Check DNS, Urls + Redirects, Certificates and Content of your Website

...

skip EDNS-Check

skip Content-Check

check links

Top config

Checked:
08.08.2019 16:14:30

Older results

No older results found

1. IP-Addresses

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
ncsc.nl	A	178.22.85.146 Etten/North Brabant/Netherlands (NL) - Prolocation B.V. No Hostname found	yes	2	0
	A	178.22.85.147 Etten/North Brabant/Netherlands (NL) - Prolocation B.V. No Hostname found	yes	2	0
	A	178.22.85.148 Etten/North Brabant/Netherlands (NL) - Prolocation B.V. No Hostname found	yes	2	0
	A	178.22.85.149 Etten/North Brabant/Netherlands (NL) - Prolocation B.V. No Hostname found	yes	2	0
	AAAA	2a00:d00:3:8::80 Rijswijk/South Holland/Netherlands (NL) - PROLOCATION NL	yes
	AAAA	2a00:d00:3:8::90 Rijswijk/South Holland/Netherlands (NL) - PROLOCATION NL	yes
	AAAA	2a00:d00:3:8::91 Rijswijk/South Holland/Netherlands (NL) - PROLOCATION NL	yes
	AAAA	2a00:d00:3:8::92 Rijswijk/South Holland/Netherlands (NL) - PROLOCATION NL	yes
www.ncsc.nl	CNAME	ncsc.nl	yes	1	0
	A	178.22.85.146 Etten/North Brabant/Netherlands (NL) - Prolocation B.V. No Hostname found	yes
	A	178.22.85.147 Etten/North Brabant/Netherlands (NL) - Prolocation B.V. No Hostname found	yes
	A	178.22.85.148 Etten/North Brabant/Netherlands (NL) - Prolocation B.V. No Hostname found	yes
	A	178.22.85.149 Etten/North Brabant/Netherlands (NL) - Prolocation B.V. No Hostname found	yes
	AAAA	2a00:d00:3:8::80 Rijswijk/South Holland/Netherlands (NL) - PROLOCATION NL	yes
	AAAA	2a00:d00:3:8::90 Rijswijk/South Holland/Netherlands (NL) - PROLOCATION NL	yes
	AAAA	2a00:d00:3:8::91 Rijswijk/South Holland/Netherlands (NL) - PROLOCATION NL	yes
	AAAA	2a00:d00:3:8::92 Rijswijk/South Holland/Netherlands (NL) - PROLOCATION NL	yes

2. DNSSEC

Zone (*)	DNSSEC - Informations

Zone: (root)
(root)	1 DS RR published


	• Status: Valid because published


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 59944, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.08.2019, 00:00:00 +, Signature-Inception: 31.07.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: nl
nl	1 DS RR in the parent zone found


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 21.08.2019, 05:00:00 +, Signature-Inception: 08.08.2019, 04:00:00 +, KeyTag 59944, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 59944 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 17593, Flags 256


	Public Key with Algorithm 8, KeyTag 34112, Flags 257 (SEP = Secure Entry Point)


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 17.08.2019, 14:29:07 +, Signature-Inception: 03.08.2019, 09:37:02 +, KeyTag 34112, Signer-Name: nl


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 34112 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 34112, DigestType 2 and Digest "PFtfmzVXRVxQdRqb6evpI4yI4Z9fB/kwl2kXtRuVzSI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: ncsc.nl
ncsc.nl	1 DS RR in the parent zone found


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner ncsc.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 14.08.2019, 06:34:52 +, Signature-Inception: 30.07.2019, 20:09:02 +, KeyTag 17593, Signer-Name: nl


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 17593 used to validate the DS RRSet in the parent zone


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 7263, Flags 256


	Public Key with Algorithm 8, KeyTag 32554, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 56790, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner ncsc.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 20:28:30 +, Signature-Inception: 07.08.2019, 07:32:25 +, KeyTag 32554, Signer-Name: ncsc.nl


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 32554 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 32554, DigestType 2 and Digest "+tvM4dXw2/+wLH3q1CPl6LrK5sl1APO6F5PWjm/w/YA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone


	RRSIG Type 1 validates the A - Result: 178.22.85.146 178.22.85.147 178.22.85.148 178.22.85.149 Validated: RRSIG-Owner ncsc.nl., Algorithm: 8, 2 Labels, original TTL: 14400 sec, Signature-expiration: 04.09.2019, 18:04:03 +, Signature-Inception: 07.08.2019, 07:32:25 +, KeyTag 56790, Signer-Name: ncsc.nl


	RRSIG Type 16 validates the TXT - Result: v=spf1 a mx ip4:159.46.2.165/32 ip4:159.46.2.166/32 ip4:159.46.196.71/32 ip4:159.46.196.72/32 a:mx1.minvenj.nl a:mx2.minvenj.nl a:mx3.minvenj.nl a:mx4.minvenj.nl ip4:145.21.166.66/32 ip4:145.21.166.67/32 ip4:145.21.166.82/32 ip4:46.144.3.66/32 ip4:14 7.181.97.132/32 ip4:145.21.161.201/32 -all Validated: RRSIG-Owner ncsc.nl., Algorithm: 8, 2 Labels, original TTL: 14400 sec, Signature-expiration: 04.09.2019, 12:18:53 +, Signature-Inception: 07.08.2019, 07:32:25 +, KeyTag 56790, Signer-Name: ncsc.nl


	RRSIG Type 28 validates the AAAA - Result: 2A00:0D00:0003:0008:0000:0000:0000:0080 2A00:0D00:0003:0008:0000:0000:0000:0090 2A00:0D00:0003:0008:0000:0000:0000:0091 2A00:0D00:0003:0008:0000:0000:0000:0092 Validated: RRSIG-Owner ncsc.nl., Algorithm: 8, 2 Labels, original TTL: 14400 sec, Signature-expiration: 03.09.2019, 23:03:59 +, Signature-Inception: 07.08.2019, 07:32:25 +, KeyTag 56790, Signer-Name: ncsc.nl


	RRSIG Type 50, expiration 2019-09-04 02:57:31 + validates the NSEC3 RR that proves the not-existence of the CNAME RR. Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM


	RRSIG Type 50, expiration 2019-09-04 02:18:56 + validates the NSEC3 RR that proves the not-existence of the TLSA RR. Bitmap: No Bitmap?


	RRSIG Type 50, expiration 2019-09-04 02:57:31 + validates the NSEC3 RR that proves the not-existence of the CAA RR. Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM

Zone: www.ncsc.nl
www.ncsc.nl	0 DS RR in the parent zone found

3. Name Servers

Domain	Nameserver	NS-IP
ncsc.nl	• ns1.rijksoverheidnl.nl	178.22.85.27 Etten/North Brabant/Netherlands (NL) - Prolocation B.V.	•
	•	2a00:d00:3:6::130 Rijswijk/South Holland/Netherlands (NL) - PROLOCATION NL	•
	• ns2.rijksoverheidnl.eu	94.228.142.136 Nederland/Overijssel/Netherlands (NL) - Prolocation B.V.	•
	•	2a00:d01:3:1::20 Rijswijk/South Holland/Netherlands (NL) - Prolocation NL Delft	•
	• ns3.rijksoverheidnl.org	145.100.177.67 Utrecht/Netherlands (NL) - SURFNET-UNO	•
	•	2001:610:188:203:3:1:0:67 's-Hertogenbosch/North Brabant/Netherlands (NL) - SURFnet	•
	• ns4.rijksoverheidnl.com	192.110.255.70 Washington D.C./District of Columbia/United States (US) - Deteque LLC	•
	•	2606:700:1c:3:1::130 Washington D.C./District of Columbia/United States (US) - Deteque LLC	•
nl	• ns1.dns.nl / LHR1		•
	• ns2.dns.nl / s2.amx		•
	• ns3.dns.nl / tld-nl-fra2		•
	• sns-pb.isc.org / pb-ams-ns2.sns.isc.org		•

4. SOA-Entries

Domain:	nl
Zone-Name:
Primary:	ns1.dns.nl
Mail:	hostmaster.domain-registry.nl
Serial:	2019080831
Refresh:	3600
Retry:	600
Expire:	2419200
TTL:	600
num Entries:	4

Domain:	ncsc.nl
Zone-Name:
Primary:	ns1.rijksoverheidnl.nl
Mail:	domeinnaam.minaz.nl
Serial:	2019080703
Refresh:	14400
Retry:	7200
Expire:	1209600
TTL:	600
num Entries:	8

5. Screenshots

No Screenshot listed, because no screenshot found. Perhaps the check is too old, the feature startet 2019-12-23.

6. Url-Checks

show header:

Domainname	Http-Status	redirect	Sec.	G
• http://ncsc.nl/ 178.22.85.146	301	https://ncsc.nl/	0.046	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/ 178.22.85.147	301	https://ncsc.nl/	0.046	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/ 178.22.85.148	301	https://ncsc.nl/	0.043	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/ 178.22.85.149	301	https://ncsc.nl/	0.044	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/ 2a00:d00:3:8::80	301	https://ncsc.nl/	0.034	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/ 2a00:d00:3:8::90	301	https://ncsc.nl/	0.033	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/ 2a00:d00:3:8::91	301	https://ncsc.nl/	0.033	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/ 2a00:d00:3:8::92	301	https://ncsc.nl/	0.034	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/ 178.22.85.146	301	https://www.ncsc.nl/	0.040	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/ 178.22.85.147	301	https://www.ncsc.nl/	0.043	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/ 178.22.85.148	301	https://www.ncsc.nl/	0.043	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/ 178.22.85.149	301	https://www.ncsc.nl/	0.044	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/ 2a00:d00:3:8::80	301	https://www.ncsc.nl/	0.034	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/ 2a00:d00:3:8::90	301	https://www.ncsc.nl/	0.033	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/ 2a00:d00:3:8::91	301	https://www.ncsc.nl/	0.033	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/ 2a00:d00:3:8::92	301	https://www.ncsc.nl/	0.034	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• https://ncsc.nl/ 178.22.85.146	301	https://www.ncsc.nl/	4.267	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:12 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin
Strict-Transport-Security: max-age=31622400

• https://ncsc.nl/ 178.22.85.147	301	https://www.ncsc.nl/	3.140	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:16 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin
Strict-Transport-Security: max-age=31622400

• https://ncsc.nl/ 178.22.85.148	301	https://www.ncsc.nl/	3.147	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:19 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin
Strict-Transport-Security: max-age=31622400

• https://ncsc.nl/ 178.22.85.149	301	https://www.ncsc.nl/	3.140	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:22 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin
Strict-Transport-Security: max-age=31622400

• https://ncsc.nl/ 2a00:d00:3:8::80	301	https://www.ncsc.nl/	3.237	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:26 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin
Strict-Transport-Security: max-age=31622400

• https://ncsc.nl/ 2a00:d00:3:8::90	301	https://www.ncsc.nl/	3.224	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:29 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin
Strict-Transport-Security: max-age=31622400

• https://ncsc.nl/ 2a00:d00:3:8::91	301	https://www.ncsc.nl/	3.243	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:33 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin
Strict-Transport-Security: max-age=31622400

• https://ncsc.nl/ 2a00:d00:3:8::92	301	https://www.ncsc.nl/	3.220	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:36 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin
Strict-Transport-Security: max-age=31622400

• https://www.ncsc.nl/ 178.22.85.146	200		3.270	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:39 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Server-Id: 3
X-Cache-Status: HIT
X-Via: ps2-p-proxy4.rijksoverheid.nl
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31622400; includeSubDomains

• https://www.ncsc.nl/ 178.22.85.147	200		3.163	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:43 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Server-Id: 3
X-Cache-Status: HIT
X-Via: ps2-p-proxy4.rijksoverheid.nl
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31622400; includeSubDomains

• https://www.ncsc.nl/ 178.22.85.148	200		3.190	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:47 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Server-Id: 3
X-Cache-Status: HIT
X-Via: ps2-p-proxy4.rijksoverheid.nl
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31622400; includeSubDomains

• https://www.ncsc.nl/ 178.22.85.149	200		3.164	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:50 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Server-Id: 3
X-Cache-Status: HIT
X-Via: ps2-p-proxy4.rijksoverheid.nl
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31622400; includeSubDomains

• https://www.ncsc.nl/ 2a00:d00:3:8::80	200		3.514	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:54 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Server-Id: 4
X-Cache-Status: EXPIRED
X-Via: ps2-p-proxy2.rijksoverheid.nl
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31622400; includeSubDomains

• https://www.ncsc.nl/ 2a00:d00:3:8::90	200		3.244	A
Server: nginx
Date: Thu, 08 Aug 2019 14:15:58 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Server-Id: 3
X-Cache-Status: HIT
X-Via: ps2-p-proxy1.rijksoverheid.nl
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31622400; includeSubDomains

• https://www.ncsc.nl/ 2a00:d00:3:8::91	200		3.237	A
Server: nginx
Date: Thu, 08 Aug 2019 14:16:02 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Server-Id: 2
X-Cache-Status: HIT
X-Via: ps2-p-proxy3.rijksoverheid.nl
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31622400; includeSubDomains

• https://www.ncsc.nl/ 2a00:d00:3:8::92	200		3.273	A
Server: nginx
Date: Thu, 08 Aug 2019 14:16:05 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Server-Id: 4
X-Cache-Status: HIT
X-Via: ps2-p-proxy2.rijksoverheid.nl
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31622400; includeSubDomains

• http://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 178.22.85.146	301	https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.043	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 178.22.85.147	301	https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.047	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 178.22.85.148	301	https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.046	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 178.22.85.149	301	https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.046	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:d00:3:8::80	301	https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.034	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:d00:3:8::90	301	https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.037	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:d00:3:8::91	301	https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.033	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:d00:3:8::92	301	https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.033	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 178.22.85.146	301	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.043	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 178.22.85.147	301	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.047	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 178.22.85.148	301	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.047	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 178.22.85.149	301	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.043	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:d00:3:8::80	301	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.033	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:12 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:d00:3:8::90	301	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.037	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:12 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:d00:3:8::91	301	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.036	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:12 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• http://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:d00:3:8::92	301	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.036	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:12 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin

• https://ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	301	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	3.243	A
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:13 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
Location: https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Security-Policy: default-src 'none'
Referrer-Policy: origin
Strict-Transport-Security: max-age=31622400

• https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404		3.366	A
Not Found
Visible Content:
Server: nginx
Date: Thu, 08 Aug 2019 14:16:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31622400

7. Comments

	1. General Results, most used to calculate the result
A	name "ncsc.nl" is domain, public suffix is "nl", top-level-domain-type is "country-code", Country is Netherlands (the), tld-manager is "SIDN (Stichting Internet Domeinregistratie Nederland)"
A	Good: All ip addresses are public addresses
A	Good: No asked Authoritative Name Server had a timeout
A	Good: destination is https
A	Good - only one version with Http-Status 200
A	Good: one preferred version: www is preferred
A	Good: every https has a Strict Transport Security Header
A	Good: HSTS max-age is long enough, 31622400 seconds = 366 days
A	Good: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):8 complete Content-Type - header (9 urls)
	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de			Url with incomplete Content-Type - header - missing charset
A	http://ncsc.nl/ 178.22.85.146	301	https://ncsc.nl/	Correct redirect http - https with the same domain name
A	http://ncsc.nl/ 178.22.85.147	301	https://ncsc.nl/	Correct redirect http - https with the same domain name
A	http://ncsc.nl/ 178.22.85.148	301	https://ncsc.nl/	Correct redirect http - https with the same domain name
A	http://ncsc.nl/ 178.22.85.149	301	https://ncsc.nl/	Correct redirect http - https with the same domain name
A	http://ncsc.nl/ 2a00:d00:3:8::80	301	https://ncsc.nl/	Correct redirect http - https with the same domain name
A	http://ncsc.nl/ 2a00:d00:3:8::90	301	https://ncsc.nl/	Correct redirect http - https with the same domain name
A	http://ncsc.nl/ 2a00:d00:3:8::91	301	https://ncsc.nl/	Correct redirect http - https with the same domain name
A	http://ncsc.nl/ 2a00:d00:3:8::92	301	https://ncsc.nl/	Correct redirect http - https with the same domain name
A	http://www.ncsc.nl/ 178.22.85.146	301	https://www.ncsc.nl/	Correct redirect http - https with the same domain name
A	http://www.ncsc.nl/ 178.22.85.147	301	https://www.ncsc.nl/	Correct redirect http - https with the same domain name
A	http://www.ncsc.nl/ 178.22.85.148	301	https://www.ncsc.nl/	Correct redirect http - https with the same domain name
A	http://www.ncsc.nl/ 178.22.85.149	301	https://www.ncsc.nl/	Correct redirect http - https with the same domain name
A	http://www.ncsc.nl/ 2a00:d00:3:8::80	301	https://www.ncsc.nl/	Correct redirect http - https with the same domain name
A	http://www.ncsc.nl/ 2a00:d00:3:8::90	301	https://www.ncsc.nl/	Correct redirect http - https with the same domain name
A	http://www.ncsc.nl/ 2a00:d00:3:8::91	301	https://www.ncsc.nl/	Correct redirect http - https with the same domain name
A	http://www.ncsc.nl/ 2a00:d00:3:8::92	301	https://www.ncsc.nl/	Correct redirect http - https with the same domain name
I	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404		Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
	2. Header-Checks
	3. DNS- and NameServer - Checks
A	Good: Nameserver supports TCP connections: 8 good Nameserver
A	Good: Nameserver supports Echo Capitalization: 8 good Nameserver
A	Good: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 8 good Nameserver
A	Good: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 8 good Nameserver
	Nameserver doesn't pass all EDNS-Checks: sns-pb.isc.org: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found (pb-ams-ns2.sns.isc.org). COOKIE: fatal timeout. CLIENTSUBNET: ok.
A	Good: All SOA have the same Serial Number
	Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.
	4. Content- and Performance-critical Checks
A	Good: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
A	Good: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
	https://www.ncsc.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404	3.366 seconds	Warning: 404 needs more then one second
A	Duration: 155304 milliseconds, 155.304 seconds

8. Connections

Domain

Port

Cert.

Protocol

KeyExchange

Strength

Cipher

Strength

HashAlgorithm

OCSP stapling

Domain/KeyExchange

IP/Strength

Port/Cipher

Cert./Strength

Protocol/HashAlgorithm

OCSP stapling

ncsc.nl

178.22.85.146

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

ncsc.nl

178.22.85.146

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

ncsc.nl

178.22.85.147

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

ncsc.nl

178.22.85.147

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

ncsc.nl

178.22.85.148

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

ncsc.nl

178.22.85.148

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

ncsc.nl

178.22.85.149

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

ncsc.nl

178.22.85.149

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

ncsc.nl

2a00:d00:3:8::80

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

ncsc.nl

2a00:d00:3:8::80

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

ncsc.nl

2a00:d00:3:8::90

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

ncsc.nl

2a00:d00:3:8::90

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

ncsc.nl

2a00:d00:3:8::91

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

ncsc.nl

2a00:d00:3:8::91

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

ncsc.nl

2a00:d00:3:8::92

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

ncsc.nl

2a00:d00:3:8::92

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

www.ncsc.nl

178.22.85.146

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

www.ncsc.nl

178.22.85.146

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

www.ncsc.nl

178.22.85.147

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

www.ncsc.nl

178.22.85.147

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

www.ncsc.nl

178.22.85.148

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

www.ncsc.nl

178.22.85.148

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

www.ncsc.nl

178.22.85.149

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

www.ncsc.nl

178.22.85.149

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

www.ncsc.nl

2a00:d00:3:8::80

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

www.ncsc.nl

2a00:d00:3:8::80

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

www.ncsc.nl

2a00:d00:3:8::90

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

www.ncsc.nl

2a00:d00:3:8::90

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

www.ncsc.nl

2a00:d00:3:8::91

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

www.ncsc.nl

2a00:d00:3:8::91

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

www.ncsc.nl

2a00:d00:3:8::92

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

www.ncsc.nl

2a00:d00:3:8::92

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

ncsc.nl

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

ncsc.nl

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

www.ncsc.nl

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

www.ncsc.nl

443

Tls12

DiffieHellman

2048

Aes256

256

Sha384

error checking OCSP stapling

no Tls.1.2
no Tls.1.1
no Tls.1.0

Chain - incomplete	1	CN=ncsc.nl, OU=Dienst Publiek en Communicatie, O=Rijksoverheid, L='s-Gravenhage, C=NL, ST=Zuid-Holland
	2	CN=QuoVadis PKIoverheid EV CA, O=QuoVadis Trustlink BV, C=NL
	3	CN=Staat der Nederlanden EV Intermediair CA, O=Staat der Nederlanden, C=NL

9. Certificates

Small Code Update - wait one minute

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Small Code Update - wait one minute

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Small Code Update - wait one minute

11. Html-Content - Entries

Summary

No data found or small Code-update

Details (currently limited to 500 rows - some problems with spam users)

Small Code Update - wait one minute

12. Html-Parsing via https://validator.w3.org/nu/

Small Code update, wait one minute

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:

No NameServer - IP address informations found. The feature is new (2020-05-07), so recheck this domain.

14. CAA - Entries

Domainname	flag	Value	∑ Queries
www.ncsc.nl			1
ncsc.nl	0	no CAA entry found	1
nl	0	no CAA entry found	1

15. TXT - Entries

Domainname	TXT Entry	Status	∑ Queries
ncsc.nl	v=spf1 a mx ip4:159.46.2.165/32 ip4:159.46.2.166/32 ip4:159.46.196.71/32 ip4:159.46.196.72/32 a:mx1.minvenj.nl a:mx2.minvenj.nl a:mx3.minvenj.nl a:mx4.minvenj.nl ip4:145.21.166.66/32 ip4:145.21.166.67/32 ip4:145.21.166.82/32 ip4:46.144.3.66/32 ip4:14 7.1	ok	1
www.ncsc.nl	v=spf1 a mx ip4:159.46.2.165/32 ip4:159.46.2.166/32 ip4:159.46.196.71/32 ip4:159.46.196.72/32 a:mx1.minvenj.nl a:mx2.minvenj.nl a:mx3.minvenj.nl a:mx4.minvenj.nl ip4:145.21.166.66/32 ip4:145.21.166.67/32 ip4:145.21.166.82/32 ip4:46.144.3.66/32 ip4:14 7.1	ok	1
_acme-challenge.ncsc.nl		Name Error - The domain name does not exist	1
_acme-challenge.www.ncsc.nl		Name Error - The domain name does not exist	1
_acme-challenge.ncsc.nl.ncsc.nl		Name Error - The domain name does not exist	1
_acme-challenge.www.ncsc.nl.ncsc.nl		Name Error - The domain name does not exist	1
_acme-challenge.www.ncsc.nl.www.ncsc.nl		Name Error - The domain name does not exist	1

16. DomainService - Entries

No DomainServiceEntries entries found

17. Cipher Suites

No Ciphers found

18. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.

Permalink: https://check-your-website.server-daten.de/?i=6e4562b2-c36a-443d-b9c8-399ca3d0a1fa

Last Result: https://check-your-website.server-daten.de/?q=ncsc.nl - 2019-08-08 16:14:30

Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=ncsc.nl" target="_blank">Check this Site: ncsc.nl</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

QR-Code of this page - https://check-your-website.server-daten.de/?d=ncsc.nl

Check DNS, Urls + Redirects, Certificates and Content of your Website

Older results

1. IP-Addresses

2. DNSSEC

3. Name Servers

4. SOA-Entries

5. Screenshots

6. Url-Checks

7. Comments

1. General Results, most used to calculate the result

2. Header-Checks

3. DNS- and NameServer - Checks

4. Content- and Performance-critical Checks

8. Connections

9. Certificates

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

11. Html-Content - Entries

Summary

Details (currently limited to 500 rows - some problems with spam users)

12. Html-Parsing via https://validator.w3.org/nu/

13. Nameserver - IP-Adresses

14. CAA - Entries

15. TXT - Entries

16. DomainService - Entries

17. Cipher Suites

18. Portchecks