Check DNS, Urls + Redirects, Certificates and Content of your Website

...

skip EDNS-Check

skip Content-Check

check links

No trusted Certificate

Checked:
26.05.2023 06:01:52

Older results

No older results found

1. IP-Addresses

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
taskify.czagrzebski.dev	CNAME	ghs.googlehosted.com	yes	1	0
	A	142.250.186.83 Frankfurt am Main/Hesse/Germany (DE) - Google LLC Hostname: fra24s05-in-f19.1e100.net	yes
	AAAA	2a00:1450:4001:828::2013 Frankfurt am Main/Hesse/Germany (DE) - Google LLC	yes
www.taskify.czagrzebski.dev	CNAME	ghs.googlehosted.com	yes	1	0
	A	142.250.186.83 Frankfurt am Main/Hesse/Germany (DE) - Google LLC Hostname: fra24s05-in-f19.1e100.net	yes
	AAAA	2a00:1450:4001:828::2013 Frankfurt am Main/Hesse/Germany (DE) - Google LLC	yes
taskify.czagrzebski.dev	A	142.250.186.51 Frankfurt am Main/Hesse/Germany (DE) - Google LLC No Hostname found	no
www.taskify.czagrzebski.dev	A	142.250.186.51 Frankfurt am Main/Hesse/Germany (DE) - Google LLC No Hostname found	no
*.czagrzebski.dev	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes
*.taskify.czagrzebski.dev	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes

2. DNSSEC

Zone (*)	DNSSEC - Informations

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 60955, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.06.2023, 00:00:00 +, Signature-Inception: 21.05.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: dev
dev	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 60074, DigestType 2 and Digest uULizlrr9i/KWdBXB+bbt5UhHVQNitugLp6J6DNCR4U=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner dev., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 07.06.2023, 21:00:00 +, Signature-Inception: 25.05.2023, 20:00:00 +, KeyTag 60955, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 60955 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 50940, Flags 256


	Public Key with Algorithm 8, KeyTag 60074, Flags 257 (SEP = Secure Entry Point)


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner dev., Algorithm: 8, 1 Labels, original TTL: 300 sec, Signature-expiration: 15.06.2023, 22:45:31 +, Signature-Inception: 24.05.2023, 22:45:31 +, KeyTag 60074, Signer-Name: dev


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 60074 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 60074, DigestType 2 and Digest "uULizlrr9i/KWdBXB+bbt5UhHVQNitugLp6J6DNCR4U=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: czagrzebski.dev
czagrzebski.dev	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 10049, DigestType 2 and Digest DhYUNgNf/t+MgteTDQMFxIm6iT91rXoFIj13bLkXH74=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner czagrzebski.dev., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.06.2023, 22:45:31 +, Signature-Inception: 24.05.2023, 22:45:31 +, KeyTag 50940, Signer-Name: dev


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 50940 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 10049, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 36940, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner czagrzebski.dev., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 14.06.2023, 20:30:26 +, Signature-Inception: 23.05.2023, 20:30:26 +, KeyTag 10049, Signer-Name: czagrzebski.dev


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 10049 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 10049, DigestType 2 and Digest "DhYUNgNf/t+MgteTDQMFxIm6iT91rXoFIj13bLkXH74=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: taskify.czagrzebski.dev
taskify.czagrzebski.dev	0 DS RR in the parent zone found


	RRSIG Type 5 validates the CNAME - Result: ghs.googlehosted.com Validated: RRSIG-Owner taskify.czagrzebski.dev., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 14.06.2023, 20:30:26 +, Signature-Inception: 23.05.2023, 20:30:26 +, KeyTag 36940, Signer-Name: czagrzebski.dev

Zone: www.taskify.czagrzebski.dev
www.taskify.czagrzebski.dev	0 DS RR in the parent zone found


	RRSIG Type 5 validates the CNAME - Result: ghs.googlehosted.com Validated: RRSIG-Owner www.taskify.czagrzebski.dev., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 14.06.2023, 20:30:26 +, Signature-Inception: 23.05.2023, 20:30:26 +, KeyTag 36940, Signer-Name: czagrzebski.dev

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 60955, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.06.2023, 00:00:00 +, Signature-Inception: 21.05.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: com
com	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest 4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 07.06.2023, 21:00:00 +, Signature-Inception: 25.05.2023, 20:00:00 +, KeyTag 60955, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 60955 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 46551, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 04.06.2023, 17:24:21 +, Signature-Inception: 20.05.2023, 17:19:21 +, KeyTag 30909, Signer-Name: com


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: googlehosted.com
googlehosted.com	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "6ngrlhc9jj422bkr9n40uv7rmmq82nva" between the hashed NSEC3-owner "6ngrin33o48pqfmgrpvveo3pkg8lrpe5" and the hashed NextOwner "6ngrs2ttjpll9mfm49cttodgkn27a0hq". So the parent zone confirmes the not-existence of a DS RR. Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 6ngrin33o48pqfmgrpvveo3pkg8lrpe5.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 29.05.2023, 04:39:44 +, Signature-Inception: 22.05.2023, 03:29:44 +, KeyTag 46551, Signer-Name: com


	DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q2d6ni4i7eqh8na30ns61o48ul8g5". So that domain name is the Closest Encloser of "googlehosted.com". Opt-Out: True. Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 30.05.2023, 04:25:12 +, Signature-Inception: 23.05.2023, 03:15:12 +, KeyTag 46551, Signer-Name: com


	0 DNSKEY RR found




Zone: ghs.googlehosted.com
ghs.googlehosted.com	0 DS RR in the parent zone found


	0 DNSKEY RR found

3. Name Servers

Domain	Nameserver	NS-IP
czagrzebski.dev	• ns-cloud-e1.googledomains.com	216.239.32.110 Mountain View/California/United States (US) - Google LLC	•
	•	2001:4860:4802:32::6e Montreal/Quebec/Canada (CA) - Google LLC	•
	• ns-cloud-e2.googledomains.com	216.239.34.110 Mountain View/California/United States (US) - Google LLC	•
	•	2001:4860:4802:34::6e Montreal/Quebec/Canada (CA) - Google LLC	•
	• ns-cloud-e3.googledomains.com	216.239.36.110 Mountain View/California/United States (US) - Google LLC	•
	•	2001:4860:4802:36::6e Montreal/Quebec/Canada (CA) - Google LLC	•
	• ns-cloud-e4.googledomains.com	216.239.38.110 Mountain View/California/United States (US) - Google LLC	•
	•	2001:4860:4802:38::6e Montreal/Quebec/Canada (CA) - Google LLC	•
dev	• ns-tld1.charlestonroadregistry.com		•
	• ns-tld2.charlestonroadregistry.com		•
	• ns-tld3.charlestonroadregistry.com		•
	• ns-tld4.charlestonroadregistry.com		•
	• ns-tld5.charlestonroadregistry.com		•

ghs.googlehosted.com	• ns1.google.com	216.239.32.10 Mountain View/California/United States (US) - Google LLC	•
	•	2001:4860:4802:32::a Montreal/Quebec/Canada (CA) - Google LLC	•
googlehosted.com	• ns1.google.com	216.239.32.10 Mountain View/California/United States (US) - Google LLC	•
	•	2001:4860:4802:32::a Montreal/Quebec/Canada (CA) - Google LLC	•
	• ns2.google.com	216.239.34.10 Mountain View/California/United States (US) - Google LLC	•
	•	2001:4860:4802:34::a Montreal/Quebec/Canada (CA) - Google LLC	•
	• ns3.google.com	216.239.36.10 Allentown/Pennsylvania/United States (US) - Google LLC	•
	•	2001:4860:4802:36::a Montreal/Quebec/Canada (CA) - Google LLC	•
	• ns4.google.com	216.239.38.10 Mountain View/California/United States (US) - Google LLC	•
	•	2001:4860:4802:38::a Montreal/Quebec/Canada (CA) - Google LLC	•
com	• a.gtld-servers.net / nnn1-defra-5		•
	• b.gtld-servers.net / nnn1-elpar7		•
	• c.gtld-servers.net / nnn1-defra-5		•
	• d.gtld-servers.net / nnn1-defra-5		•
	• e.gtld-servers.net / nnn1-stk4		•
	• f.gtld-servers.net / nnn1-defra-4		•
	• g.gtld-servers.net / nnn1-defra-4		•
	• h.gtld-servers.net / nnn1-defra-4		•
	• i.gtld-servers.net / nnn1-defra-4		•
	• j.gtld-servers.net / nnn1-nlams-1e		•
	• k.gtld-servers.net / nnn1-nlams-1c		•
	• l.gtld-servers.net / nnn1-lon5		•
	• m.gtld-servers.net / nnn1-nlams-1b		•

4. SOA-Entries

Domain:	dev
Zone-Name:	dev
Primary:	ns-tld1.charlestonroadregistry.com
Mail:	cloud-dns-hostmaster.google.com
Serial:	1
Refresh:	21600
Retry:	3600
Expire:	259200
TTL:	300
num Entries:	5

Domain:	czagrzebski.dev
Zone-Name:	czagrzebski.dev
Primary:	ns-cloud-e1.googledomains.com
Mail:	cloud-dns-hostmaster.google.com
Serial:	25
Refresh:	21600
Retry:	3600
Expire:	259200
TTL:	300
num Entries:	8


Domain:	com
Zone-Name:	com
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1685073718
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	86400
num Entries:	12

Domain:	com
Zone-Name:	com
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1685073733
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	86400
num Entries:	1

Domain:	googlehosted.com
Zone-Name:	googlehosted.com
Primary:	ns1.google.com
Mail:	dns-admin.google.com
Serial:	535191584
Refresh:	900
Retry:	900
Expire:	1800
TTL:	60
num Entries:	8

Domain:	ghs.googlehosted.com
Zone-Name:	googlehosted.com
Primary:	ns1.google.com
Mail:	dns-admin.google.com
Serial:	535191584
Refresh:	900
Retry:	900
Expire:	1800
TTL:	60
num Entries:	2

5. Screenshots

No Screenshot listed, because Chrome (used to create the Screenshot) could not load the url. Instead, there was a redirect to "chrome-error://chromewebdata/", so the content of your website isn't visible.

6. Url-Checks

show header:

Domainname	Http-Status	redirect	Sec.	G
• http://taskify.czagrzebski.dev/ 142.250.186.51	302	http://66.190.13.30/ Html is minified: 101.40 %	0.040	D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://taskify.czagrzebski.dev/ 142.250.186.83	302	http://66.190.13.30/ Html is minified: 101.40 %	0.043	D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302	http://66.190.13.30/ Html is minified: 101.40 %	0.040	D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/ 142.250.186.51	302	http://66.190.13.30/ Html is minified: 101.40 %	0.047	D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/ 142.250.186.83	302	http://66.190.13.30/ Html is minified: 101.40 %	0.047	D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302	http://66.190.13.30/ Html is minified: 101.40 %	0.040	D
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:37 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://66.190.13.30/	301	https://66.190.13.30/ Html is minified: 109.03 %	0.297	A
Server: nginx/1.21.6
Date: Fri, 26 May 2023 04:04:01 GMT
Content-Type: text/html
Content-Length: 169
Connection: close
Location: https://66.190.13.30/

• https://taskify.czagrzebski.dev/ 142.250.186.51	302	http://66.190.13.30/ Html is minified: 101.40 %	2.107	N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:38 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://taskify.czagrzebski.dev/ 142.250.186.83	302	http://66.190.13.30/ Html is minified: 101.40 %	1.896	N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:42 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302	http://66.190.13.30/ Html is minified: 101.40 %	1.807	N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:44 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://www.taskify.czagrzebski.dev/ 142.250.186.51	302	http://66.190.13.30/ Html is minified: 101.40 %	1.810	N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:53 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://www.taskify.czagrzebski.dev/ 142.250.186.83	302	http://66.190.13.30/ Html is minified: 101.40 %	2.013	N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:47 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://www.taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302	http://66.190.13.30/ Html is minified: 101.40 %	1.800	N
Certificate error: RemoteCertificateChainErrors
Location: http://66.190.13.30/
Date: Fri, 26 May 2023 04:03:50 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 217
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• https://66.190.13.30/ No GZip used - 481 / 642 - 74.92 % possible Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	200	Html is minified: 100.00 %	5.486	N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
small visible content (num chars: 46) You need to enable JavaScript to run this app.
Server: nginx/1.21.6
Date: Fri, 26 May 2023 04:04:02 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 642
Connection: close
X-Powered-By: Express
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 26 May 2023 02:51:18 GMT
ETag: W/"282-18855f7ba65"

• http://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.51 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Html is minified: 101.06 %	0.046	D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.83 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Html is minified: 101.06 %	0.040	D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:1450:4001:828::2013 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Html is minified: 101.06 %	0.043	D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.51 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Html is minified: 101.06 %	0.074	D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.83 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Html is minified: 101.06 %	0.043	D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:1450:4001:828::2013 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Html is minified: 101.06 %	0.040	D
Visible Content: 302 Moved 302 Moved The document has moved here .
Location: http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Date: Fri, 26 May 2023 04:03:56 GMT
Content-Type: text/html; charset=UTF-8
Server: ghs
Content-Length: 286
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Connection: close

• http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	301	https://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Html is minified: 109.03 %	0.296	A
Visible Content: 301 Moved Permanently nginx/1.21.6
Server: nginx/1.21.6
Date: Fri, 26 May 2023 04:04:02 GMT
Content-Type: text/html
Content-Length: 169
Connection: close
Location: https://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

• https://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	404	Html is minified: 100.00 %	4.690	N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Visible Content: 404 NOT FOUND
Server: nginx/1.21.6
Date: Fri, 26 May 2023 04:04:09 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 13
Connection: close
X-Powered-By: Express
Access-Control-Allow-Origin: *
ETag: W/"d-9cDc1x9S0CgmdX/8mukTB8yQ/hY"

• https://142.250.186.51/ 142.250.186.51	-10		0.050	P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.

• https://142.250.186.83/ 142.250.186.83	-10		0.043	P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.

• https://[2a00:1450:4001:0828:0000:0000:0000:2013]/ 2a00:1450:4001:828::2013	-10		0.046	P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.

7. Comments

	1. General Results, most used to calculate the result
A	name "taskify.czagrzebski.dev" is subdomain, public suffix is ".dev", top-level-domain is ".dev", top-level-domain-type is "generic", tld-manager is "Charleston Road Registry Inc.", num .dev-domains preloaded: 13 (complete: 221801)
A	Good: All ip addresses are public addresses
A	Good: Minimal 2 ip addresses per domain name found: taskify.czagrzebski.dev has 2 different ip addresses (authoritative).
A	Good: Minimal 2 ip addresses per domain name found: www.taskify.czagrzebski.dev has 2 different ip addresses (authoritative).
A	Good: Ipv4 and Ipv6 addresses per domain name found: taskify.czagrzebski.dev has 1 ipv4, 1 ipv6 addresses
A	Good: Ipv4 and Ipv6 addresses per domain name found: www.taskify.czagrzebski.dev has 1 ipv4, 1 ipv6 addresses
A	Good: No asked Authoritative Name Server had a timeout
A	Good: destination is https
A	Good - only one version with Http-Status 200
A	Good: one preferred version: non-www is preferred
A	Good: No cookie sent via http.
A	Excellent: Main Domain is in the Google-Preload-List
A	Excellent: Main Domain is in the Mozilla/Firefox-Preload-List
A	HSTS-Preload-Status: Preloaded. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
A	Good: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
B	https://taskify.czagrzebski.dev/ 142.250.186.51	302		Missing HSTS-Header
B	https://taskify.czagrzebski.dev/ 142.250.186.83	302		Missing HSTS-Header
B	https://taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302		Missing HSTS-Header
B	https://66.190.13.30/	200		Missing HSTS-Header
B	https://www.taskify.czagrzebski.dev/ 142.250.186.51	302		Missing HSTS-Header
B	https://www.taskify.czagrzebski.dev/ 142.250.186.83	302		Missing HSTS-Header
B	https://www.taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302		Missing HSTS-Header
B	https://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404		Missing HSTS-Header
D	http://taskify.czagrzebski.dev/ 142.250.186.51	302	http://66.190.13.30/	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
D	http://taskify.czagrzebski.dev/ 142.250.186.83	302	http://66.190.13.30/	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
D	http://taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302	http://66.190.13.30/	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
D	http://www.taskify.czagrzebski.dev/ 142.250.186.51	302	http://66.190.13.30/	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
D	http://www.taskify.czagrzebski.dev/ 142.250.186.83	302	http://66.190.13.30/	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
D	http://www.taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302	http://66.190.13.30/	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
D	http://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.51	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
D	http://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.83	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
D	http://taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:1450:4001:828::2013	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
D	http://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.51	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
D	http://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 142.250.186.83	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
D	http://www.taskify.czagrzebski.dev/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a00:1450:4001:828::2013	302	http://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
F	https://taskify.czagrzebski.dev/ 142.250.186.51	302	http://66.190.13.30/	Wrong redirect https - http - never redirect https to http
F	https://taskify.czagrzebski.dev/ 142.250.186.83	302	http://66.190.13.30/	Wrong redirect https - http - never redirect https to http
F	https://taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302	http://66.190.13.30/	Wrong redirect https - http - never redirect https to http
F	https://www.taskify.czagrzebski.dev/ 142.250.186.51	302	http://66.190.13.30/	Wrong redirect https - http - never redirect https to http
F	https://www.taskify.czagrzebski.dev/ 142.250.186.83	302	http://66.190.13.30/	Wrong redirect https - http - never redirect https to http
F	https://www.taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302	http://66.190.13.30/	Wrong redirect https - http - never redirect https to http
N	https://taskify.czagrzebski.dev/ 142.250.186.51	302	http://66.190.13.30/	Error - Certificate isn't trusted, RemoteCertificateChainErrors
N	https://taskify.czagrzebski.dev/ 142.250.186.83	302	http://66.190.13.30/	Error - Certificate isn't trusted, RemoteCertificateChainErrors
N	https://taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302	http://66.190.13.30/	Error - Certificate isn't trusted, RemoteCertificateChainErrors
N	https://66.190.13.30/	200		Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
N	https://www.taskify.czagrzebski.dev/ 142.250.186.51	302	http://66.190.13.30/	Error - Certificate isn't trusted, RemoteCertificateChainErrors
N	https://www.taskify.czagrzebski.dev/ 142.250.186.83	302	http://66.190.13.30/	Error - Certificate isn't trusted, RemoteCertificateChainErrors
N	https://www.taskify.czagrzebski.dev/ 2a00:1450:4001:828::2013	302	http://66.190.13.30/	Error - Certificate isn't trusted, RemoteCertificateChainErrors
N	https://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404		Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
O	taskify.czagrzebski.dev / 142.250.186.83 / 443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 5 Cipher Suites without Forward Secrecy found
O	taskify.czagrzebski.dev / 2a00:1450:4001:828::2013 / 443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 3 Cipher Suites without Forward Secrecy found
O	www.taskify.czagrzebski.dev / 142.250.186.83 / 443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 5 Cipher Suites without Forward Secrecy found
O	www.taskify.czagrzebski.dev / 2a00:1450:4001:828::2013 / 443			Old connection: Cipher Suites without Forward Secrecy (FS) found. Remove all of these Cipher Suites, use only Cipher Suites with Forward Secrecy: Starting with ECDHE- or DHE - the last "E" says: "ephemeral". Or use Tls.1.3, then all Cipher Suites use FS. 5 Cipher Suites without Forward Secrecy found
P	https://142.250.186.51/ 142.250.186.51	-10		Error creating a TLS-Connection: No more details available.
P	https://142.250.186.83/ 142.250.186.83	-10		Error creating a TLS-Connection: No more details available.
P	https://[2a00:1450:4001:0828:0000:0000:0000:2013]/ 2a00:1450:4001:828::2013	-10		Error creating a TLS-Connection: No more details available.
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain taskify.czagrzebski.dev, 2 ip addresses.
A	Good: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain www.taskify.czagrzebski.dev, 2 ip addresses.
	Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain taskify.czagrzebski.dev, 2 ip addresses.
	Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain www.taskify.czagrzebski.dev, 2 ip addresses.
B	No _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.taskify.czagrzebski.dev
	2. Header-Checks (alpha, started 2022-10-23, may be buggy / incomplete)
F	66.190.13.30	Content-Security-Policy		Critical: Missing Header:
F	66.190.13.30	X-Content-Type-Options		Critical: Missing Header:
F	66.190.13.30	Referrer-Policy		Critical: Missing Header:
F	66.190.13.30	Permissions-Policy		Critical: Missing Header:
	3. DNS- and NameServer - Checks
A	Info:: 13 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 4 Name Servers.
A	Info:: 13 Queries complete, 13 with IPv6, 0 with IPv4.
A	Good: All DNS Queries done via IPv6.
	Ok (4 - 8):: An average of 3.3 queries per domain name server required to find all ip addresses of all name servers.
A	Info:: 4 different Name Servers found: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com, 4 Name Servers included in Delegation: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com, 4 Name Servers included in 1 Zone definitions: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com, 1 Name Servers listed in SOA.Primary: ns-cloud-e1.googledomains.com.
A	Good: Only one SOA.Primary Name Server found.: ns-cloud-e1.googledomains.com.
A	Good: SOA.Primary Name Server included in the delegation set.: ns-cloud-e1.googledomains.com.
A	Good: All Name Server Domain Names have a Public Suffix.
A	Good: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
A	Good: All Name Server ip addresses are public.
A	Info: Ipv4-Subnet-list: 4 Name Servers, 1 different subnets (first Byte): 216., 1 different subnets (first two Bytes): 216.239., 4 different subnets (first three Bytes): 216.239.32., 216.239.34., 216.239.36., 216.239.38.
A	Good: Name Server IPv4-addresses from different subnet found:
A	Info: IPv6-Subnet-list: 4 Name Servers with IPv6, 1 different subnets (first block): 2001:, 1 different subnets (first two blocks): 2001:4860:, 1 different subnets (first three blocks): 2001:4860:4802:, 4 different subnets (first four blocks): 2001:4860:4802:0032:, 2001:4860:4802:0034:, 2001:4860:4802:0036:, 2001:4860:4802:0038:
A	Good: Name Server IPv6 addresses from different subnets found.
A	Good: Nameserver supports TCP connections: 8 good Nameserver
A	Good: Nameserver supports Echo Capitalization: 8 good Nameserver
A	Good: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 8 good Nameserver
A	Good: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 8 good Nameserver
A	Good: All SOA have the same Serial Number
A	Good: CAA entries found, creating certificate is limited: pki.goog is allowed to create certificates
	4. Content- and Performance-critical Checks
A	Good: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
A	Good: No https + http status 200 with inline CSS / JavaScript found
A	Good: Every https result with status 200 has a minified Html-Content with a quota lower then 110 %.
A	Good: Every https connection via port 443 supports the http/2 protocol via ALPN.
A	Good: All script Elements (type text/javascript) and src-Attribute have a defer / async - Attribute. So loading and executing these JavaScripts doesn't block parsing and rendering the Html-Output.
	Warning: CSS / JavaScript found without GZip support. Send these ressources with GZip. 2 external CSS / JavaScript files without GZip found - 0 with GZip, 2 complete
	Warning: CSS / JavaScript files with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 0 external CSS / JavaScript files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 2 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 2 complete.
A	Good: All checked attribute values are enclosed in quotation marks (" or ').
A	Info: No img element found, no alt attribute checked
A	Good: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
	https://66.190.13.30/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	404	4.690 seconds	Warning: 404 needs more then one second
A	Info: Different Server-Headers found
A	Duration: 478440 milliseconds, 478.440 seconds

8. Connections

Domain

Port

Cert.

Protocol

KeyExchange

Strength

Cipher

Strength

HashAlgorithm

OCSP stapling

Domain/KeyExchange

IP/Strength

Port/Cipher

Cert./Strength

Protocol/HashAlgorithm

OCSP stapling

66.190.13.30

443

Certificate/chain invalid and wrong name

Tls12

ECDH Ephermal

255

Aes256

256

Sha384

not supported

66.190.13.30

443

Certificate/chain invalid and wrong name

Tls12

ECDH Ephermal

255

Aes256

256

Sha384

not supported

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

Chain - too much certificates, don't send root certificates	1	CN=mcsm.czagrzebski.dev
	2	CN=R3, O=Let's Encrypt, C=US
	3	CN=ISRG Root X1, O=Internet Security Research Group, C=US

taskify.czagrzebski.dev

142.250.186.51

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

taskify.czagrzebski.dev

142.250.186.51

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=taskify.czagrzebski.dev
	2	CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
	3	CN=GTS Root R1, O=Google Trust Services LLC, C=US

taskify.czagrzebski.dev

142.250.186.83

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

taskify.czagrzebski.dev

142.250.186.83

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=taskify.czagrzebski.dev
	2	CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
	3	CN=GTS Root R1, O=Google Trust Services LLC, C=US

taskify.czagrzebski.dev

2a00:1450:4001:828::2013

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

taskify.czagrzebski.dev

2a00:1450:4001:828::2013

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=taskify.czagrzebski.dev
	2	CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
	3	CN=GTS Root R1, O=Google Trust Services LLC, C=US

www.taskify.czagrzebski.dev

142.250.186.51

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

www.taskify.czagrzebski.dev

142.250.186.51

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.taskify.czagrzebski.dev
	2	CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
	3	CN=GTS Root R1, O=Google Trust Services LLC, C=US

www.taskify.czagrzebski.dev

142.250.186.83

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

www.taskify.czagrzebski.dev

142.250.186.83

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.taskify.czagrzebski.dev
	2	CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
	3	CN=GTS Root R1, O=Google Trust Services LLC, C=US

www.taskify.czagrzebski.dev

2a00:1450:4001:828::2013

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

www.taskify.czagrzebski.dev

2a00:1450:4001:828::2013

443

Certificate/chain invalid

Tls12

ECDH Ephermal

255

Aes128

128

Sha256

not supported

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

http/2 via ALPN supported

Tls.1.2
Tls.1.1
Tls.1.0
no Ssl3
no Ssl2

Chain (complete)	1	CN=www.taskify.czagrzebski.dev
	2	CN=GTS CA 1D4, O=Google Trust Services LLC, C=US
	3	CN=GTS Root R1, O=Google Trust Services LLC, C=US

9. Certificates

CN=taskify.czagrzebski.dev

26.05.2023

24.08.2023
expires in 81 days

taskify.czagrzebski.dev - 1 entry

CN=taskify.czagrzebski.dev

26.05.2023

24.08.2023
expires in 81 days

taskify.czagrzebski.dev - 1 entry

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	00F890523726F8F70410D6D1EF17A85C7A
Thumbprint:	BF46C1E3A6EEB2AF05854C303DE20D125448A5CC
SHA256 / Certificate:	uiPuGvuyHYekNaUYXbUIvUXj3pqEu8vsHjkqL18GvCM=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	0a2814e736c1dc9f29b2b7a30753f3f94e00cceeb8c21ca01f07e990bc4ec8fc
SHA256 hex / Subject Public Key Information (SPKI):	0a2814e736c1dc9f29b2b7a30753f3f94e00cceeb8c21ca01f07e990bc4ec8fc (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.pki.goog/s/gts1d4/Z_D0wb1zBno
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

Revoked: The certificate is revoked.

CN=GTS CA 1D4, O=Google Trust Services LLC, C=US

13.08.2020

30.09.2027
expires in 1579 days

CN=GTS CA 1D4, O=Google Trust Services LLC, C=US

13.08.2020

30.09.2027
expires in 1579 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	02008EB2023336658B64CDDB9B
Thumbprint:	349C385FF8E330F20EAD733CD36FB435FEE0B403
SHA256 / Certificate:	ZOKGt2BjYCo3Lv1gzejbJlaknuFehCVLPW61/jj0KIs=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	7178cf80a7557ba8a88cff2cd18409debb660c51d39d8671718be660616260c1
SHA256 hex / Subject Public Key Information (SPKI):	7178cf80a7557ba8a88cff2cd18409debb660c51d39d8671718be660616260c1
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.pki.goog/gtsr1
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=GTS Root R1, O=Google Trust Services LLC, C=US

19.06.2020

28.01.2028
expires in 1699 days

CN=GTS Root R1, O=Google Trust Services LLC, C=US

19.06.2020

28.01.2028
expires in 1699 days

Keyalgorithm	RSA encryption (4096 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	77BD0D6CDB36F91AEA210FC4F058D30D
Thumbprint:	08745487E891C19E3078C1F2A07E452950EF36F6
SHA256 / Certificate:	PuAnjfcfo8ElxM1IfwHXdGlOb8V+DNlMJO/XaRM5GOU=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67
SHA256 hex / Subject Public Key Information (SPKI):	871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.pki.goog/gsr1
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

01.09.1998

28.01.2028
expires in 1699 days

CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

01.09.1998

28.01.2028
expires in 1699 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA-1 with RSA Encryption
Serial Number:	040000000001154B5AC394
Thumbprint:	B1BC968BD4F49D622AA89A81F2150152A41D829C
SHA256 / Certificate:	69QQQOS7PsdCyeOB0x7ypBpItmhclufO88HfbNQzHJk=
SHA256 hex / Cert (DANE * 0 1):	ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA256 hex / PublicKey (DANE * 1 1):	2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SHA256 hex / Subject Public Key Information (SPKI):	2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=www.taskify.czagrzebski.dev

26.05.2023

24.08.2023
expires in 81 days

www.taskify.czagrzebski.dev - 1 entry

CN=www.taskify.czagrzebski.dev

26.05.2023

24.08.2023
expires in 81 days

www.taskify.czagrzebski.dev - 1 entry

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	20A1BE8552E7973109474E9D07ADAA82
Thumbprint:	7AD03F8CB53B36AD83198CC955BD3BF150E460C4
SHA256 / Certificate:	NrQNZdfl79vml9P3IF+Kt1ysrEnlQLQ8E+WZnuHc/Js=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	d93ead19666030b7602af15dc2be1f465b18c00e4a8f4adf1ca52f92ed4184bd
SHA256 hex / Subject Public Key Information (SPKI):	d93ead19666030b7602af15dc2be1f465b18c00e4a8f4adf1ca52f92ed4184bd (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.pki.goog/s/gts1d4/GACZZnkRzlM
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

Revoked: The certificate is revoked.

CN=GTS CA 1D4, O=Google Trust Services LLC, C=US

13.08.2020

30.09.2027
expires in 1579 days

CN=GTS CA 1D4, O=Google Trust Services LLC, C=US

13.08.2020

30.09.2027
expires in 1579 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	02008EB2023336658B64CDDB9B
Thumbprint:	349C385FF8E330F20EAD733CD36FB435FEE0B403
SHA256 / Certificate:	ZOKGt2BjYCo3Lv1gzejbJlaknuFehCVLPW61/jj0KIs=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	7178cf80a7557ba8a88cff2cd18409debb660c51d39d8671718be660616260c1
SHA256 hex / Subject Public Key Information (SPKI):	7178cf80a7557ba8a88cff2cd18409debb660c51d39d8671718be660616260c1
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.pki.goog/gtsr1
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

CN=GTS Root R1, O=Google Trust Services LLC, C=US

19.06.2020

28.01.2028
expires in 1699 days

CN=GTS Root R1, O=Google Trust Services LLC, C=US

19.06.2020

28.01.2028
expires in 1699 days

Keyalgorithm	RSA encryption (4096 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	77BD0D6CDB36F91AEA210FC4F058D30D
Thumbprint:	08745487E891C19E3078C1F2A07E452950EF36F6
SHA256 / Certificate:	PuAnjfcfo8ElxM1IfwHXdGlOb8V+DNlMJO/XaRM5GOU=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67
SHA256 hex / Subject Public Key Information (SPKI):	871a9194f4eed5b312ff40c84c1d524aed2f778bbff25f138cf81f680a7adc67
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://ocsp.pki.goog/gsr1
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

01.09.1998

28.01.2028
expires in 1699 days

CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

01.09.1998

28.01.2028
expires in 1699 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA-1 with RSA Encryption
Serial Number:	040000000001154B5AC394
Thumbprint:	B1BC968BD4F49D622AA89A81F2150152A41D829C
SHA256 / Certificate:	69QQQOS7PsdCyeOB0x7ypBpItmhclufO88HfbNQzHJk=
SHA256 hex / Cert (DANE * 0 1):	ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA256 hex / PublicKey (DANE * 1 1):	2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SHA256 hex / Subject Public Key Information (SPKI):	2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

CN=mcsm.czagrzebski.dev

15.03.2022

13.06.2022
356 days expired

mcsm.czagrzebski.dev, www.mcsm.czagrzebski.dev - 2 entries

CN=mcsm.czagrzebski.dev

15.03.2022

13.06.2022
356 days expired

mcsm.czagrzebski.dev, www.mcsm.czagrzebski.dev - 2 entries

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	03B7EC58DFE7E31050CD652BC3B01A68E5B9
Thumbprint:	58FDB13B71D79B8D8B01DA31C5F8337D1498F32B
SHA256 / Certificate:	9UKFUC6I3QeUn6vI99GcprPdvPPtD4Ayixmy3ZSbOJ4=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	0845c53a89d8a73c97ec0a52af66e7cfbd28134985de9aa13b20a265e29b3dd0
SHA256 hex / Subject Public Key Information (SPKI):	0845c53a89d8a73c97ec0a52af66e7cfbd28134985de9aa13b20a265e29b3dd0 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:	http://r3.o.lencr.org
OCSP - must staple:	no
Certificate Transparency:	yes
Enhanced Key Usage:	Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)

NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.

CN=R3, O=Let's Encrypt, C=US

04.09.2020

15.09.2025
expires in 834 days

CN=R3, O=Let's Encrypt, C=US

04.09.2020

15.09.2025
expires in 834 days

Keyalgorithm	RSA encryption (2048 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	00912B084ACF0C18A753F6D62E25A75F5A
Thumbprint:	A053375BFE84E8B748782C7CEE15827A6AF5A405
SHA256 / Certificate:	Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0=
SHA256 hex / Cert (DANE * 0 1):	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):	8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SHA256 hex / Subject Public Key Information (SPKI):	8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:	Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)

CN=ISRG Root X1, O=Internet Security Research Group, C=US

04.06.2015

04.06.2035
expires in 4383 days

CN=ISRG Root X1, O=Internet Security Research Group, C=US

04.06.2015

04.06.2035
expires in 4383 days

Keyalgorithm	RSA encryption (4096 bit)
Signatur:	SHA256 With RSA-Encryption
Serial Number:	008210CFB0D240E3594463E0BB63828B00
Thumbprint:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:	lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):	96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):	0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):	0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:	Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:	no
Certificate Transparency:	no
Enhanced Key Usage:

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuer				last 7 days	active	num Certs
CN=GTS CA 1D4, O=Google Trust Services LLC, C=US				0	2	2

CertSpotter-Id	Issuer	not before	not after	Domain names	LE-Duplicate	next LE
5287753016 precert	CN=GTS CA 1D4, O=Google Trust Services LLC, C=US	2023-05-26 01:27:03	2023-08-24 02:12:31	taskify.czagrzebski.dev - 1 entries
5287757727 precert	CN=GTS CA 1D4, O=Google Trust Services LLC, C=US	2023-05-26 01:26:34	2023-08-24 02:13:03	www.taskify.czagrzebski.dev - 1 entries

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

No CRT - CT-Log entries found

11. Html-Content - Entries

Summary

							Subresource Integrity (SRI)
Domainname	HtmlElement	rel/property	∑	∑ size	∑ problems	∑ int.	∑ ext.	∑ Origin poss.	∑ SRI ParseErrors	∑ SRI valid	∑ SRI missing
https://66.190.13.30/	link	stylesheet	1	379 Bytes	0	1	0	0	0	0
	link	other	3	9,217 Bytes	0	2	0	0	0	0
	meta	other	4		0			0	0	0
	script		1	951,410 Bytes	0	1	0	0	0	0

Details

Domainname	Html-Element	name/equiv/ property/rel	href/src/content	HttpStatus	∑
https://66.190.13.30/	link	apple-touch-icon	/logo192.png		200	1	ok
				image/png, missing X-Content-Type-Options nosniff			ok
	Cache-Control: public, max-age=0 - max-age too short.			No GZip - 5347 Bytes

	link	icon	/favicon.ico		200	1	ok
				image/x-icon, missing X-Content-Type-Options nosniff			ok
	Cache-Control: public, max-age=0 - max-age too short.			No GZip - 3870 Bytes

	link	manifest	/manifest.json			1	ok
							ok


	link	stylesheet	/static/css/main.6d40566d.css		200	1	ok
				text/css; charset=UTF-8, missing X-Content-Type-Options nosniff			ok
	Cache-Control: public, max-age=0 - max-age too short.			GZip required: 379 Bytes
	local SRI possible, possible hash-values: sha256-jbLSYV62uiVV/vB6RP/pLGLRU6p5MNl3f2bjEtfYNVk= sha384-FhrBSRYA/FH1b3bh/FYUBvY0bAaYMhmLbsn6TgsSVUjR5zOjjJfQoVmZe1KUZ3mB sha512-FNU12FhJmZbwyYEFJiFExkKoFUgOOeg8TPmPSOkoGfV+yYX2KPUdkw1RQEAwlTlR79cl+Han3fSwwCPxdyLqqw== <link rel="stylesheet" href="/static/css/main.6d40566d.css" crossorigin="anonymous" integrity="sha256-jbLSYV62uiVV/vB6RP/pLGLRU6p5MNl3f2bjEtfYNVk=" />

	meta		utf-8			1	ok
							ok


	meta	description	Web site created using create-react-app			1	ok
							ok


	meta	theme-color	#000000			1	ok
							ok


	meta	viewport	width=device-width,initial-scale=1			1	ok
							ok


	script	src	/static/js/main.df8ac66c.js		200	1	ok
	defer attribute found			application/javascript; charset=UTF-8, missing X-Content-Type-Options nosniff			ok
	Cache-Control: public, max-age=0 - max-age too short.			GZip required: 951410 Bytes
	local SRI possible, possible hash-values: sha256-Wiu6q+4RBlezm4O+0hwGqztWzguqHhv/+EYRb2D3GwI= sha384-uRUGXf4Fs3TjV2IEuslwpLjLIlrZy/wkyDCzvcEcYmtXLD3h8dzcSjPc++KolUJ6 sha512-5DUsrqexiu3qzb0EqWJtlV69nKmEKY2ztJ2pfEqZNEsNqQ3wbwDY9n1KX6wfAEGekaaoLO00nMn9iJMqh0dfIw== <script src="/static/js/main.df8ac66c.js" crossorigin="anonymous" integrity="sha256-Wiu6q+4RBlezm4O+0hwGqztWzguqHhv/+EYRb2D3GwI=" />

12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com

QNr.	Domain	Type	NS used
1	com	NS	m.root-servers.net (2001:dc3::35)
	Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2	ns-cloud-e1.googledomains.com	NS	l.gtld-servers.net (2001:500:d937::30)
	Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com
	Answer: ns5.googledomains.com 2001:4860:4802:32::a, 216.239.32.10
	Answer: ns6.googledomains.com 2001:4860:4802:34::a, 216.239.34.10
	Answer: ns7.googledomains.com 2001:4860:4802:36::a, 216.239.36.10
	Answer: ns8.googledomains.com 2001:4860:4802:38::a, 216.239.38.10
3	ns-cloud-e2.googledomains.com	NS	l.gtld-servers.net (2001:500:d937::30)
	Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com
	Answer: ns5.googledomains.com 2001:4860:4802:32::a, 216.239.32.10
	Answer: ns6.googledomains.com 2001:4860:4802:34::a, 216.239.34.10
	Answer: ns7.googledomains.com 2001:4860:4802:36::a, 216.239.36.10
	Answer: ns8.googledomains.com 2001:4860:4802:38::a, 216.239.38.10
4	ns-cloud-e3.googledomains.com	NS	l.gtld-servers.net (2001:500:d937::30)
	Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com
	Answer: ns5.googledomains.com 2001:4860:4802:32::a, 216.239.32.10
	Answer: ns6.googledomains.com 2001:4860:4802:34::a, 216.239.34.10
	Answer: ns7.googledomains.com 2001:4860:4802:36::a, 216.239.36.10
	Answer: ns8.googledomains.com 2001:4860:4802:38::a, 216.239.38.10
5	ns-cloud-e4.googledomains.com	NS	l.gtld-servers.net (2001:500:d937::30)
	Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com
	Answer: ns5.googledomains.com 2001:4860:4802:32::a, 216.239.32.10
	Answer: ns6.googledomains.com 2001:4860:4802:34::a, 216.239.34.10
	Answer: ns7.googledomains.com 2001:4860:4802:36::a, 216.239.36.10
	Answer: ns8.googledomains.com 2001:4860:4802:38::a, 216.239.38.10
6	ns-cloud-e1.googledomains.com: 216.239.32.110	A	ns5.googledomains.com (2001:4860:4802:32::a)
7	ns-cloud-e1.googledomains.com: 2001:4860:4802:32::6e	AAAA	ns5.googledomains.com (2001:4860:4802:32::a)
8	ns-cloud-e2.googledomains.com: 216.239.34.110	A	ns5.googledomains.com (2001:4860:4802:32::a)
9	ns-cloud-e2.googledomains.com: 2001:4860:4802:34::6e	AAAA	ns5.googledomains.com (2001:4860:4802:32::a)
10	ns-cloud-e3.googledomains.com: 216.239.36.110	A	ns5.googledomains.com (2001:4860:4802:32::a)
11	ns-cloud-e3.googledomains.com: 2001:4860:4802:36::6e	AAAA	ns5.googledomains.com (2001:4860:4802:32::a)
12	ns-cloud-e4.googledomains.com: 216.239.38.110	A	ns5.googledomains.com (2001:4860:4802:32::a)
13	ns-cloud-e4.googledomains.com: 2001:4860:4802:38::6e	AAAA	ns5.googledomains.com (2001:4860:4802:32::a)

13. CAA - Entries

Domainname	flag	Name	Value	∑ Queries
www.taskify.czagrzebski.dev				1
taskify.czagrzebski.dev				1
ghs.googlehosted.com	0		no CAA entry found	1
googlehosted.com	5	issue	pki.goog	1
czagrzebski.dev	0		no CAA entry found	1
dev	0		no CAA entry found	1
com	0		no CAA entry found	1

14. TXT - Entries

Domainname	Status	∑ Queries
czagrzebski.dev	ok	1
taskify.czagrzebski.dev		1
www.taskify.czagrzebski.dev		1
_acme-challenge.ghs.googlehosted.com		1
_acme-challenge.taskify.czagrzebski.dev	Name Error - The domain name does not exist	1
_acme-challenge.www.taskify.czagrzebski.dev	Name Error - The domain name does not exist	1
_acme-challenge.taskify.czagrzebski.dev.czagrzebski.dev	Name Error - The domain name does not exist	1
_acme-challenge.ghs.googlehosted.com.ghs.googlehosted.com		1
_acme-challenge.taskify.czagrzebski.dev.taskify.czagrzebski.dev	Name Error - The domain name does not exist	1
_acme-challenge.www.taskify.czagrzebski.dev.taskify.czagrzebski.dev	Name Error - The domain name does not exist	1
_acme-challenge.www.taskify.czagrzebski.dev.www.taskify.czagrzebski.dev	Name Error - The domain name does not exist	1

15. DomainService - Entries (SSHFP Check is new - 2022-09-24, may be incomplete, alpha, some results are required)

No DomainServiceEntries entries found

16. Cipher Suites

Domain	IP	Port	Cipher (OpenSsl / IANA)
taskify.czagrzebski.dev	142.250.186.83	443	ECDHE-RSA-CHACHA20-POLY1305	(Secure)	TLSv1.2	0xCC,0xA8	FS
10 Ciphers, 51.03 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH	RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384	(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH	RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256	(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH	RSA	AESGCM(128)	AEAD
			AES256-GCM-SHA384	(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA	RSA	AESGCM(256)	AEAD
			AES128-GCM-SHA256	(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA	RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA	(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH	RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA	(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH	RSA	AES(128)	SHA1
			AES256-SHA	(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA	RSA	AES(256)	SHA1
			DES-CBC3-SHA	(Weak)	SSLv3	0x00,0x0A	No FS
			TLS_RSA_WITH_3DES_EDE_CBC_SHA
			RSA	RSA	3DES(168)	SHA1
			AES128-SHA	(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA	RSA	AES(128)	SHA1
	2a00:1450:4001:828::2013	443	ECDHE-RSA-AES128-GCM-SHA256	(Secure)	TLSv1.2	0xC0,0x2F	FS
6 Ciphers, 35.37 sec			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH	RSA	AESGCM(128)	AEAD
			AES128-GCM-SHA256	(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA	RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA	(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH	RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA	(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH	RSA	AES(128)	SHA1
			AES256-SHA	(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA	RSA	AES(256)	SHA1
			DES-CBC3-SHA	(Weak)	SSLv3	0x00,0x0A	No FS
			TLS_RSA_WITH_3DES_EDE_CBC_SHA
			RSA	RSA	3DES(168)	SHA1
www.taskify.czagrzebski.dev	142.250.186.83	443	ECDHE-RSA-CHACHA20-POLY1305	(Secure)	TLSv1.2	0xCC,0xA8	FS
10 Ciphers, 49.61 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH	RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384	(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH	RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256	(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH	RSA	AESGCM(128)	AEAD
			AES256-GCM-SHA384	(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA	RSA	AESGCM(256)	AEAD
			AES128-GCM-SHA256	(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA	RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA	(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH	RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA	(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH	RSA	AES(128)	SHA1
			AES256-SHA	(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA	RSA	AES(256)	SHA1
			DES-CBC3-SHA	(Weak)	SSLv3	0x00,0x0A	No FS
			TLS_RSA_WITH_3DES_EDE_CBC_SHA
			RSA	RSA	3DES(168)	SHA1
			AES128-SHA	(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA	RSA	AES(128)	SHA1
	2a00:1450:4001:828::2013	443	ECDHE-RSA-CHACHA20-POLY1305	(Secure)	TLSv1.2	0xCC,0xA8	FS
10 Ciphers, 45.65 sec			TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
			ECDH	RSA	CHACHA20/POLY1305(256)	AEAD
			ECDHE-RSA-AES256-GCM-SHA384	(Secure)	TLSv1.2	0xC0,0x30	FS
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
			ECDH	RSA	AESGCM(256)	AEAD
			ECDHE-RSA-AES128-GCM-SHA256	(Secure)	TLSv1.2	0xC0,0x2F	FS
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			ECDH	RSA	AESGCM(128)	AEAD
			AES256-GCM-SHA384	(Weak)	TLSv1.2	0x00,0x9D	No FS
			TLS_RSA_WITH_AES_256_GCM_SHA384
			RSA	RSA	AESGCM(256)	AEAD
			AES128-GCM-SHA256	(Weak)	TLSv1.2	0x00,0x9C	No FS
			TLS_RSA_WITH_AES_128_GCM_SHA256
			RSA	RSA	AESGCM(128)	AEAD
			ECDHE-RSA-AES256-SHA	(Weak)	TLSv1	0xC0,0x14	FS
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
			ECDH	RSA	AES(256)	SHA1
			ECDHE-RSA-AES128-SHA	(Weak)	TLSv1	0xC0,0x13	FS
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
			ECDH	RSA	AES(128)	SHA1
			AES256-SHA	(Weak)	SSLv3	0x00,0x35	No FS
			TLS_RSA_WITH_AES_256_CBC_SHA
			RSA	RSA	AES(256)	SHA1
			DES-CBC3-SHA	(Weak)	SSLv3	0x00,0x0A	No FS
			TLS_RSA_WITH_3DES_EDE_CBC_SHA
			RSA	RSA	3DES(168)	SHA1
			AES128-SHA	(Weak)	SSLv3	0x00,0x2F	No FS
			TLS_RSA_WITH_AES_128_CBC_SHA
			RSA	RSA	AES(128)	SHA1

17. Portchecks

No open Ports <> 80 / 443 found, so no additional Ports checked.

Permalink: https://check-your-website.server-daten.de/?i=759da625-e6f2-4335-9dd3-0a6da69bdf89

Last Result: https://check-your-website.server-daten.de/?q=taskify.czagrzebski.dev - 2023-05-26 06:01:52

Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=taskify.czagrzebski.dev" target="_blank">Check this Site: taskify.czagrzebski.dev</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

Check DNS, Urls + Redirects, Certificates and Content of your Website

Older results

1. IP-Addresses

2. DNSSEC

3. Name Servers

4. SOA-Entries

5. Screenshots

6. Url-Checks

7. Comments

1. General Results, most used to calculate the result

2. Header-Checks (alpha, started 2022-10-23, may be buggy / incomplete)

3. DNS- and NameServer - Checks

4. Content- and Performance-critical Checks

8. Connections

9. Certificates

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

11. Html-Content - Entries

Summary

Details

12. Nameserver - IP-Adresses

13. CAA - Entries

14. TXT - Entries

15. DomainService - Entries (SSHFP Check is new - 2022-09-24, may be incomplete, alpha, some results are required)

16. Cipher Suites

17. Portchecks