Make your website better

Check the redirects, certificates and connection-settings of your Website

hide

A+

Top config, Preload

last check:
23.02.2019 18:05:50

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
server-daten.de	A	85.215.2.228	yes	1	0
	AAAA	2a01:238:301b::1228	yes
www.server-daten.de	A	85.215.2.228	yes	1	0
	AAAA	2a01:238:301b::1228	yes

Zone (*)	DNSSEC - Informations (beta)
(root)	1 DS RR published
	• Status: Valide because published
	3 DNSKEY RR found
	Public Key with Algorithm 8, KeyTag 16749, Flags 256
	Public Key with Algorithm 8, KeyTag 19164, Flags 385
	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
	2 RRSIG RR to validate DNSKEY RR found
	• Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 13.03.2019, 00:00:00, Signature-Inception: 20.02.2019, 00:00:00, KeyTag 19164, Signer-Name: (root)
	• Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 13.03.2019, 00:00:00, Signature-Inception: 20.02.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)
	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 19164 used to validate the DNSKEY RRSet
	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
	• Status: Valide Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
de	1 DS RR in the parent zone found
	1 RRSIG RR to validate DS RR found
	Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 08.03.2019, 05:00:00, Signature-Inception: 23.02.2019, 04:00:00, KeyTag 16749, Signer-Name: (root)
	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 16749 used to validate the DS RRSet in the parent zone
	2 DNSKEY RR found
	Public Key with Algorithm 8, KeyTag 29041, Flags 256
	Public Key with Algorithm 8, KeyTag 39227, Flags 257 (SEP = Secure Entry Point)
	1 RRSIG RR to validate DNSKEY RR found
	• Algorithm: 8, 1 Labels, original TTL: 7200 sec, Signature-expiration: 14.03.2019, 12:00:00, Signature-Inception: 21.02.2019, 12:00:00, KeyTag 39227, Signer-Name: de
	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 39227 used to validate the DNSKEY RRSet
	• Status: Valide Chain of trust. Parent-DS with Algorithm 8, KeyTag 39227, DigestType 2 and Digest "qrcwg7nvcOSl6UdppBisEuiH/DwIde8gbDRR3EC2xPo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
server-daten.de	0 DS RR in the parent zone found
	DS-Query in the parent zone has a valide NSEC3 RR as result with the hashed domain name between the hashed NSEC3-owner and the hashed NextOwner. So the parent zone confirmes the non-existence of a DS RR.
	0 DNSKEY RR found

www.server-daten.de	0 DS RR in the parent zone found

Domain	Nameserver	NS-IP
www.server-daten.de	• ns.inwx.de / reg-fra1		•
server-daten.de	• ns.inwx.de / reg-fra1	192.174.68.104	•
	•	2001:67c:1bc::104	•
	• ns2.inwx.de / reg-ffm1.rcode0.net	176.97.158.104	•
	•	2001:67c:10b8::104	•
	• ns3.inwx.eu / krabappel	46.165.212.97	•
	•	2a00:c98:2100:a006:3::1	•
	• ns4.inwx.com / hoover	95.211.1.145	•
	•	2001:1af8:4400:a048:1::1	•
	• ns5.inwx.net / chalmers	108.59.8.65	•
	•	2604:9a00:2010:a013:1::1	•
de	• a.nic.de / ns-2.de.de8		•
	• f.nic.de / ns-1.de.de1.bind		•
	• l.de.net / ns-2.de.fr1.bind		•
	• n.de.net / s3.amx		•
	• s.de.net / ns-2.de.de9.bind		•
	• z.nic.de / ns-3.de.de2		•

SOA - records (beta)

Domain:	de
Primary:	f.nic.de
Mail:	its.denic.de
Serial:	2019022369
Refresh:	7200
Retry:	7200
Expire:	3600000
TTL:	7200
num Entries:	6

Domain:	server-daten.de
Primary:	ns.inwx.de
Mail:	hostmaster.inwx.de
Serial:	2019012400
Refresh:	10800
Retry:	3600
Expire:	604800
TTL:	3600
num Entries:	10

Domain:	www.server-daten.de
Primary:	ns.inwx.de
Mail:	hostmaster.inwx.de
Serial:	2019012400
Refresh:	10800
Retry:	3600
Expire:	604800
TTL:	3600
num Entries:	1

show header:

Domainname	Http-Status	redirect	Sec.	G
• http://server-daten.de/ 85.215.2.228	301	https://server-daten.de/	0.017	A
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://server-daten.de/
Set-Cookie: server-daten.de=18e05eb3-c613-469b-9dc5-e2987a256a40; Path=/; Domain=server-daten.de; HttpOnly
Date: Sat, 23 Feb 2019 17:06:10 GMT
Connection: close

• http://server-daten.de/ 2a01:238:301b::1228	301	https://server-daten.de/	0.010	A
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://server-daten.de/
Set-Cookie: server-daten.de=479e90b9-4fd6-435e-9438-6b2a339017cd; Path=/; Domain=server-daten.de; HttpOnly
Date: Sat, 23 Feb 2019 17:06:10 GMT
Connection: close

• http://www.server-daten.de/ 85.215.2.228	301	https://www.server-daten.de/	0.013	A
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://www.server-daten.de/
Set-Cookie: www.server-daten.de=f4adf482-46a9-4ed7-8006-2f475ce8617c; Path=/; Domain=www.server-daten.de; HttpOnly
Date: Sat, 23 Feb 2019 17:06:10 GMT
Connection: close

• http://www.server-daten.de/ 2a01:238:301b::1228	301	https://www.server-daten.de/	0.013	A
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://www.server-daten.de/
Set-Cookie: www.server-daten.de=6f85e124-4c04-4e5f-8aac-e79572a1bcd2; Path=/; Domain=www.server-daten.de; HttpOnly
Date: Sat, 23 Feb 2019 17:06:10 GMT
Connection: close

• https://server-daten.de/ 85.215.2.228	301	https://www.server-daten.de/	5.096	A
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://www.server-daten.de/
Set-Cookie: server-daten.de=fcf807cc-0983-4fd1-babd-e6d1472f6738; Path=/; Domain=server-daten.de; HttpOnly; Secure
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Date: Sat, 23 Feb 2019 17:06:10 GMT
Connection: close

• https://server-daten.de/ 2a01:238:301b::1228	301	https://www.server-daten.de/	5.100	A
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://www.server-daten.de/
Set-Cookie: server-daten.de=ff3b3c12-cb7a-418a-9233-ac88913655d5; Path=/; Domain=server-daten.de; HttpOnly; Secure
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Date: Sat, 23 Feb 2019 17:06:21 GMT
Connection: close

• https://www.server-daten.de/ 85.215.2.228	200		5.107	A
Content-Type: text/html; charset=utf-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Public-Key-Pins: max-age=2592000; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="; includeSubDomains
P3P: CP="NOI CUR OUR STA"
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: enforce, max-age=2592000, report-uri="/-expect-ct.html"
Feature-Policy: camera 'self'
Set-Cookie: www.server-daten.de=4d68cbfb-1377-4846-b0ed-b239146147e1; Path=/; Domain=www.server-daten.de; HttpOnly; Secure
Date: Sat, 23 Feb 2019 17:06:15 GMT
Connection: close
Content-Length: 2769

• https://www.server-daten.de/ 2a01:238:301b::1228	200		5.110	A
Content-Type: text/html; charset=utf-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Public-Key-Pins: max-age=2592000; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="; includeSubDomains
P3P: CP="NOI CUR OUR STA"
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: enforce, max-age=2592000, report-uri="/-expect-ct.html"
Feature-Policy: camera 'self'
Set-Cookie: www.server-daten.de=4c72de5d-df31-41b3-8acd-46de27c7443e; Path=/; Domain=www.server-daten.de; HttpOnly; Secure
Date: Sat, 23 Feb 2019 17:06:26 GMT
Connection: close
Content-Length: 2769

• http://server-daten.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 85.215.2.228	404		0.017	A
Not Found
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
Date: Sat, 23 Feb 2019 17:06:31 GMT
Connection: close
Content-Length: 38

• http://server-daten.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:238:301b::1228	404		0.013	A
Not Found
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
Date: Sat, 23 Feb 2019 17:06:31 GMT
Connection: close
Content-Length: 38

• http://www.server-daten.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 85.215.2.228	404		0.013	A
Not Found
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
Date: Sat, 23 Feb 2019 17:06:31 GMT
Connection: close
Content-Length: 38

• http://www.server-daten.de/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a01:238:301b::1228	404		0.014	A
Not Found
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
Date: Sat, 23 Feb 2019 17:06:31 GMT
Connection: close
Content-Length: 38

Comments

A	name "server-daten.de" is domain, public suffix is "de"
A	good: All ip addresses are public addresses
A	good: No asked Authoritative Name Server had a timeout
A	good - only one version with Http-Status 200
A	good: one preferred version: www is preferred
A	good: destination is https
A	good: every https has a Strict Transport Security Header
A	good: HSTS max-age is long enough, 63072000 seconds = 730 days
A	good: HSTS has includeSubdomains - directive
A	good: HSTS has preload directive
A	excellent: Domain is in the Google-Preload-List
A	good: every cookie sent via https is marked as secure
A	http://server-daten.de/ 85.215.2.228	301	https://server-daten.de/	correct redirect http - https with the same domain name
A	http://server-daten.de/ 2a01:238:301b::1228	301	https://server-daten.de/	correct redirect http - https with the same domain name
A	http://www.server-daten.de/ 85.215.2.228	301	https://www.server-daten.de/	correct redirect http - https with the same domain name
A	http://www.server-daten.de/ 2a01:238:301b::1228	301	https://www.server-daten.de/	correct redirect http - https with the same domain name
A	Good: Nameserver supports TCP connections: 10 good Nameserver
A	Good: Nameserver supports Echo Capitalization: 10 good Nameserver
A	Good: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 10 good Nameserver
A	Good: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 4 good Nameserver
	Nameserver doesn't pass all EDNS-Checks: ns3.inwx.eu / 46.165.212.97: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok (krabappel). COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns3.inwx.eu / 2a00:c98:2100:a006:3::1: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok (krabappel). COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns4.inwx.com / 95.211.1.145: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok (hoover). COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns4.inwx.com / 2001:1af8:4400:a048:1::1: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok (hoover). COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns5.inwx.net / 108.59.8.65: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok (chalmers). COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns5.inwx.net / 2604:9a00:2010:a013:1::1: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok (chalmers). COOKIE: ok. CLIENTSUBNET: ok.
A	Good: All SOA have the same Serial Number
A	good: CAA entries found, creating certificate is limited: letsencrypt.org is allowed to create certificates
A	Duration: 42767 milliseconds, 42.767 seconds

Connections

Domain	IP	Port	Cert.	Protocol	KeyExchange	Strength	Cipher	Strength	HashAlgorithm	OCSP stapling
server-daten.de	85.215.2.228	443	ok	Tls12	ECDH Ephermal	384	Aes256	256	Sha384	supported	ok
server-daten.de	2a01:238:301b::1228	443	ok	Tls12	ECDH Ephermal	384	Aes256	256	Sha384	supported	ok
www.server-daten.de	85.215.2.228	443	ok	Tls12	ECDH Ephermal	384	Aes256	256	Sha384	supported	ok
www.server-daten.de	2a01:238:301b::1228	443	ok	Tls12	ECDH Ephermal	384	Aes256	256	Sha384	supported	ok

Certificates

CN=*.server-daten.de

07.01.2019

07.04.2019
expires in 42 days

*.server-daten.de, server-daten.de - 2 entries

Keyalgorithm	EC Public Key (384 bit, secp384r1)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	047C1126D8D8869222AC7A4F524D4F5D4CA0
Thumbprint:	C81C41B890550909A0BAE790DEBACDA35678B7F0
OCSP - Url:	http://ocsp.int-x3.letsencrypt.org
OCSP - must staple:	yes
Certificate Transparency:	yes

CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US

17.03.2016

17.03.2021
expires in 752 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	0A0141420000015385736A0B85ECA708
Thumbprint:	E6A3B45B062D509B3382282D196EFE97D5956CCB
OCSP - Url:	http://isrg.trustid.ocsp.identrust.com
OCSP - must staple:	no
Certificate Transparency:	no

CN=DST Root CA X3, O=Digital Signature Trust Co.

30.09.2000

30.09.2021
expires in 949 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA-1 with RSA Encryption
Serial Number:	44AFB080D6A327BA893039862EF8406B
Thumbprint:	DAC9024F54D8F6DF94935FB1732638CA6AD77C13
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no

Html-Content - Entries (BETA - mixed content and other checks)

Domainname	Html-Element	name/equiv/ property/rel	href/src/content	HttpStatus	∑	Status
https://www.server-daten.de/ 85.215.2.228	a		/admin/		1	ok

	a		/admin/upload.aspx		1	ok

	a		/confirm/		1	ok

	a		/linkcheck/		1	ok

	a		https://www.sql-und-xml.de/		2	ok

	a		https://www.sql-und-xml.de/server-daten/		2	ok

	a		https://www.sql-und-xml.de/server-daten/datenschutz.html#cookies		1	ok

	a		mailto:info@sql-und-xml.de		1	ok

	a		tel:+493042020060		1	ok

	img		/images/server-daten.png	200	1	ok

	link	shortcut icon	/favicon.ico		1	ok

	link	stylesheet	/admin/sd.css	200	1	ok

	meta	content-type	text/html; charset=utf-8		1	ok

	meta	robots	index,follow		1	ok

	script		/admin/sd.csp.js	200	1	ok

2a01:238:301b::1228	a		/admin/		1	ok

	a		/admin/upload.aspx		1	ok

	a		/confirm/		1	ok

	a		/linkcheck/		1	ok

	a		https://www.sql-und-xml.de/		2	ok

	a		https://www.sql-und-xml.de/server-daten/		2	ok

	a		https://www.sql-und-xml.de/server-daten/datenschutz.html#cookies		1	ok

	a		mailto:info@sql-und-xml.de		1	ok

	a		tel:+493042020060		1	ok

	img		/images/server-daten.png	200	1	ok

	link	shortcut icon	/favicon.ico		1	ok

	link	stylesheet	/admin/sd.css	200	1	ok

	meta	content-type	text/html; charset=utf-8		1	ok

	meta	robots	index,follow		1	ok

	script		/admin/sd.csp.js	200	1	ok

CAA - Entries

Domainname	flag	Name	Value	∑ Queries
www.server-daten.de	0		no CAA entry found	1
	5	issue	letsencrypt.org; accounturi=https://acme-staging-v02.api.letsencrypt.org/acme/acct/5532373	1
	5	issue	letsencrypt.org; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/35657966	1
server-daten.de	5	iodef	mailto:info@sql-und-xml.de	1
de	0		no CAA entry found	1

TXT - Entries

Domainname	TXT Entry	Status	∑ Queries
server-daten.de	v=spf1 a mx ?all	ok	1
server-daten.de	This is a small txt test entry	ok	1
www.server-daten.de		ok	1
_acme-challenge.server-daten.de	LJWtQAv_5lFCjGdssk4B2pyYoan8xRT7P8t1Bhvy4VU	looks good	1
_acme-challenge.www.server-daten.de		Name Error - The domain name does not exist	1
_acme-challenge.server-daten.de.server-daten.de		Name Error - The domain name does not exist	1
_acme-challenge.www.server-daten.de.www.server-daten.de		Name Error - The domain name does not exist	1