.239.38.10
8
ns-cloud-b2.googledomains.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com

Answer: ns5.googledomains.com
2001:4860:4802:32::a, 216.239.32.10

Answer: ns6.googledomains.com
2001:4860:4802:34::a, 216.239.34.10

Answer: ns7.googledomains.com
2001:4860:4802:36::a, 216.239.36.10

Answer: ns8.googledomains.com
2001:4860:4802:38::a, 216.239.38.10
9
ns-cloud-b3.googledomains.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com

Answer: ns5.googledomains.com
2001:4860:4802:32::a, 216.239.32.10

Answer: ns6.googledomains.com
2001:4860:4802:34::a, 216.239.34.10

Answer: ns7.googledomains.com
2001:4860:4802:36::a, 216.239.36.10

Answer: ns8.googledomains.com
2001:4860:4802:38::a, 216.239.38.10
10
ns-cloud-b4.googledomains.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com

Answer: ns5.googledomains.com
2001:4860:4802:32::a, 216.239.32.10

Answer: ns6.googledomains.com
2001:4860:4802:34::a, 216.239.34.10

Answer: ns7.googledomains.com
2001:4860:4802:36::a, 216.239.36.10

Answer: ns8.googledomains.com
2001:4860:4802:38::a, 216.239.38.10
11
dns1.p07.nsone.net: 198.51.44.7
A
dns1.p01.nsone.net (2620:4d:4000:6259:7:1:0:1)
12
dns1.p07.nsone.net: 2620:4d:4000:6259:7:7:0:1
AAAA
dns1.p01.nsone.net (2620:4d:4000:6259:7:1:0:1)
13
dns2.p07.nsone.net: 198.51.45.7
A
dns1.p01.nsone.net (2620:4d:4000:6259:7:1:0:1)
14
dns2.p07.nsone.net: 2a00:edc0:6259:7:7::2
AAAA
dns1.p01.nsone.net (2620:4d:4000:6259:7:1:0:1)
15
dns3.p07.nsone.net: 198.51.44.71
A
dns1.p01.nsone.net (2620:4d:4000:6259:7:1:0:1)
16
dns3.p07.nsone.net: 2620:4d:4000:6259:7:7:0:3
AAAA
dns1.p01.nsone.net (2620:4d:4000:6259:7:1:0:1)
17
dns4.p07.nsone.net: 198.51.45.71
A
dns1.p01.nsone.net (2620:4d:4000:6259:7:1:0:1)
18
dns4.p07.nsone.net: 2a00:edc0:6259:7:7::4
AAAA
dns1.p01.nsone.net (2620:4d:4000:6259:7:1:0:1)
19
ns-cloud-b1.googledomains.com: 216.239.32.107
A
ns5.googledomains.com (2001:4860:4802:32::a)
20
ns-cloud-b1.googledomains.com: 2001:4860:4802:32::6b
AAAA
ns5.googledomains.com (2001:4860:4802:32::a)
21
ns-cloud-b2.googledomains.com: 216.239.34.107
A
ns5.googledomains.com (2001:4860:4802:32::a)
22
ns-cloud-b2.googledomains.com: 2001:4860:4802:34::6b
AAAA
ns5.googledomains.com (2001:4860:4802:32::a)
23
ns-cloud-b3.googledomains.com: 216.239.36.107
A
ns5.googledomains.com (2001:4860:4802:32::a)
24
ns-cloud-b3.googledomains.com: 2001:4860:4802:36::6b
AAAA
ns5.googledomains.com (2001:4860:4802:32::a)
25
ns-cloud-b4.googledomains.com: 216.239.38.107
A
ns5.googledomains.com (2001:4860:4802:32::a)
26
ns-cloud-b4.googledomains.com: 2001:4860:4802:38::6b
AAAA
ns5.googledomains.com (2001:4860:4802:32::a)

 

14. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
common-eipb-ak.spotifycdn.com.edgesuite.net



1
0
spotifycdn.com.edgesuite.net
0

no CAA entry found
1
0
image-cdn-ak.spotifycdn.com



1
0
com.edgesuite.net



1
0
spotifycdn.com
0

no CAA entry found
1
0
edgesuite.net
0

no CAA entry found
1
0
com
0

no CAA entry found
1
0
net
0

no CAA entry found
1
0

 

15. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
spotifycdn.com
v=spf1 -all
ok
1
0
image-cdn-ak.spotifycdn.com


1
0
_acme-challenge.image-cdn-ak.spotifycdn.com

Name Error - The domain name does not exist
1
0
_acme-challenge.image-cdn-ak.spotifycdn.com.spotifycdn.com

Name Error - The domain name does not exist
1
0
_acme-challenge.common-eipb-ak.spotifycdn.com.edgesuite.net

Name Error - The domain name does not exist
1
0
_acme-challenge.image-cdn-ak.spotifycdn.com.image-cdn-ak.spotifycdn.com

Name Error - The domain name does not exist
1
0
_acme-challenge.common-eipb-ak.spotifycdn.com.edgesuite.net.common-eipb-ak.spotifycdn.com.edgesuite.net

Name Error - The domain name does not exist
1
0

 

16. DomainService - Entries

TypeDomainPrefValueDNS-errornum AnswersStatusDescription
SPF
TXT
image-cdn-ak.spotifycdn.com

32768TXT expected, but CNAME found. CNAME not allowed, only TXT queries are allowed. See RFC 7208, 4.4.

				 
			

				 
			
17. Cipher Suites
No results 

				 
			
18. Portchecks



No open Ports <> 80 / 443 found, so no additional Ports checked.



				 
			

				 
			

Permalink: https://check-your-website.server-daten.de/?i=fd33feed-4efa-485c-b277-96869fe3f543

				 
			


Last Result: https://check-your-website.server-daten.de/?q=image-cdn-ak.spotifycdn.com - 2025-02-17 13:08:47

				 
			
Do you like this page? Support this tool, add a link on your page:

				 
			
<a href="https://check-your-website.server-daten.de/?q=image-cdn-ak.spotifycdn.com" target="_blank">Check this Site: image-cdn-ak.spotifycdn.com</a>

				 
			

				 
			


Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

				 
			
QR-Code of this page - https://check-your-website.server-daten.de/?d=image-cdn-ak.spotifycdn.com

				 
			

				 
			



Jürgen Auer • Friedenstr. 37 • 10249 Berlin • +49(0)30 420 200 60 • info@sql-und-xml.de • 
USt-IdNr.: DE221734518

				 
			


Errors, ideas, questions? Use the 
Contact form • A project using

Server-Daten - Web Database solutions