Check DNS, Urls + Redirects, Certificates and Content of your Website





1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
komparing.com
A
168.119.0.226
Kassel/Hesse/Germany (DE) - Hetzner Online GmbH
Hostname: webserver.static-k.com
yes
2
0

AAAA
2a01:4f8:242:4bd6::11
Falkenstein/Saxony/Germany (DE) - Hetzner Online GmbH

yes


www.komparing.com
CNAME
komparing.com
yes
1
0

A
168.119.0.226
Kassel/Hesse/Germany (DE) - Hetzner Online GmbH
Hostname: webserver.static-k.com
yes



AAAA
2a01:4f8:242:4bd6::11
Falkenstein/Saxony/Germany (DE) - Hetzner Online GmbH

yes


*.komparing.com
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=



Status: Valid because published



3 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 5613, Flags 256



Public Key with Algorithm 8, KeyTag 20038, Flags 256



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.07.2024, 00:00:00 +, Signature-Inception: 01.07.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: com
com
1 DS RR in the parent zone found



DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=



1 RRSIG RR to validate DS RR found



RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 23.07.2024, 05:00:00 +, Signature-Inception: 10.07.2024, 04:00:00 +, KeyTag 20038, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20038 used to validate the DS RRSet in the parent zone



3 DNSKEY RR found



Public Key with Algorithm 13, KeyTag 956, Flags 256



Public Key with Algorithm 13, KeyTag 19718, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 13, KeyTag 59354, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner com., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 21.07.2024, 14:02:35 +, Signature-Inception: 06.07.2024, 13:57:35 +, KeyTag 19718, Signer-Name: com



Status: Good - Algorithmus 13 and DNSKEY with KeyTag 19718 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest "isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: komparing.com
komparing.com
1 DS RR in the parent zone found



DS with Algorithm 13, KeyTag 50457, DigestType 1 and Digest paqUmkEiyMtRlyZCvB2zjlHgmEs=



1 RRSIG RR to validate DS RR found



RRSIG-Owner komparing.com., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 14.07.2024, 02:18:49 +, Signature-Inception: 07.07.2024, 01:08:49 +, KeyTag 956, Signer-Name: com



Status: Good - Algorithmus 13 and DNSKEY with KeyTag 956 used to validate the DS RRSet in the parent zone



1 DNSKEY RR found



Public Key with Algorithm 13, KeyTag 50457, Flags 257 (SEP = Secure Entry Point)



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner komparing.com., Algorithm: 13, 2 Labels, original TTL: 3601 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 50457, Signer-Name: komparing.com



Status: Good - Algorithmus 13 and DNSKEY with KeyTag 50457 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 50457, DigestType 1 and Digest "paqUmkEiyMtRlyZCvB2zjlHgmEs=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



RRSIG Type 1 validates the A - Result: 168.119.0.226
Validated: RRSIG-Owner komparing.com., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 50457, Signer-Name: komparing.com



RRSIG Type 16 validates the TXT - Result: google-site-verification=hZptzTBb8hO8hZMQXfG1FvUeoMooB4pUL0L8MGlfaG8 google-site-verification=pW0Amurm4eiU0BWaM8Uz79F6x3e4A-Ht0F8JznAhdew v=spf1 a ip4:78.46.67.52 ip4:78.46.67.53 ip4:168.119.0.208 ip4:168.119.0.226 ip6:2a01:4f8:120:6011::/64 ip6:2a01:4f8:242:4bd6::/64 include:_spf.google.com -all
Validated: RRSIG-Owner komparing.com., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 50457, Signer-Name: komparing.com



RRSIG Type 28 validates the AAAA - Result: 2A01:04F8:0242:4BD6:0000:0000:0000:0011
Validated: RRSIG-Owner komparing.com., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 50457, Signer-Name: komparing.com



CNAME-Query sends a valid NSEC RR as result with the query name "komparing.com" equal the NSEC-owner "komparing.com" and the NextOwner "_dmarc.komparing.com". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner komparing.com., Algorithm: 13, 2 Labels, original TTL: 3601 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 50457, Signer-Name: komparing.com



Status: Good. NoData-Proof required and found.



TLSA-Query (_443._tcp.komparing.com) sends a valid NSEC RR as result with the owner name komparing.com. So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC RR as result and covers the Wildcard expansion of the ClosestEncloser with the owner "komparing.com" and the NextOwner "_dmarc.komparing.com". So that NSEC confirms the not-existence of the Wildcard expansion.
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner komparing.com., Algorithm: 13, 2 Labels, original TTL: 3601 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 50457, Signer-Name: komparing.com



Status: Good. NXDomain-Proof required and found.



TLSA-Query (_443._tcp.komparing.com) sends a valid NSEC RR as result with the query name "_443._tcp.komparing.com" between the NSEC-owner "komparing._domainkey.komparing.com" and the NextOwner "www.komparing.com". So the zone confirmes the not-existence of that TLSA RR.TLSA-Query (_443._tcp.komparing.com) sends a valid NSEC RR as result with the parent Wildcard "*._tcp.komparing.com" between the NSEC-owner "komparing._domainkey.komparing.com" and the NextOwner "www.komparing.com". So the zone confirmes the not-existence of that Wildcard-expansion.
Bitmap: TXT, RRSIG, NSEC Validated: RRSIG-Owner komparing._domainkey.komparing.com., Algorithm: 13, 4 Labels, original TTL: 3601 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 50457, Signer-Name: komparing.com



Status: Good. NXDomain-Proof required and found.



CAA-Query sends a valid NSEC RR as result with the query name "komparing.com" equal the NSEC-owner "komparing.com" and the NextOwner "_dmarc.komparing.com". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner komparing.com., Algorithm: 13, 2 Labels, original TTL: 3601 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 50457, Signer-Name: komparing.com



Status: Good. NoData-Proof required and found.

Zone: www.komparing.com
www.komparing.com
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "komparing.com" and the NextOwner "_dmarc.komparing.com". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, NSEC, DNSKEY



RRSIG Type 5 validates the CNAME - Result: komparing.com
Validated: RRSIG-Owner www.komparing.com., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 50457, Signer-Name: komparing.com


3. Name Servers

DomainNameserverNS-IP
komparing.com
  dns1.registrar-servers.com / Auth_NC_Host1.Frankfurt_Node1
156.154.132.200
New York/United States (US) - NeuStar, Inc.


 
2610:a1:1024::200
Herndon/Virginia/United States (US) - NeuStar, Inc.


  dns2.registrar-servers.com / Auth_NC_Host2.Frankfurt_Node1
156.154.133.200
New York/United States (US) - NeuStar, Inc.


 
2610:a1:1025::200
Ashburn/Virginia/United States (US) - NeuStar, Inc.

com
  a.gtld-servers.net / nnn1-defra-5


  b.gtld-servers.net / nnn1-elwaw4


  c.gtld-servers.net / nnn1-par6


  d.gtld-servers.net / nnn1-par6


  e.gtld-servers.net / nnn1-par6


  f.gtld-servers.net / nnn1-defra-4


  g.gtld-servers.net / nnn1-defra-4


  h.gtld-servers.net / nnn1-defra-4


  i.gtld-servers.net / nnn1-defra-4


  j.gtld-servers.net / nnn1-frmrs-2


  k.gtld-servers.net / nnn1-frmrs-2


  l.gtld-servers.net / nnn1-frmrs-2


  m.gtld-servers.net / nnn1-ein1


4. SOA-Entries


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1720624235
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:9


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1720624250
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:4


Domain:komparing.com
Zone-Name:komparing.com
Primary:dns1.registrar-servers.com
Mail:hostmaster.registrar-servers.com
Serial:1720409772
Refresh:43200
Retry:3600
Expire:604800
TTL:3601
num Entries:4


5. Screenshots

Startaddress: https://www.komparing.com/, address used: https://www.komparing.com/, Screenshot created 2024-07-10 17:15:30 +00:0

Mobil (412px x 732px)

1046 milliseconds

Screenshot mobile - https://www.komparing.com/
Mobil + Landscape (732px x 412px)

1042 milliseconds

Screenshot mobile landscape - https://www.komparing.com/
Screen (1280px x 1680px)

1158 milliseconds

Screenshot Desktop - https://www.komparing.com/

Mobile- and other Chrome-Checks

widthheight
visual Viewport412732
content Size412732

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://komparing.com/
168.119.0.226
301
https://www.komparing.com/
Html is minified: 100.00 %
0.040
E
Date: Wed, 10 Jul 2024 15:11:42 GMT
Server: Apache/2.4.59, (Fedora Linux), OpenSSL/3.1.1
Location: https://www.komparing.com/
Connection: close
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1

• http://www.komparing.com/
168.119.0.226
301
https://www.komparing.com/
Html is minified: 100.00 %
0.037
A
Date: Wed, 10 Jul 2024 15:11:43 GMT
Server: Apache/2.4.59, (Fedora Linux), OpenSSL/3.1.1
Location: https://www.komparing.com/
Connection: close
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1

• http://komparing.com/
2a01:4f8:242:4bd6::11
-16

1.056
V
UnknownError - Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte. [2a01:4f8:242:4bd6::11]:80 ([2a01:4f8:242:4bd6::11]:80)

• http://www.komparing.com/
2a01:4f8:242:4bd6::11
-16

1.063
V
UnknownError - Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte. [2a01:4f8:242:4bd6::11]:80 ([2a01:4f8:242:4bd6::11]:80)

• https://komparing.com/
168.119.0.226
301
https://www.komparing.com/
Html is minified: 100.00 %
2.127
B
Date: Wed, 10 Jul 2024 15:11:44 GMT
Server: Apache/2.4.59, (Fedora Linux), OpenSSL/3.1.1
Location: https://www.komparing.com/
Connection: close
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1

• https://komparing.com/
2a01:4f8:242:4bd6::11
-16

1.067
V
UnknownError - Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte. [2a01:4f8:242:4bd6::11]:443 ([2a01:4f8:242:4bd6::11]:443)

• https://www.komparing.com/
168.119.0.226 GZip used - 1932 / 5126 - 62.31 %
Inline-JavaScript (∑/total): 2/408 Inline-CSS (∑/total): 1/1946
200

Html is minified: 225.81 %
2.093
B
Date: Wed, 10 Jul 2024 15:11:48 GMT
Server: Apache/2.4.59, (Fedora Linux), OpenSSL/3.1.1
X-Powered-By: PHP/8.2.20
Cache-Control: no-store, must-revalidate, no-cache
Pragma: no-cache
Set-Cookie: PHPSESSID=bgcgp92u02i4t0tap5tkm5kai8; path=/; SameSite=Lax
Upgrade: h2
Connection: Upgrade, close
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Encoding: gzip
Content-Length: 1932
Content-Type: text/html; charset=UTF-8

• https://www.komparing.com/
2a01:4f8:242:4bd6::11
-16

1.057
V
UnknownError - Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte. [2a01:4f8:242:4bd6::11]:443 ([2a01:4f8:242:4bd6::11]:443)

• http://komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
168.119.0.226
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
301
https://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 100.00 %
0.036
E
Visible Content:
Date: Wed, 10 Jul 2024 15:11:53 GMT
Server: Apache/2.4.59, (Fedora Linux), OpenSSL/3.1.1
Location: https://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Content-Length: 303
Content-Type: text/html; charset=iso-8859-1

• http://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
168.119.0.226
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
301
https://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 100.00 %
0.040
A
Visible Content:
Date: Wed, 10 Jul 2024 15:11:55 GMT
Server: Apache/2.4.59, (Fedora Linux), OpenSSL/3.1.1
Location: https://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Connection: close
Content-Length: 303
Content-Type: text/html; charset=iso-8859-1

• http://komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:4f8:242:4bd6::11
-16

1.060
V
UnknownError - Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte. [2a01:4f8:242:4bd6::11]:80 ([2a01:4f8:242:4bd6::11]:80)
Visible Content:

• http://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a01:4f8:242:4bd6::11
-16

1.064
V
UnknownError - Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte. [2a01:4f8:242:4bd6::11]:80 ([2a01:4f8:242:4bd6::11]:80)
Visible Content:

• https://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

Inline-JavaScript (∑/total): 1/337 Inline-CSS (∑/total): 1/1112
404

Html is minified: 330.58 %
9.450
B
Not Found
Visible Content:
Date: Wed, 10 Jul 2024 15:12:03 GMT
Server: Apache/2.4.59, (Fedora Linux), OpenSSL/3.1.1
X-Powered-By: PHP/8.2.20
Cache-Control: no-store, must-revalidate, no-cache
Pragma: no-cache
Set-Cookie: PHPSESSID=vfcbd2ogio60pccddhmh6vv8q9; path=/; SameSite=Lax
Upgrade: h2
Connection: Upgrade, close
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Type: text/html; charset=UTF-8

• https://168.119.0.226/
168.119.0.226 GZip used - 96 / 101 - 4.95 %
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
200

Html is minified: 100.00 %
2.097
N
Certificate error: RemoteCertificateNameMismatch
Date: Wed, 10 Jul 2024 15:11:57 GMT
Server: Apache/2.4.59, (Fedora Linux), OpenSSL/3.1.1
Upgrade: h2
Connection: Upgrade, close
ETag: "65-61ce47ab3f840-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Last-Modified: Wed, 10 Jul 2024 13:18:17 GMT
Content-Encoding: gzip
Content-Length: 96
Content-Type: text/html; charset=UTF-8

• https://[2a01:04f8:0242:4bd6:0000:0000:0000:0011]/
2a01:4f8:242:4bd6::11
-16

1.066
V
UnknownError - Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte. [2a01:4f8:242:4bd6::11]:443 ([2a01:4f8:242:4bd6::11]:443)

7. Comments


1. General Results, most used to calculate the result

Aname "komparing.com" is domain, public suffix is ".com", top-level-domain is ".com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .com-domains preloaded: 94787 (complete: 245733)
AGood: All ip addresses are public addresses
AGood: Minimal 2 ip addresses per domain name found: komparing.com has 2 different ip addresses (authoritative).
AGood: Minimal 2 ip addresses per domain name found: www.komparing.com has 2 different ip addresses (authoritative).
AGood: Ipv4 and Ipv6 addresses per domain name found: komparing.com has 1 ipv4, 1 ipv6 addresses
AGood: Ipv4 and Ipv6 addresses per domain name found: www.komparing.com has 1 ipv4, 1 ipv6 addresses
AGood: No asked Authoritative Name Server had a timeout
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: www is preferred
AGood: No cookie sent via http.
AGood: Every cookie has a SameSite Attribute with a correct value Strict/Lax/None
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Ahttp://www.komparing.com/ 168.119.0.226
301
https://www.komparing.com/
Correct redirect http - https with the same domain name
Bhttps://komparing.com/ 168.119.0.226
301

Missing HSTS-Header
Bhttps://www.komparing.com/ 168.119.0.226
200

Missing HSTS-Header
Bhttps://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Missing HSTS-Header
Bhttps://www.komparing.com/ 168.119.0.226
200
PHPSESSID=bgcgp92u02i4t0tap5tkm5kai8; path=/; SameSite=Lax
Cookie sent via https, but not marked as secure
Bhttps://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
PHPSESSID=vfcbd2ogio60pccddhmh6vv8q9; path=/; SameSite=Lax
Cookie sent via https, but not marked as secure
Ehttp://komparing.com/ 168.119.0.226
301
https://www.komparing.com/
Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
Khttp://komparing.com/ 168.119.0.226, Status 301

http://komparing.com/ 2a01:4f8:242:4bd6::11, Status -16
Configuration problem - different ip addresses with different status
Khttp://www.komparing.com/ 168.119.0.226, Status 301

http://www.komparing.com/ 2a01:4f8:242:4bd6::11, Status -16
Configuration problem - different ip addresses with different status
Khttps://komparing.com/ 168.119.0.226, Status 301

https://komparing.com/ 2a01:4f8:242:4bd6::11, Status -16
Configuration problem - different ip addresses with different status
Khttps://www.komparing.com/ 168.119.0.226, Status 200

https://www.komparing.com/ 2a01:4f8:242:4bd6::11, Status -16
Configuration problem - different ip addresses with different status
Khttp://komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 168.119.0.226, Status 301

http://komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:242:4bd6::11, Status -16
Configuration problem - different ip addresses with different status
Khttp://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 168.119.0.226, Status 301

http://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:242:4bd6::11, Status -16
Configuration problem - different ip addresses with different status
Nhttps://168.119.0.226/ 168.119.0.226
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain komparing.com, 2 ip addresses.
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain www.komparing.com, 2 ip addresses.
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.komparing.com

2. Header-Checks (Cross-Origin-* headers are alpha - started 2024-06-05)

Awww.komparing.com 168.119.0.226
X-Content-Type-Options
Ok: Header without syntax errors found: nosniff
A
X-Frame-Options
Ok: Header without syntax errors found: SAMEORIGIN
B

Info: Header is deprecated. May not longer work in modern browsers. SAMEORIGIN. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A
X-Xss-Protection
Ok: Header without syntax errors found: 1; mode=block
B

Info: Header is deprecated. May not longer work in modern browsers. 1; mode=block
Fwww.komparing.com 168.119.0.226
Content-Security-Policy
Critical: Missing Header:
Fwww.komparing.com 168.119.0.226
Referrer-Policy
Critical: Missing Header:
Fwww.komparing.com 168.119.0.226
Permissions-Policy
Critical: Missing Header:
Bwww.komparing.com 168.119.0.226
Cross-Origin-Embedder-Policy
Info: Missing Header
Bwww.komparing.com 168.119.0.226
Cross-Origin-Opener-Policy
Info: Missing Header
Bwww.komparing.com 168.119.0.226
Cross-Origin-Resource-Policy
Info: Missing Header

3. DNS- and NameServer - Checks

AInfo:: 24 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 2 Name Servers.
AInfo:: 24 Queries complete, 24 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
Bad (greater 8):: An average of 12.0 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 2 different Name Servers found: dns1.registrar-servers.com, dns2.registrar-servers.com, 2 Name Servers included in Delegation: dns1.registrar-servers.com, dns2.registrar-servers.com, 2 Name Servers included in 1 Zone definitions: dns1.registrar-servers.com, dns2.registrar-servers.com, 1 Name Servers listed in SOA.Primary: dns1.registrar-servers.com.
AGood: Only one SOA.Primary Name Server found.: dns1.registrar-servers.com.
AGood: SOA.Primary Name Server included in the delegation set.: dns1.registrar-servers.com.
AGood: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: dns1.registrar-servers.com, dns2.registrar-servers.com
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AGood: Minimal 2 different name servers (public suffix and public ip address) found: 2 different Name Servers found
AGood: All name servers have ipv4- and ipv6-addresses.: 2 different Name Servers found
Warning: All Name Servers have the same Top Level Domain / Public Suffix. If there is a problem with that Top Level Domain, your domain may be affected. Better: Use Name Servers with different top level domains.: 2 Name Servers, 1 Top Level Domain: com
Warning: All Name Servers have the same domain name. If there is a problem with that domain name (or with the name servers of that domain name), your domain may be affected. Better: Use Name Servers with different domain names / different top level domains.: Only one domain name used: registrar-servers.com
Warning: All Name Servers from the same Country / IP location.: 2 Name Servers, 1 Countries: US
AInfo: Ipv4-Subnet-list: 2 Name Servers, 1 different subnets (first Byte): 156., 1 different subnets (first two Bytes): 156.154., 2 different subnets (first three Bytes): 156.154.132., 156.154.133.
AGood: Name Server IPv4-addresses from different subnet found:
AInfo: IPv6-Subnet-list: 2 Name Servers with IPv6, 1 different subnets (first block): 2610:, 1 different subnets (first two blocks): 2610:00a1:, 2 different subnets (first three blocks): 2610:00a1:1024:, 2610:00a1:1025:, 2 different subnets (first four blocks): 2610:00a1:1024:0000:, 2610:00a1:1025:0000:
AGood: Name Server IPv6 addresses from different subnets found.
AGood: Nameserver supports TCP connections: 4 good Nameserver
AGood: Nameserver supports Echo Capitalization: 4 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 4 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 4 good Nameserver
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

4. Content- and Performance-critical Checks

http://komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:242:4bd6::11
-16

Fatal: Check of /.well-known/acme-challenge/random-filename is blocked, http connection error. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:242:4bd6::11
-16

Fatal: Check of /.well-known/acme-challenge/random-filename is blocked, http connection error. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:242:4bd6::11, Status -16

http://komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 168.119.0.226, Status 301
Fatal: Check of /.well-known/acme-challenge/random-filename has different answers checking ipv6 / ipv4. Ipv6 doesn't have the expected result http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 validation may not work. Checking the validation file in /.well-known/acme-challenge Letsencrypt prefers ipv6. Two options: Remove your ipv6 / AAAA DNS entry or (better) fix your ipv6, so your webserver handles ipv6 correct. Perhaps add "Listen [::]:80". Don't use <VirtualHost ip-address:80>, switch to <VirtualHost *:80>. If you use IIS, check your bindings. Don't select a single ip address. Use this tool to check your raw ipv6 address. Add your domain name in the "Hostname" - field. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:4f8:242:4bd6::11, Status -16

http://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 168.119.0.226, Status 301
Fatal: Check of /.well-known/acme-challenge/random-filename has different answers checking ipv6 / ipv4. Ipv6 doesn't have the expected result http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 validation may not work. Checking the validation file in /.well-known/acme-challenge Letsencrypt prefers ipv6. Two options: Remove your ipv6 / AAAA DNS entry or (better) fix your ipv6, so your webserver handles ipv6 correct. Perhaps add "Listen [::]:80". Don't use <VirtualHost ip-address:80>, switch to <VirtualHost *:80>. If you use IIS, check your bindings. Don't select a single ip address. Use this tool to check your raw ipv6 address. Add your domain name in the "Hostname" - field. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Every https result with status 200 supports GZip.
https://www.komparing.com/ 168.119.0.226
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://www.komparing.com/ 168.119.0.226
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
AGood: All images with internal compression not sent via GZip. Images (.png, .jpg) are already compressed, so an additional GZip isn't helpful. 1 images (type image/png, image/jpg) found without additional GZip. Not required because these images are already compressed
AGood: All images are sent with a long Cache-Control header (minimum 7 days). So the browser can reuse these files, no download is required. 1 image files with long Cache-Control max-age found
AGood: Some checked attribute values are enclosed in quotation marks (" or ').: 39 Html-Elements checked, 37 without problems.
IWrong: Attribute values found, not enclosed in quotation marks (" or ').: 2 Html-Elements with attributes and missing enclosed quotation marks found. 2 wrong attributes.
AGood: All img-elements have a valid alt-attribute.: 1 img-elements found.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
https://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
9.450 seconds
Warning: 404 needs more then one second
ADuration: 285903 milliseconds, 285.903 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
komparing.com
168.119.0.226
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
komparing.com
168.119.0.226
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=www.komparing.com

2CN=R3, O=Let's Encrypt, C=US


www.komparing.com
168.119.0.226
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok

www.komparing.com
168.119.0.226
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=www.komparing.com

2CN=R3, O=Let's Encrypt, C=US


www.komparing.com
www.komparing.com
443
ok
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok

www.komparing.com
www.komparing.com
443
ok
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=www.komparing.com

2CN=R3, O=Let's Encrypt, C=US


168.119.0.226
168.119.0.226
443
name does not match
Tls12
ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok

168.119.0.226
168.119.0.226
443
name does not match
Tls12

ECDH Ephermal
255
Aes256
256
Sha384
not supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)
1CN=static-k.com

2CN=R11, O=Let's Encrypt, C=US


9. Certificates

1.
1.
CN=www.komparing.com
31.05.2024
29.08.2024
expires in 47 days
komparing.com, www.komparing.com - 2 entries
1.
1.
CN=www.komparing.com
31.05.2024

29.08.2024
expires in 47 days
komparing.com, www.komparing.com - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:043FFC75A9E6B0C80ADE99E84E04F164189B
Thumbprint:B4AA384FB23F79E63E44B155B7A5192F03923DC2
SHA256 / Certificate:dmQpOLz/dBO55LqzvQtjirU8NS5WvtrbqGQdVUyC4xc=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):3cec6f9695f461ef996e33f354f6f48c49a1285538b09016c4f444d8ef0dcf36
SHA256 hex / Subject Public Key Information (SPKI):3cec6f9695f461ef996e33f354f6f48c49a1285538b09016c4f444d8ef0dcf36 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://r3.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020
15.09.2025
expires in 429 days


2.
CN=R3, O=Let's Encrypt, C=US
04.09.2020

15.09.2025
expires in 429 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:00912B084ACF0C18A753F6D62E25A75F5A
Thumbprint:A053375BFE84E8B748782C7CEE15827A6AF5A405
SHA256 / Certificate:Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SHA256 hex / Subject Public Key Information (SPKI):8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 3978 days


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 3978 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


2.
1.
CN=static-k.com
09.07.2024
07.10.2024
expires in 86 days
static-k.com, webserver.static-k.com, www.static-k.com - 3 entries
2.
1.
CN=static-k.com
09.07.2024

07.10.2024
expires in 86 days
static-k.com, webserver.static-k.com, www.static-k.com - 3 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:03914FAC01346B9F42F69B41259CAEDF690F
Thumbprint:1301D57270891BD3FA032B027E18E62DEC988117
SHA256 / Certificate:hMeHnmFGnrdofpMJQA3dNkNomkBmWSqI0tdfuLTZ+YY=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):4295cc4a1fd73d4f3b8c1398043b7c98d9ec5b3cca53331bae7c79ad4c0b1051
SHA256 hex / Subject Public Key Information (SPKI):4295cc4a1fd73d4f3b8c1398043b7c98d9ec5b3cca53331bae7c79ad4c0b1051 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://r11.o.lencr.org
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)


2.
CN=R11, O=Let's Encrypt, C=US
13.03.2024
13.03.2027
expires in 973 days


2.
CN=R11, O=Let's Encrypt, C=US
13.03.2024

13.03.2027
expires in 973 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008A7D3E13D62F30EF2386BD29076B34F8
Thumbprint:696DB3AF0DFFC17E65C6A20D925C5A7BD24DEC7E
SHA256 / Certificate:WR6c5shj06B56fq+FHjHM5omshJp3eeVIRNhAkrjGkQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):6ddac18698f7f1f7e1c69b9bce420d974ac6f94ca8b2c761701623f99c767dc7
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 3978 days


3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 3978 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuerlast 7 daysactivenum Certs
CN=R3, O=Let's Encrypt, C=US
0
2
2

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
7418431930
leaf cert
CN=R3, O=Let's Encrypt, C=US
2024-05-31 09:40:09
2024-08-29 09:40:08
komparing.com, www.komparing.com - 2 entries


7418241916
leaf cert
CN=R3, O=Let's Encrypt, C=US
2024-05-31 09:01:34
2024-08-29 09:01:33
komparing.com, www.komparing.com - 2 entries



2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuerlast 7 daysactivenum Certs
CN=R3, O=Let's Encrypt, C=US
0 /0 new
2
4

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
13241882748
precert
CN=R3, O=Let's Encrypt, C=US
2024-05-31 07:40:09
2024-08-29 07:40:08
komparing.com, www.komparing.com
2 entries


13241565706
precert
CN=R3, O=Let's Encrypt, C=US
2024-05-31 07:01:34
2024-08-29 07:01:33
komparing.com, www.komparing.com
2 entries


12610822159
leaf cert
CN=R3, O=Let's Encrypt, C=US
2024-04-01 07:01:00
2024-06-30 07:00:59
komparing.com, www.komparing.com
2 entries


11932741138
leaf cert
CN=R3, O=Let's Encrypt, C=US
2024-01-31 21:04:05
2024-04-30 20:04:04
komparing.com, www.komparing.com
2 entries



11. Html-Content - Entries

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://www.komparing.com/
168.119.0.226
a

8

0


0
0
0


iframe

1

0


0
0
0


img

1
6,622 Bytes
0
0
1
0
0
0


link
alternate
1

0


0
0
0


link
other
2
894 Bytes
0
0
1
0
0
0


meta
other
12

0


0
0
0


style

1
19,071 Bytes
0
0
1
0
0
0

https://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
a (2)

2

0


0
0
0

Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://www.komparing.com/
168.119.0.226
a

//www.komparing.com/au/


1
ok








a

//www.komparing.com/de/


1
ok








a

//www.komparing.com/es/


1
ok








a

//www.komparing.com/fr/


1
ok








a

//www.komparing.com/it/


1
ok








a

//www.komparing.com/nz/


1
ok








a

//www.komparing.com/pt/


1
ok








a

//www.komparing.com/us/


1
ok








iframe
src
https://www.googletagmanager.com/ns.html?id=GTM-TF6ND4X


1
ok








img
src
//imageskomparing.static-k.com/Logo_1.0.png
200

1
ok
alt: Compare Prices & Save Money | Komparingimage/png, missing X-Content-Type-Options nosniff

Cache-Control: max-age=5184000 with long duration found.
No GZip - 6622 Bytes




Server-Header Access-Control-Allow-Origin: not found
Cross-Origin Resource Sharing (CORS) not supported



link
alternate
https://www.komparing.com/


1
ok








link
icon
//imageskomparing.static-k.com/favicon.ico
200

1
ok
image/vnd.microsoft.icon, missing X-Content-Type-Options nosniff

No Cache-Control header
No GZip - 894 Bytes




Server-Header Access-Control-Allow-Origin: not found
Cross-Origin Resource Sharing (CORS) not supported



link
publisher
https://plus.google.com/117040668625198603479


1
ok








meta

UTF-8


1
ok








meta
description
The world's top price comparison site. Compare to find the best deals on groceries, household essential, pet supplies... Save money at supermarket, petrol stations and more...


1
ok








meta
distribution
Global


1
ok








meta
google-site-verification
00muw2xxna1tAFufoXB7j1gH8_aPtNvF3UTkL0bH9qg


1
ok








meta
language
en


1
ok








meta
rating
General


1
ok








meta
revisit-after
7 days


1
ok








meta
robots
index, follow, noodp


1
ok








meta
verify-v1
+bz0N5h8UJCNdevkcJcJfOHgDzzZLJdOCkMjMz18YlI=


1
ok








meta
verify-v1
x0v3XKph6UpuRlJmyUQDEVrX4d2zpFadURwqIpJHdAo=


1
ok








meta
verify-v1
Zuks61dZosG0VtI+fD31oaih1MxlVZk1spCLev36TOs=


1
ok








meta
viewport
width=device-width, initial-scale=1.0


1
ok








style

//imageskomparing.static-k.com/mapamundi.gif
200

1
ok
image/gif, missing X-Content-Type-Options nosniff

Cache-Control: max-age=5184000 with long duration found.
No GZip - 19071 Bytes




Server-Header Access-Control-Allow-Origin: not found
Cross-Origin Resource Sharing (CORS) not supported


https://www.komparing.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

a (2)

//www.komparing.com/


2
ok








12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: dns1.registrar-servers.com, dns2.registrar-servers.com

QNr.DomainTypeNS used
1
com
NS
j.root-servers.net (2001:503:c27::2:30)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2
dns1.registrar-servers.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: edns1.registrar-servers.com, edns2.registrar-servers.com, edns3.registrar-servers.com, edns4.registrar-servers.com, edns4.ultradns.biz, edns4.ultradns.com, edns4.ultradns.net, edns4.ultradns.org

Answer: edns1.registrar-servers.com
2001:41d0:800:2d2c::2, 51.89.217.44

Answer: edns2.registrar-servers.com
2607:5300:203:7f53::2, 51.222.46.83

Answer: edns3.registrar-servers.com
193.108.91.149, 2.16.130.65, 2600:1401:2::95, 2600:1480:9800::41, 2a02:26f0:67::43, 95.100.175.67

Answer: edns4.registrar-servers.com
2.22.230.67, 23.211.132.64, 2600:1406:1b::40, 2600:1408:1c::40, 2600:1480:800::43, 96.7.49.64

Answer: edns4.ultradns.com
2001:502:f3ff::204, 204.74.66.4
3
dns2.registrar-servers.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: edns1.registrar-servers.com, edns2.registrar-servers.com, edns3.registrar-servers.com, edns4.registrar-servers.com, edns4.ultradns.biz, edns4.ultradns.com, edns4.ultradns.net, edns4.ultradns.org

Answer: edns1.registrar-servers.com
2001:41d0:800:2d2c::2, 51.89.217.44

Answer: edns2.registrar-servers.com
2607:5300:203:7f53::2, 51.222.46.83

Answer: edns3.registrar-servers.com
193.108.91.149, 2.16.130.65, 2600:1401:2::95, 2600:1480:9800::41, 2a02:26f0:67::43, 95.100.175.67

Answer: edns4.registrar-servers.com
2.22.230.67, 23.211.132.64, 2600:1406:1b::40, 2600:1408:1c::40, 2600:1480:800::43, 96.7.49.64

Answer: edns4.ultradns.com
2001:502:f3ff::204, 204.74.66.4
4
biz
NS
f.root-servers.net (2001:500:2f::f)

Answer: a.gtld.biz, b.gtld.biz, c.gtld.biz, m.gtld.biz, n.gtld.biz, w.gtld.biz, x.gtld.biz, y.gtld.biz
5
edns4.ultradns.biz
NS
a.gtld.biz (2001:502:ad09::30)

Answer: pdns196.ultradns.biz, pdns196.ultradns.co.uk, pdns196.ultradns.com, pdns196.ultradns.info, pdns196.ultradns.net, pdns196.ultradns.org

Answer: pdns196.ultradns.biz
156.154.66.196, 2610:a1:1015::e8
6
net
NS
b.root-servers.net (2001:500:200::b)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
7
edns4.ultradns.net
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: ns61.ultradns2.com, ns61.ultradns2.org, pdns196.ultradns.biz, pdns196.ultradns.co.uk, pdns196.ultradns.com, pdns196.ultradns.info, pdns196.ultradns.net, pdns196.ultradns.org

Answer: pdns196.ultradns.net
156.154.65.196, 2610:a1:1014::e8
8
org
NS
m.root-servers.net (2001:dc3::35)

Answer: a0.org.afilias-nst.info, a2.org.afilias-nst.info, b0.org.afilias-nst.org, b2.org.afilias-nst.org, c0.org.afilias-nst.info, d0.org.afilias-nst.org
9
edns4.ultradns.org
NS
a0.org.afilias-nst.info (2001:500:e::1)

Answer: ns61.ultradns2.com, ns61.ultradns2.org, pdns196.ultradns.biz, pdns196.ultradns.co.uk, pdns196.ultradns.com, pdns196.ultradns.info, pdns196.ultradns.net, pdns196.ultradns.org

Answer: ns61.ultradns2.org
204.74.106.61, 2610:a1:323d::53

Answer: pdns196.ultradns.org
156.154.67.196, 2001:502:4612::e8
10
uk
NS
d.root-servers.net (2001:500:2d::d)

Answer: dns1.nic.uk, dns2.nic.uk, dns3.nic.uk, dns4.nic.uk, nsa.nic.uk, nsb.nic.uk, nsc.nic.uk, nsd.nic.uk
11
pdns196.ultradns.co.uk: 156.154.69.196, 2610:a1:1017::e8
NS
dns1.nic.uk (2a01:618:400::1)
12
pdns196.ultradns.com: 156.154.64.196, 2001:502:f3ff::e8
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: ns61.ultradns2.com
204.74.104.61, 2610:a1:313d::53
13
info
NS
h.root-servers.net (2001:500:1::53)

Answer: a0.info.afilias-nst.info, a2.info.afilias-nst.info, b0.info.afilias-nst.org, b2.info.afilias-nst.org, c0.info.afilias-nst.info, d0.info.afilias-nst.org
14
pdns196.ultradns.info: 156.154.68.196, 2610:a1:1016::e8
NS
a0.info.afilias-nst.info (2001:500:19::1)
15
edns4.ultradns.biz: 204.74.67.4
A
pdns196.ultradns.biz (2610:a1:1015::e8)
16
edns4.ultradns.biz: 2610:a1:1015::204
AAAA
pdns196.ultradns.biz (2610:a1:1015::e8)
17
edns4.ultradns.net: 204.74.110.4
A
ns61.ultradns2.com (2610:a1:313d::53)
18
edns4.ultradns.net: 2610:a1:1014::204
AAAA
ns61.ultradns2.com (2610:a1:313d::53)
19
edns4.ultradns.org: 204.74.111.4
A
ns61.ultradns2.com (2610:a1:313d::53)
20
edns4.ultradns.org: 2001:502:4612::204
AAAA
ns61.ultradns2.com (2610:a1:313d::53)
21
dns1.registrar-servers.com: 156.154.132.200
A
edns1.registrar-servers.com (2001:41d0:800:2d2c::2)
22
dns1.registrar-servers.com: 2610:a1:1024::200
AAAA
edns1.registrar-servers.com (2001:41d0:800:2d2c::2)
23
dns2.registrar-servers.com: 156.154.133.200
A
edns1.registrar-servers.com (2001:41d0:800:2d2c::2)
24
dns2.registrar-servers.com: 2610:a1:1025::200
AAAA
edns1.registrar-servers.com (2001:41d0:800:2d2c::2)


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.komparing.com



1
0
komparing.com
0

no CAA entry found
1
0
com
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
komparing.com
google-site-verification=hZptzTBb8hO8hZMQXfG1FvUeoMooB4pUL0L8MGlfaG8
ok
1
0
komparing.com
google-site-verification=pW0Amurm4eiU0BWaM8Uz79F6x3e4A-Ht0F8JznAhdew
ok
1
0
komparing.com
v=spf1 a ip4:78.46.67.52 ip4:78.46.67.53 ip4:168.119.0.208 ip4:168.119.0.226 ip6:2a01:4f8:120:6011::/64 ip6:2a01:4f8:242:4bd6::/64 include:_spf.google.com -all
ok
1
0
www.komparing.com
google-site-verification=hZptzTBb8hO8hZMQXfG1FvUeoMooB4pUL0L8MGlfaG8
ok
1
0
www.komparing.com
google-site-verification=pW0Amurm4eiU0BWaM8Uz79F6x3e4A-Ht0F8JznAhdew
ok
1
0
www.komparing.com
v=spf1 a ip4:78.46.67.52 ip4:78.46.67.53 ip4:168.119.0.208 ip4:168.119.0.226 ip6:2a01:4f8:120:6011::/64 ip6:2a01:4f8:242:4bd6::/64 include:_spf.google.com -all
ok
1
0
_acme-challenge.komparing.com

Name Error - The domain name does not exist
1
0
_acme-challenge.www.komparing.com

Name Error - The domain name does not exist
1
0
_acme-challenge.komparing.com.komparing.com

Name Error - The domain name does not exist
1
0
_acme-challenge.www.komparing.com.komparing.com

Name Error - The domain name does not exist
1
0
_acme-challenge.www.komparing.com.www.komparing.com

Name Error - The domain name does not exist
1
0


15. DomainService - Entries (SPF-Check is alpha - 2024-06-22, DMARC-Detailcheck is alpha - 2024-07-06)

TypeDomainPrefValueDNS-errornum AnswersStatusDescription
MX

komparing.com
1
aspmx.l.google.com
08ok

A


142.250.110.26
01ok

AAAA


2a00:1450:400c:c07::1b
01ok

CNAME


00ok
MX

komparing.com
1
mail.static-k.com
08ok

A


168.119.0.208
01ok

CNAME


00ok
MX

komparing.com
5
alt1.aspmx.l.google.com
08ok

A


142.250.153.26
01ok

AAAA


2a00:1450:4013:c16::1a
01ok

CNAME


00ok
MX

komparing.com
5
alt2.aspmx.l.google.com
08ok

A


142.251.9.27
01ok

AAAA


2a00:1450:4025:c03::1b
01ok

CNAME


00ok
MX

komparing.com
10
aspmx2.googlemail.com
08ok

A


142.250.153.26
01ok

AAAA


2a00:1450:4013:c16::1a
01ok

CNAME


00ok
MX

komparing.com
10
aspmx3.googlemail.com
08ok

A


142.251.9.26
01ok

AAAA


2a00:1450:4025:c03::1b
01ok

CNAME


00ok
MX

komparing.com
30
aspmx4.googlemail.com
08ok

A


142.250.150.26
01ok

AAAA


2a00:1450:4010:c1c::1b
01ok

CNAME


00ok
MX

komparing.com
30
aspmx5.googlemail.com
08ok

A


74.125.200.26
01ok

AAAA


2404:6800:4003:c00::1a
01ok

CNAME


00ok
SPF
TXT
komparing.com

v=spf1 a ip4:78.46.67.52 ip4:78.46.67.53 ip4:168.119.0.208 ip4:168.119.0.226 ip6:2a01:4f8:120:6011::/64 ip6:2a01:4f8:242:4bd6::/64 include:_spf.google.com -all
ok

A
komparing.com

168.119.0.226
8192Duplicated ipv4 found.

AAAA
komparing.com

2a01:4f8:242:4bd6::11
ok

TXT
komparing.com

ip4:168.119.0.226
8192Duplicated ipv4 found.

TXT
_spf.google.com

v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all
ok

TXT
_netblocks.google.com

v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all
ok

TXT
_netblocks2.google.com

v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all
ok

TXT
_netblocks3.google.com

v=spf1 ip4:172.217.0.0/19 ip4:172.217.32.0/20 ip4:172.217.128.0/19 ip4:172.217.160.0/20 ip4:172.217.192.0/19 ip4:172.253.56.0/21 ip4:172.253.112.0/20 ip4:108.177.96.0/19 ip4:35.191.0.0/16 ip4:130.211.0.0/22 ~all
ok
_dmarc
TXT
_dmarc.komparing.com

v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; pct=100; rua=mailto:dmarc@komparing.com
ok



16. Cipher Suites

Summary
DomainIPPortnum CipherstimeStd.ProtocolForward Secrecy
komparing.com
168.119.0.226
443
12 Ciphers54.88 sec
0 without, 12 FS
100.00 %
www.komparing.com
168.119.0.226
443
12 Ciphers51.45 sec
0 without, 12 FS
100.00 %
Complete

2
24 Ciphers
12.00 Ciphers/Check
106.33 sec53.17 sec/Check
0 without, 24 FS
100.00 %

Details
DomainIPPortCipher (OpenSsl / IANA)
komparing.com
168.119.0.226
443
ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS
12 Ciphers, 54.88 sec
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDH
RSA
AESGCM(256)
AEAD



DHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0x00,0x9F
FS

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
DH
RSA
AESGCM(256)
AEAD



ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDH
RSA
AESGCM(128)
AEAD



DHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0x00,0x9E
FS

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
DH
RSA
AESGCM(128)
AEAD



ECDHE-RSA-AES256-SHA384
(Weak)
TLSv1.2
0xC0,0x28
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ECDH
RSA
AES(256)
SHA384



DHE-RSA-AES256-SHA256
(Weak)
TLSv1.2
0x00,0x6B
FS

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
DH
RSA
AES(256)
SHA256



ECDHE-RSA-AES128-SHA256
(Weak)
TLSv1.2
0xC0,0x27
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ECDH
RSA
AES(128)
SHA256



DHE-RSA-AES128-SHA256
(Weak)
TLSv1.2
0x00,0x67
FS

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
DH
RSA
AES(128)
SHA256



ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDH
RSA
AES(256)
SHA1



ECDHE-RSA-AES128-SHA
(Weak)
TLSv1
0xC0,0x13
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDH
RSA
AES(128)
SHA1



DHE-RSA-AES256-SHA
(Weak)
SSLv3
0x00,0x39
FS

TLS_DHE_RSA_WITH_AES_256_CBC_SHA
DH
RSA
AES(256)
SHA1



DHE-RSA-AES128-SHA
(Weak)
SSLv3
0x00,0x33
FS

TLS_DHE_RSA_WITH_AES_128_CBC_SHA
DH
RSA
AES(128)
SHA1
www.komparing.com
168.119.0.226
443
ECDHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0xC0,0x30
FS
12 Ciphers, 51.45 sec
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDH
RSA
AESGCM(256)
AEAD



DHE-RSA-AES256-GCM-SHA384
(Secure)
TLSv1.2
0x00,0x9F
FS

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
DH
RSA
AESGCM(256)
AEAD



ECDHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0xC0,0x2F
FS

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDH
RSA
AESGCM(128)
AEAD



DHE-RSA-AES128-GCM-SHA256
(Secure)
TLSv1.2
0x00,0x9E
FS

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
DH
RSA
AESGCM(128)
AEAD



ECDHE-RSA-AES256-SHA384
(Weak)
TLSv1.2
0xC0,0x28
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ECDH
RSA
AES(256)
SHA384



DHE-RSA-AES256-SHA256
(Weak)
TLSv1.2
0x00,0x6B
FS

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
DH
RSA
AES(256)
SHA256



ECDHE-RSA-AES128-SHA256
(Weak)
TLSv1.2
0xC0,0x27
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ECDH
RSA
AES(128)
SHA256



DHE-RSA-AES128-SHA256
(Weak)
TLSv1.2
0x00,0x67
FS

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
DH
RSA
AES(128)
SHA256



ECDHE-RSA-AES256-SHA
(Weak)
TLSv1
0xC0,0x14
FS

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ECDH
RSA
AES(256)
SHA1



ECDHE-RSA-AES128-SHA
(Weak)
TLSv1
0xC0,0x13
FS

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDH
RSA
AES(128)
SHA1



DHE-RSA-AES256-SHA
(Weak)
SSLv3
0x00,0x39
FS

TLS_DHE_RSA_WITH_AES_256_CBC_SHA
DH
RSA
AES(256)
SHA1



DHE-RSA-AES128-SHA
(Weak)
SSLv3
0x00,0x33
FS

TLS_DHE_RSA_WITH_AES_128_CBC_SHA
DH
RSA
AES(128)
SHA1


17. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.



Permalink: https://check-your-website.server-daten.de/?i=d55ec114-67cc-4ae0-b96d-0284f9f182bd


Last Result: https://check-your-website.server-daten.de/?q=komparing.com - 2024-07-10 17:11:00


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=komparing.com" target="_blank">Check this Site: komparing.com</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

QR-Code of this page