Check DNS, Urls + Redirects, Certificates and Content of your Website


 

 

A

 

Top config

 

Checked:
26.05.2021 17:38:01

 

Older results

No older results found

 

1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
nkb.ch
A
151.101.2.191
Montreal/Quebec/Canada (CA) - Fastly
No Hostname found
yes
1
0

A
151.101.66.191
Montreal/Quebec/Canada (CA) - Fastly
No Hostname found
yes
1
0

A
151.101.130.191
Montreal/Quebec/Canada (CA) - Fastly
No Hostname found
yes
1
0

A
151.101.194.191
Montreal/Quebec/Canada (CA) - Fastly
No Hostname found
yes
1
0

AAAA
2a04:4e42:a::703
Montreal/Quebec/Canada (CA) - Fastly

yes


www.nkb.ch
CNAME
cdn.amazee.io
yes
1
0

CNAME
amazeeio.map.fastly.net
yes


www.nkb.ch
A
151.101.2.191
Montreal/Quebec/Canada (CA) - Fastly
No Hostname found
no



A
151.101.66.191
Montreal/Quebec/Canada (CA) - Fastly
No Hostname found
no



A
151.101.130.191
Montreal/Quebec/Canada (CA) - Fastly
No Hostname found
no



A
151.101.194.191
Montreal/Quebec/Canada (CA) - Fastly
No Hostname found
no


*.nkb.ch
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes


 

2. DNSSEC

Zone (*)DNSSEC - Informations


Zone: (root)

(root)
1 DS RR published






DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=






Status: Valid because published






2 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 14631, Flags 256






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.06.2021, 00:00:00 +, Signature-Inception: 21.05.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: ch

ch
1 DS RR in the parent zone found






DS with Algorithm 13, KeyTag 1053, DigestType 2 and Digest lNg0vvdTa/5uy0aC4RUb3UiCyhLG2ywapkyw6dTaUiI=






1 RRSIG RR to validate DS RR found






RRSIG-Owner ch., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 08.06.2021, 05:00:00 +, Signature-Inception: 26.05.2021, 04:00:00 +, KeyTag 14631, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 14631 used to validate the DS RRSet in the parent zone






3 DNSKEY RR found






Public Key with Algorithm 13, KeyTag 1053, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 13, KeyTag 26777, Flags 256






Public Key with Algorithm 13, KeyTag 31174, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner ch., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 24.06.2021, 10:09:09 +, Signature-Inception: 09.05.2021, 09:09:09 +, KeyTag 1053, Signer-Name: ch






Status: Good - Algorithmus 13 and DNSKEY with KeyTag 1053 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 1053, DigestType 2 and Digest "lNg0vvdTa/5uy0aC4RUb3UiCyhLG2ywapkyw6dTaUiI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: nkb.ch

nkb.ch
1 DS RR in the parent zone found






DS with Algorithm 8, KeyTag 35452, DigestType 2 and Digest vRR2QY+yrMNXjIBBJyl1aGyWDHBs9VGoKhfTjpBK5Ds=






1 RRSIG RR to validate DS RR found






RRSIG-Owner nkb.ch., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 23.06.2021, 10:44:41 +, Signature-Inception: 24.05.2021, 10:02:00 +, KeyTag 31174, Signer-Name: ch






Status: Good - Algorithmus 13 and DNSKEY with KeyTag 31174 used to validate the DS RRSet in the parent zone






3 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 24028, Flags 256






Public Key with Algorithm 8, KeyTag 35452, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 50191, Flags 256






2 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner nkb.ch., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 25.06.2021, 11:48:58 +, Signature-Inception: 26.05.2021, 10:48:58 +, KeyTag 24028, Signer-Name: nkb.ch






RRSIG-Owner nkb.ch., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 02.06.2021, 11:48:58 +, Signature-Inception: 26.05.2021, 10:48:58 +, KeyTag 35452, Signer-Name: nkb.ch






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 24028 used to validate the DNSKEY RRSet






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 35452 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 35452, DigestType 2 and Digest "vRR2QY+yrMNXjIBBJyl1aGyWDHBs9VGoKhfTjpBK5Ds=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone






RRSIG Type 1 validates the A - Result: 151.101.2.191 151.101.66.191 151.101.130.191 151.101.194.191
Validated: RRSIG-Owner nkb.ch., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 13.06.2021, 16:42:35 +, Signature-Inception: 14.05.2021, 15:42:35 +, KeyTag 24028, Signer-Name: nkb.ch






RRSIG Type 16 validates the TXT - Result: v=spf1 a:mail01.mychoice.ch a:mail02.mychoice.ch ip4:46.140.211.101 ip4:185.5.58.101 ip4:46.140.211.105 ip4:185.5.58.105 include:spf.amazee.io include:myr.is -all
Validated: RRSIG-Owner nkb.ch., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 13.06.2021, 16:42:35 +, Signature-Inception: 14.05.2021, 15:42:35 +, KeyTag 24028, Signer-Name: nkb.ch






RRSIG Type 28 validates the AAAA - Result: 2A04:4E42:000A:0000:0000:0000:0000:0703
Validated: RRSIG-Owner nkb.ch., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 13.06.2021, 16:42:35 +, Signature-Inception: 14.05.2021, 15:42:35 +, KeyTag 24028, Signer-Name: nkb.ch






CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "a7vvpk1gfapekc28b34ieri59p6i3hns" equal the hashed NSEC3-owner "a7vvpk1gfapekc28b34ieri59p6i3hns" and the hashed NextOwner "ahqt2s5tkhg73r0gf4jfa908bul4ott6". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner a7vvpk1gfapekc28b34ieri59p6i3hns.nkb.ch., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 13.06.2021, 16:42:35 +, Signature-Inception: 14.05.2021, 15:42:35 +, KeyTag 24028, Signer-Name: nkb.ch






Status: Good. NoData-Proof required and found.






TLSA-Query (_443._tcp.nkb.ch) sends a valid NSEC3 RR as result with the hashed owner name "f15p79o4rlgamkuo0hbah2fd8th12qfu" (unhashed: _tcp.nkb.ch). So that's the Closest Encloser of the query name.
Bitmap: No Bitmap? Validated: RRSIG-Owner f15p79o4rlgamkuo0hbah2fd8th12qfu.nkb.ch., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 13.06.2021, 16:42:35 +, Signature-Inception: 14.05.2021, 15:42:35 +, KeyTag 24028, Signer-Name: nkb.ch






Status: Good. NXDomain-Proof required and found.






TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "jvi6ro374508n3vug785gcm90p1d6a0c" (unhashed: *._tcp.nkb.ch) with the owner "jn28llj473cc2vc6cr4emhf52p63k5hu" and the NextOwner "kava5gqdcaklgvpg4opitv2f8v9ir4j1". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner jn28llj473cc2vc6cr4emhf52p63k5hu.nkb.ch., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 13.06.2021, 16:42:35 +, Signature-Inception: 14.05.2021, 15:42:35 +, KeyTag 24028, Signer-Name: nkb.ch






Status: Good. NXDomain-Proof required and found.






TLSA-Query (_443._tcp.nkb.ch) sends a valid NSEC3 RR as result with the hashed query name "7na16e3q1rj5lrna3qdbtuiqahab2rh8" between the hashed NSEC3-owner "6uer36ato4srrak42lsrnjglcji1alts" and the hashed NextOwner "7rh49tn3mq16lkvve4b0emj535clsk82". So the zone confirmes the not-existence of that TLSA RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner 6uer36ato4srrak42lsrnjglcji1alts.nkb.ch., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 23.06.2021, 16:10:53 +, Signature-Inception: 24.05.2021, 15:10:53 +, KeyTag 24028, Signer-Name: nkb.ch






Status: Good. NXDomain-Proof required and found.






CAA-Query sends a valid NSEC3 RR as result with the hashed query name "a7vvpk1gfapekc28b34ieri59p6i3hns" equal the hashed NSEC3-owner "a7vvpk1gfapekc28b34ieri59p6i3hns" and the hashed NextOwner "ahqt2s5tkhg73r0gf4jfa908bul4ott6". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner a7vvpk1gfapekc28b34ieri59p6i3hns.nkb.ch., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 13.06.2021, 16:42:35 +, Signature-Inception: 14.05.2021, 15:42:35 +, KeyTag 24028, Signer-Name: nkb.ch






Status: Good. NoData-Proof required and found.



Zone: www.nkb.ch

www.nkb.ch
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "daa7k4piubc2f710i7ohhl9fod4hi976" between the hashed NSEC3-owner "daa7k4piubc2f710i7ohhl9fod4hi976" and the hashed NextOwner "dpoe0ajq4dc4bb7bnmop84fch5aq6hd6". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner daa7k4piubc2f710i7ohhl9fod4hi976.nkb.ch., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 13.06.2021, 16:42:35 +, Signature-Inception: 14.05.2021, 15:42:35 +, KeyTag 24028, Signer-Name: nkb.ch






RRSIG Type 5 validates the CNAME - Result: cdn.amazee.io
Validated: RRSIG-Owner www.nkb.ch., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 13.06.2021, 16:42:35 +, Signature-Inception: 14.05.2021, 15:42:35 +, KeyTag 24028, Signer-Name: nkb.ch



Zone: (root)

(root)
1 DS RR published






DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=






Status: Valid because published






2 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 14631, Flags 256






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.06.2021, 00:00:00 +, Signature-Inception: 21.05.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: io

io
1 DS RR in the parent zone found






DS with Algorithm 8, KeyTag 57355, DigestType 2 and Digest laV8O6t4SdvN33xyracaiBRrFBEQMYylvmcgV+hlw+I=






1 RRSIG RR to validate DS RR found






RRSIG-Owner io., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 08.06.2021, 05:00:00 +, Signature-Inception: 26.05.2021, 04:00:00 +, KeyTag 14631, Signer-Name: (root)






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 14631 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 43695, Flags 256






Public Key with Algorithm 8, KeyTag 57355, Flags 257 (SEP = Secure Entry Point)






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner io., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 15.06.2021, 15:17:18 +, Signature-Inception: 25.05.2021, 14:17:18 +, KeyTag 57355, Signer-Name: io






Status: Good - Algorithmus 8 and DNSKEY with KeyTag 57355 used to validate the DNSKEY RRSet






Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 57355, DigestType 2 and Digest "laV8O6t4SdvN33xyracaiBRrFBEQMYylvmcgV+hlw+I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: amazee.io

amazee.io
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "9es9n8t6bk8lgvi4adna97tr23249a71" between the hashed NSEC3-owner "9erkna79irpjj1dattc98j00fnv5lqos" and the hashed NextOwner "9et535jo1mgecu1dhvph53310rsqjeip". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 9erkna79irpjj1dattc98j00fnv5lqos.io., Algorithm: 8, 2 Labels, original TTL: 900 sec, Signature-expiration: 15.06.2021, 15:17:18 +, Signature-Inception: 25.05.2021, 14:17:18 +, KeyTag 43695, Signer-Name: io






DS-Query in the parent zone sends valid NSEC3 RR with the Hash "0d790076pp5pfktg2hrthj5bj6ckckcb" as Owner. That's the Hash of "io" with the NextHashedOwnerName "0d7bd4g2j0sls1qj0ovhk6nsri6v9mik". So that domain name is the Closest Encloser of "amazee.io". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 0d790076pp5pfktg2hrthj5bj6ckckcb.io., Algorithm: 8, 2 Labels, original TTL: 900 sec, Signature-expiration: 16.06.2021, 15:38:34 +, Signature-Inception: 26.05.2021, 14:38:34 +, KeyTag 43695, Signer-Name: io






0 DNSKEY RR found









Zone: cdn.amazee.io

cdn.amazee.io
0 DS RR in the parent zone found

 

3. Name Servers

DomainNameserverNS-IP
nkb.ch
  ns1.securedns.ch
91.194.196.36
Küssnacht/Schwyz/Switzerland (CH) - Achermann ict-services AG


 
2a01:6980:aca9:100::21
Lucerne/Switzerland (CH) - Achermann ict-services AG


  ns2.securedns.ch
91.194.196.37
Küssnacht/Schwyz/Switzerland (CH) - Achermann ict-services AG


 
2a01:6980:aca9:100::22
Lucerne/Switzerland (CH) - Achermann ict-services AG


  ns3.securedns.ch
77.109.136.195
Zurich/Switzerland (CH) - Init7 (Switzerland) Ltd.


 
2001:1620:20ad:200::37
Zurich/Switzerland (CH) - Init7 (Switzerland) Ltd


  ns4.securedns.ch
185.206.180.142
Frankfurt am Main/Hesse/Germany (DE) - Public Cloud Ltd.

ch
  a.nic.ch / lako.switch.ch


  b.nic.ch / wako.switch.ch


T  c.nic.ch


  e.nic.ch / 1.ber.pch


  f.nic.ch / s2.amx


  g.nic.ch


amazee.io
  ns1.amazee.io / slave1.dns.amazee.io
94.237.93.105
Frankfurt am Main/Hesse/Germany (DE) - UpCloud Ltd


 
2a04:3542:1000:910:68bc:c0ff:fe07:3425
Frankfurt am Main/Hesse/Germany (DE) - UpCloud Ltd


  ns2.amazee.io / slave2.dns.amazee.io
52.14.2.4
Dublin/Ohio/United States (US) - Amazon.com, Inc.


 
2600:1f16:9e7:f900:b32d:af01:6fda:72e1
Dublin/Ohio/United States (US) - Amazon.com, Inc.

io
  a0.nic.io / app29.iad1.hosts.meta.redstone.afilias-nst.info-2020121101


  a2.nic.io / LHR5


  b0.nic.io / ns087b.app10.ams2.afilias-nst.info


  c0.nic.io / ns087b.app27.ams2.afilias-nst.info

 

4. SOA-Entries


Domain:ch
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:1


Domain:ch
Zone-Name:ch
Primary:a.nic.ch
Mail:dns-operation.switch.ch
Serial:2021052617
Refresh:900
Retry:600
Expire:1123200
TTL:900
num Entries:5


Domain:nkb.ch
Zone-Name:nkb.ch
Primary:ns1.securedns.ch
Mail:hosting.achermann.swiss
Serial:2020032727
Refresh:10800
Retry:3600
Expire:1209600
TTL:3600
num Entries:7



Domain:io
Zone-Name:io
Primary:a0.nic.io
Mail:noc.afilias-nst.info
Serial:1498084860
Refresh:10800
Retry:3600
Expire:2764800
TTL:900
num Entries:4


Domain:amazee.io
Zone-Name:amazee.io
Primary:ns1.amazee.io
Mail:hostmaster.amazee.io
Serial:1621944071
Refresh:3600
Retry:600
Expire:1209600
TTL:300
num Entries:4


5. Screenshots

Startaddress: https://www.nkb.ch, address used: https://www.nkb.ch/, Screenshot created 2021-05-26 17:42:30 +00:0

 

Mobil (412px x 732px)

 

835 milliseconds

 

Screenshot mobile - https://www.nkb.ch/
Mobil + Landscape (732px x 412px)

 

620 milliseconds

 

Screenshot mobile landscape - https://www.nkb.ch/
Screen (1280px x 1680px)

 

2641 milliseconds

 

Screenshot Desktop - https://www.nkb.ch/

 

Mobile- and other Chrome-Checks


widthheight
visual Viewport396732
content Size3965915

 

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

 

Chrome-Connection: secure. secure connection settings. The connection to this site is encrypted and authenticated using TLS 1.3, X25519, and AES_128_GCM.

 

Chrome-Resources : secure. all served securely. All resources on this page are served securely.

 

 

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://nkb.ch/
151.101.2.191
301
https://nkb.ch/

0.047
A
Retry-After: 0
Location: https://nkb.ch/
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:42 GMT
Connection: close
X-Served-By: cache-fra19135-FRA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1622043583.992535,VS0,VE0
Strict-Transport-Security: max-age=31557600

• http://nkb.ch/
151.101.66.191
301
https://nkb.ch/

0.046
A
Retry-After: 0
Location: https://nkb.ch/
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:43 GMT
Connection: close
X-Served-By: cache-fra19173-FRA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1622043583.047835,VS0,VE0
Strict-Transport-Security: max-age=31557600

• http://nkb.ch/
151.101.130.191
301
https://nkb.ch/

0.050
A
Retry-After: 0
Location: https://nkb.ch/
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:42 GMT
Connection: close
X-Served-By: cache-fra19135-FRA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1622043583.875748,VS0,VE0
Strict-Transport-Security: max-age=31557600

• http://nkb.ch/
151.101.194.191
301
https://nkb.ch/

0.047
A
Retry-After: 0
Location: https://nkb.ch/
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:42 GMT
Connection: close
X-Served-By: cache-fra19158-FRA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1622043583.935420,VS0,VE0
Strict-Transport-Security: max-age=31557600

• http://nkb.ch/
2a04:4e42:a::703
301
https://nkb.ch/

0.330
A
Retry-After: 0
Location: https://nkb.ch/
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:43 GMT
Connection: close
X-Served-By: cache-sjc10072-SJC
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1622043583.316950,VS0,VE1
Strict-Transport-Security: max-age=31557600

• http://www.nkb.ch/
151.101.2.191
301
https://www.nkb.ch/

0.046
A
Retry-After: 0
Location: https://www.nkb.ch/
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:43 GMT
Connection: close
X-Served-By: cache-fra19126-FRA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1622043584.608277,VS0,VE0
Strict-Transport-Security: max-age=31557600

• http://www.nkb.ch/
151.101.66.191
301
https://www.nkb.ch/

0.047
A
Retry-After: 0
Location: https://www.nkb.ch/
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:43 GMT
Connection: close
X-Served-By: cache-fra19169-FRA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1622043584.664433,VS0,VE0
Strict-Transport-Security: max-age=31557600

• http://www.nkb.ch/
151.101.130.191
301
https://www.nkb.ch/

0.047
A
Retry-After: 0
Location: https://www.nkb.ch/
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:43 GMT
Connection: close
X-Served-By: cache-fra19156-FRA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1622043583.494415,VS0,VE0
Strict-Transport-Security: max-age=31557600

• http://www.nkb.ch/
151.101.194.191
301
https://www.nkb.ch/

0.047
A
Retry-After: 0
Location: https://www.nkb.ch/
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:43 GMT
Connection: close
X-Served-By: cache-fra19164-FRA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1622043584.551177,VS0,VE0
Strict-Transport-Security: max-age=31557600

• https://nkb.ch/
151.101.2.191
301
https://www.nkb.ch/
Html is minified: 109.21 %
4.243
A
Connection: close
Content-Length: 166
Content-Type: text/html
Location: https://www.nkb.ch/
X-LAGOON: lb1.ch1.amazee.io>varnish-35-hbjhb>nginx-97-klj28
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:54 GMT
Age: 1307
X-Served-By: cache-fra19169-FRA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1622043594.185004,VS0,VE0
Strict-Transport-Security: max-age=31557600

• https://nkb.ch/
151.101.66.191
301
https://www.nkb.ch/
Html is minified: 109.21 %
4.243
A
Connection: close
Content-Length: 166
Content-Type: text/html
Location: https://www.nkb.ch/
X-LAGOON: lb1.ch1.amazee.io>varnish-35-hbjhb>nginx-97-klj28
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:59 GMT
Age: 1312
X-Served-By: cache-fra19154-FRA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1622043599.084653,VS0,VE0
Strict-Transport-Security: max-age=31557600

• https://nkb.ch/
151.101.130.191
301
https://www.nkb.ch/
Html is minified: 109.21 %
4.477
A
Connection: close
Content-Length: 166
Content-Type: text/html
Location: https://www.nkb.ch/
X-LAGOON: lb1.ch1.amazee.io>varnish-35-hbjhb>nginx-97-klj28
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:43 GMT
Age: 1297
X-Served-By: cache-fra19176-FRA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1622043584.975214,VS0,VE0
Strict-Transport-Security: max-age=31557600

• https://nkb.ch/
151.101.194.191
301
https://www.nkb.ch/
Html is minified: 109.21 %
4.290
A
Connection: close
Content-Length: 166
Content-Type: text/html
Location: https://www.nkb.ch/
X-LAGOON: lb1.ch1.amazee.io>varnish-35-hbjhb>nginx-97-klj28
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:39:49 GMT
Age: 1302
X-Served-By: cache-fra19132-FRA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1622043589.245025,VS0,VE1
Strict-Transport-Security: max-age=31557600

• https://nkb.ch/
2a04:4e42:a::703
301
https://www.nkb.ch/
Html is minified: 109.21 %
5.967
A
Connection: close
Content-Length: 166
Content-Type: text/html
Location: https://www.nkb.ch/
X-LAGOON: lb1.ch1.amazee.io>varnish-35-hbjhb>nginx-97-klj28
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:04 GMT
Age: 0
X-Served-By: cache-fra19133-FRA, cache-sjc10079-SJC
X-Cache: HIT, MISS
X-Cache-Hits: 1, 0
X-Timer: S1622043604.346709,VS0,VE154
Strict-Transport-Security: max-age=31557600

• https://www.nkb.ch/
151.101.2.191
Inline-JavaScript (∑/total): 57/10210 Inline-CSS (∑/total): 1/420
200

Html is minified: 145.33 %
Other inline scripts (∑/total): 6/12707
4.276
A
Connection: close
Content-Length: 30237
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=300, public
Link: <https://www.nkb.ch/>; rel="canonical", <https://www.nkb.ch/>; rel="shortlink",<https://www.nkb.ch/startseite>; rel="revision"
X-UA-Compatible: IE=edge
Content-language: de
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 26 May 2021 15:39:03 GMT
ETag: W/"1622043543"
Content-Security-Policy: default-src 'self' *.nkb.ch; connect-src 'self' *.google-analytics.com *.doubleclick.net *.nr-data.net *.nkb.ch; font-src 'self' *.nkb.ch *.googleapis.com data: *.gstatic.com *.googleusercontent.com; frame-src 'self' *.youtube.com *.nkb.ch *.logismata.ch; img-src 'self' *.nkb.ch *.gstatic.com data: *.googleapis.com *.ggpht.com *.google.com *.google.ch; script-src 'self' *.nkb.ch *.googleapis.com *.googletagmanager.com *.google-analytics.com *.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inba.nkb.ch https://maps.googleapis.com https://polyfill.io 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' *.nkb.ch *.nr-data.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.newrelic.com cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inba.nkb.ch https://maps.googleapis.com https://polyfill.io 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.nkb.ch fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://www.nkb.ch/report-uri/enforce
Content-Encoding: gzip
X-LAGOON: lb2.ch1.amazee.io>varnish-35-sj2tx>nginx-97-klj28
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:21 GMT
Age: 32
X-Served-By: cache-fra19171-FRA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1622043621.485730,VS0,VE1
Vary: Cookie, Accept-Encoding
Strict-Transport-Security: max-age=31557600

• https://www.nkb.ch/
151.101.66.191
Inline-JavaScript (∑/total): 57/10210 Inline-CSS (∑/total): 1/420
200

Html is minified: 145.33 %
Other inline scripts (∑/total): 6/12707
4.293
A
Connection: close
Content-Length: 30237
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=300, public
Link: <https://www.nkb.ch/>; rel="canonical", <https://www.nkb.ch/>; rel="shortlink",<https://www.nkb.ch/startseite>; rel="revision"
X-UA-Compatible: IE=edge
Content-language: de
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 26 May 2021 15:39:03 GMT
ETag: W/"1622043543"
Content-Security-Policy: default-src 'self' *.nkb.ch; connect-src 'self' *.google-analytics.com *.doubleclick.net *.nr-data.net *.nkb.ch; font-src 'self' *.nkb.ch *.googleapis.com data: *.gstatic.com *.googleusercontent.com; frame-src 'self' *.youtube.com *.nkb.ch *.logismata.ch; img-src 'self' *.nkb.ch *.gstatic.com data: *.googleapis.com *.ggpht.com *.google.com *.google.ch; script-src 'self' *.nkb.ch *.googleapis.com *.googletagmanager.com *.google-analytics.com *.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inba.nkb.ch https://maps.googleapis.com https://polyfill.io 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' *.nkb.ch *.nr-data.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.newrelic.com cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inba.nkb.ch https://maps.googleapis.com https://polyfill.io 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.nkb.ch fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://www.nkb.ch/report-uri/enforce
Content-Encoding: gzip
X-LAGOON: lb2.ch1.amazee.io>varnish-35-sj2tx>nginx-97-klj28
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:26 GMT
Age: 37
X-Served-By: cache-fra19172-FRA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1622043627.722342,VS0,VE1
Vary: Cookie, Accept-Encoding
Strict-Transport-Security: max-age=31557600

• https://www.nkb.ch/
151.101.130.191
Inline-JavaScript (∑/total): 57/10210 Inline-CSS (∑/total): 1/420
200

Html is minified: 145.33 %
Other inline scripts (∑/total): 6/12707
4.334
A
Connection: close
Content-Length: 30237
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=300, public
Link: <https://www.nkb.ch/>; rel="canonical", <https://www.nkb.ch/>; rel="shortlink",<https://www.nkb.ch/startseite>; rel="revision"
X-UA-Compatible: IE=edge
Content-language: de
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 26 May 2021 15:39:03 GMT
ETag: W/"1622043543"
Content-Security-Policy: default-src 'self' *.nkb.ch; connect-src 'self' *.google-analytics.com *.doubleclick.net *.nr-data.net *.nkb.ch; font-src 'self' *.nkb.ch *.googleapis.com data: *.gstatic.com *.googleusercontent.com; frame-src 'self' *.youtube.com *.nkb.ch *.logismata.ch; img-src 'self' *.nkb.ch *.gstatic.com data: *.googleapis.com *.ggpht.com *.google.com *.google.ch; script-src 'self' *.nkb.ch *.googleapis.com *.googletagmanager.com *.google-analytics.com *.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inba.nkb.ch https://maps.googleapis.com https://polyfill.io 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' *.nkb.ch *.nr-data.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.newrelic.com cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inba.nkb.ch https://maps.googleapis.com https://polyfill.io 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.nkb.ch fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://www.nkb.ch/report-uri/enforce
Content-Encoding: gzip
X-LAGOON: lb2.ch1.amazee.io>varnish-35-sj2tx>nginx-97-klj28
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:10 GMT
Age: 21
X-Served-By: cache-fra19120-FRA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1622043611.686776,VS0,VE1
Vary: Cookie, Accept-Encoding
Strict-Transport-Security: max-age=31557600

• https://www.nkb.ch/
151.101.194.191
Inline-JavaScript (∑/total): 57/10210 Inline-CSS (∑/total): 1/420
200

Html is minified: 145.33 %
Other inline scripts (∑/total): 6/12707
4.270
A
Connection: close
Content-Length: 30237
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=300, public
Link: <https://www.nkb.ch/>; rel="canonical", <https://www.nkb.ch/>; rel="shortlink",<https://www.nkb.ch/startseite>; rel="revision"
X-UA-Compatible: IE=edge
Content-language: de
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 26 May 2021 15:39:03 GMT
ETag: W/"1622043543"
Content-Security-Policy: default-src 'self' *.nkb.ch; connect-src 'self' *.google-analytics.com *.doubleclick.net *.nr-data.net *.nkb.ch; font-src 'self' *.nkb.ch *.googleapis.com data: *.gstatic.com *.googleusercontent.com; frame-src 'self' *.youtube.com *.nkb.ch *.logismata.ch; img-src 'self' *.nkb.ch *.gstatic.com data: *.googleapis.com *.ggpht.com *.google.com *.google.ch; script-src 'self' *.nkb.ch *.googleapis.com *.googletagmanager.com *.google-analytics.com *.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inba.nkb.ch https://maps.googleapis.com https://polyfill.io 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' *.nkb.ch *.nr-data.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.newrelic.com cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inba.nkb.ch https://maps.googleapis.com https://polyfill.io 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.nkb.ch fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://www.nkb.ch/report-uri/enforce
Content-Encoding: gzip
X-LAGOON: lb2.ch1.amazee.io>varnish-35-sj2tx>nginx-97-klj28
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:16 GMT
Age: 27
X-Served-By: cache-fra19124-FRA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1622043616.115935,VS0,VE1
Vary: Cookie, Accept-Encoding
Strict-Transport-Security: max-age=31557600

• http://nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
151.101.2.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
301
https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 109.21 %
Other inline scripts (∑/total): 0/0
0.080
E
Visible Content: 301 Moved Permanently openresty
Content-Type: text/html
Location: https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Age: 0
X-LAGOON: lb1.ch1.amazee.io>varnish-35-hbjhb>nginx-97-klj28
Content-Length: 166
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:32 GMT
Connection: close
X-Served-By: cache-fra19139-FRA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1622043632.193139,VS0,VE33
Strict-Transport-Security: max-age=31557600

• http://nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
151.101.66.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
301
https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 109.21 %
Other inline scripts (∑/total): 0/0
0.077
E
Visible Content: 301 Moved Permanently openresty
Content-Type: text/html
Location: https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Age: 0
X-LAGOON: lb1.ch1.amazee.io>varnish-35-sj2tx>nginx-97-klj28
Content-Length: 166
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:32 GMT
Connection: close
X-Served-By: cache-fra19148-FRA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1622043632.309080,VS0,VE33
Strict-Transport-Security: max-age=31557600

• http://nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
151.101.130.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
301
https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 109.21 %
Other inline scripts (∑/total): 0/0
0.083
E
Visible Content: 301 Moved Permanently openresty
Content-Type: text/html
Location: https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Age: 0
X-LAGOON: lb2.ch1.amazee.io>varnish-35-hbjhb>nginx-97-klj28
Content-Length: 166
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:31 GMT
Connection: close
X-Served-By: cache-fra19143-FRA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1622043632.961347,VS0,VE34
Strict-Transport-Security: max-age=31557600

• http://nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
151.101.194.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
301
https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 109.21 %
Other inline scripts (∑/total): 0/0
0.084
E
Visible Content: 301 Moved Permanently openresty
Content-Type: text/html
Location: https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Age: 0
X-LAGOON: lb2.ch1.amazee.io>varnish-35-sj2tx>nginx-97-klj28
Content-Length: 166
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:32 GMT
Connection: close
X-Served-By: cache-fra19130-FRA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1622043632.075373,VS0,VE34
Strict-Transport-Security: max-age=31557600

• http://nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2a04:4e42:a::703
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
301
https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Html is minified: 109.21 %
Other inline scripts (∑/total): 0/0
1.107
E
Visible Content: 301 Moved Permanently openresty
Content-Type: text/html
Location: https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Age: 0
X-LAGOON: lb2.ch1.amazee.io>varnish-35-hbjhb>nginx-97-klj28
Content-Length: 166
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:33 GMT
Connection: close
X-Served-By: cache-sjc10080-SJC
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1622043633.639760,VS0,VE777
Strict-Transport-Security: max-age=31557600

• http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
151.101.2.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
403

Html is minified: 110.29 %
Other inline scripts (∑/total): 0/0
0.083
M
Forbidden
Visible Content: 403 Forbidden openresty
Content-Type: text/html
Content-Encoding: gzip
Age: 0
X-LAGOON: lb1.ch1.amazee.io>varnish-35-sj2tx>nginx-97-klj28
Content-Length: 111
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:33 GMT
Connection: close
X-Served-By: cache-fra19125-FRA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1622043634.819777,VS0,VE38
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31557600

• http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
151.101.66.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
403

Html is minified: 110.29 %
Other inline scripts (∑/total): 0/0
0.080
M
Forbidden
Visible Content: 403 Forbidden openresty
Content-Type: text/html
Content-Encoding: gzip
Age: 0
X-LAGOON: lb2.ch1.amazee.io>varnish-35-hbjhb>nginx-97-klj28
Content-Length: 111
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:33 GMT
Connection: close
X-Served-By: cache-fra19158-FRA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1622043634.944281,VS0,VE34
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31557600

• http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
151.101.130.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
403

Html is minified: 110.29 %
Other inline scripts (∑/total): 0/0
0.084
M
Forbidden
Visible Content: 403 Forbidden openresty
Content-Type: text/html
Content-Encoding: gzip
Age: 0
X-LAGOON: lb1.ch1.amazee.io>varnish-35-hbjhb>nginx-97-klj28
Content-Length: 111
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:33 GMT
Connection: close
X-Served-By: cache-fra19160-FRA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1622043634.606740,VS0,VE32
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31557600

• http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
151.101.194.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
403

Html is minified: 110.29 %
Other inline scripts (∑/total): 0/0
0.057
M
Forbidden
Visible Content: 403 Forbidden openresty
Content-Type: text/html
Content-Encoding: gzip
Age: 0
X-LAGOON: lb1.ch1.amazee.io>varnish-35-sj2tx>nginx-97-klj28
Content-Length: 111
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:33 GMT
Connection: close
X-Served-By: cache-fra19138-FRA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1622043634.724822,VS0,VE10
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31557600

• https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
403

Html is minified: 110.29 %
Other inline scripts (∑/total): 0/0
6.723
M
Forbidden
Visible Content: 403 Forbidden openresty
Connection: close
Content-Length: 111
Content-Type: text/html
Content-Encoding: gzip
Age: 0
X-LAGOON: lb1.ch1.amazee.io>varnish-35-sj2tx>nginx-97-klj28
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:57 GMT
X-Served-By: cache-bom4743-BOM
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1622043657.861941,VS0,VE1066
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31557600

• https://151.101.2.191/
151.101.2.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
500

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0
3.290
N
Domain Not Found
Certificate error: RemoteCertificateNameMismatch
small visible content (num chars: 131)
Fastly error: unknown domain: 151.101.2.191. Please check that this domain has been added to a service. Details: cache-fra19125-FRA
Connection: close
Content-Length: 247
Server: Varnish
Retry-After: 0
content-type: text/html
Cache-Control: private, no-cache
X-Served-By: cache-fra19125-FRA
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:42 GMT
Via: 1.1 varnish

• https://151.101.66.191/
151.101.66.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
500

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0
3.294
N
Domain Not Found
Certificate error: RemoteCertificateNameMismatch
small visible content (num chars: 132)
Fastly error: unknown domain: 151.101.66.191. Please check that this domain has been added to a service. Details: cache-fra19128-FRA
Connection: close
Content-Length: 249
Server: Varnish
Retry-After: 0
content-type: text/html
Cache-Control: private, no-cache
X-Served-By: cache-fra19128-FRA
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:46 GMT
Via: 1.1 varnish

• https://151.101.130.191/
151.101.130.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
500

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0
3.464
N
Domain Not Found
Certificate error: RemoteCertificateNameMismatch
small visible content (num chars: 133)
Fastly error: unknown domain: 151.101.130.191. Please check that this domain has been added to a service. Details: cache-fra19172-FRA
Connection: close
Content-Length: 251
Server: Varnish
Retry-After: 0
content-type: text/html
Cache-Control: private, no-cache
X-Served-By: cache-fra19172-FRA
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:34 GMT
Via: 1.1 varnish

• https://151.101.194.191/
151.101.194.191
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
500

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0
3.297
N
Domain Not Found
Certificate error: RemoteCertificateNameMismatch
small visible content (num chars: 133)
Fastly error: unknown domain: 151.101.194.191. Please check that this domain has been added to a service. Details: cache-fra19154-FRA
Connection: close
Content-Length: 251
Server: Varnish
Retry-After: 0
content-type: text/html
Cache-Control: private, no-cache
X-Served-By: cache-fra19154-FRA
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:38 GMT
Via: 1.1 varnish

• https://[2a04:4e42:000a:0000:0000:0000:0000:0703]/
2a04:4e42:a::703
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0
500

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0
5.296
N
Domain Not Found
Certificate error: RemoteCertificateNameMismatch
small visible content (num chars: 150)
Fastly error: unknown domain: 2a044e42000a00000000000000000703. Please check that this domain has been added to a service. Details: cache-sjc10042-SJC
Connection: close
Content-Length: 285
Server: Varnish
Retry-After: 0
content-type: text/html
Cache-Control: private, no-cache
X-Served-By: cache-sjc10042-SJC
Accept-Ranges: bytes
Date: Wed, 26 May 2021 15:40:50 GMT
Via: 1.1 varnish

 

7. Comments


1. General Results, most used to calculate the result

Aname "nkb.ch" is domain, public suffix is ".ch", top-level-domain is ".ch", top-level-domain-type is "country-code", Country is Switzerland, tld-manager is "SWITCH The Swiss Education & Research Network", num .ch-domains preloaded: 1696 (complete: 151507)
AGood: All ip addresses are public addresses
AGood: Minimal 2 ip addresses per domain name found: nkb.ch has 5 different ip addresses (authoritative).
AGood: Ipv4 and Ipv6 addresses per domain name found: nkb.ch has 4 ipv4, 1 ipv6 addresses
AGood: No asked Authoritative Name Server had a timeout
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: www is preferred
AGood: No cookie sent via http.
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):4 complete Content-Type - header (14 urls)
http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 151.101.2.191


Url with incomplete Content-Type - header - missing charset
http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 151.101.66.191


Url with incomplete Content-Type - header - missing charset
http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 151.101.130.191


Url with incomplete Content-Type - header - missing charset
http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 151.101.194.191


Url with incomplete Content-Type - header - missing charset
https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de


Url with incomplete Content-Type - header - missing charset
https://151.101.2.191/ 151.101.2.191


Url with incomplete Content-Type - header - missing charset
https://151.101.66.191/ 151.101.66.191


Url with incomplete Content-Type - header - missing charset
https://151.101.130.191/ 151.101.130.191


Url with incomplete Content-Type - header - missing charset
https://151.101.194.191/ 151.101.194.191


Url with incomplete Content-Type - header - missing charset
https://[2a04:4e42:000a:0000:0000:0000:0000:0703]/ 2a04:4e42:a::703


Url with incomplete Content-Type - header - missing charset
Ahttp://nkb.ch/ 151.101.2.191
301
https://nkb.ch/
Correct redirect http - https with the same domain name
Ahttp://nkb.ch/ 151.101.66.191
301
https://nkb.ch/
Correct redirect http - https with the same domain name
Ahttp://nkb.ch/ 151.101.130.191
301
https://nkb.ch/
Correct redirect http - https with the same domain name
Ahttp://nkb.ch/ 151.101.194.191
301
https://nkb.ch/
Correct redirect http - https with the same domain name
Ahttp://nkb.ch/ 2a04:4e42:a::703
301
https://nkb.ch/
Correct redirect http - https with the same domain name
Ahttp://www.nkb.ch/ 151.101.2.191
301
https://www.nkb.ch/
Correct redirect http - https with the same domain name
Ahttp://www.nkb.ch/ 151.101.66.191
301
https://www.nkb.ch/
Correct redirect http - https with the same domain name
Ahttp://www.nkb.ch/ 151.101.130.191
301
https://www.nkb.ch/
Correct redirect http - https with the same domain name
Ahttp://www.nkb.ch/ 151.101.194.191
301
https://www.nkb.ch/
Correct redirect http - https with the same domain name
Nhttps://151.101.2.191/ 151.101.2.191
500

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://151.101.66.191/ 151.101.66.191
500

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://151.101.130.191/ 151.101.130.191
500

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://151.101.194.191/ 151.101.194.191
500

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://[2a04:4e42:000a:0000:0000:0000:0000:0703]/ 2a04:4e42:a::703
500

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain nkb.ch, 5 ip addresses.
Info: Checking all ip addresses of that domain without sending the hostname only one certificate found. Checking all ip addresses and sending the hostname only one certificate found. Both certificates are different. So that domain requires Server Name Indication (SNI), so the server is able to select the correct certificate.: Domain nkb.ch, 5 ip addresses.

2. Header-Checks (Cross-Origin-* headers are alpha - started 2024-06-05)


3. DNS- and NameServer - Checks

AInfo:: 2 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 4 Name Servers.
AInfo:: 2 Queries complete, 2 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
AGood: Some ip addresses of name servers found with the minimum of two DNS Queries. One to find the TLD-Zone, one to ask the TLD-Zone.ns1.securedns.ch (2a01:6980:aca9:100::21, 91.194.196.36), ns2.securedns.ch (2a01:6980:aca9:100::22, 91.194.196.37), ns3.securedns.ch (2001:1620:20ad:200::37, 77.109.136.195), ns4.securedns.ch (185.206.180.142)
AGood (1 - 3.0):: An average of 0.5 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 4 different Name Servers found: ns1.securedns.ch, ns2.securedns.ch, ns3.securedns.ch, ns4.securedns.ch, 4 Name Servers included in Delegation: ns1.securedns.ch, ns2.securedns.ch, ns3.securedns.ch, ns4.securedns.ch, 4 Name Servers included in 1 Zone definitions: ns1.securedns.ch, ns2.securedns.ch, ns3.securedns.ch, ns4.securedns.ch, 1 Name Servers listed in SOA.Primary: ns1.securedns.ch.
AGood: Only one SOA.Primary Name Server found.: ns1.securedns.ch.
AGood: SOA.Primary Name Server included in the delegation set.: ns1.securedns.ch.
AGood: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: ns1.securedns.ch, ns2.securedns.ch, ns3.securedns.ch, ns4.securedns.ch
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AGood: Minimal 2 different name servers (public suffix and public ip address) found: 4 different Name Servers found
AGood: Some Name Servers have IPv6 addresses: 3 Name Servers with IPv6 found (1 Name Servers without IPv6)
Warning: All Name Servers have the same Top Level Domain / Public Suffix. If there is a problem with that Top Level Domain, your domain may be affected. Better: Use Name Servers with different top level domains.: 4 Name Servers, 1 Top Level Domain: ch
Warning: All Name Servers have the same domain name. If there is a problem with that domain name (or with the name servers of that domain name), your domain may be affected. Better: Use Name Servers with different domain names / different top level domains.: Only one domain name used: securedns.ch
AGood: Name servers with different Country locations found: 4 Name Servers, 2 Countries: CH, DE
AInfo: Ipv4-Subnet-list: 4 Name Servers, 3 different subnets (first Byte): 185., 77., 91., 3 different subnets (first two Bytes): 185.206., 77.109., 91.194., 3 different subnets (first three Bytes): 185.206.180., 77.109.136., 91.194.196.
AGood: Name Server IPv4-addresses from different subnet found:
AInfo: IPv6-Subnet-list: 3 Name Servers with IPv6, 2 different subnets (first block): 2001:, 2a01:, 2 different subnets (first two blocks): 2001:1620:, 2a01:6980:, 2 different subnets (first three blocks): 2001:1620:20ad:, 2a01:6980:aca9:, 2 different subnets (first four blocks): 2001:1620:20ad:0200:, 2a01:6980:aca9:0100:
AGood: Name Server IPv6 addresses from different subnets found.
AGood: Nameserver supports TCP connections: 7 good Nameserver
AGood: Nameserver supports Echo Capitalization: 7 good Nameserver
XNameserver Timeout checking Echo Capitalization: c.nic.ch
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 7 good Nameserver
Nameserver doesn't pass all EDNS-Checks: b0.nic.io: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: ok (ns087b.app10.ams2.afilias-nst.info). COOKIE: ok. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: c.nic.ch: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: ns1.securedns.ch / 91.194.196.36: OP100: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found, NO OPT100 expected, OPT100 echoed. FLAGS: ok. V1: ok. V1OP100: SOA NOT expected and NOT found, BADVER expected, NOERR found, Version 0 expected, Version greater 0 found, NO OPT100 expected, OPT100 echoed. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: ns1.securedns.ch / 2a01:6980:aca9:100::21: OP100: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found, NO OPT100 expected, OPT100 echoed. FLAGS: ok. V1: ok. V1OP100: SOA NOT expected and NOT found, BADVER expected, NOERR found, Version 0 expected, Version greater 0 found, NO OPT100 expected, OPT100 echoed. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: ns2.securedns.ch / 91.194.196.37: OP100: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found, NO OPT100 expected, OPT100 echoed. FLAGS: ok. V1: ok. V1OP100: SOA NOT expected and NOT found, BADVER expected, NOERR found, Version 0 expected, Version greater 0 found, NO OPT100 expected, OPT100 echoed. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: ns2.securedns.ch / 2a01:6980:aca9:100::22: OP100: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found, NO OPT100 expected, OPT100 echoed. FLAGS: ok. V1: ok. V1OP100: SOA NOT expected and NOT found, BADVER expected, NOERR found, Version 0 expected, Version greater 0 found, NO OPT100 expected, OPT100 echoed. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: ns3.securedns.ch / 77.109.136.195: OP100: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found, NO OPT100 expected, OPT100 echoed. FLAGS: ok. V1: ok. V1OP100: SOA NOT expected and NOT found, BADVER expected, NOERR found, Version 0 expected, Version greater 0 found, NO OPT100 expected, OPT100 echoed. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: ns3.securedns.ch / 2001:1620:20ad:200::37: OP100: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found, NO OPT100 expected, OPT100 echoed. FLAGS: ok. V1: ok. V1OP100: SOA NOT expected and NOT found, BADVER expected, NOERR found, Version 0 expected, Version greater 0 found, NO OPT100 expected, OPT100 echoed. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: ns4.securedns.ch / 185.206.180.142: OP100: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. FLAGS: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

4. Content- and Performance-critical Checks

http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 151.101.2.191
403

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 401 / 403 Not Allowed / Forbidden. A http status 404 - Not Found - is expected. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 151.101.66.191
403

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 401 / 403 Not Allowed / Forbidden. A http status 404 - Not Found - is expected. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 151.101.130.191
403

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 401 / 403 Not Allowed / Forbidden. A http status 404 - Not Found - is expected. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 151.101.194.191
403

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 401 / 403 Not Allowed / Forbidden. A http status 404 - Not Found - is expected. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
https://www.nkb.ch/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
403

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 401 / 403 Not Allowed / Forbidden. A http status 404 - Not Found - is expected. Creating a Letsencrypt certificate via http-01 challenge may not work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Every https result with status 200 and greater 1024 Bytes is compressed (gzip, deflate, br checked).
https://www.nkb.ch/ 151.101.2.191
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://www.nkb.ch/ 151.101.66.191
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://www.nkb.ch/ 151.101.130.191
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://www.nkb.ch/ 151.101.194.191
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://www.nkb.ch/ 151.101.2.191
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://www.nkb.ch/ 151.101.66.191
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://www.nkb.ch/ 151.101.130.191
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
https://www.nkb.ch/ 151.101.194.191
200

Warning: Https result with status 200 found, Html-Content is too big. Should be max. 110 %. May contain inline CSS / JavaScript, too much comments or white space. Re-used ressources - create files with a long Cache-Control max-age header. Remove comments and white space.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
https://www.nkb.ch/ 151.101.2.191
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 52 script elements without defer/async.
https://www.nkb.ch/ 151.101.66.191
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 52 script elements without defer/async.
https://www.nkb.ch/ 151.101.130.191
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 52 script elements without defer/async.
https://www.nkb.ch/ 151.101.194.191
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 52 script elements without defer/async.
Warning: CSS / JavaScript found without Compression. Compress these ressources, gzip, deflate, br are checked. 8 external CSS / JavaScript files without GZip found - 336 with GZip, 344 complete
AGood: All images with internal compression not compressed. Some Images (.png, .jpg, .jpeg, .webp, .gif) are already compressed, so an additional compression isn't helpful. 12 images (type image/png, image/jpg) found without additional GZip. Not required because these images are already compressed
Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 0 external CSS / JavaScript files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 8 with Cache-Control max-age too short (minimum 7 days), 336 with Cache-Control long enough, 344 complete.
Warning: Images with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 16 image files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 12 with Cache-Control long enough, 28 complete.
AGood: All checked attribute values are enclosed in quotation marks (" or ').
AGood: Some img-elements have a valid alt-attribute.: 28 img-elements found, 12 img-elements with correct alt-attributes (defined, not an empty value).
Wrong: img-elements without alt-attribute or empty alt-attribute found. The alt-attribute ("alternative") is required and should describe the img. So Screenreader and search engines are able to use these informations.: 16 img-elements without alt-attribute, 0 img-elements with empty alt-attribute found.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
http://nkb.ch/ 151.101.2.191
301

Warning: HSTS header sent via http has no effect
http://nkb.ch/ 151.101.66.191
301

Warning: HSTS header sent via http has no effect
http://nkb.ch/ 151.101.130.191
301

Warning: HSTS header sent via http has no effect
http://nkb.ch/ 151.101.194.191
301

Warning: HSTS header sent via http has no effect
http://nkb.ch/ 2a04:4e42:a::703
301

Warning: HSTS header sent via http has no effect
http://www.nkb.ch/ 151.101.2.191
301

Warning: HSTS header sent via http has no effect
http://www.nkb.ch/ 151.101.66.191
301

Warning: HSTS header sent via http has no effect
http://www.nkb.ch/ 151.101.130.191
301

Warning: HSTS header sent via http has no effect
http://www.nkb.ch/ 151.101.194.191
301

Warning: HSTS header sent via http has no effect
ADuration: 275617 milliseconds, 275.617 seconds

 

8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
nkb.ch
151.101.2.191
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
nkb.ch
151.101.2.191
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, C=CH, ST=Nidwalden


2CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL


nkb.ch
151.101.66.191
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

nkb.ch
151.101.66.191
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, C=CH, ST=Nidwalden


2CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL


nkb.ch
151.101.130.191
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

nkb.ch
151.101.130.191
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, C=CH, ST=Nidwalden


2CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL


nkb.ch
151.101.194.191
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

nkb.ch
151.101.194.191
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, C=CH, ST=Nidwalden


2CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL


nkb.ch
2a04:4e42:a::703
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

nkb.ch
2a04:4e42:a::703
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, C=CH, ST=Nidwalden


2CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL


www.nkb.ch
151.101.2.191
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

www.nkb.ch
151.101.2.191
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, C=CH, ST=Nidwalden


2CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL


www.nkb.ch
151.101.66.191
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

www.nkb.ch
151.101.66.191
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, C=CH, ST=Nidwalden


2CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL


www.nkb.ch
151.101.130.191
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

www.nkb.ch
151.101.130.191
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, C=CH, ST=Nidwalden


2CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL


www.nkb.ch
151.101.194.191
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

www.nkb.ch
151.101.194.191
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
SNI required
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, C=CH, ST=Nidwalden


2CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL


www.nkb.ch
www.nkb.ch
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

www.nkb.ch
www.nkb.ch
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, C=CH, ST=Nidwalden


2CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL


151.101.2.191
151.101.2.191
443
name does not match
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

151.101.2.191
151.101.2.191
443
name does not match
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=*.cdn.amazee.io


2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester


3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey


151.101.66.191
151.101.66.191
443
name does not match
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

151.101.66.191
151.101.66.191
443
name does not match
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=*.cdn.amazee.io


2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester


3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey


151.101.130.191
151.101.130.191
443
name does not match
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

151.101.130.191
151.101.130.191
443
name does not match
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=*.cdn.amazee.io


2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester


3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey


151.101.194.191
151.101.194.191
443
name does not match
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

151.101.194.191
151.101.194.191
443
name does not match
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=*.cdn.amazee.io


2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester


3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey


[2a04:4e42:000a:0000:0000:0000:0000:0703]
2a04:4e42:a::703
443
name does not match
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
supported
ok

[2a04:4e42:000a:0000:0000:0000:0000:0703]
2a04:4e42:a::703
443
name does not match
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
supported
ok
http/2 via ALPN supported 
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
http/2 via ALPN supported
Cert sent without SNI
Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)

1CN=*.cdn.amazee.io


2CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, C=GB, ST=Greater Manchester


3CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, C=US, ST=New Jersey

 

9. Certificates

1.
1.
CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, S=Nidwalden, C=CH, SERIALNUMBER=CHE-108.954.694, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Nidwalden, OID.1.3.6.1.4.1.311.60.2.1.3=CH
27.08.2020
27.08.2022
832 days expired
nkb.ch, www.nkb.ch, pki.nkb.ch - 3 entries
1.
1.
CN=nkb.ch, O=Nidwaldner Kantonalbank, L=Stans, S=Nidwalden, C=CH, SERIALNUMBER=CHE-108.954.694, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Nidwalden, OID.1.3.6.1.4.1.311.60.2.1.3=CH
27.08.2020

27.08.2022
832 days expired


nkb.ch, www.nkb.ch, pki.nkb.ch - 3 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:515E1653C9C8F6B6287B4AE13B59D78B8D6D91F8
Thumbprint:0BAB2149B742FE30CCAD372B23021A011F809E9A
SHA256 / Certificate:1S86SdAjUMM1ls9X8bxnPFbLJQ7beFQcONGDN+BtAP8=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):69e655db864e4e782884736db1e94fda5f3c90a55203f019997b83f120f8cca0
SHA256 hex / Subject Public Key Information (SPKI):69e655db864e4e782884736db1e94fda5f3c90a55203f019997b83f120f8cca0
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.quovadisglobal.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)




2.
CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL
20.07.2020
18.07.2030
expires in 2050 days


2.
CN=QuoVadis Europe EV SSL CA G1, O=QuoVadis Trustlink B.V., C=NL
20.07.2020

18.07.2030
expires in 2050 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:3A020322B6816C18B72ACBB592BEF74DD786A8B8
Thumbprint:838D3B85845A8E5D9DFB2DA65D776A77B01CAF5F
SHA256 / Certificate:y2Zmsyv/Lv7cxBh98Umm00pdELcWW5z/KmfA4xGu7tc=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):5a45955b1d7e5f70aec2d14626f0e376be61397f0f78caf2246d956bb63a723f
SHA256 hex / Subject Public Key Information (SPKI):5a45955b1d7e5f70aec2d14626f0e376be61397f0f78caf2246d956bb63a723f
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.quovadisglobal.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)




3.
CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
12.01.2012
12.01.2042
expires in 6246 days


3.
CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
12.01.2012

12.01.2042
expires in 6246 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:445734245B81899B35F2CEB82B3B5BA726F07528
Thumbprint:093C61F38B8BDC7D55DF7538020500E125F5C836
SHA256 / Certificate:j+T7Cvk6TQ1n2wvrsj43xxvzJdy83SQOoE2vWLR+GEA=
SHA256 hex / Cert (DANE * 0 1):8fe4fb0af93a4d0d67db0bebb23e37c71bf325dcbcdd240ea04daf58b47e1840
SHA256 hex / PublicKey (DANE * 1 1):4a49edbd2f8f8230bd5592b313573fe1c172a45fa98011cc1eddbb36ade3fce5
SHA256 hex / Subject Public Key Information (SPKI):4a49edbd2f8f8230bd5592b313573fe1c172a45fa98011cc1eddbb36ade3fce5
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




2.
1.
CN=*.cdn.amazee.io
22.04.2020
23.04.2022
958 days expired
*.cdn.amazee.io, cdn.amazee.io - 2 entries
2.
1.
CN=*.cdn.amazee.io
22.04.2020

23.04.2022
958 days expired


*.cdn.amazee.io, cdn.amazee.io - 2 entries

KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:2DE9667FAAD05C183B3337B2ECC8D614
Thumbprint:DDFE794F17984ABE269619CEE403DC5DFAF377AF
SHA256 / Certificate:s/Jie55Z5AL0Q148n1BOlpRkCzoJbhtkf/R3Typ6KiM=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):7fb1b812b34830433cdebafbfdd4a8c7b6d18a5798a7c70c18f501338dd20794
SHA256 hex / Subject Public Key Information (SPKI):7fb1b812b34830433cdebafbfdd4a8c7b6d18a5798a7c70c18f501338dd20794
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.sectigo.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=*.cdn.amazee.io
22.04.2020
23.04.2022
958 days expired
*.cdn.amazee.io, cdn.amazee.io - 2 entries

2.
CN=*.cdn.amazee.io
22.04.2020

23.04.2022
958 days expired


*.cdn.amazee.io, cdn.amazee.io - 2 entries

KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:2DE9667FAAD05C183B3337B2ECC8D614
Thumbprint:DDFE794F17984ABE269619CEE403DC5DFAF377AF
SHA256 / Certificate:s/Jie55Z5AL0Q148n1BOlpRkCzoJbhtkf/R3Typ6KiM=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):7fb1b812b34830433cdebafbfdd4a8c7b6d18a5798a7c70c18f501338dd20794
SHA256 hex / Subject Public Key Information (SPKI):7fb1b812b34830433cdebafbfdd4a8c7b6d18a5798a7c70c18f501338dd20794
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.sectigo.com
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




3.
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
02.11.2018
01.01.2031
expires in 2217 days


3.
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
02.11.2018

01.01.2031
expires in 2217 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:7D5B5126B476BA11DB74160BBC530DA7
Thumbprint:33E4E80807204C2B6182A3A14B591ACD25B5F0DB
SHA256 / Certificate:f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):e1ae9c3de848ece1ba72e0d991ae4d0d9ec547c6bad1dddab9d6beb0a7e0e0d8
SHA256 hex / Subject Public Key Information (SPKI):e1ae9c3de848ece1ba72e0d991ae4d0d9ec547c6bad1dddab9d6beb0a7e0e0d8
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.usertrust.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




4.
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
02.11.2018
01.01.2031
expires in 2217 days


4.
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
02.11.2018

01.01.2031
expires in 2217 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:7D5B5126B476BA11DB74160BBC530DA7
Thumbprint:33E4E80807204C2B6182A3A14B591ACD25B5F0DB
SHA256 / Certificate:f6T/aOwEqZ11KNUIX5SQf00d0cU4G6zcgy7VyWAhRnY=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):e1ae9c3de848ece1ba72e0d991ae4d0d9ec547c6bad1dddab9d6beb0a7e0e0d8
SHA256 hex / Subject Public Key Information (SPKI):e1ae9c3de848ece1ba72e0d991ae4d0d9ec547c6bad1dddab9d6beb0a7e0e0d8
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp.usertrust.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




5.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
01.02.2010
19.01.2038
expires in 4792 days


5.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
01.02.2010

19.01.2038
expires in 4792 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:01FD6D30FCA3CA51A81BBC640E35032D
Thumbprint:2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
SHA256 / Certificate:55PJsC/YqhPiHDEiisywgRlkO3SciYlksXRtRsPUy9I=
SHA256 hex / Cert (DANE * 0 1):e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2
SHA256 hex / PublicKey (DANE * 1 1):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SHA256 hex / Subject Public Key Information (SPKI):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:





6.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
12.03.2019
01.01.2029
expires in 1487 days


6.
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
12.03.2019

01.01.2029
expires in 1487 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:3972443AF922B751D7D36C10DD313595
Thumbprint:D89E3BD43D5D909B47A18977AA9D5CE36CEE184C
SHA256 / Certificate:aLnHYSGaWx8BMXhEdGZdthu9sQngDwXKn3QkTuX19Ss=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SHA256 hex / Subject Public Key Information (SPKI):c784333d20bcd742b9fdc3236f4e509b8937070e73067e254dd3bf9c45bf4dde
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.comodoca.com
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




7.
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB
01.01.2004
01.01.2029
expires in 1487 days


7.
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, S=Greater Manchester, C=GB
01.01.2004

01.01.2029
expires in 1487 days




KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:01
Thumbprint:D1EB23A46D17D68FD92564C2F1F1601764D8E349
SHA256 / Certificate:16eg+11+JzHXcelITrze9x1fDD4KKUh4K8g+4OppnvQ=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):bd153ed7b0434f6886b17bce8bbe84ed340c7132d702a8f4fa318f756ecbd6f3
SHA256 hex / Subject Public Key Information (SPKI):bd153ed7b0434f6886b17bce8bbe84ed340c7132d702a8f4fa318f756ecbd6f3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




 

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Small Code Update - wait one minute

 

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Small Code Update - wait one minute

 

11. Html-Content - Entries

Summary

No data found or small Code-update

 

Details

Small Code Update - wait one minute

 

12. Html-Parsing via https://validator.nu/ / https://validator.w3.org/nu/ (started 2024-09-28, 09:00, alpha)

  Unfortunately, there are differences between the first used validator.nu and validator.w3.org/nu/ - switched to validator.w3.org/nu/. Looks like some error messages (link - fetchpriority attribute) of validator.nu are obsolete, not seen in the w3.org-version and not found in the current specification: link may have a fetchpriority attribute.

Small Code update, wait one minute

 

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns1.securedns.ch, ns2.securedns.ch, ns3.securedns.ch, ns4.securedns.ch

 

QNr.DomainTypeNS used
1
ch
NS
a.root-servers.net (2001:503:ba3e::2:30)

Answer: a.nic.ch, b.nic.ch, c.nic.ch, e.nic.ch, f.nic.ch, g.nic.ch
2
ns1.securedns.ch: 2a01:6980:aca9:100::21, 91.194.196.36
NS
a.nic.ch (2001:620:0:ff::56)

Answer: ns2.securedns.ch
2a01:6980:aca9:100::22, 91.194.196.37

Answer: ns3.securedns.ch
2001:1620:20ad:200::37, 77.109.136.195

Answer: ns4.securedns.ch
185.206.180.142

 

14. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
cdn.amazee.io



1
0
www.nkb.ch



1
0
amazee.io
0

no CAA entry found
1
0
nkb.ch
0

no CAA entry found
1
0
ch
0

no CAA entry found
1
0
io
0

no CAA entry found
1
0

 

15. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
nkb.ch
v=spf1 a:mail01.mychoice.ch a:mail02.mychoice.ch ip4:46.140.211.101 ip4:185.5.58.101 ip4:46.140.211.105 ip4:185.5.58.105 include:spf.amazee.io include:myr.is -all
ok
1
0
www.nkb.ch


1
0
cdn.amazee.io


1
0
_acme-challenge.nkb.ch

Name Error - The domain name does not exist
1
0
_acme-challenge.www.nkb.ch

Name Error - The domain name does not exist
1
0
_acme-challenge.nkb.ch.nkb.ch

Name Error - The domain name does not exist
1
0
_acme-challenge.cdn.amazee.io

Name Error - The domain name does not exist
1
0
_acme-challenge.www.nkb.ch.nkb.ch

Name Error - The domain name does not exist
1
0
_acme-challenge.www.nkb.ch.www.nkb.ch

Name Error - The domain name does not exist
1
0
_acme-challenge.cdn.amazee.io.cdn.amazee.io

Name Error - The domain name does not exist
1
0

 

16. DomainService - Entries

No DomainServiceEntries entries found

 

 

17. Cipher Suites

No Ciphers found

 

18. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.

 

 

Permalink: https://check-your-website.server-daten.de/?i=957e136c-8d31-438d-a3c7-5e0436039867

 

Last Result: https://check-your-website.server-daten.de/?q=nkb.ch - 2021-05-26 17:38:01

 

Do you like this page? Support this tool, add a link on your page:

 

<a href="https://check-your-website.server-daten.de/?q=nkb.ch" target="_blank">Check this Site: nkb.ch</a>

 

 

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

 

QR-Code of this page - https://check-your-website.server-daten.de/?d=nkb.ch