Check DNS, Urls + Redirects, Certificates and Content of your Website

0 in Queue, 0 of max. 8 Checks (12:24:47)
Why should you only use Prefix - Cookies? |
Hall of Fame - A+ and A

 

Shortcuts: 1. IP-Addresses | 2. DNSSEC | 3. Name Servers | 4. SOA-Entries | 5. Screenshots | 6. Url-Checks | 7. Comments | 8. Connections | 9. Certificates | 10. CT-Logs | 11. Html-Content | 12. Html-Parsing | 13. NameServer-IPAddresses | 14. CAA | 15. TXT | 16. DomainServiceEntries | 17. Cipher Suites | 18. Portchecks |

 

I

 

Content problems - mixed content, missing files etc.

 

Checked:
06.01.2026 02:59:05

 

Older results

 

I - 17.12.2025 00:04:29
I - 14.12.2025 14:45:26
I - 27.11.2025 03:56:40
I - 10.11.2025 08:49:25
I - 02.11.2025 01:08:35
I - 17.10.2025 23:50:30
I - 15.10.2025 08:55:53
I - 14.09.2025 14:06:37
I - 19.05.2025 03:48:50
I - 08.05.2025 07:24:10

 

1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
x.com
A
162.159.140.229
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.
No Hostname found
yes
2
0

A
172.66.0.227
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.
No Hostname found
yes
2
0

AAAA

yes


www.x.com
CNAME
x.com
yes
1
0

A
162.159.140.229
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.
No Hostname found
yes



A
172.66.0.227
Toronto/Ontario/Canada (CA) - Cloudflare, Inc.
No Hostname found
yes


*.x.com
A
Name Error
yes



AAAA
Name Error
yes



CNAME
Name Error
yes


 

2. DNSSEC

Zone (*)DNSSEC - Informations


Zone: (root)

(root)
1 DS RR published






DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=






 Status: Valid because published






4 DNSKEY RR found






Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 21831, Flags 256






Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 8, KeyTag 61809, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.01.2026, 00:00:00 +, Signature-Inception: 01.01.2026, 00:00:00 +, KeyTag 20326, Signer-Name: (root)






 Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet






 Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: com

com
1 DS RR in the parent zone found






DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=






1 RRSIG RR to validate DS RR found






RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 18.01.2026, 17:00:00 +, Signature-Inception: 05.01.2026, 16:00:00 +, KeyTag 21831, Signer-Name: (root)






 Status: Good - Algorithmus 8 and DNSKEY with KeyTag 21831 used to validate the DS RRSet in the parent zone






2 DNSKEY RR found






Public Key with Algorithm 13, KeyTag 19718, Flags 257 (SEP = Secure Entry Point)






Public Key with Algorithm 13, KeyTag 46539, Flags 256






1 RRSIG RR to validate DNSKEY RR found






RRSIG-Owner com., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 12.01.2026, 15:02:35 +, Signature-Inception: 28.12.2025, 14:57:35 +, KeyTag 19718, Signer-Name: com






 Status: Good - Algorithmus 13 and DNSKEY with KeyTag 19718 used to validate the DNSKEY RRSet






 Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest "isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone



Zone: x.com

x.com
0 DS RR in the parent zone found






DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "9r92dnfdjnuk8toipl83salcibt8hiaf" between the hashed NSEC3-owner "9r924l0vkvrakebslp2qhmbh3t2beoc2" and the hashed NextOwner "9r92ghol4h50nmhis5kv2cppnuquvnnb". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 9r924l0vkvrakebslp2qhmbh3t2beoc2.com., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 13.01.2026, 00:16:54 +, Signature-Inception: 05.01.2026, 23:06:54 +, KeyTag 46539, Signer-Name: com






DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q3udg8cekkae7rukpgct1dvssh8ll". So that domain name is the Closest Encloser of "x.com". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 10.01.2026, 00:27:13 +, Signature-Inception: 02.01.2026, 23:17:13 +, KeyTag 46539, Signer-Name: com






0 DNSKEY RR found









Zone: www.x.com

www.x.com
0 DS RR in the parent zone found

 

3. Name Servers

DomainNameserverNS-IP
x.com
  a.r10.twtrdns.net
205.251.192.179
Ashburn/Virginia/United States (US) - Amazon.com

  a.u10.twtrdns.net
204.74.111.101
Herndon/Virginia/United States (US) - Neustar Security Services

  b.r10.twtrdns.net
205.251.196.198
Herndon/Virginia/United States (US) - Amazon.com

  b.u10.twtrdns.net
205.251.196.198
Herndon/Virginia/United States (US) - Amazon.com

  c.r10.twtrdns.net
205.251.194.151
Chicago/Illinois/United States (US) - Amazon.com

  c.u10.twtrdns.net
205.251.194.151
Chicago/Illinois/United States (US) - Amazon.com

  d.r10.twtrdns.net
205.251.199.195
Ashburn/Virginia/United States (US) - Amazon.com

  d.u10.twtrdns.net
205.251.199.195
Ashburn/Virginia/United States (US) - Amazon.com
com
  a.gtld-servers.net


  b.gtld-servers.net


  c.gtld-servers.net


  d.gtld-servers.net


  e.gtld-servers.net


  f.gtld-servers.net


  g.gtld-servers.net


  h.gtld-servers.net


  i.gtld-servers.net


  j.gtld-servers.net


  k.gtld-servers.net


  l.gtld-servers.net


  m.gtld-servers.net

 

4. SOA-Entries


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1767664719
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:11


Domain:com
Zone-Name:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1767664739
Refresh:1800
Retry:900
Expire:604800
TTL:900
num Entries:2


Domain:x.com
Zone-Name:x.com
Primary:a.u10.twtrdns.net
Mail:noc.twitter.com
Serial:2023121201
Refresh:3600
Retry:600
Expire:604800
TTL:300
num Entries:7


Domain:x.com
Zone-Name:x.com
Primary:a.u10.twtrdns.net
Mail:noc.twitter.com
Serial:2023240563
Refresh:3600
Retry:600
Expire:604800
TTL:300
num Entries:1


5. Screenshots

Startaddress: https://x.com/, address used: https://x.com/, Screenshot created 2026-01-06 03:00:22 +00:0

 

Mobil (412px x 732px)

 

338 milliseconds

 

Screenshot mobile - https://x.com/
Mobil + Landscape (732px x 412px)

 

1482 milliseconds

 

Screenshot mobile landscape - https://x.com/
Screen (1280px x 1680px)

 

2220 milliseconds

 

Screenshot Desktop - https://x.com/

 

Mobile- and other Chrome-Checks


widthheight
visual Viewport397732
content Size3971105

 

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

 

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://x.com/
162.159.140.229
301
https://x.com/

0.013

Date: Tue, 06 Jan 2026 01:59:43 GMT
Connection: keep-alive
Location: https://x.com/
Vary: accept-encoding
Set-Cookie: __cf_bm=LDQzhgGN7X3m_onRdo_ZHY8ajPPWB28cM.RL3RgWqyA-1767664783.051903-1.0.1.1-RnpYGzrVxDUDuLA2w4N0kNNPBV5hyvS3FeSmjPF5GN5dxwgJjko.NERrczwk40Sfg2KY5_N8iM8mUhOfsDi.1qGgQ9DVjdFsaEwaZU8uMkO441zYaeadDmk6On3Ke57M; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:43 GMT
Server: cloudflare
CF-RAY: 9b979e1e1e656e5c-TXL
Content-Length: 0

• http://x.com/
172.66.0.227
301
https://x.com/

0.000

Date: Tue, 06 Jan 2026 01:59:43 GMT
Connection: keep-alive
Location: https://x.com/
Vary: accept-encoding
Set-Cookie: __cf_bm=q5lODv8fGqcAA_mLaz0w2ie1fetDSQ76XWgzKnH77O4-1767664783.077919-1.0.1.1-sDtnBlAb7zhIdZRuEBpCK_9SCh1R7_kkpJk2MjLOxAFA6vHv4nW4m9CvgEP4QGju9TqoPdPoPYC7UNbpHusXqKA7dGHf_171FTcNYgc9O58u0t73KS.2yEb0_yFXClAy; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:43 GMT
Server: cloudflare
CF-RAY: 9b979e1e3e21c4d0-TXL
Content-Length: 0

• http://www.x.com/
162.159.140.229
301
https://www.x.com/

0.017

Date: Tue, 06 Jan 2026 01:59:42 GMT
Connection: keep-alive
Location: https://www.x.com/
Vary: accept-encoding
Set-Cookie: __cf_bm=W94dcBva8MLAQYy.97ODndE1v_42S6m1vTZeEJ28IfA-1767664782.99184-1.0.1.1-OziQIp9mPxMAVWivXIBqgP_FtlXlt.4grK3MwFoMNDOR5pLXkAoJXPBnjsIqiBw0dBzOureQtMx3ii._ZgV6nIsYvGqrsyy18F5Wpc627gPEM2SKjof0OI01SNSu534p; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:42 GMT
Server: cloudflare
CF-RAY: 9b979e1dbe176e5c-TXL
Content-Length: 0

• http://www.x.com/
172.66.0.227
301
https://www.x.com/

0.017

Date: Tue, 06 Jan 2026 01:59:43 GMT
Connection: keep-alive
Location: https://www.x.com/
Vary: accept-encoding
Set-Cookie: __cf_bm=fsq28dBUmo0Eb7tAQ1AKwjFCZuLO2xJYluwUYOUZoq4-1767664783.0217488-1.0.1.1-XaOiSEl58jz.dK9pIxsMtsujdff66_8W0iqffn0oW.bx6A8qlgbUaN78F9fcNxK45LaA_H1cZHlgypebi9msWal4Dr5SakRf7Lz63HiTvdXnHhE478._cXz5n5t9bQRg; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:43 GMT
Server: cloudflare
CF-RAY: 9b979e1dedecc4d0-TXL
Content-Length: 0

• https://www.x.com/
162.159.140.229
301
https://twitter.com/

2.124
B
Date: Tue, 06 Jan 2026 01:59:43 GMT
Connection: keep-alive
perf: 7402827104
Location: https://twitter.com/
Cache-Control: no-store, no-cache, max-age=0
x-transaction-id: 05d286670adbf931
x-response-time: 1
origin-cf-ray: 9b979e1e8d4358f0-TXL
Strict-Transport-Security: max-age=631138519; includeSubdomains
X-Served-By: t4_a
Server: cloudflare,envoy
cf-cache-status: DYNAMIC
Set-Cookie: __cf_bm=KlKJi3uYgL5G1kVwFvtV0SZb7Yww8LFxk8KH.k_FHu0-1767664783.121353-1.0.1.1-EThPzpFyEWCbYMKlmXC0t0tBb3ZMEKP.oPFCxa59m.iXNBHAukNpSeI25TVmWtpqRQ7XIepozlSiqOGEekxdYtz2NOPZ66oe45PH3FHXS7L9.einu_SDLiGeZu2zmsld; HttpOnly; Secure; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:43 GMT
CF-RAY: 9b979e1e8d4358f0-TXL
Content-Length: 0

• https://www.x.com/
172.66.0.227
301
https://twitter.com/

2.096
B
Date: Tue, 06 Jan 2026 01:59:46 GMT
Connection: keep-alive
perf: 7402827104
Location: https://twitter.com/
Cache-Control: no-store, no-cache, max-age=0
x-transaction-id: 0a0b4a5d5f992726
x-response-time: 1
origin-cf-ray: 9b979e34abe2c637-TXL
Strict-Transport-Security: max-age=631138519; includeSubdomains
X-Served-By: t4_a
Server: cloudflare,envoy
cf-cache-status: DYNAMIC
Set-Cookie: __cf_bm=3iaaiIAHrX5QItgPt_ro4vt8F6YM3f9ofyt8SKmDjx0-1767664786.6607249-1.0.1.1-lPXZYqzyj9H50ojqMVPbclX515W1nJH08upOB5xfXo7S5_LXHisylRdqVD0rrXhcBOEiGso_F7NkcMgexkbK.ZqPMiR0lzVyi.5S47Gg4eZwa9pljXZBxTR7JHXkAi9S; HttpOnly; Secure; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:46 GMT
CF-RAY: 9b979e34abe2c637-TXL
Content-Length: 0

• https://twitter.com/
gzip used - 74 / 48 - -54.17 %
301
https://x.com/
Html is minified: 100.00 %
2.173
B
Date: Tue, 06 Jan 2026 01:59:59 GMT
Connection: keep-alive
perf: 7402827104
Vary: Accept,accept-encoding
expiry: Tue, 31 Mar 1981 05:00:00 GMT
Pragma: no-cache
Server: cloudflare,envoy
Location: https://x.com/
Set-Cookie: ct0=; Max-Age=-1767664798; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=Lax,__cf_bm=Wb7pB.5n8rl.HccWqFygxV0Yol5TZI4937LlZ0rwNI4-1767664799.68073-1.0.1.1-EX5akBMpHoxnb2kfRf9qMoWh0rPlNuU2fzdE.XcP.QrrLX_CDQy4m5J3A95qadP5fesXe4Q0soI29cSdkDOaRMAWpA5i7l6lbwTepn_Dzm3tcPtZrUr7tuj7EtENwIAx; HttpOnly; Secure; Path=/; Domain=twitter.com; Expires=Tue, 06 Jan 2026 02:29:59 GMT
X-Powered-By: Express
Cache-Control: no-store, must-revalidate, no-cache, pre-check=0, post-check=0
X-Frame-Options: DENY
x-transaction-id: 20996a9e0d6e57c5
X-XSS-Protection: 0
reporting-endpoints: coep-report="https://twitter.com/i/coep-report", coop-report="https://twitter.com/i/coop-report"
X-Content-Type-Options: nosniff
Content-Security-Policy: connect-src 'self' blob: https://fonts.googleapis.com/css https://mapsresources-pa.googleapis.com https://maps.googleapis.com https://translate.googleapis.com https://www.gstatic.com/maps/ https://*.pscp.tv https://*.twimg.com https://*.video.pscp.tv https://aa.twitter.com https://aa.x.com https://accounts.google.com/gsi/ https://ads-api.twitter.com https://ads-api.x.com https://api-stream.twitter.com https://api-stream.x.com https://api.twitter.com https://api.x.ai https://api.x.com https://api.x.com https://caps.twitter.com https://caps.x.com https://grok.x.com https://jf.twitter.com https://jf.x.com https://jf-t.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://ton.twitter.com https://ton.local.twitter.com https://ton.x.com https://twitter.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://x.com https://grok-api.gcp.mouseion.dev https://assets.mouseion.dev https://grok.com https://assets.grok.com https://imagine-public.x.ai/ wss://grok.com wss://grok-api.gcp.mouseion.dev https://*.adtrafficquality.google https://*.googlesyndication.com https://*.doubleclick.net https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.google.com https://google.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://production.plaid.com/ https://sandbox.plaid.com/ https://ingestion.dv.socure.io https://network.dv.socure.io/ https://analytics.dv.socure.io/ https://payments-dev.x.com/customer/wasm/forward-with-v1.wasm https://payments-staging.x.com/customer/wasm/forward-with-v1.wasm https://payments-prod.x.com/customer/wasm/forward-with-v1.wasm https://money-dev.x.com/customer/wasm/forward-with-v1.wasm https://money-staging.x.com/customer/wasm/forward-with-v1.wasm https://money.x.com/customer/wasm/forward-with-v1.wasm https://api.stripe.com https://money.x.com/i/cardholder-agreement.summary.json https://money.x.com/i/acceptable-use-policy.summary.json https://money.x.com/terms-and-conditions.summary.json https://m.castle.io https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.grabyo.com https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com wss://chat-ws.x.com https://d1muhwhmpsz4u8.cloudfront.net/ https://d2bchqfeno8n2m.cloudfront.net/ https://d2shtph9y6bxk.cloudfront.net/ https://xchat-hsm-staging.x.com/ https://realm-a.x.com https://realm-b.x.com https://realm-west1.x.com https://realm-east1.x.com https://hsm-staging.x.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443 https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; font-src 'self' https://*.twimg.com https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-src 'self' https://accounts.google.com/ https://accounts.google.com/gsi/ https://cards-frame.twitter.com https://cdn.plaid.com/ https://client-api.arkoselabs.com/ https://content.googleapis.com/ https://iframe.arkoselabs.com/ https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://google.com https://www.google.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://console.googletagservices.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.safeframe.googlesyndication.com https://www.googleadservices.com https://googleadservices.com https://adservice.google.com https://*.googlesyndication.com https://td.doubleclick.net https://payments-dev.x.com/ https://payments-staging.x.com/ https://payments-prod.x.com/ https://sdn.payments-dev.x.com/ https://sdn.payments-staging.x.com/ https://sdn.payments-prod.x.com/ https://money-dev.x.com/ https://money-staging.x.com/ https://money.x.com/ https://sdn.money-dev.x.com/ https://sdn.money-staging.x.com/ https://sdn.money.x.com/ https://p2pcreditcardiframesandbox.crbcos.com https://p2pcreditcardiframe.crbcos.com https://verify-sandbox.plaid.com/ https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://cdn.getpinwheel.com/ https://artifacts.grokusercontent.com https://twitter.com https://x.com https://recaptcha.net/recaptcha/; img-src 'self' blob: data: https://www.google.com/maps/place/ https://imgs.search.brave.com https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://api.x.com https://developer.x.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct https://*.googleusercontent.com https://*.gstatic.com https://*.googlesyndication.com https://*.adtrafficquality.google https://www.google.com/ads/measurement/ https://*.google.com/ads/measurement/ https://googleads.g.doubleclick.net https://google.com https://www.google.com https://plaid-merchant-logos.plaid.com https://plaid-counterparty-logos.plaid.com https://assets.mouseion.dev https://assets.grok.com; manifest-src 'self'; media-src 'self' data: blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://*.twimg.com https://recaptcha.net/recaptcha/ http://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://accounts.google.com/gsi/client https://apis.google.com/js/api.js https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://client-api.arkoselabs.com/ https://static.ads-twitter.com https://twitter.com https://www.google-analytics.com https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://x.com https://sdn.payments-dev.x.com/assets/loader.min.js https://sdn.payments-staging.x.com/assets/loader.min.js https://sdn.payments-prod.x.com/assets/loader.min.js https://sdn.money-dev.x.com/assets/loader.min.js https://sdn.money-staging.x.com/assets/loader.min.js https://sdn.money.x.com/assets/loader.min.js https://sdk.dv.socure.io/latest/device-risk-sdk.js https://cdn.plaid.com/link/v2/stable/link-initialize.js https://payments-dev.x.com/customer/wasm/xxp-forward-with-sdk.js https://payments-staging.x.com/customer/wasm/xxp-forward-with-sdk.js https://payments-prod.x.com/customer/wasm/xxp-forward-with-sdk.js https://money-dev.x.com/customer/wasm/xxp-forward-with-sdk.js https://money-staging.x.com/customer/wasm/xxp-forward-with-sdk.js https://money.x.com/customer/wasm/xxp-forward-with-sdk.js https://js.stripe.com https://*.js.stripe.com https://cdn.getpinwheel.com/pinwheel-v3.1.0.js https://securepubads.g.doubleclick.net https://www.googletagservices.com https://*.googletagservices.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.googleadservices.com https://ads.google.com https://tpc.googlesyndication.com https://*.tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'wasm-unsafe-eval' 'nonce-NGUyODQwMmEtNjRhMy00YzE1LTllMDAtNDgwYWJlMTcyNTg4'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; child-src 'self' blob:; worker-src 'self' blob:; report-uri https://x.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
x-response-time: 15
origin-cf-ray: 9b979e860fa1e525-TXL
Strict-Transport-Security: max-age=631138519; includeSubdomains
X-Served-By: t4_a
cf-cache-status: DYNAMIC
CF-RAY: 9b979e860fa1e525-TXL
Content-Type: text/plain; charset=utf-8
Content-Length: 74
Last-Modified: Tue, 06 Jan 2026 01:59:59 GMT
Content-Encoding: gzip

• https://x.com/
162.159.140.229 gzip used - 51956 / 230572 - 77.47 %
Inline-JavaScript (∑/total): 7/204865 Inline-CSS (∑/total): 4/13285		200

Html is minified: 106.39 %
Other inline scripts (∑/total): 0/0		2.390
I
Date: Tue, 06 Jan 2026 01:59:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
perf: 7402827104
expiry: Tue, 31 Mar 1981 05:00:00 GMT
Pragma: no-cache
Server: cloudflare,envoy
Set-Cookie: guest_id=v1%3A176766479020113251; Max-Age=34214400; Expires=Sat, 06 Feb 2027 01:59:50 GMT; Path=/; Domain=.x.com; Secure; SameSite=None,ct0=; Max-Age=-1767664789; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.x.com; Secure; SameSite=Lax,__cf_bm=aHzIFUKPTB3KIVnKT9wDZwd60FRW70iobNnfc6l1sBo-1767664790.138219-1.0.1.1-kmrWOtXEXcah3dK.hQnS8fykYYukjeKlaf..gwZWZyQaCbDjG2G4ovULZTCV0b9dSjQ0v9gk_hEgQ61VNeIXWK1aAfM88a.2_Kla9.z6Nqh7uppLteAA67pWpz_rVumE; HttpOnly; Secure; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:50 GMT
X-Powered-By: Express
Cache-Control: no-store, must-revalidate, no-cache, pre-check=0, post-check=0
X-Frame-Options: DENY
x-transaction-id: d024cc9f42ec626d
X-XSS-Protection: 0
reporting-endpoints: coep-report="https://x.com/i/coep-report", coop-report="https://x.com/i/coop-report"
X-Content-Type-Options: nosniff
Content-Security-Policy: connect-src 'self' blob: https://fonts.googleapis.com/css https://mapsresources-pa.googleapis.com https://maps.googleapis.com https://translate.googleapis.com https://www.gstatic.com/maps/ https://*.pscp.tv https://*.twimg.com https://*.video.pscp.tv https://aa.twitter.com https://aa.x.com https://accounts.google.com/gsi/ https://ads-api.twitter.com https://ads-api.x.com https://api-stream.twitter.com https://api-stream.x.com https://api.twitter.com https://api.x.ai https://api.x.com https://api.x.com https://caps.twitter.com https://caps.x.com https://grok.x.com https://jf.twitter.com https://jf.x.com https://jf-t.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://ton.twitter.com https://ton.local.twitter.com https://ton.x.com https://twitter.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://x.com https://grok-api.gcp.mouseion.dev https://assets.mouseion.dev https://grok.com https://assets.grok.com https://imagine-public.x.ai/ wss://grok.com wss://grok-api.gcp.mouseion.dev https://*.adtrafficquality.google https://*.googlesyndication.com https://*.doubleclick.net https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.google.com https://google.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://production.plaid.com/ https://sandbox.plaid.com/ https://ingestion.dv.socure.io https://network.dv.socure.io/ https://analytics.dv.socure.io/ https://payments-dev.x.com/customer/wasm/forward-with-v1.wasm https://payments-staging.x.com/customer/wasm/forward-with-v1.wasm https://payments-prod.x.com/customer/wasm/forward-with-v1.wasm https://money-dev.x.com/customer/wasm/forward-with-v1.wasm https://money-staging.x.com/customer/wasm/forward-with-v1.wasm https://money.x.com/customer/wasm/forward-with-v1.wasm https://api.stripe.com https://money.x.com/i/cardholder-agreement.summary.json https://money.x.com/i/acceptable-use-policy.summary.json https://money.x.com/terms-and-conditions.summary.json https://m.castle.io https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.grabyo.com https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com wss://chat-ws.x.com https://d1muhwhmpsz4u8.cloudfront.net/ https://d2bchqfeno8n2m.cloudfront.net/ https://d2shtph9y6bxk.cloudfront.net/ https://xchat-hsm-staging.x.com/ https://realm-a.x.com https://realm-b.x.com https://realm-west1.x.com https://realm-east1.x.com https://hsm-staging.x.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443 https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; font-src 'self' https://*.twimg.com https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-src 'self' https://accounts.google.com/ https://accounts.google.com/gsi/ https://cards-frame.twitter.com https://cdn.plaid.com/ https://client-api.arkoselabs.com/ https://content.googleapis.com/ https://iframe.arkoselabs.com/ https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://google.com https://www.google.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://console.googletagservices.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.safeframe.googlesyndication.com https://www.googleadservices.com https://googleadservices.com https://adservice.google.com https://*.googlesyndication.com https://td.doubleclick.net https://payments-dev.x.com/ https://payments-staging.x.com/ https://payments-prod.x.com/ https://sdn.payments-dev.x.com/ https://sdn.payments-staging.x.com/ https://sdn.payments-prod.x.com/ https://money-dev.x.com/ https://money-staging.x.com/ https://money.x.com/ https://sdn.money-dev.x.com/ https://sdn.money-staging.x.com/ https://sdn.money.x.com/ https://p2pcreditcardiframesandbox.crbcos.com https://p2pcreditcardiframe.crbcos.com https://verify-sandbox.plaid.com/ https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://cdn.getpinwheel.com/ https://artifacts.grokusercontent.com https://twitter.com https://x.com https://recaptcha.net/recaptcha/; img-src 'self' blob: data: https://www.google.com/maps/place/ https://imgs.search.brave.com https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://api.x.com https://developer.x.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct https://*.googleusercontent.com https://*.gstatic.com https://*.googlesyndication.com https://*.adtrafficquality.google https://www.google.com/ads/measurement/ https://*.google.com/ads/measurement/ https://googleads.g.doubleclick.net https://google.com https://www.google.com https://plaid-merchant-logos.plaid.com https://plaid-counterparty-logos.plaid.com https://assets.mouseion.dev https://assets.grok.com; manifest-src 'self'; media-src 'self' data: blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://*.twimg.com https://recaptcha.net/recaptcha/ http://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://accounts.google.com/gsi/client https://apis.google.com/js/api.js https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://client-api.arkoselabs.com/ https://static.ads-twitter.com https://twitter.com https://www.google-analytics.com https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://x.com https://sdn.payments-dev.x.com/assets/loader.min.js https://sdn.payments-staging.x.com/assets/loader.min.js https://sdn.payments-prod.x.com/assets/loader.min.js https://sdn.money-dev.x.com/assets/loader.min.js https://sdn.money-staging.x.com/assets/loader.min.js https://sdn.money.x.com/assets/loader.min.js https://sdk.dv.socure.io/latest/device-risk-sdk.js https://cdn.plaid.com/link/v2/stable/link-initialize.js https://payments-dev.x.com/customer/wasm/xxp-forward-with-sdk.js https://payments-staging.x.com/customer/wasm/xxp-forward-with-sdk.js https://payments-prod.x.com/customer/wasm/xxp-forward-with-sdk.js https://money-dev.x.com/customer/wasm/xxp-forward-with-sdk.js https://money-staging.x.com/customer/wasm/xxp-forward-with-sdk.js https://money.x.com/customer/wasm/xxp-forward-with-sdk.js https://js.stripe.com https://*.js.stripe.com https://cdn.getpinwheel.com/pinwheel-v3.1.0.js https://securepubads.g.doubleclick.net https://www.googletagservices.com https://*.googletagservices.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.googleadservices.com https://ads.google.com https://tpc.googlesyndication.com https://*.tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'wasm-unsafe-eval' 'nonce-ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; child-src 'self' blob:; worker-src 'self' blob:; report-uri https://x.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
Vary: accept-encoding
x-response-time: 13
origin-cf-ray: 9b979e4a5ec2e515-TXL
Strict-Transport-Security: max-age=631138519; includeSubdomains
X-Served-By: t4_a
cf-cache-status: DYNAMIC
CF-RAY: 9b979e4a5ec2e515-TXL
Content-Type: text/html; charset=utf-8
Last-Modified: Tue, 06 Jan 2026 01:59:50 GMT
Content-Encoding: gzip
Content-Length: 51956

• https://x.com/
172.66.0.227 gzip used - 52249 / 230662 - 77.35 %
Inline-JavaScript (∑/total): 7/204865 Inline-CSS (∑/total): 4/13377		200

Html is minified: 106.43 %
Other inline scripts (∑/total): 0/0		2.626
I
Date: Tue, 06 Jan 2026 01:59:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
perf: 7402827104
expiry: Tue, 31 Mar 1981 05:00:00 GMT
Pragma: no-cache
Server: cloudflare,envoy
Set-Cookie: guest_id=v1%3A176766479421433492; Max-Age=34214400; Expires=Sat, 06 Feb 2027 01:59:54 GMT; Path=/; Domain=.x.com; Secure; SameSite=None,ct0=; Max-Age=-1767664793; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.x.com; Secure; SameSite=Lax,__cf_bm=84W5tg2oDtAhbwSfTdXStqzAmvgi3LXguJ3G6OAa.Es-1767664794.151618-1.0.1.1-K2vFxjpP9YE.B.VRRpkg2ZLx.zJMiFtdYEsqTc6p9q6VTzNqVOVPHHFQTnBzXiyBalzVuAj8iDZvq4BGIQ7A_5wCiysUz1R2aSoEzO7DTrMG7wuQokhZO5o.o2ABMIT3; HttpOnly; Secure; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:54 GMT
X-Powered-By: Express
Cache-Control: no-store, must-revalidate, no-cache, pre-check=0, post-check=0
X-Frame-Options: DENY
x-transaction-id: fa03b0c40af76f44
X-XSS-Protection: 0
reporting-endpoints: coep-report="https://x.com/i/coep-report", coop-report="https://x.com/i/coop-report"
X-Content-Type-Options: nosniff
Content-Security-Policy: connect-src 'self' blob: https://fonts.googleapis.com/css https://mapsresources-pa.googleapis.com https://maps.googleapis.com https://translate.googleapis.com https://www.gstatic.com/maps/ https://*.pscp.tv https://*.twimg.com https://*.video.pscp.tv https://aa.twitter.com https://aa.x.com https://accounts.google.com/gsi/ https://ads-api.twitter.com https://ads-api.x.com https://api-stream.twitter.com https://api-stream.x.com https://api.twitter.com https://api.x.ai https://api.x.com https://api.x.com https://caps.twitter.com https://caps.x.com https://grok.x.com https://jf.twitter.com https://jf.x.com https://jf-t.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://ton.twitter.com https://ton.local.twitter.com https://ton.x.com https://twitter.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://x.com https://grok-api.gcp.mouseion.dev https://assets.mouseion.dev https://grok.com https://assets.grok.com https://imagine-public.x.ai/ wss://grok.com wss://grok-api.gcp.mouseion.dev https://*.adtrafficquality.google https://*.googlesyndication.com https://*.doubleclick.net https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.google.com https://google.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://production.plaid.com/ https://sandbox.plaid.com/ https://ingestion.dv.socure.io https://network.dv.socure.io/ https://analytics.dv.socure.io/ https://payments-dev.x.com/customer/wasm/forward-with-v1.wasm https://payments-staging.x.com/customer/wasm/forward-with-v1.wasm https://payments-prod.x.com/customer/wasm/forward-with-v1.wasm https://money-dev.x.com/customer/wasm/forward-with-v1.wasm https://money-staging.x.com/customer/wasm/forward-with-v1.wasm https://money.x.com/customer/wasm/forward-with-v1.wasm https://api.stripe.com https://money.x.com/i/cardholder-agreement.summary.json https://money.x.com/i/acceptable-use-policy.summary.json https://money.x.com/terms-and-conditions.summary.json https://m.castle.io https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.grabyo.com https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com wss://chat-ws.x.com https://d1muhwhmpsz4u8.cloudfront.net/ https://d2bchqfeno8n2m.cloudfront.net/ https://d2shtph9y6bxk.cloudfront.net/ https://xchat-hsm-staging.x.com/ https://realm-a.x.com https://realm-b.x.com https://realm-west1.x.com https://realm-east1.x.com https://hsm-staging.x.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443 https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; font-src 'self' https://*.twimg.com https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-src 'self' https://accounts.google.com/ https://accounts.google.com/gsi/ https://cards-frame.twitter.com https://cdn.plaid.com/ https://client-api.arkoselabs.com/ https://content.googleapis.com/ https://iframe.arkoselabs.com/ https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://google.com https://www.google.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://console.googletagservices.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.safeframe.googlesyndication.com https://www.googleadservices.com https://googleadservices.com https://adservice.google.com https://*.googlesyndication.com https://td.doubleclick.net https://payments-dev.x.com/ https://payments-staging.x.com/ https://payments-prod.x.com/ https://sdn.payments-dev.x.com/ https://sdn.payments-staging.x.com/ https://sdn.payments-prod.x.com/ https://money-dev.x.com/ https://money-staging.x.com/ https://money.x.com/ https://sdn.money-dev.x.com/ https://sdn.money-staging.x.com/ https://sdn.money.x.com/ https://p2pcreditcardiframesandbox.crbcos.com https://p2pcreditcardiframe.crbcos.com https://verify-sandbox.plaid.com/ https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://cdn.getpinwheel.com/ https://artifacts.grokusercontent.com https://twitter.com https://x.com https://recaptcha.net/recaptcha/; img-src 'self' blob: data: https://www.google.com/maps/place/ https://imgs.search.brave.com https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://api.x.com https://developer.x.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct https://*.googleusercontent.com https://*.gstatic.com https://*.googlesyndication.com https://*.adtrafficquality.google https://www.google.com/ads/measurement/ https://*.google.com/ads/measurement/ https://googleads.g.doubleclick.net https://google.com https://www.google.com https://plaid-merchant-logos.plaid.com https://plaid-counterparty-logos.plaid.com https://assets.mouseion.dev https://assets.grok.com; manifest-src 'self'; media-src 'self' data: blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://*.twimg.com https://recaptcha.net/recaptcha/ http://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://accounts.google.com/gsi/client https://apis.google.com/js/api.js https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://client-api.arkoselabs.com/ https://static.ads-twitter.com https://twitter.com https://www.google-analytics.com https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://x.com https://sdn.payments-dev.x.com/assets/loader.min.js https://sdn.payments-staging.x.com/assets/loader.min.js https://sdn.payments-prod.x.com/assets/loader.min.js https://sdn.money-dev.x.com/assets/loader.min.js https://sdn.money-staging.x.com/assets/loader.min.js https://sdn.money.x.com/assets/loader.min.js https://sdk.dv.socure.io/latest/device-risk-sdk.js https://cdn.plaid.com/link/v2/stable/link-initialize.js https://payments-dev.x.com/customer/wasm/xxp-forward-with-sdk.js https://payments-staging.x.com/customer/wasm/xxp-forward-with-sdk.js https://payments-prod.x.com/customer/wasm/xxp-forward-with-sdk.js https://money-dev.x.com/customer/wasm/xxp-forward-with-sdk.js https://money-staging.x.com/customer/wasm/xxp-forward-with-sdk.js https://money.x.com/customer/wasm/xxp-forward-with-sdk.js https://js.stripe.com https://*.js.stripe.com https://cdn.getpinwheel.com/pinwheel-v3.1.0.js https://securepubads.g.doubleclick.net https://www.googletagservices.com https://*.googletagservices.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.googleadservices.com https://ads.google.com https://tpc.googlesyndication.com https://*.tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'wasm-unsafe-eval' 'nonce-NjFhNGQ2NGEtY2IzNy00NjI0LTg2NGQtNzgyZmNmYjUyNDU0'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; child-src 'self' blob:; worker-src 'self' blob:; report-uri https://x.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
Vary: accept-encoding
x-response-time: 21
origin-cf-ray: 9b979e637f111550-TXL
Strict-Transport-Security: max-age=631138519; includeSubdomains
X-Served-By: t4_a
cf-cache-status: DYNAMIC
CF-RAY: 9b979e637f111550-TXL
Content-Type: text/html; charset=utf-8
Last-Modified: Tue, 06 Jan 2026 01:59:54 GMT
Content-Encoding: gzip
Content-Length: 52249

• http://x.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
162.159.140.229
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		520

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0		0.233
S
<none>
Visible Content:
Date: Tue, 06 Jan 2026 01:59:59 GMT
Connection: keep-alive
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Server: cloudflare
CF-RAY: 9b979e80ef1f6e5c-TXL
Content-Type: text/plain; charset=UTF-8
Content-Length: 15
Expires: Thu, 01 Jan 1970 00:00:01 GMT

• http://x.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
172.66.0.227
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		520

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0		0.237
S
<none>
Visible Content:
Date: Tue, 06 Jan 2026 01:59:59 GMT
Connection: keep-alive
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Server: cloudflare,Pingora-Origin
CF-RAY: 9b979e8298bbc4d0-TXL
Content-Type: text/plain; charset=UTF-8
Content-Length: 15
Expires: Thu, 01 Jan 1970 00:00:01 GMT

• http://www.x.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
162.159.140.229
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		520

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0		0.234
S
<none>
Visible Content:
Date: Tue, 06 Jan 2026 01:59:58 GMT
Connection: keep-alive
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Server: cloudflare
CF-RAY: 9b979e7e1cc36e5c-TXL
Content-Type: text/plain; charset=UTF-8
Content-Length: 15
Expires: Thu, 01 Jan 1970 00:00:01 GMT

• http://www.x.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
172.66.0.227
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0		520

Html is minified: 100.00 %
Other inline scripts (∑/total): 0/0		0.124
S
<none>
Visible Content:
Date: Tue, 06 Jan 2026 01:59:58 GMT
Connection: keep-alive
Cache-Control: no-store, must-revalidate, no-cache, max-age=0, private, post-check=0, pre-check=0
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Server: cloudflare,Pingora-Origin
CF-RAY: 9b979e7fcd71c4d0-TXL
Content-Type: text/plain; charset=UTF-8
Content-Length: 15
Expires: Thu, 01 Jan 1970 00:00:01 GMT

• https://172.66.0.227/
172.66.0.227
-103


0.047
P
SecureConnectionError (3, 0x80131501). The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'. (FF: SSL_ERROR_NO_CYPHER_OVERLAP)

• https://162.159.140.229/
162.159.140.229
-103


0.033
P
SecureConnectionError (3, 0x80131501). The SSL connection could not be established, see inner exception. Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'. (FF: SSL_ERROR_NO_CYPHER_OVERLAP)

 

7. Comments


1. General Results, most used to calculate the result

Aname "x.com" is domain, public suffix is ".com", top-level-domain is ".com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .com-domains preloaded: 108094 (complete: 276475)
AGood: All ip addresses are public addresses
AGood: Minimal 2 ip addresses per domain name found: www.x.com has 2 different ip addresses (authoritative).
AGood: Minimal 2 ip addresses per domain name found: x.com has 2 different ip addresses (authoritative).
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: www.x.com has no ipv6 address.
Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: x.com has no ipv6 address.
AGood: No asked Authoritative Name Server had a timeout
Ahttps://twitter.com/
301
https://x.com/
Correct redirect https to https
Ahttps://twitter.com/
301
https://x.com/
Correct redirect https to https
AGood: destination is https
AGood - only one version with Http-Status 200
AGood: one preferred version: non-www is preferred
AGood: every cookie sent via https is marked as secure
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
http://x.com/ 162.159.140.229
301
__cf_bm=LDQzhgGN7X3m_onRdo_ZHY8ajPPWB28cM.RL3RgWqyA-1767664783.051903-1.0.1.1-RnpYGzrVxDUDuLA2w4N0kNNPBV5hyvS3FeSmjPF5GN5dxwgJjko.NERrczwk40Sfg2KY5_N8iM8mUhOfsDi.1qGgQ9DVjdFsaEwaZU8uMkO441zYaeadDmk6On3Ke57M; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:43 GMT
Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
http://x.com/ 172.66.0.227
301
__cf_bm=q5lODv8fGqcAA_mLaz0w2ie1fetDSQ76XWgzKnH77O4-1767664783.077919-1.0.1.1-sDtnBlAb7zhIdZRuEBpCK_9SCh1R7_kkpJk2MjLOxAFA6vHv4nW4m9CvgEP4QGju9TqoPdPoPYC7UNbpHusXqKA7dGHf_171FTcNYgc9O58u0t73KS.2yEb0_yFXClAy; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:43 GMT
Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
http://www.x.com/ 162.159.140.229
301
__cf_bm=W94dcBva8MLAQYy.97ODndE1v_42S6m1vTZeEJ28IfA-1767664782.99184-1.0.1.1-OziQIp9mPxMAVWivXIBqgP_FtlXlt.4grK3MwFoMNDOR5pLXkAoJXPBnjsIqiBw0dBzOureQtMx3ii._ZgV6nIsYvGqrsyy18F5Wpc627gPEM2SKjof0OI01SNSu534p; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:42 GMT
Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
http://www.x.com/ 172.66.0.227
301
__cf_bm=fsq28dBUmo0Eb7tAQ1AKwjFCZuLO2xJYluwUYOUZoq4-1767664783.0217488-1.0.1.1-XaOiSEl58jz.dK9pIxsMtsujdff66_8W0iqffn0oW.bx6A8qlgbUaN78F9fcNxK45LaA_H1cZHlgypebi9msWal4Dr5SakRf7Lz63HiTvdXnHhE478._cXz5n5t9bQRg; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:43 GMT
Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
Bhttp://x.com/ 162.159.140.229
301
__cf_bm=LDQzhgGN7X3m_onRdo_ZHY8ajPPWB28cM.RL3RgWqyA-1767664783.051903-1.0.1.1-RnpYGzrVxDUDuLA2w4N0kNNPBV5hyvS3FeSmjPF5GN5dxwgJjko.NERrczwk40Sfg2KY5_N8iM8mUhOfsDi.1qGgQ9DVjdFsaEwaZU8uMkO441zYaeadDmk6On3Ke57M; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:43 GMT
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttp://x.com/ 172.66.0.227
301
__cf_bm=q5lODv8fGqcAA_mLaz0w2ie1fetDSQ76XWgzKnH77O4-1767664783.077919-1.0.1.1-sDtnBlAb7zhIdZRuEBpCK_9SCh1R7_kkpJk2MjLOxAFA6vHv4nW4m9CvgEP4QGju9TqoPdPoPYC7UNbpHusXqKA7dGHf_171FTcNYgc9O58u0t73KS.2yEb0_yFXClAy; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:43 GMT
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttp://www.x.com/ 162.159.140.229
301
__cf_bm=W94dcBva8MLAQYy.97ODndE1v_42S6m1vTZeEJ28IfA-1767664782.99184-1.0.1.1-OziQIp9mPxMAVWivXIBqgP_FtlXlt.4grK3MwFoMNDOR5pLXkAoJXPBnjsIqiBw0dBzOureQtMx3ii._ZgV6nIsYvGqrsyy18F5Wpc627gPEM2SKjof0OI01SNSu534p; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:42 GMT
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttp://www.x.com/ 172.66.0.227
301
__cf_bm=fsq28dBUmo0Eb7tAQ1AKwjFCZuLO2xJYluwUYOUZoq4-1767664783.0217488-1.0.1.1-XaOiSEl58jz.dK9pIxsMtsujdff66_8W0iqffn0oW.bx6A8qlgbUaN78F9fcNxK45LaA_H1cZHlgypebi9msWal4Dr5SakRf7Lz63HiTvdXnHhE478._cXz5n5t9bQRg; HttpOnly; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:43 GMT
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttps://twitter.com/
301
__cf_bm=Wb7pB.5n8rl.HccWqFygxV0Yol5TZI4937LlZ0rwNI4-1767664799.68073-1.0.1.1-EX5akBMpHoxnb2kfRf9qMoWh0rPlNuU2fzdE.XcP.QrrLX_CDQy4m5J3A95qadP5fesXe4Q0soI29cSdkDOaRMAWpA5i7l6lbwTepn_Dzm3tcPtZrUr7tuj7EtENwIAx; HttpOnly; Secure; Path=/; Domain=twitter.com; Expires=Tue, 06 Jan 2026 02:29:59 GMT
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttps://x.com/ 162.159.140.229
200
__cf_bm=aHzIFUKPTB3KIVnKT9wDZwd60FRW70iobNnfc6l1sBo-1767664790.138219-1.0.1.1-kmrWOtXEXcah3dK.hQnS8fykYYukjeKlaf..gwZWZyQaCbDjG2G4ovULZTCV0b9dSjQ0v9gk_hEgQ61VNeIXWK1aAfM88a.2_Kla9.z6Nqh7uppLteAA67pWpz_rVumE; HttpOnly; Secure; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:50 GMT
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttps://x.com/ 172.66.0.227
200
__cf_bm=84W5tg2oDtAhbwSfTdXStqzAmvgi3LXguJ3G6OAa.Es-1767664794.151618-1.0.1.1-K2vFxjpP9YE.B.VRRpkg2ZLx.zJMiFtdYEsqTc6p9q6VTzNqVOVPHHFQTnBzXiyBalzVuAj8iDZvq4BGIQ7A_5wCiysUz1R2aSoEzO7DTrMG7wuQokhZO5o.o2ABMIT3; HttpOnly; Secure; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:54 GMT
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttps://www.x.com/ 162.159.140.229
301
__cf_bm=KlKJi3uYgL5G1kVwFvtV0SZb7Yww8LFxk8KH.k_FHu0-1767664783.121353-1.0.1.1-EThPzpFyEWCbYMKlmXC0t0tBb3ZMEKP.oPFCxa59m.iXNBHAukNpSeI25TVmWtpqRQ7XIepozlSiqOGEekxdYtz2NOPZ66oe45PH3FHXS7L9.einu_SDLiGeZu2zmsld; HttpOnly; Secure; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:43 GMT
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Bhttps://www.x.com/ 172.66.0.227
301
__cf_bm=3iaaiIAHrX5QItgPt_ro4vt8F6YM3f9ofyt8SKmDjx0-1767664786.6607249-1.0.1.1-lPXZYqzyj9H50ojqMVPbclX515W1nJH08upOB5xfXo7S5_LXHisylRdqVD0rrXhcBOEiGso_F7NkcMgexkbK.ZqPMiR0lzVyi.5S47Gg4eZwa9pljXZBxTR7JHXkAi9S; HttpOnly; Secure; Path=/; Domain=x.com; Expires=Tue, 06 Jan 2026 02:29:46 GMT
Cookie without a SameSite-Attribute. Possible values are: Strict/Lax/None. Cookie may not work as expected, if "None" is wanted, but browsers use "Lax" as default value.
Ihttps://x.com/ 162.159.140.229
200

Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
Ihttps://x.com/ 172.66.0.227
200

Content problems or problems with resources included - http links, files doesn't exist, different Content-Type definitions. Check the Html-Content - Part.
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain www.x.com, 2 ip addresses.
AGood: More then one ip address per domain name found, checking all ip addresses the same http status and the same certificate found: Domain x.com, 2 ip addresses.
Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain www.x.com, 2 ip addresses.
Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain x.com, 2 ip addresses.
BNo _mta-sts TXT record found (mta-sts: Mail Transfer Agent Strict Transport Security - see RFC 8461). Read the result of server-daten.de (Url-Checks, Comments, Connections and DomainServiceRecords) to see a complete definition. Domainname: _mta-sts.x.com

2. Header-Checks

Ax.com 162.159.140.229
Content-Security-Policy
Ok: Header without syntax errors found: connect-src 'self' blob: https://fonts.googleapis.com/css https://mapsresources-pa.googleapis.com https://maps.googleapis.com https://translate.googleapis.com https://www.gstatic.com/maps/ https://*.pscp.tv https://*.twimg.com https://*.video.pscp.tv https://aa.twitter.com https://aa.x.com https://accounts.google.com/gsi/ https://ads-api.twitter.com https://ads-api.x.com https://api-stream.twitter.com https://api-stream.x.com https://api.twitter.com https://api.x.ai https://api.x.com https://api.x.com https://caps.twitter.com https://caps.x.com https://grok.x.com https://jf.twitter.com https://jf.x.com https://jf-t.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://ton.twitter.com https://ton.local.twitter.com https://ton.x.com https://twitter.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://x.com https://grok-api.gcp.mouseion.dev https://assets.mouseion.dev https://grok.com https://assets.grok.com https://imagine-public.x.ai/ wss://grok.com wss://grok-api.gcp.mouseion.dev https://*.adtrafficquality.google https://*.googlesyndication.com https://*.doubleclick.net https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.google.com https://google.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://production.plaid.com/ https://sandbox.plaid.com/ https://ingestion.dv.socure.io https://network.dv.socure.io/ https://analytics.dv.socure.io/ https://payments-dev.x.com/customer/wasm/forward-with-v1.wasm https://payments-staging.x.com/customer/wasm/forward-with-v1.wasm https://payments-prod.x.com/customer/wasm/forward-with-v1.wasm https://money-dev.x.com/customer/wasm/forward-with-v1.wasm https://money-staging.x.com/customer/wasm/forward-with-v1.wasm https://money.x.com/customer/wasm/forward-with-v1.wasm https://api.stripe.com https://money.x.com/i/cardholder-agreement.summary.json https://money.x.com/i/acceptable-use-policy.summary.json https://money.x.com/terms-and-conditions.summary.json https://m.castle.io https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.grabyo.com https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com wss://chat-ws.x.com https://d1muhwhmpsz4u8.cloudfront.net/ https://d2bchqfeno8n2m.cloudfront.net/ https://d2shtph9y6bxk.cloudfront.net/ https://xchat-hsm-staging.x.com/ https://realm-a.x.com https://realm-b.x.com https://realm-west1.x.com https://realm-east1.x.com https://hsm-staging.x.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443 https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; font-src 'self' https://*.twimg.com https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-src 'self' https://accounts.google.com/ https://accounts.google.com/gsi/ https://cards-frame.twitter.com https://cdn.plaid.com/ https://client-api.arkoselabs.com/ https://content.googleapis.com/ https://iframe.arkoselabs.com/ https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://google.com https://www.google.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://console.googletagservices.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.safeframe.googlesyndication.com https://www.googleadservices.com https://googleadservices.com https://adservice.google.com https://*.googlesyndication.com https://td.doubleclick.net https://payments-dev.x.com/ https://payments-staging.x.com/ https://payments-prod.x.com/ https://sdn.payments-dev.x.com/ https://sdn.payments-staging.x.com/ https://sdn.payments-prod.x.com/ https://money-dev.x.com/ https://money-staging.x.com/ https://money.x.com/ https://sdn.money-dev.x.com/ https://sdn.money-staging.x.com/ https://sdn.money.x.com/ https://p2pcreditcardiframesandbox.crbcos.com https://p2pcreditcardiframe.crbcos.com https://verify-sandbox.plaid.com/ https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://cdn.getpinwheel.com/ https://artifacts.grokusercontent.com https://twitter.com https://x.com https://recaptcha.net/recaptcha/; img-src 'self' blob: data: https://www.google.com/maps/place/ https://imgs.search.brave.com https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://api.x.com https://developer.x.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct https://*.googleusercontent.com https://*.gstatic.com https://*.googlesyndication.com https://*.adtrafficquality.google https://www.google.com/ads/measurement/ https://*.google.com/ads/measurement/ https://googleads.g.doubleclick.net https://google.com https://www.google.com https://plaid-merchant-logos.plaid.com https://plaid-counterparty-logos.plaid.com https://assets.mouseion.dev https://assets.grok.com; manifest-src 'self'; media-src 'self' data: blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://*.twimg.com https://recaptcha.net/recaptcha/ http://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://accounts.google.com/gsi/client https://apis.google.com/js/api.js https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://client-api.arkoselabs.com/ https://static.ads-twitter.com https://twitter.com https://www.google-analytics.com https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://x.com https://sdn.payments-dev.x.com/assets/loader.min.js https://sdn.payments-staging.x.com/assets/loader.min.js https://sdn.payments-prod.x.com/assets/loader.min.js https://sdn.money-dev.x.com/assets/loader.min.js https://sdn.money-staging.x.com/assets/loader.min.js https://sdn.money.x.com/assets/loader.min.js https://sdk.dv.socure.io/latest/device-risk-sdk.js https://cdn.plaid.com/link/v2/stable/link-initialize.js https://payments-dev.x.com/customer/wasm/xxp-forward-with-sdk.js https://payments-staging.x.com/customer/wasm/xxp-forward-with-sdk.js https://payments-prod.x.com/customer/wasm/xxp-forward-with-sdk.js https://money-dev.x.com/customer/wasm/xxp-forward-with-sdk.js https://money-staging.x.com/customer/wasm/xxp-forward-with-sdk.js https://money.x.com/customer/wasm/xxp-forward-with-sdk.js https://js.stripe.com https://*.js.stripe.com https://cdn.getpinwheel.com/pinwheel-v3.1.0.js https://securepubads.g.doubleclick.net https://www.googletagservices.com https://*.googletagservices.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.googleadservices.com https://ads.google.com https://tpc.googlesyndication.com https://*.tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'wasm-unsafe-eval' 'nonce-ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; child-src 'self' blob:; worker-src 'self' blob:; report-uri https://x.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
B

Info: Header-Element is deprecated. report-uri https://x.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
E

Critical: Duplicated entries found connect-src 'self' blob: https://fonts.googleapis.com/css https://mapsresources-pa.googleapis.com https://maps.googleapis.com https://translate.googleapis.com https://www.gstatic.com/maps/ https://*.pscp.tv https://*.twimg.com https://*.video.pscp.tv https://aa.twitter.com https://aa.x.com https://accounts.google.com/gsi/ https://ads-api.twitter.com https://ads-api.x.com https://api-stream.twitter.com https://api-stream.x.com https://api.twitter.com https://api.x.ai https://api.x.com https://api.x.com https://caps.twitter.com https://caps.x.com https://grok.x.com https://jf.twitter.com https://jf.x.com https://jf-t.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://ton.twitter.com https://ton.local.twitter.com https://ton.x.com https://twitter.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://x.com https://grok-api.gcp.mouseion.dev https://assets.mouseion.dev https://grok.com https://assets.grok.com https://imagine-public.x.ai/ wss://grok.com wss://grok-api.gcp.mouseion.dev https://*.adtrafficquality.google https://*.googlesyndication.com https://*.doubleclick.net https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.google.com https://google.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://production.plaid.com/ https://sandbox.plaid.com/ https://ingestion.dv.socure.io https://network.dv.socure.io/ https://analytics.dv.socure.io/ https://payments-dev.x.com/customer/wasm/forward-with-v1.wasm https://payments-staging.x.com/customer/wasm/forward-with-v1.wasm https://payments-prod.x.com/customer/wasm/forward-with-v1.wasm https://money-dev.x.com/customer/wasm/forward-with-v1.wasm https://money-staging.x.com/customer/wasm/forward-with-v1.wasm https://money.x.com/customer/wasm/forward-with-v1.wasm https://api.stripe.com https://money.x.com/i/cardholder-agreement.summary.json https://money.x.com/i/acceptable-use-policy.summary.json https://money.x.com/terms-and-conditions.summary.json https://m.castle.io https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.grabyo.com https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com wss://chat-ws.x.com https://d1muhwhmpsz4u8.cloudfront.net/ https://d2bchqfeno8n2m.cloudfront.net/ https://d2shtph9y6bxk.cloudfront.net/ https://xchat-hsm-staging.x.com/ https://realm-a.x.com https://realm-b.x.com https://realm-west1.x.com https://realm-east1.x.com https://hsm-staging.x.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com

 

Duplicated entries: https://api.x.com
E

Critical: Duplicated entries found img-src 'self' blob: data: https://www.google.com/maps/place/ https://imgs.search.brave.com https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://api.x.com https://developer.x.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct https://*.googleusercontent.com https://*.gstatic.com https://*.googlesyndication.com https://*.adtrafficquality.google https://www.google.com/ads/measurement/ https://*.google.com/ads/measurement/ https://googleads.g.doubleclick.net https://google.com https://www.google.com https://plaid-merchant-logos.plaid.com https://plaid-counterparty-logos.plaid.com https://assets.mouseion.dev https://assets.grok.com

 

Duplicated entries: blob:
A

Good: default-src directive only with 'none' or 'self', additional sources are blocked. manifest-src
A

Good: default-src without 'unsafe-inline' or 'unsave-eval'. manifest-src
A

Good: form-action directive found. That reduces the risk sending data to unwanted domains. form-action is a navigation-directive, so default-src isn't used.
E

Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
E

Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
A

Good: object-src only with 'none' or 'self' found, no scheme, no other urls. That blocks object / embed / applet - elements.
C

Critical: script-src with 'unsafe-inline' or 'unsafe-eval' and with a nonce found. Ok, better with the nonce, but not really good. Don't use 'unsafe' - declarations.
A

Good: script-src without * and a scheme found.
A

Good: script-src without data: schema found. Why is this important? The data: schema allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
A

Good: frame-src without data: defined or frame-src missing and the default-src used as fallback not allows the data: schema. That blocks hidden code injection. Insert <iframe src="data:text/html;charset=utf-8;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHA+YmVmb3JlPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmFsZXJ0KCdYU1MnKTwvc2NyaXB0PjxwPmFmdGVyPC9ib2R5PjwvaHRtbD4="></iframe> in your page and see what happens.
A

Ok: Nonce found.
C

Info: default-src and some other fetch directives have the same list of values. Remove the other fetch directive, default-src is used as fallback. Directives to remove: manifest-src
A
X-Content-Type-Options
Ok: Header without syntax errors found: nosniff
A
X-Frame-Options
Ok: Header without syntax errors found: DENY
B

Info: Header is deprecated. May not longer work in modern browsers. DENY. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A
X-Xss-Protection
Ok: Header without syntax errors found: 0
B

Info: Header is deprecated. May not longer work in modern browsers. 0
A
Cross-Origin-Embedder-Policy
Ok: Header without syntax errors found: unsafe-none
A
Cross-Origin-Opener-Policy
Ok: Header without syntax errors found: unsafe-none
Ax.com 172.66.0.227
Content-Security-Policy
Ok: Header without syntax errors found: connect-src 'self' blob: https://fonts.googleapis.com/css https://mapsresources-pa.googleapis.com https://maps.googleapis.com https://translate.googleapis.com https://www.gstatic.com/maps/ https://*.pscp.tv https://*.twimg.com https://*.video.pscp.tv https://aa.twitter.com https://aa.x.com https://accounts.google.com/gsi/ https://ads-api.twitter.com https://ads-api.x.com https://api-stream.twitter.com https://api-stream.x.com https://api.twitter.com https://api.x.ai https://api.x.com https://api.x.com https://caps.twitter.com https://caps.x.com https://grok.x.com https://jf.twitter.com https://jf.x.com https://jf-t.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://ton.twitter.com https://ton.local.twitter.com https://ton.x.com https://twitter.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://x.com https://grok-api.gcp.mouseion.dev https://assets.mouseion.dev https://grok.com https://assets.grok.com https://imagine-public.x.ai/ wss://grok.com wss://grok-api.gcp.mouseion.dev https://*.adtrafficquality.google https://*.googlesyndication.com https://*.doubleclick.net https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.google.com https://google.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://production.plaid.com/ https://sandbox.plaid.com/ https://ingestion.dv.socure.io https://network.dv.socure.io/ https://analytics.dv.socure.io/ https://payments-dev.x.com/customer/wasm/forward-with-v1.wasm https://payments-staging.x.com/customer/wasm/forward-with-v1.wasm https://payments-prod.x.com/customer/wasm/forward-with-v1.wasm https://money-dev.x.com/customer/wasm/forward-with-v1.wasm https://money-staging.x.com/customer/wasm/forward-with-v1.wasm https://money.x.com/customer/wasm/forward-with-v1.wasm https://api.stripe.com https://money.x.com/i/cardholder-agreement.summary.json https://money.x.com/i/acceptable-use-policy.summary.json https://money.x.com/terms-and-conditions.summary.json https://m.castle.io https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.grabyo.com https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com wss://chat-ws.x.com https://d1muhwhmpsz4u8.cloudfront.net/ https://d2bchqfeno8n2m.cloudfront.net/ https://d2shtph9y6bxk.cloudfront.net/ https://xchat-hsm-staging.x.com/ https://realm-a.x.com https://realm-b.x.com https://realm-west1.x.com https://realm-east1.x.com https://hsm-staging.x.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443 https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; font-src 'self' https://*.twimg.com https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-src 'self' https://accounts.google.com/ https://accounts.google.com/gsi/ https://cards-frame.twitter.com https://cdn.plaid.com/ https://client-api.arkoselabs.com/ https://content.googleapis.com/ https://iframe.arkoselabs.com/ https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://google.com https://www.google.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://console.googletagservices.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.safeframe.googlesyndication.com https://www.googleadservices.com https://googleadservices.com https://adservice.google.com https://*.googlesyndication.com https://td.doubleclick.net https://payments-dev.x.com/ https://payments-staging.x.com/ https://payments-prod.x.com/ https://sdn.payments-dev.x.com/ https://sdn.payments-staging.x.com/ https://sdn.payments-prod.x.com/ https://money-dev.x.com/ https://money-staging.x.com/ https://money.x.com/ https://sdn.money-dev.x.com/ https://sdn.money-staging.x.com/ https://sdn.money.x.com/ https://p2pcreditcardiframesandbox.crbcos.com https://p2pcreditcardiframe.crbcos.com https://verify-sandbox.plaid.com/ https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://cdn.getpinwheel.com/ https://artifacts.grokusercontent.com https://twitter.com https://x.com https://recaptcha.net/recaptcha/; img-src 'self' blob: data: https://www.google.com/maps/place/ https://imgs.search.brave.com https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://api.x.com https://developer.x.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct https://*.googleusercontent.com https://*.gstatic.com https://*.googlesyndication.com https://*.adtrafficquality.google https://www.google.com/ads/measurement/ https://*.google.com/ads/measurement/ https://googleads.g.doubleclick.net https://google.com https://www.google.com https://plaid-merchant-logos.plaid.com https://plaid-counterparty-logos.plaid.com https://assets.mouseion.dev https://assets.grok.com; manifest-src 'self'; media-src 'self' data: blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://*.twimg.com https://recaptcha.net/recaptcha/ http://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://accounts.google.com/gsi/client https://apis.google.com/js/api.js https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://client-api.arkoselabs.com/ https://static.ads-twitter.com https://twitter.com https://www.google-analytics.com https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://x.com https://sdn.payments-dev.x.com/assets/loader.min.js https://sdn.payments-staging.x.com/assets/loader.min.js https://sdn.payments-prod.x.com/assets/loader.min.js https://sdn.money-dev.x.com/assets/loader.min.js https://sdn.money-staging.x.com/assets/loader.min.js https://sdn.money.x.com/assets/loader.min.js https://sdk.dv.socure.io/latest/device-risk-sdk.js https://cdn.plaid.com/link/v2/stable/link-initialize.js https://payments-dev.x.com/customer/wasm/xxp-forward-with-sdk.js https://payments-staging.x.com/customer/wasm/xxp-forward-with-sdk.js https://payments-prod.x.com/customer/wasm/xxp-forward-with-sdk.js https://money-dev.x.com/customer/wasm/xxp-forward-with-sdk.js https://money-staging.x.com/customer/wasm/xxp-forward-with-sdk.js https://money.x.com/customer/wasm/xxp-forward-with-sdk.js https://js.stripe.com https://*.js.stripe.com https://cdn.getpinwheel.com/pinwheel-v3.1.0.js https://securepubads.g.doubleclick.net https://www.googletagservices.com https://*.googletagservices.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.googleadservices.com https://ads.google.com https://tpc.googlesyndication.com https://*.tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'wasm-unsafe-eval' 'nonce-NjFhNGQ2NGEtY2IzNy00NjI0LTg2NGQtNzgyZmNmYjUyNDU0'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; child-src 'self' blob:; worker-src 'self' blob:; report-uri https://x.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
B

Info: Header-Element is deprecated. report-uri https://x.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
E

Critical: Duplicated entries found connect-src 'self' blob: https://fonts.googleapis.com/css https://mapsresources-pa.googleapis.com https://maps.googleapis.com https://translate.googleapis.com https://www.gstatic.com/maps/ https://*.pscp.tv https://*.twimg.com https://*.video.pscp.tv https://aa.twitter.com https://aa.x.com https://accounts.google.com/gsi/ https://ads-api.twitter.com https://ads-api.x.com https://api-stream.twitter.com https://api-stream.x.com https://api.twitter.com https://api.x.ai https://api.x.com https://api.x.com https://caps.twitter.com https://caps.x.com https://grok.x.com https://jf.twitter.com https://jf.x.com https://jf-t.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://ton.twitter.com https://ton.local.twitter.com https://ton.x.com https://twitter.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://x.com https://grok-api.gcp.mouseion.dev https://assets.mouseion.dev https://grok.com https://assets.grok.com https://imagine-public.x.ai/ wss://grok.com wss://grok-api.gcp.mouseion.dev https://*.adtrafficquality.google https://*.googlesyndication.com https://*.doubleclick.net https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.google.com https://google.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://production.plaid.com/ https://sandbox.plaid.com/ https://ingestion.dv.socure.io https://network.dv.socure.io/ https://analytics.dv.socure.io/ https://payments-dev.x.com/customer/wasm/forward-with-v1.wasm https://payments-staging.x.com/customer/wasm/forward-with-v1.wasm https://payments-prod.x.com/customer/wasm/forward-with-v1.wasm https://money-dev.x.com/customer/wasm/forward-with-v1.wasm https://money-staging.x.com/customer/wasm/forward-with-v1.wasm https://money.x.com/customer/wasm/forward-with-v1.wasm https://api.stripe.com https://money.x.com/i/cardholder-agreement.summary.json https://money.x.com/i/acceptable-use-policy.summary.json https://money.x.com/terms-and-conditions.summary.json https://m.castle.io https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.grabyo.com https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com wss://chat-ws.x.com https://d1muhwhmpsz4u8.cloudfront.net/ https://d2bchqfeno8n2m.cloudfront.net/ https://d2shtph9y6bxk.cloudfront.net/ https://xchat-hsm-staging.x.com/ https://realm-a.x.com https://realm-b.x.com https://realm-west1.x.com https://realm-east1.x.com https://hsm-staging.x.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com

 

Duplicated entries: https://api.x.com
E

Critical: Duplicated entries found img-src 'self' blob: data: https://www.google.com/maps/place/ https://imgs.search.brave.com https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://api.x.com https://developer.x.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct https://*.googleusercontent.com https://*.gstatic.com https://*.googlesyndication.com https://*.adtrafficquality.google https://www.google.com/ads/measurement/ https://*.google.com/ads/measurement/ https://googleads.g.doubleclick.net https://google.com https://www.google.com https://plaid-merchant-logos.plaid.com https://plaid-counterparty-logos.plaid.com https://assets.mouseion.dev https://assets.grok.com

 

Duplicated entries: blob:
A

Good: default-src directive only with 'none' or 'self', additional sources are blocked. manifest-src
A

Good: default-src without 'unsafe-inline' or 'unsave-eval'. manifest-src
A

Good: form-action directive found. That reduces the risk sending data to unwanted domains. form-action is a navigation-directive, so default-src isn't used.
E

Bad: No frame-ancestors directive found. Use one to limit the pages allowed to use this page in frame / iframe / object / embed / applet. frame-ancestors is a navigation-directive, so default-src isn't used.
E

Bad: No base-uri directive found. Use one to limit the URLs which can be used in a document's <base> element. Because it's a document directive, default-src isn't used, so an own directive is required.
A

Good: object-src only with 'none' or 'self' found, no scheme, no other urls. That blocks object / embed / applet - elements.
C

Critical: script-src with 'unsafe-inline' or 'unsafe-eval' and with a nonce found. Ok, better with the nonce, but not really good. Don't use 'unsafe' - declarations.
A

Good: script-src without * and a scheme found.
A

Good: script-src without data: schema found. Why is this important? The data: schema allows hidden code injection. Insert <script src='data:application/javascript;base64,YWxlcnQoJ1hTUycpOw=='></script> in your page and see what happens.
A

Good: frame-src without data: defined or frame-src missing and the default-src used as fallback not allows the data: schema. That blocks hidden code injection. Insert <iframe src="data:text/html;charset=utf-8;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGJvZHk+PHA+YmVmb3JlPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmFsZXJ0KCdYU1MnKTwvc2NyaXB0PjxwPmFmdGVyPC9ib2R5PjwvaHRtbD4="></iframe> in your page and see what happens.
A

Ok: Nonce found.
C

Info: default-src and some other fetch directives have the same list of values. Remove the other fetch directive, default-src is used as fallback. Directives to remove: manifest-src
A
X-Content-Type-Options
Ok: Header without syntax errors found: nosniff
A
X-Frame-Options
Ok: Header without syntax errors found: DENY
B

Info: Header is deprecated. May not longer work in modern browsers. DENY. Better solution: Use a Content-Security-Policy Header with a frame-ancestors directive. DENY - use 'none', SAMEORIGIN - use 'self'. If you want to allow some domains to frame your page, add these urls.
A
X-Xss-Protection
Ok: Header without syntax errors found: 0
B

Info: Header is deprecated. May not longer work in modern browsers. 0
A
Cross-Origin-Embedder-Policy
Ok: Header without syntax errors found: unsafe-none
A
Cross-Origin-Opener-Policy
Ok: Header without syntax errors found: unsafe-none
Fx.com 162.159.140.229
Referrer-Policy
Critical: Missing Header:
Fx.com 162.159.140.229
Permissions-Policy
Critical: Missing Header:
Bx.com 162.159.140.229
Cross-Origin-Resource-Policy
Info: Missing Header
Fx.com 172.66.0.227
Referrer-Policy
Critical: Missing Header:
Fx.com 172.66.0.227
Permissions-Policy
Critical: Missing Header:
Bx.com 172.66.0.227
Cross-Origin-Resource-Policy
Info: Missing Header
F

Critical: Different combinations of domain names and ip addresses checked, Content-Security-Policy - Header with a nonce declaration sent: Different combinations domain + ip with the same nonce. Nonces must be unique!

3. DNS- and NameServer - Checks

AInfo:: 37 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 8 Name Servers.
AInfo:: 37 Queries complete, 37 with IPv6, 0 with IPv4.
AGood: All DNS Queries done via IPv6.
Ok (4 - 8):: An average of 4.6 queries per domain name server required to find all ip addresses of all name servers.
AInfo:: 8 different Name Servers found: a.r10.twtrdns.net, a.u10.twtrdns.net, b.r10.twtrdns.net, b.u10.twtrdns.net, c.r10.twtrdns.net, c.u10.twtrdns.net, d.r10.twtrdns.net, d.u10.twtrdns.net, 8 Name Servers included in Delegation: a.r10.twtrdns.net, a.u10.twtrdns.net, b.r10.twtrdns.net, b.u10.twtrdns.net, c.r10.twtrdns.net, c.u10.twtrdns.net, d.r10.twtrdns.net, d.u10.twtrdns.net, 8 Name Servers included in 1 Zone definitions: a.r10.twtrdns.net, a.u10.twtrdns.net, b.r10.twtrdns.net, b.u10.twtrdns.net, c.r10.twtrdns.net, c.u10.twtrdns.net, d.r10.twtrdns.net, d.u10.twtrdns.net, 1 Name Servers listed in SOA.Primary: a.u10.twtrdns.net.
AGood: Only one SOA.Primary Name Server found.: a.u10.twtrdns.net.
AGood: SOA.Primary Name Server included in the delegation set.: a.u10.twtrdns.net.
AGood: Consistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone. Ordered list of name servers: a.r10.twtrdns.net, a.u10.twtrdns.net, b.r10.twtrdns.net, b.u10.twtrdns.net, c.r10.twtrdns.net, c.u10.twtrdns.net, d.r10.twtrdns.net, d.u10.twtrdns.net
AGood: All Name Server Domain Names have a Public Suffix.
AGood: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
AGood: All Name Server ip addresses are public.
AGood: Minimal 2 different name servers (public suffix and public ip address) found: 8 different Name Servers found
Warning: No Name Server IPv6 address found. IPv6 is the future, so your name servers should be visible via IPv6.: 8 different Name Servers found
Warning: All Name Servers have the same Top Level Domain / Public Suffix. If there is a problem with that Top Level Domain, your domain may be affected. Better: Use Name Servers with different top level domains.: 8 Name Servers, 1 Top Level Domain: net
Warning: All Name Servers have the same domain name. If there is a problem with that domain name (or with the name servers of that domain name), your domain may be affected. Better: Use Name Servers with different domain names / different top level domains.: Only one domain name used: twtrdns.net
Warning: All Name Servers from the same Country / IP location.: 8 Name Servers, 1 Countries: US
AInfo: Ipv4-Subnet-list: 8 Name Servers, 2 different subnets (first Byte): 204., 205., 2 different subnets (first two Bytes): 204.74., 205.251., 5 different subnets (first three Bytes): 204.74.111., 205.251.192., 205.251.194., 205.251.196., 205.251.199.
AGood: Name Server IPv4-addresses from different subnet found:
AInfo: Nameserver mit different domain names found. May be a problem with DNS-Updates
AGood: Nameserver supports TCP connections: 8 good Nameserver
AGood: Nameserver supports Echo Capitalization: 8 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 8 good Nameserver
XFatal error: Nameservers with different SOA Serial Numbers
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

4. Content- and Performance-critical Checks

http://x.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 162.159.140.229
520

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 500 - 599, Server Error. Creating a Letsencrypt certificate via http-01 challenge can't work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://x.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 172.66.0.227
520

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 500 - 599, Server Error. Creating a Letsencrypt certificate via http-01 challenge can't work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://www.x.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 162.159.140.229
520

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 500 - 599, Server Error. Creating a Letsencrypt certificate via http-01 challenge can't work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
http://www.x.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 172.66.0.227
520

Fatal: Check of /.well-known/acme-challenge/random-filename has a http status 500 - 599, Server Error. Creating a Letsencrypt certificate via http-01 challenge can't work. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Every https result with status 200 and greater 1024 Bytes is compressed (gzip, deflate, br checked).
https://x.com/ 162.159.140.229
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
https://x.com/ 172.66.0.227
200

Warning: Https + http status 200 + Inline CSS / JavaScript found. Don't use inline CSS / JavaScript. These are compiled and re-used ressources, save these with a long Cache-Control max-age - header.
AGood: Every https result with status 200 has a minified Html-Content with a quota lower then 110 %.
AGood: Every https connection via port 443 supports the http/2 protocol via ALPN.
https://x.com/ 162.159.140.229
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 3 script elements without defer/async.
https://x.com/ 172.66.0.227
200

Critical: Some script Elements (type text/javascript) with a src-Attribute don't have a defer / async - Attribute. Loading and executing these JavaScripts blocks parsing and rendering the Html-Output. That's bad if your site is large or the connection is slow / mobile usage. Use "async" if the js file has only functions (so nothing is executed after parsing the file) or is independend. Use "defer" if the order of the scripts is important. All "defer" scripts are executed before the DOMContentLoaded event is fired. Check https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script to see some details.: 3 script elements without defer/async.
AGood: All CSS / JavaScript files are sent compressed (gzip, deflate, br checked). That reduces the content of the files. 12 external CSS / JavaScript files found
AGood: All CSS / JavaScript files are sent with a long Cache-Control header (minimum 7 days). So the browser can re-use these files, no download is required. 6 external CSS / JavaScript files with long Cache-Control max-age found
Warning: Images with a missing or too short Cache-Control header found. Browsers should cache and re-use these files. 2 image files without Cache-Control-Header, 0 with Cache-Control, but no max-age, 0 with Cache-Control max-age too short (minimum 7 days), 0 with Cache-Control long enough, 2 complete.
AGood: All checked attribute values are enclosed in quotation marks (" or ').
AGood: All img-elements have a valid alt-attribute.: 2 img-elements found.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
AInfo: Different Server-Headers found
ADuration: 83776 milliseconds, 83.776 seconds

 

8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
x.com
162.159.140.229
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
x.com
162.159.140.229
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
 Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=x.com


2CN=E7, O=Let's Encrypt, C=US


x.com
172.66.0.227
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok

x.com
172.66.0.227
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
 Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=x.com


2CN=E7, O=Let's Encrypt, C=US


www.x.com
162.159.140.229
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok

www.x.com
162.159.140.229
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
 Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=x.com


2CN=E7, O=Let's Encrypt, C=US


www.x.com
172.66.0.227
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok

www.x.com
172.66.0.227
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
 Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=x.com


2CN=E7, O=Let's Encrypt, C=US


twitter.com
twitter.com
443
ok
Tls12
ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok

twitter.com
twitter.com
443
ok
Tls12

ECDH Ephermal
255
Aes128
128
Sha256
not supported
ok
http/2 via ALPN supported 
Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
http/2 via ALPN supported
 Tls.1.2
no Tls.1.1
no Tls.1.0
no Ssl3
no Ssl2
Chain (complete)

1CN=twitter.com


2CN=E7, O=Let's Encrypt, C=US

 

9. Certificates

1.
1.
CN=x.com
08.12.2025
08.03.2026
expires in 49 days		*.x.com, cdn.syndication.x.com, x.com - 3 entries
1.
1.
CN=x.com
08.12.2025

08.03.2026
expires in 49 days


*.x.com, cdn.syndication.x.com, x.com - 3 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:ECDSA SHA384
Serial Number:0606271EDE2E980891188A422E7EF6BBD2A4
Thumbprint:E5DD28F667D3C5C5EEAAFC95DEB59DDE593EB534
SHA256 / Certificate:2/ACykg61aOI7nl6hT6ZQnavgit+ypIJuk1aH7MLg0M=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):3b30199657d63bdec0eb4681a047fa250af7102561a930665f291a4bcd3c73b7
SHA256 hex / Subject Public Key Information (SPKI):3b30199657d63bdec0eb4681a047fa250af7102561a930665f291a4bcd3c73b7 (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=E7, O=Let's Encrypt, C=US
13.03.2024
13.03.2027
expires in 419 days

2.
CN=E7, O=Let's Encrypt, C=US
13.03.2024

13.03.2027
expires in 419 days




KeyalgorithmEC Public Key (384 bit, secp384r1)
Signatur:SHA256 With RSA-Encryption
Serial Number:00AA75F1E62B8F0A220966D38BBFD4BAA1
Thumbprint:3B73C17E3DF87CF3AA77F1389219EB5EDD519E7F
SHA256 / Certificate:rrH9dBDoO8lvXaPGp8LBu4NtH6XLhucIUViQ5Ciodws=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):cbbc559b44d524d6a132bdac672744da3407f12aae5d5f722c5f6c7913871c75
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)




3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 3424 days

3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 3424 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




2.
1.
CN=twitter.com
08.12.2025
08.03.2026
expires in 49 days		*.twitter.com, cdn.syndication.twitter.com, twitter.com - 3 entries
2.
1.
CN=twitter.com
08.12.2025

08.03.2026
expires in 49 days


*.twitter.com, cdn.syndication.twitter.com, twitter.com - 3 entries

KeyalgorithmEC Public Key (256 bit, prime256v1)
Signatur:ECDSA SHA384
Serial Number:0687429A78547065F91777D854D6915E9FD3
Thumbprint:C5E72334222A6123A0D691EC86BD0D7C2FFA366A
SHA256 / Certificate:Uye8GZo2nagQ0EiUJPbx6XYIFBB1bJzNgeGig7mvHHg=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):60e7fbdc7bf687dc63d14919f1d1cd1679a163c6dddc39bf23e906642dd2c81e
SHA256 hex / Subject Public Key Information (SPKI):60e7fbdc7bf687dc63d14919f1d1cd1679a163c6dddc39bf23e906642dd2c81e (is buggy, ignore the result)
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Serverauthentifizierung (1.3.6.1.5.5.7.3.1), Clientauthentifizierung (1.3.6.1.5.5.7.3.2)




2.
CN=E7, O=Let's Encrypt, C=US
13.03.2024
13.03.2027
expires in 419 days

2.
CN=E7, O=Let's Encrypt, C=US
13.03.2024

13.03.2027
expires in 419 days




KeyalgorithmEC Public Key (384 bit, secp384r1)
Signatur:SHA256 With RSA-Encryption
Serial Number:00AA75F1E62B8F0A220966D38BBFD4BAA1
Thumbprint:3B73C17E3DF87CF3AA77F1389219EB5EDD519E7F
SHA256 / Certificate:rrH9dBDoO8lvXaPGp8LBu4NtH6XLhucIUViQ5Ciodws=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):cbbc559b44d524d6a132bdac672744da3407f12aae5d5f722c5f6c7913871c75
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:Clientauthentifizierung (1.3.6.1.5.5.7.3.2), Serverauthentifizierung (1.3.6.1.5.5.7.3.1)




3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015
04.06.2035
expires in 3424 days

3.
CN=ISRG Root X1, O=Internet Security Research Group, C=US
04.06.2015

04.06.2035
expires in 3424 days




KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:008210CFB0D240E3594463E0BB63828B00
Thumbprint:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA256 / Certificate:lrzsBiZJdvN0YHeazyjFp8/oo8Cq4RqP/O4FwL3fCMY=
SHA256 hex / Cert (DANE * 0 1):96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6
SHA256 hex / PublicKey (DANE * 1 1):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SHA256 hex / Subject Public Key Information (SPKI):0b9fa5a59eed715c26c1020c711b4f6ec42d58b0015e14337a39dad301c5afc3
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:




 

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuerlast 7 daysactivenum Certs
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
0
0
44
CN=R11, O=Let's Encrypt, C=US
0
0
43
CN=R10, O=Let's Encrypt, C=US
0
0
34
CN=R13, O=Let's Encrypt, C=US
0
2
11
CN=R12, O=Let's Encrypt, C=US
0
7
10
CN=E6, O=Let's Encrypt, C=US
0
0
6
CN=E5, O=Let's Encrypt, C=US
0
0
4
CN=R3, O=Let's Encrypt, C=US
0
0
4
CN=E8, O=Let's Encrypt, C=US
0
1
3
CN=Certainly Intermediate R1, O=Certainly, C=US
0
0
1
CN=E7, O=Let's Encrypt, C=US
0
0
1

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
12835431086
leaf cert		CN=E8, O=Let's Encrypt, C=US
2025-11-22 20:33:59
2026-02-20 20:33:58
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


12811224497
leaf cert		CN=Certainly Intermediate R1, O=Certainly, C=US
2025-11-20 23:21:46
2025-12-20 23:21:45
*.twitter.com, *.twitterintegration.com, *.x.com, t.co, twitter.com, x.com - 6 entries


12810572017
leaf cert		CN=R12, O=Let's Encrypt, C=US
2025-11-20 22:04:49
2026-02-18 22:04:48
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 33 entries


12810282261
leaf cert		CN=R13, O=Let's Encrypt, C=US
2025-11-20 21:34:20
2026-02-18 21:34:19
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 33 entries


12534726782
leaf cert		CN=R12, O=Let's Encrypt, C=US
2025-11-01 23:34:01
2026-01-30 23:34:00
*.x.com, x.com - 2 entries


12482299204
leaf cert		CN=R12, O=Let's Encrypt, C=US
2025-10-28 05:33:51
2026-01-26 05:33:50
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


12476528134
leaf cert		CN=R12, O=Let's Encrypt, C=US
2025-10-27 17:34:32
2026-01-25 17:34:31
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


12466331386
leaf cert		CN=R12, O=Let's Encrypt, C=US
2025-10-27 00:05:31
2026-01-25 00:05:30
*.x.com, x.com - 2 entries


12465580938
leaf cert		CN=R13, O=Let's Encrypt, C=US
2025-10-26 22:35:09
2026-01-24 22:35:08
*.x.com, x.com - 2 entries


12465065223
leaf cert		CN=R12, O=Let's Encrypt, C=US
2025-10-26 21:35:11
2026-01-24 21:35:10
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


12403088509
leaf cert		CN=R12, O=Let's Encrypt, C=US
2025-10-22 19:05:29
2026-01-20 19:05:28
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


12267165890
leaf cert		CN=E7, O=Let's Encrypt, C=US
2025-10-13 19:12:58
2026-01-11 19:12:57
*.x.com, cdn.syndication.x.com, x.com - 3 entries


12267166149
leaf cert		CN=R13, O=Let's Encrypt, C=US
2025-10-13 19:12:49
2026-01-11 19:12:48
*.x.com, cdn.syndication.x.com, x.com - 3 entries


12200573677
leaf cert		CN=E8, O=Let's Encrypt, C=US
2025-10-08 20:33:53
2026-01-06 20:33:52
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


12175840488
leaf cert		CN=R13, O=Let's Encrypt, C=US
2025-10-06 21:33:09
2026-01-04 21:33:08
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 33 entries


12175564626
leaf cert		CN=R13, O=Let's Encrypt, C=US
2025-10-06 21:03:15
2026-01-04 21:03:14
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 33 entries


11918680443
leaf cert		CN=R13, O=Let's Encrypt, C=US
2025-09-18 00:04:02
2025-12-17 00:04:01
*.x.com, x.com - 2 entries


11857739532
leaf cert		CN=R13, O=Let's Encrypt, C=US
2025-09-13 05:34:52
2025-12-12 05:34:51
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11851404673
leaf cert		CN=R12, O=Let's Encrypt, C=US
2025-09-12 17:35:19
2025-12-11 17:35:18
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


11842069664
leaf cert		CN=R13, O=Let's Encrypt, C=US
2025-09-12 00:04:28
2025-12-11 00:04:27
*.x.com, x.com - 2 entries


11841307819
leaf cert		CN=R13, O=Let's Encrypt, C=US
2025-09-11 22:34:35
2025-12-10 22:34:34
*.x.com, x.com - 2 entries


11840800652
leaf cert		CN=R12, O=Let's Encrypt, C=US
2025-09-11 21:34:23
2025-12-10 21:34:22
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11787405520
leaf cert		CN=R13, O=Let's Encrypt, C=US
2025-09-07 19:09:01
2025-12-06 19:09:00
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11618238163
leaf cert		CN=E8, O=Let's Encrypt, C=US
2025-08-24 20:34:34
2025-11-22 20:34:33
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


11596227069
leaf cert		CN=R13, O=Let's Encrypt, C=US
2025-08-22 20:33:54
2025-11-20 20:33:53
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 33 entries


11596038612
leaf cert		CN=R12, O=Let's Encrypt, C=US
2025-08-22 20:04:34
2025-11-20 20:04:33
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 33 entries


11556310595
leaf cert		CN=E5, O=Let's Encrypt, C=US
2025-08-19 18:43:33
2025-11-17 18:43:32
*.x.com, cdn.syndication.x.com, x.com - 3 entries


11556315781
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-08-19 18:43:23
2025-11-17 18:43:22
*.x.com, cdn.syndication.x.com, x.com - 3 entries


11373010559
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-08-04 16:34:47
2025-11-02 16:34:46
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11364619376
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-08-04 00:05:32
2025-11-02 00:05:31
*.x.com, x.com - 2 entries


11309614254
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-07-30 05:33:07
2025-10-28 05:33:06
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11303440207
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-07-29 17:33:58
2025-10-27 17:33:57
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


11296409775
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-29 04:04:00
2025-10-27 04:03:59
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


11294400746
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-07-29 00:03:59
2025-10-27 00:03:58
*.x.com, x.com - 2 entries


11293641571
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-07-28 22:34:02
2025-10-26 22:34:01
*.x.com, x.com - 2 entries


11293146319
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-07-28 21:34:05
2025-10-26 21:34:04
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11292450796
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-28 20:06:07
2025-10-26 20:06:06
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11274822026
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-27 10:33:37
2025-10-25 10:33:36
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11257873122
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-26 01:03:28
2025-10-24 01:03:27
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11241498190
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-24 19:06:30
2025-10-22 19:06:29
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11240921055
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-07-24 18:05:55
2025-10-22 18:05:54
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11240335792
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-24 17:05:38
2025-10-22 17:05:37
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11208528342
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-22 03:34:35
2025-10-20 03:34:34
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11208207590
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-22 03:04:59
2025-10-20 03:04:58
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


11069827025
leaf cert		CN=E5, O=Let's Encrypt, C=US
2025-07-10 20:04:30
2025-10-08 20:04:29
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


11046343532
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-08 20:27:11
2025-10-06 20:27:10
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 33 entries


11046150704
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-08 20:03:03
2025-10-06 20:03:02
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 33 entries


11045911461
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-08 19:33:14
2025-10-06 19:33:13
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 33 entries


11045464603
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-07-08 18:33:06
2025-10-06 18:33:05
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 33 entries


10997790795
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-04 19:05:06
2025-10-02 19:05:05
*.atla.twitter.com, *.atla.x.com, *.dev.cftls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 31 entries


10997534497
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-07-04 18:33:24
2025-10-02 18:33:23
*.atla.twitter.com, *.atla.x.com, *.dev.cftls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 31 entries


10825109013
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-06-20 16:35:06
2025-09-18 16:35:05
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10817084630
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-06-19 23:33:55
2025-09-17 23:33:54
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10763733769
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-06-15 06:03:45
2025-09-13 06:03:44
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10752362382
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-06-14 03:09:15
2025-09-12 03:09:14
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


10749777725
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-06-13 20:08:56
2025-09-11 20:08:55
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10733721206
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-06-12 10:34:00
2025-09-10 10:33:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10717796446
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-06-11 01:05:26
2025-09-09 01:05:25
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10703592393
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-06-09 19:06:36
2025-09-07 19:06:35
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10703259350
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-06-09 18:33:46
2025-09-07 18:33:45
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10702947524
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-06-09 18:04:00
2025-09-07 18:03:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10702585005
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-06-09 17:33:53
2025-09-07 17:33:52
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10669741088
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-06-06 23:04:04
2025-09-04 23:04:03
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10668688021
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-06-06 20:34:13
2025-09-04 20:34:12
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10668281515
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-06-06 19:34:01
2025-09-04 19:34:00
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10545794486
leaf cert		CN=E6, O=Let's Encrypt, C=US
2025-05-26 20:03:35
2025-08-24 20:03:34
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


10480583539
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-05-20 18:33:35
2025-08-18 18:33:34
*.atla.twitter.com, *.atla.x.com, *.dev.cftls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 31 entries


10480404004
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-05-20 18:04:19
2025-08-18 18:04:18
*.atla.twitter.com, *.atla.x.com, *.dev.cftls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 31 entries


10479988715
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-05-20 17:04:22
2025-08-18 17:04:21
*.atla.twitter.com, *.atla.x.com, *.dev.cftls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 31 entries


10354244771
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-05-08 16:34:53
2025-08-06 16:34:52
*.atla.twitter.com, *.atla.x.com, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com - 30 entries


10324660397
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-05-05 19:37:20
2025-08-03 19:37:19
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10267869193
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-04-30 01:03:14
2025-07-29 01:03:13
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


10256900942
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-04-28 22:37:19
2025-07-27 22:37:18
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10249522667
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-04-28 03:36:05
2025-07-27 03:36:04
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10227734249
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-04-25 20:38:16
2025-07-24 20:38:15
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10214700503
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-04-24 15:37:33
2025-07-23 15:37:32
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10192756086
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-04-22 20:07:28
2025-07-21 20:07:27
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10192505969
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-04-22 19:37:31
2025-07-21 19:37:30
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10192037348
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-04-22 18:37:22
2025-07-21 18:37:21
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10191591709
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-04-22 17:37:25
2025-07-21 17:37:24
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10191313813
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-04-22 17:08:19
2025-07-21 17:08:18
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


10077986034
leaf cert		CN=E6, O=Let's Encrypt, C=US
2025-04-11 19:33:37
2025-07-10 19:33:36
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


9867768329
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-03-21 21:06:21
2025-06-19 21:06:20
*.x.com, x.com - 2 entries


9867302611
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-03-21 19:37:40
2025-06-19 19:37:39
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


9787754398
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-03-13 21:07:51
2025-06-11 21:07:50
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


9766991105
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-03-11 22:35:48
2025-06-09 22:35:47
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


9712661824
leaf cert		CN=E5, O=Let's Encrypt, C=US
2025-03-06 17:25:47
2025-06-04 17:25:46
*.x.com, cdn.syndication.x.com, x.com - 3 entries


9712667939
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-03-06 17:25:38
2025-06-04 17:25:37
*.x.com, cdn.syndication.x.com, x.com - 3 entries


9621041226
leaf cert		CN=E6, O=Let's Encrypt, C=US
2025-02-25 16:33:58
2025-05-26 16:33:57
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


9478881586
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2025-02-11 00:00:00
2025-05-11 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


9410528095
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-02-04 18:33:14
2025-05-05 18:33:13
*.x.com, x.com - 2 entries


9409868108
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-02-04 16:33:30
2025-05-05 16:33:29
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


9337550689
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-01-27 17:42:59
2025-04-27 17:42:58
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


9294150007
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-01-22 20:06:23
2025-04-22 20:06:22
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


9174547208
leaf cert		CN=E6, O=Let's Encrypt, C=US
2025-01-10 01:24:44
2025-04-10 01:24:43
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


9136742472
leaf cert		CN=E5, O=Let's Encrypt, C=US
2025-01-06 01:05:13
2025-04-06 01:05:12
*.x.com, cdn.syndication.x.com, x.com - 3 entries


9136742202
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-01-06 01:05:09
2025-04-06 01:05:08
*.x.com, cdn.syndication.x.com, x.com - 3 entries


8992806596
leaf cert		CN=R11, O=Let's Encrypt, C=US
2024-12-20 21:34:17
2025-03-20 21:34:16
*.x.com, x.com - 2 entries


8992630401
leaf cert		CN=R11, O=Let's Encrypt, C=US
2024-12-20 21:04:44
2025-03-20 21:04:43
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8915331568
leaf cert		CN=R11, O=Let's Encrypt, C=US
2024-12-12 18:06:58
2025-03-12 18:06:57
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


8841251902
leaf cert		CN=R11, O=Let's Encrypt, C=US
2024-12-05 05:07:15
2025-03-05 05:07:14
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8766087259
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-11-26 00:00:00
2025-02-23 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8570616014
leaf cert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-11-04 00:00:00
2025-12-05 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8365934737
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-10-09 00:00:00
2025-10-08 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8357640024
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-10-08 00:00:00
2025-10-07 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


8348891661
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-10-07 00:00:00
2025-10-06 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8313176588
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-10-02 00:00:00
2025-10-01 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8312854642
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-10-02 00:00:00
2025-10-01 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


8305350274
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-10-01 00:00:00
2025-09-30 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


8305657216
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-10-01 00:00:00
2025-09-30 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8298792556
leaf cert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-09-30 00:00:00
2025-09-29 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8298505463
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-09-30 00:00:00
2025-09-29 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


8270213503
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-09-26 00:00:00
2024-12-24 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8167036056
leaf cert		CN=R10, O=Let's Encrypt, C=US
2024-09-12 16:02:59
2024-12-11 16:02:58
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


8158780478
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-09-11 00:00:00
2025-10-12 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8158780389
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-09-11 00:00:00
2025-10-12 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


8144918727
leaf cert		CN=E6, O=Let's Encrypt, C=US
2024-09-09 14:18:15
2024-12-08 14:18:14
*.x.com, cdn.syndication.x.com, x.com - 3 entries


8144925339
leaf cert		CN=R10, O=Let's Encrypt, C=US
2024-09-09 14:18:11
2024-12-08 14:18:10
*.x.com, cdn.syndication.x.com, x.com - 3 entries


8115847638
leaf cert		CN=R11, O=Let's Encrypt, C=US
2024-09-05 20:06:00
2024-12-04 20:05:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


8112796732
leaf cert		CN=E6, O=Let's Encrypt, C=US
2024-09-05 10:43:22
2024-12-04 10:43:21
*.x.com, x.com - 2 entries


8112783237
leaf cert		CN=R11, O=Let's Encrypt, C=US
2024-09-05 10:43:13
2024-12-04 10:43:12
*.x.com, x.com - 2 entries


8073317915
leaf cert		CN=R10, O=Let's Encrypt, C=US
2024-08-31 08:06:03
2024-11-29 08:06:02
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


7979303169
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-08-19 00:00:00
2025-08-18 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


7978998737
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-08-19 00:00:00
2025-09-19 23:59:59
*.x.com, ias.x.com, x.com - 3 entries


7979004223
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-08-19 00:00:00
2025-09-19 23:59:59
*.x.com, ias.x.com, x.com - 3 entries


7979629019
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-08-19 00:00:00
2025-08-18 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


7942296283
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-08-14 00:00:00
2025-08-13 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


7941948414
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-08-14 00:00:00
2025-08-13 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


7819841619
leaf cert		CN=R11, O=Let's Encrypt, C=US
2024-07-29 02:35:21
2024-10-27 02:35:20
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


7773729142
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-07-22 00:00:00
2025-07-21 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


7773735169
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-07-22 00:00:00
2024-10-19 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


7766546460
leaf cert		CN=R11, O=Let's Encrypt, C=US
2024-07-21 20:49:42
2024-10-19 20:49:41
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


7729076350
leaf cert		CN=R10, O=Let's Encrypt, C=US
2024-07-17 01:51:07
2024-10-15 01:51:06
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


7501112603
leaf cert		CN=R11, O=Let's Encrypt, C=US
2024-06-14 03:03:53
2024-09-12 03:03:52
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com - 5 entries


7456950966
leaf cert		CN=R11, O=Let's Encrypt, C=US
2024-06-06 21:02:53
2024-09-04 21:02:52
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


7456919653
leaf cert		CN=R10, O=Let's Encrypt, C=US
2024-06-06 20:53:52
2024-09-04 20:53:51
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


7428123656
leaf cert		CN=R3, O=Let's Encrypt, C=US
2024-06-02 02:08:49
2024-08-31 02:08:48
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


6157934693
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-09 00:00:00
2024-11-07 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


6157927176
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-09 00:00:00
2024-11-07 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


6150629954
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-08 00:00:00
2024-11-06 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


6146013758
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-07 00:00:00
2024-11-05 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


6118307210
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-02 00:00:00
2024-10-31 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


6118307162
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-02 00:00:00
2024-10-31 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


6113018305
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-01 00:00:00
2024-10-30 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


6113056195
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-01 00:00:00
2024-12-01 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


6113018350
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-01 00:00:00
2024-10-30 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


6113063603
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-01 00:00:00
2024-12-01 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


6106263639
leaf cert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-10-31 00:00:00
2024-10-29 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


6106263556
leaf cert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-10-31 00:00:00
2024-10-29 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


6100888050
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-10-30 00:00:00
2024-11-29 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


6100923568
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-10-30 00:00:00
2024-11-29 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


6083434033
leaf cert		CN=R3, O=Let's Encrypt, C=US
2023-10-27 19:28:47
2024-01-25 19:28:46
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


6083315101
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-10-27 00:00:00
2024-11-26 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


5950488392
leaf cert		CN=R3, O=Let's Encrypt, C=US
2023-10-03 18:08:20
2024-01-01 18:08:19
syndication.x.com, td.twitter.com, td.x.com, tdapi.twitter.com, tdapi.x.com, tdweb.twitter.com, tdweb.x.com, ton.twitter.com, ton.x.com, tweetdeck.com, tweetdeck.twitter.com, tweetdeck.x.com, twitter.com, tw-ton.twitter.com, tw-ton.x.com, upload.twitter.com, upload.x.com, web.tweetdeck.com, www.tweetdeck.com, www.twitter.com, x.com - 21 entries


5950341729
leaf cert		CN=R3, O=Let's Encrypt, C=US
2023-10-03 17:29:35
2024-01-01 17:29:34
api.tweetdeck.com, api.twitter.com, api.x.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, mobile.twitter.com, mobile.x.com, pro.twitter.com, pro.x.com, support.twitter.com, support.x.com, syndication.twimg.com, syndication.twitter.com, syndication-o.twimg.com, syndication-o.twitter.com, syndication-o.x.com, www.x.com - 20 entries


5876132365
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-09-19 00:00:00
2024-09-17 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


5876132449
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-09-19 00:00:00
2024-09-17 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


5850754004
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-09-14 00:00:00
2024-09-12 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


5850753970
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-09-14 00:00:00
2024-09-12 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


5820458467
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-09-08 00:00:00
2024-10-08 23:59:59
twitter.com, www.twitter.com, www.x.com, x.com - 4 entries


5820466885
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-09-08 00:00:00
2024-10-08 23:59:59
*.twitter.com, *.x.com, twitter.com, x.com - 4 entries


 

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > of the last months are listed

Issuerlast 7 daysactivenum Certs
CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
0
0
6
CN=R11, O=Let's Encrypt, C=US
0
0
5
CN=R10, O=Let's Encrypt, C=US
0
0
2
CN=E6, O=Let's Encrypt, C=US
0
0
1
CN=E5, O=Let's Encrypt, C=US
0
0
1
CN=R3, O=Let's Encrypt, C=US
0 /0 new
0
1

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
19579150310
precert		CN=E5, O=Let's Encrypt, C=US
2025-07-10 18:04:30
2025-10-08 18:04:29
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com
5 entries


19536896886
precert		CN=R11, O=Let's Encrypt, C=US
2025-07-08 18:27:11
2025-10-06 18:27:10
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com
33 entries


19536544339
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-08 18:03:03
2025-10-06 18:03:02
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com
33 entries


19536114740
leaf cert		CN=R11, O=Let's Encrypt, C=US
2025-07-08 17:33:14
2025-10-06 17:33:13
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com
33 entries


19535302543
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-07-08 16:33:06
2025-10-06 16:33:05
*.atla.twitter.com, *.atla.x.com, *.cftls.t.co, *.dev.cftls.t.co, *.fsttls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com
33 entries


19450720549
precert		CN=R11, O=Let's Encrypt, C=US
2025-07-04 17:05:06
2025-10-02 17:05:05
*.atla.twitter.com, *.atla.x.com, *.dev.cftls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com
31 entries


19450155373
leaf cert		CN=R10, O=Let's Encrypt, C=US
2025-07-04 16:33:24
2025-10-02 16:33:23
*.atla.twitter.com, *.atla.x.com, *.dev.cftls.t.co, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com
31 entries


18641876172
precert		CN=E6, O=Let's Encrypt, C=US
2025-05-26 18:03:35
2025-08-24 18:03:34
*.twitter.com, *.x.com, isolation.atla.twitter.com, twitter.com, x.com
5 entries


18294285057
precert		CN=R11, O=Let's Encrypt, C=US
2025-05-08 14:34:53
2025-08-06 14:34:52
*.atla.twitter.com, *.atla.x.com, *.local.twitter.com, *.local.x.com, *.pages.twitter.biz, *.pdxa.twitter.com, *.pdxa.x.com, *.smf1.twitter.com, *.smf1.x.com, *.twimg.com, *.twitter.biz, *.twitter.com, *.twitterintegration.com, *.webhook.twitter.biz, *.x.com, api.tweetdeck.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, t.co, tweetdeck.com, twimg.com, twitter.biz, twitter.com, web.tweetdeck.com, www.t.co, www.tweetdeck.com, x.com
30 entries


13839849948
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2024-07-21 22:00:00
2025-07-21 21:59:59
*.twitter.com, *.x.com, twitter.com, x.com
4 entries


11049883331
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-08 23:00:00
2024-11-07 22:59:59
*.twitter.com, *.x.com, twitter.com, x.com
4 entries


11049898404
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-08 23:00:00
2024-11-07 22:59:59
twitter.com, www.twitter.com, www.x.com, x.com
4 entries


11037173867
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-07 23:00:00
2024-11-06 22:59:59
twitter.com, www.twitter.com, www.x.com, x.com
4 entries


11029148909
precert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-11-06 23:00:00
2024-11-05 22:59:59
*.twitter.com, *.x.com, twitter.com, x.com
4 entries


11061304430
leaf cert		CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
2023-10-30 23:00:00
2024-10-29 22:59:59
*.twitter.com, *.x.com, twitter.com, x.com
4 entries


10588749692
leaf cert		CN=R3, O=Let's Encrypt, C=US
2023-10-03 15:29:35
2024-01-01 16:29:34
api.tweetdeck.com, api.twitter.com, api.x.com, blog.tweetdeck.com, cdn.syndication.twimg.com, cdn.syndication.twitter.com, cdn.syndication.x.com, downloads.tweetdeck.com, mobile.twitter.com, mobile.x.com, pro.twitter.com, pro.x.com, support.twitter.com, support.x.com, syndication.twimg.com, syndication.twitter.com, syndication-o.twimg.com, syndication-o.twitter.com, syndication-o.x.com, www.x.com
20 entries


 

11. Html-Content - Entries

Summary


Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://x.com/
162.159.140.229		a

6

0


0
0
0


form

1
52,293 Bytes
0
1
0
0
0
0


img

1
331 Bytes
0
0
1
1
0
0
-1

link
dns-prefetch
6

0


0
0
0


link
other
17
1,319,818 Bytes
3
0
6
0
0
0


meta
og
1

0


0
0
0


meta
other
10

0


0
0
0


script

3
1,305,802 Bytes
3
0
3
0
0
0

https://x.com/
172.66.0.227		a

6

0


0
0
0


form

1
52,433 Bytes
0
1
0
0
0
0


img

1
331 Bytes
0
0
1
1
0
0
-1

link
dns-prefetch
6

0


0
0
0


link
other
17
1,319,818 Bytes
3
0
6
0
0
0


meta
og
1

0


0
0
0


meta
other
10

0


0
0
0


script

3
1,305,802 Bytes
3
0
3
0
0
0

 

Details (currently limited to 500 rows - some problems with spam users)

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://x.com/
162.159.140.229
a

https://business.twitter.com/en/help/troubleshooting/how-twitter-ads-work.html?ref=web-twc-ao-gbl-adsinfo&utm_source=twc&utm_medium=web&utm_campaign=ao&utm_content=adsinfo


1
ok















a

https://help.x.com/using-x/x-supported-browsers


1
ok















a

https://legal.twitter.com/imprint.html


1
ok















a

https://support.x.com/articles/20170514


1
ok















a

https://x.com/privacy


1
ok















a

https://x.com/tos


1
ok















form
get

200

1
ok
text/html; charset=utf-8
X-Content-Type-Options nosniff found




52293 Bytes








img
src
https://abs-0.twimg.com/emoji/v2/svg/26a0.svg
200

1
ok
alt: ⚠️image/svg+xml
X-Content-Type-Options nosniff found




No Cache-Control header
331 Bytes






ETag: "KJZzhY4G36Lg46fuYQw6MA=="

Server-Header Access-Control-Allow-Origin: *
Cross-Origin Resource Sharing (CORS) supported

missing crossorigin=anonymous|use-credentials and integrity - attribute, possible hash-values:

 

sha256-Azgqwv1/4NWK4vgZZLMyvTTfycxRRaEOYcted2rvXis=
sha384-20WO4aiD0odO2evp5jLKRnh4ebgJXjZh5ZnVOAOBaprleZt6ov/oReTrbuIiZZxl
sha512-5pLYLqJtcG/zwHjR+7yL6bQEW9YqHfx2tPqS/U+jf8RzCb1g54TUud6CZTsfYuqK9Bls+y6Uvz+GVMXTOwj2PQ==

 

<img src="https://abs-0.twimg.com/emoji/v2/svg/26a0.svg" crossorigin="anonymous" integrity="sha256-Azgqwv1/4NWK4vgZZLMyvTTfycxRRaEOYcted2rvXis=" />



link
apple-touch-icon
https://abs.twimg.com/responsive-web/client-web/icon-ios.77d25eba.png
200

1
ok
image/png
X-Content-Type-Options nosniff found




Cache-Control: public, max-age=30588961 with long duration found.
No Compression - 13160 Bytes






ETag: "9B3nYcSWUowyhlO4zEPeHw=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



link
dns-prefetch
//abs.twimg.com


1
ok















link
dns-prefetch
//api.twitter.com


1
ok















link
dns-prefetch
//api.x.com


1
ok















link
dns-prefetch
//pbs.twimg.com


1
ok















link
dns-prefetch
//t.co


1
ok















link
dns-prefetch
//video.twimg.com


1
ok















link
manifest
/manifest.json


1
ok















link
mask-icon
https://abs.twimg.com/responsive-web/client-web/icon-svg.ea5ff4aa.svg
200

1
ok
image/svg+xml
X-Content-Type-Options nosniff found




Cache-Control: public, max-age=28563598 with long duration found.
284 Bytes






ETag: "qVW1b1hWrByt/7ONwyPKIQ=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



link
preconnect
//abs.twimg.com


1
ok















link
preconnect
//api.twitter.com


1
ok















link
preconnect
//api.x.com


1
ok















link
preconnect
//pbs.twimg.com


1
ok















link
preconnect
//t.co


1
ok















link
preconnect
//video.twimg.com


1
ok















link
preload
https://abs.twimg.com/responsive-web/client-web/i18n/en.2dbf7cfa.js
200

1
Problems with Content-Type - Header - see details
application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Compression (gzip): 183239/586454 Bytes






ETag: "7vvoyVJfkdizFNi6VaDhlg=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



link
preload
https://abs.twimg.com/responsive-web/client-web/main.4baaf26a.js
200

1
Problems with Content-Type - Header - see details
application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Compression (gzip): 694557/3387818 Bytes






ETag: "zoaev6ZWSC3CSqUD+QCG8Q=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



link
preload
https://abs.twimg.com/responsive-web/client-web/vendor.39bcba4a.js
200

1
Problems with Content-Type - Header - see details
application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Compression (gzip): 428006/1529931 Bytes






ETag: "J98xU616X59rEQPvmYLF4Q=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



link
search
/os-grok.xml


2
ok















link
search
/os-x.xml


2
ok















link
shortcut icon
//abs.twimg.com/favicons/twitter.3.ico
200

1
ok
image/vnd.microsoft.icon
X-Content-Type-Options nosniff found




Cache-Control: public, max-age=30865860 with long duration found.
572 Bytes






ETag: W/"nZmiNyu9WyjvSy6uysjIBQ=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



meta
charset
 utf-8


1
ok















meta
fb:app_id
2231777543


1
ok















meta
og:site_name
X (formerly Twitter)


1
ok















meta
onion-location
https://twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion/


1
ok















meta
origin-trial
AlpCmb40F5ZjDi9ZYe+wnr/V8MF+XmY41K4qUhoq+2mbepJTNd3q4CRqlACfnythEPZqcjryfAS1+ExS0FFRcA8AAABmeyJvcmlnaW4iOiJodHRwczovL3R3aXR0ZXIuY29tOjQ0MyIsImZlYXR1cmUiOiJMYXVuY2ggSGFuZGxlciIsImV4cGlyeSI6MTY1NTI1MTE5OSwiaXNTdWJkb21haW4iOnRydWV9


1
ok















meta
facebook-domain-verification
x6sdcc8b5ju3bh8nbm59eswogvg6t1


1
ok















meta
google-site-verification
reUF-TgZq93ZGtzImw42sfYglI2hY0QiGRmfc4jeKbs


1
ok















meta
theme-color
#000000


1
ok















meta
theme-color
#FFFFFF


1
ok















meta
twitter-site-verification
QP8PCufGtainY5+slOx3wPceaENs3/NlYuIa1os+fhCdlinhAi7QVUC48O9zPx+x


1
ok















meta
viewport
width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0,viewport-fit=cover


1
ok















script
src
https://abs.twimg.com/responsive-web/client-web/i18n/en.2dbf7cfa.js
200

1
Problems with Content-Type - Header - see details
Missing defer / async attribute. application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Cache-Control: public, max-age=31257684 - with long duration found.
Compression (gzip): 183239/586454 Bytes






ETag: "7vvoyVJfkdizFNi6VaDhlg=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



script
src
https://abs.twimg.com/responsive-web/client-web/main.4baaf26a.js
200

1
Problems with Content-Type - Header - see details
Missing defer / async attribute. application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Cache-Control: public, max-age=31272753 - with long duration found.
Compression (gzip): 694557/3387818 Bytes






ETag: "zoaev6ZWSC3CSqUD+QCG8Q=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



script
src
https://abs.twimg.com/responsive-web/client-web/vendor.39bcba4a.js
200

1
Problems with Content-Type - Header - see details
Missing defer / async attribute. application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Cache-Control: public, max-age=31245801 - with long duration found.
Compression (gzip): 428006/1529931 Bytes






ETag: "J98xU616X59rEQPvmYLF4Q=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported


172.66.0.227
a

https://business.twitter.com/en/help/troubleshooting/how-twitter-ads-work.html?ref=web-twc-ao-gbl-adsinfo&utm_source=twc&utm_medium=web&utm_campaign=ao&utm_content=adsinfo


1
ok















a

https://help.x.com/using-x/x-supported-browsers


1
ok















a

https://legal.twitter.com/imprint.html


1
ok















a

https://support.x.com/articles/20170514


1
ok















a

https://x.com/privacy


1
ok















a

https://x.com/tos


1
ok















form
get

200

1
ok
text/html; charset=utf-8
X-Content-Type-Options nosniff found




52433 Bytes








img
src
https://abs-0.twimg.com/emoji/v2/svg/26a0.svg
200

1
ok
alt: ⚠️image/svg+xml
X-Content-Type-Options nosniff found




No Cache-Control header
331 Bytes






ETag: "KJZzhY4G36Lg46fuYQw6MA=="

Server-Header Access-Control-Allow-Origin: *
Cross-Origin Resource Sharing (CORS) supported

missing crossorigin=anonymous|use-credentials and integrity - attribute, possible hash-values:

 

sha256-Azgqwv1/4NWK4vgZZLMyvTTfycxRRaEOYcted2rvXis=
sha384-20WO4aiD0odO2evp5jLKRnh4ebgJXjZh5ZnVOAOBaprleZt6ov/oReTrbuIiZZxl
sha512-5pLYLqJtcG/zwHjR+7yL6bQEW9YqHfx2tPqS/U+jf8RzCb1g54TUud6CZTsfYuqK9Bls+y6Uvz+GVMXTOwj2PQ==

 

<img src="https://abs-0.twimg.com/emoji/v2/svg/26a0.svg" crossorigin="anonymous" integrity="sha256-Azgqwv1/4NWK4vgZZLMyvTTfycxRRaEOYcted2rvXis=" />



link
apple-touch-icon
https://abs.twimg.com/responsive-web/client-web/icon-ios.77d25eba.png
200

1
ok
image/png
X-Content-Type-Options nosniff found




Cache-Control: public, max-age=30588961 with long duration found.
No Compression - 13160 Bytes






ETag: "9B3nYcSWUowyhlO4zEPeHw=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



link
dns-prefetch
//abs.twimg.com


1
ok















link
dns-prefetch
//api.twitter.com


1
ok















link
dns-prefetch
//api.x.com


1
ok















link
dns-prefetch
//pbs.twimg.com


1
ok















link
dns-prefetch
//t.co


1
ok















link
dns-prefetch
//video.twimg.com


1
ok















link
manifest
/manifest.json


1
ok















link
mask-icon
https://abs.twimg.com/responsive-web/client-web/icon-svg.ea5ff4aa.svg
200

1
ok
image/svg+xml
X-Content-Type-Options nosniff found




Cache-Control: public, max-age=28563598 with long duration found.
284 Bytes






ETag: "qVW1b1hWrByt/7ONwyPKIQ=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



link
preconnect
//abs.twimg.com


1
ok















link
preconnect
//api.twitter.com


1
ok















link
preconnect
//api.x.com


1
ok















link
preconnect
//pbs.twimg.com


1
ok















link
preconnect
//t.co


1
ok















link
preconnect
//video.twimg.com


1
ok















link
preload
https://abs.twimg.com/responsive-web/client-web/i18n/en.2dbf7cfa.js
200

1
Problems with Content-Type - Header - see details
application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Compression (gzip): 183239/586454 Bytes






ETag: "7vvoyVJfkdizFNi6VaDhlg=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



link
preload
https://abs.twimg.com/responsive-web/client-web/main.4baaf26a.js
200

1
Problems with Content-Type - Header - see details
application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Compression (gzip): 694557/3387818 Bytes






ETag: "zoaev6ZWSC3CSqUD+QCG8Q=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



link
preload
https://abs.twimg.com/responsive-web/client-web/vendor.39bcba4a.js
200

1
Problems with Content-Type - Header - see details
application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Compression (gzip): 428006/1529931 Bytes






ETag: "J98xU616X59rEQPvmYLF4Q=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



link
search
/os-grok.xml


2
ok















link
search
/os-x.xml


2
ok















link
shortcut icon
//abs.twimg.com/favicons/twitter.3.ico
200

1
ok
image/vnd.microsoft.icon
X-Content-Type-Options nosniff found




Cache-Control: public, max-age=30865860 with long duration found.
572 Bytes






ETag: W/"nZmiNyu9WyjvSy6uysjIBQ=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



meta
charset
 utf-8


1
ok















meta
fb:app_id
2231777543


1
ok















meta
og:site_name
X (formerly Twitter)


1
ok















meta
onion-location
https://twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion/


1
ok















meta
origin-trial
AlpCmb40F5ZjDi9ZYe+wnr/V8MF+XmY41K4qUhoq+2mbepJTNd3q4CRqlACfnythEPZqcjryfAS1+ExS0FFRcA8AAABmeyJvcmlnaW4iOiJodHRwczovL3R3aXR0ZXIuY29tOjQ0MyIsImZlYXR1cmUiOiJMYXVuY2ggSGFuZGxlciIsImV4cGlyeSI6MTY1NTI1MTE5OSwiaXNTdWJkb21haW4iOnRydWV9


1
ok















meta
facebook-domain-verification
x6sdcc8b5ju3bh8nbm59eswogvg6t1


1
ok















meta
google-site-verification
reUF-TgZq93ZGtzImw42sfYglI2hY0QiGRmfc4jeKbs


1
ok















meta
theme-color
#000000


1
ok















meta
theme-color
#FFFFFF


1
ok















meta
twitter-site-verification
vYYudTPWQnIqfWb5mmxHJwZ9uxFIa7vjtWxwVtMaDK2FwkpmWDQDzotsTwG/0mP2


1
ok















meta
viewport
width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0,viewport-fit=cover


1
ok















script
src
https://abs.twimg.com/responsive-web/client-web/i18n/en.2dbf7cfa.js
200

1
Problems with Content-Type - Header - see details
Missing defer / async attribute. application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Cache-Control: public, max-age=31257684 - with long duration found.
Compression (gzip): 183239/586454 Bytes






ETag: "7vvoyVJfkdizFNi6VaDhlg=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



script
src
https://abs.twimg.com/responsive-web/client-web/main.4baaf26a.js
200

1
Problems with Content-Type - Header - see details
Missing defer / async attribute. application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Cache-Control: public, max-age=31272753 - with long duration found.
Compression (gzip): 694557/3387818 Bytes






ETag: "zoaev6ZWSC3CSqUD+QCG8Q=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported



script
src
https://abs.twimg.com/responsive-web/client-web/vendor.39bcba4a.js
200

1
Problems with Content-Type - Header - see details
Missing defer / async attribute. application/javascript; charset=utf-8
X-Content-Type-Options nosniff found

This Combination of MediaType "application" and MediaSubType "javascript" is obsolete. Don't use it. See https://www.iana.org/assignments/media-types/media-types.xhtml to find a correct Combination. Use "text/javascript" instead.


Cache-Control: public, max-age=31245801 - with long duration found.
Compression (gzip): 428006/1529931 Bytes






ETag: "J98xU616X59rEQPvmYLF4Q=="

Server-Header Access-Control-Allow-Origin: https://x.com
Cross-Origin Resource Sharing (CORS) not supported


 

12. Html-Parsing via https://validator.w3.org/nu/

Url used (first standard-https-result with http status 200): https://x.com/

Summary

Good: No non-document-errors
13 errors
15 warnings

TypeMessagenum found
1.errorElement script must not have attribute charset unless attribute src is also specified.4
2.errorBad value onion-location for attribute http-equiv on element meta.1
3.errorA link element with a sizes attribute must have a rel attribute that contains the value icon or the value apple-touch-icon or the value apple-touch-icon-precomposed.1
4.errorBad value origin-trial for attribute http-equiv on element meta.1
5.errorCSS: dynamic-range-limit: Property dynamic-range-limit doesn't exist.1
6.errorElement head is missing a required instance of child element title.1
7.errorElement style not allowed as child of element noscript in this context. (Suppressing further errors from this subtree.)1
8.errorThe aria-label attribute must not be specified on any div element unless the element has a role value other than caption, code, deletion, emphasis, generic, insertion, paragraph, presentation, strong, subscript, or superscript.1
9.errorBad value   for attribute action on element form: Must be non-empty.1
10.errorElement div not allowed as child of element button in this context. (Suppressing further errors from this subtree.)1
11.warningThe charset attribute on the script element is obsolete.7
12.warningThe type attribute is unnecessary for JavaScript resources.7
13.warningTo set the document’s location as the action for a form, omit the action attribute.1

Details


TypeMessage + Sample
1errorBad value onion-location for attribute http-equiv on element meta.

From line 1, column 1328 to line 1, column 1445

26a.js" /><meta http-equiv="onion-location" content="https://twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion/" /><meta
2errorA link element with a sizes attribute must have a rel attribute that contains the value icon or the value apple-touch-icon or the value apple-touch-icon-precomposed.

From line 2, column 601 to line 2, column 727

le="Grok"><link rel="mask-icon" sizes="any" href="https://abs.twimg.com/responsive-web/client-web/icon-svg.ea5ff4aa.svg" color="#1D9BF0"><link
3errorBad value origin-trial for attribute http-equiv on element meta.

From line 2, column 965 to line 2, column 1237

000000" /><meta http-equiv="origin-trial" content="AlpCmb40F5ZjDi9ZYe+wnr/V8MF+XmY41K4qUhoq+2mbepJTNd3q4CRqlACfnythEPZqcjryfAS1+ExS0FFRcA8AAABmeyJvcmlnaW4iOiJodHRwczovL3R3aXR0ZXIuY29tOjQ0MyIsImZlYXR1cmUiOiJMYXVuY2ggSGFuZGxlciIsImV4cGlyeSI6MTY1NTI1MTE5OSwiaXNTdWJkb21haW4iOnRydWV9" /><style
4errorCSS: dynamic-range-limit: Property dynamic-range-limit doesn't exist.

From line 237, column 31 to line 237, column 38

nge-limit:standard;} .r-
5errorElement head is missing a required instance of child element title.

From line 280, column 65 to line 280, column 71

x}</style></head><body
6errorElement style not allowed as child of element noscript in this context. (Suppressing further errors from this subtree.)

From line 280, column 123 to line 280, column 129

<noscript><style> b
7errorThe aria-label attribute must not be specified on any div element unless the element has a role value other than caption, code, deletion, emphasis, generic, insertion, paragraph, presentation, strong, subscript, or superscript.

From line 356, column 163 to line 356, column 283

-12vffkv"><div aria-label="Loading…" class="css-175oi2r r-kemksi r-1p0dtai r-zchlnj r-1d2f490 r-1xcajam r-ipm5af" id="placeholder"><svg v
8errorBad value   for attribute action on element form: Must be non-empty.

From line 356, column 789 to line 356, column 817

dFailure"><form action="" method="GET"><div c
9errorElement div not allowed as child of element button in this context. (Suppressing further errors from this subtree.)

From line 356, column 1449 to line 356, column 1581

="submit"><div dir="ltr" class="css-146c3p1 r-bcqeeo r-qvutc0 r-1qd0xha r-q4m81j r-a023e6 r-rjixqe r-b88u0q" style="color:rgba(15,20,25,1.00)"><span
10errorElement script must not have attribute charset unless attribute src is also specified.

From line 356, column 7029 to line 356, column 7132

;</script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">window
11errorElement script must not have attribute charset unless attribute src is also specified.

From line 356, column 158588 to line 356, column 158691

></script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">window
12errorElement script must not have attribute charset unless attribute src is also specified.

From line 357, column 10 to line 357, column 113

 </script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">perfor
13errorElement script must not have attribute charset unless attribute src is also specified.

From line 357, column 829 to line 357, column 932

></script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">perfor
14warningTo set the document’s location as the action for a form, omit the action attribute.

From line 356, column 789 to line 356, column 817

dFailure"><form action="" method="GET"><div c
15warningThe charset attribute on the script element is obsolete.

From line 356, column 7029 to line 356, column 7132

;</script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">window
16warningThe type attribute is unnecessary for JavaScript resources.

From line 356, column 7029 to line 356, column 7132

;</script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">window
17warningThe charset attribute on the script element is obsolete.

From line 356, column 158588 to line 356, column 158691

></script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">window
18warningThe type attribute is unnecessary for JavaScript resources.

From line 356, column 158588 to line 356, column 158691

></script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">window
19warningThe charset attribute on the script element is obsolete.

From line 357, column 10 to line 357, column 113

 </script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">perfor
20warningThe type attribute is unnecessary for JavaScript resources.

From line 357, column 10 to line 357, column 113

 </script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">perfor
21warningThe charset attribute on the script element is obsolete.

From line 357, column 200 to line 357, column 400

)</script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw" crossorigin="anonymous" src="https://abs.twimg.com/responsive-web/client-web/vendor.39bcba4a.js"></scri
22warningThe type attribute is unnecessary for JavaScript resources.

From line 357, column 200 to line 357, column 400

)</script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw" crossorigin="anonymous" src="https://abs.twimg.com/responsive-web/client-web/vendor.39bcba4a.js"></scri
23warningThe charset attribute on the script element is obsolete.

From line 357, column 410 to line 357, column 611

></script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw" crossorigin="anonymous" src="https://abs.twimg.com/responsive-web/client-web/i18n/en.2dbf7cfa.js"></scri
24warningThe type attribute is unnecessary for JavaScript resources.

From line 357, column 410 to line 357, column 611

></script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw" crossorigin="anonymous" src="https://abs.twimg.com/responsive-web/client-web/i18n/en.2dbf7cfa.js"></scri
25warningThe charset attribute on the script element is obsolete.

From line 357, column 621 to line 357, column 819

></script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw" crossorigin="anonymous" src="https://abs.twimg.com/responsive-web/client-web/main.4baaf26a.js"></scri
26warningThe type attribute is unnecessary for JavaScript resources.

From line 357, column 621 to line 357, column 819

></script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw" crossorigin="anonymous" src="https://abs.twimg.com/responsive-web/client-web/main.4baaf26a.js"></scri
27warningThe charset attribute on the script element is obsolete.

From line 357, column 829 to line 357, column 932

></script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">perfor
28warningThe type attribute is unnecessary for JavaScript resources.

From line 357, column 829 to line 357, column 932

></script><script type="text/javascript" charset="utf-8" nonce="ZDYyNGM0ZDYtMjZmOS00OTU2LTllMTItYzc0YmI5ZTg4YWYw">perfor

 

13. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: a.r10.twtrdns.net, a.u10.twtrdns.net, b.r10.twtrdns.net, b.u10.twtrdns.net, c.r10.twtrdns.net, c.u10.twtrdns.net, d.r10.twtrdns.net, d.u10.twtrdns.net

 

QNr.DomainTypeNS used
1
net
NS
m.root-servers.net (2001:dc3::35)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2
a.r10.twtrdns.net
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: edns101.ultradns.net, ns-1450.awsdns-53.org, ns-1700.awsdns-20.co.uk, ns-370.awsdns-46.com, ns-975.awsdns-57.net

Answer: edns101.ultradns.net
204.74.110.101, 2610:a1:1014::265

Answer: ns-975.awsdns-57.net
205.251.195.207
3
a.u10.twtrdns.net
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: edns101.ultradns.net, ns-1450.awsdns-53.org, ns-1700.awsdns-20.co.uk, ns-370.awsdns-46.com, ns-975.awsdns-57.net

Answer: edns101.ultradns.net
204.74.110.101, 2610:a1:1014::265

Answer: ns-975.awsdns-57.net
205.251.195.207
4
b.r10.twtrdns.net
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: edns101.ultradns.net, ns-1450.awsdns-53.org, ns-1700.awsdns-20.co.uk, ns-370.awsdns-46.com, ns-975.awsdns-57.net

Answer: edns101.ultradns.net
204.74.110.101, 2610:a1:1014::265

Answer: ns-975.awsdns-57.net
205.251.195.207
5
b.u10.twtrdns.net
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: edns101.ultradns.net, ns-1450.awsdns-53.org, ns-1700.awsdns-20.co.uk, ns-370.awsdns-46.com, ns-975.awsdns-57.net

Answer: edns101.ultradns.net
204.74.110.101, 2610:a1:1014::265

Answer: ns-975.awsdns-57.net
205.251.195.207
6
c.r10.twtrdns.net
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: edns101.ultradns.net, ns-1450.awsdns-53.org, ns-1700.awsdns-20.co.uk, ns-370.awsdns-46.com, ns-975.awsdns-57.net

Answer: edns101.ultradns.net
204.74.110.101, 2610:a1:1014::265

Answer: ns-975.awsdns-57.net
205.251.195.207
7
c.u10.twtrdns.net
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: edns101.ultradns.net, ns-1450.awsdns-53.org, ns-1700.awsdns-20.co.uk, ns-370.awsdns-46.com, ns-975.awsdns-57.net

Answer: edns101.ultradns.net
204.74.110.101, 2610:a1:1014::265

Answer: ns-975.awsdns-57.net
205.251.195.207
8
d.r10.twtrdns.net
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: edns101.ultradns.net, ns-1450.awsdns-53.org, ns-1700.awsdns-20.co.uk, ns-370.awsdns-46.com, ns-975.awsdns-57.net

Answer: edns101.ultradns.net
204.74.110.101, 2610:a1:1014::265

Answer: ns-975.awsdns-57.net
205.251.195.207
9
d.u10.twtrdns.net
NS
l.gtld-servers.net (2001:500:d937::30)

Answer: edns101.ultradns.net, ns-1450.awsdns-53.org, ns-1700.awsdns-20.co.uk, ns-370.awsdns-46.com, ns-975.awsdns-57.net

Answer: edns101.ultradns.net
204.74.110.101, 2610:a1:1014::265

Answer: ns-975.awsdns-57.net
205.251.195.207
10
org
NS
d.root-servers.net (2001:500:2d::d)

Answer: a0.org.afilias-nst.info, a2.org.afilias-nst.info, b0.org.afilias-nst.org, b2.org.afilias-nst.org, c0.org.afilias-nst.info, d0.org.afilias-nst.org
11
ns-1450.awsdns-53.org
NS
a0.org.afilias-nst.info (2001:500:e::1)

Answer: g-ns-1080.awsdns-53.org, g-ns-1653.awsdns-53.org, g-ns-181.awsdns-53.org, g-ns-759.awsdns-53.org

Answer: g-ns-1080.awsdns-53.org
205.251.196.56, 2600:9000:5304:3800::1

Answer: g-ns-1653.awsdns-53.org
205.251.198.117, 2600:9000:5306:7500::1

Answer: g-ns-181.awsdns-53.org
205.251.192.181, 2600:9000:5300:b500::1

Answer: g-ns-759.awsdns-53.org
205.251.194.247, 2600:9000:5302:f700::1
12
uk
NS
h.root-servers.net (2001:500:1::53)

Answer: dns1.nic.uk, dns2.nic.uk, dns3.nic.uk, dns4.nic.uk, nsa.nic.uk, nsb.nic.uk, nsc.nic.uk, nsd.nic.uk
13
ns-1700.awsdns-20.co.uk
NS
dns1.nic.uk (2a01:618:400::1)

Answer: g-ns-1495.awsdns-20.co.uk, g-ns-1816.awsdns-20.co.uk, g-ns-340.awsdns-20.co.uk, g-ns-916.awsdns-20.co.uk

Answer: g-ns-1495.awsdns-20.co.uk
205.251.197.215, 2600:9000:5305:d700::1

Answer: g-ns-1816.awsdns-20.co.uk
205.251.199.24, 2600:9000:5307:1800::1

Answer: g-ns-340.awsdns-20.co.uk
205.251.193.84, 2600:9000:5301:5400::1

Answer: g-ns-916.awsdns-20.co.uk
205.251.195.148, 2600:9000:5303:9400::1
14
com
NS
d.root-servers.net (2001:500:2d::d)

Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
15
ns-370.awsdns-46.com
NS
a.gtld-servers.net (2001:503:a83e::2:30)

Answer: g-ns-1198.awsdns-46.com, g-ns-1774.awsdns-46.com, g-ns-47.awsdns-46.com, g-ns-622.awsdns-46.com

Answer: g-ns-1198.awsdns-46.com
205.251.196.174, 2600:9000:5304:ae00::1

Answer: g-ns-1774.awsdns-46.com
205.251.198.238, 2600:9000:5306:ee00::1

Answer: g-ns-47.awsdns-46.com
205.251.192.47, 2600:9000:5300:2f00::1

Answer: g-ns-622.awsdns-46.com
205.251.194.110, 2600:9000:5302:6e00::1
16
ns-1450.awsdns-53.org: 205.251.197.170
A
g-ns-1080.awsdns-53.org (2600:9000:5304:3800::1)
17
ns-1450.awsdns-53.org: 2600:9000:5305:aa00::1
AAAA
g-ns-1080.awsdns-53.org (2600:9000:5304:3800::1)
18
ns-1700.awsdns-20.co.uk: 205.251.198.164
A
g-ns-1495.awsdns-20.co.uk (2600:9000:5305:d700::1)
19
ns-1700.awsdns-20.co.uk: 2600:9000:5306:a400::1
AAAA
g-ns-1495.awsdns-20.co.uk (2600:9000:5305:d700::1)
20
ns-370.awsdns-46.com: 205.251.193.114
A
g-ns-1198.awsdns-46.com (2600:9000:5304:ae00::1)
21
ns-370.awsdns-46.com: 2600:9000:5301:7200::1
AAAA
g-ns-1198.awsdns-46.com (2600:9000:5304:ae00::1)
22
a.r10.twtrdns.net: 205.251.192.179
A
edns101.ultradns.net (2610:a1:1014::265)
23
a.r10.twtrdns.net: No AAAA record found
AAAA
edns101.ultradns.net (2610:a1:1014::265)
24
a.u10.twtrdns.net: 204.74.111.101
A
edns101.ultradns.net (2610:a1:1014::265)
25
a.u10.twtrdns.net: No AAAA record found
AAAA
edns101.ultradns.net (2610:a1:1014::265)
26
b.r10.twtrdns.net: 205.251.196.198
A
edns101.ultradns.net (2610:a1:1014::265)
27
b.r10.twtrdns.net: No AAAA record found
AAAA
edns101.ultradns.net (2610:a1:1014::265)
28
b.u10.twtrdns.net: 205.251.196.198
A
edns101.ultradns.net (2610:a1:1014::265)
29
b.u10.twtrdns.net: No AAAA record found
AAAA
edns101.ultradns.net (2610:a1:1014::265)
30
c.r10.twtrdns.net: 205.251.194.151
A
edns101.ultradns.net (2610:a1:1014::265)
31
c.r10.twtrdns.net: No AAAA record found
AAAA
edns101.ultradns.net (2610:a1:1014::265)
32
c.u10.twtrdns.net: 205.251.194.151
A
edns101.ultradns.net (2610:a1:1014::265)
33
c.u10.twtrdns.net: No AAAA record found
AAAA
edns101.ultradns.net (2610:a1:1014::265)
34
d.r10.twtrdns.net: 205.251.199.195
A
edns101.ultradns.net (2610:a1:1014::265)
35
d.r10.twtrdns.net: No AAAA record found
AAAA
edns101.ultradns.net (2610:a1:1014::265)
36
d.u10.twtrdns.net: 205.251.199.195
A
edns101.ultradns.net (2610:a1:1014::265)
37
d.u10.twtrdns.net: No AAAA record found
AAAA
edns101.ultradns.net (2610:a1:1014::265)

 

14. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.x.com



1
0
x.com
0

no CAA entry found
1
0
com
0

no CAA entry found
1
0

 

15. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
x.com
_w548xs1kfxtlqk3jyx19bzwk34c473i
ok
1
0
x.com
3089463
ok
1
0
x.com
adobe-idp-site-verification=ab4d9ce3473a73e81f46238da34ea4967fd5ac80e5c43fbfa8dff46d06a5321c
ok
1
0
x.com
adobe-sign-verification=c693a744ee2d282a36a43e6e724c5ea
ok
1
0
x.com
apple-domain-verification=sEij6tJOW11fVNrG
ok
1
0
x.com
atlassian-domain-verification=j6u0o1PTkobCXC84uEF/sWpIPtaZURBVYqKzmTvT8wugLcHT1vvrzzA63iP1qSLN
ok
1
0
x.com
atlassian-sending-domain-verification=bd424180-8645-4de5-bd6a-285479c7577a
ok
1
0
x.com
figma-domain-verification=ee8420edd01965ba297f3438c907cfc6fbbaa1ee90a07b28f28bcfca8e6017bb-1729630998
ok
1
0
x.com
google-site-verification=8yQmoVhQedzlt36RPeQP41ytrEFk9aHEnde_xm0626g
ok
1
0
x.com
google-site-verification=F6u9mGL--d2lbLljvH3b1UUgXtevQPdcamKr9c8914A
ok
1
0
x.com
google-site-verification=lEZNYWieV7-UbDJafAm0u_RvNFb7GGqIYWAP4JmG5qs
ok
1
0
x.com
google-site-verification=rbRGYlOADDbtUYJTGd8GEDm0PwPZExviDSaSH4JLR8Q
ok
1
0
x.com
google-site-verification=reUF-TgZq93ZGtzImw42sfYglI2hY0QiGRmfc4jeKbs
ok
1
0
x.com
kkdl3qb3tcrmdhfsm803p67r0my0svs8
ok
1
0
x.com
shopify-verification-code=cUZazKrqCWgcshrcGvgfFR1lieuhRF
ok
1
0
x.com
slack-domain-verification=Csk4bjCPFnJaDLLaKFUwCTFuUpCVvnYlAm2Tba0i
ok
1
0
x.com
stripe-verification=46F7B88485621DC18923B43D12E90E6CDBCE232F2FEBCF084E6EFA91F6BA707D
ok
1
0
x.com
v=spf1 ip4:199.16.156.0/22 ip4:199.59.148.0/22 include:_spf.google.com include:_spf.salesforce.com include:_oerp.x.com include:phx1.rp.oracleemaildelivery.com include:iad1.rp.oracleemaildelivery.com -all
ok
1
0
www.x.com
_w548xs1kfxtlqk3jyx19bzwk34c473i
ok
1
0
www.x.com
3089463
ok
1
0
www.x.com
adobe-idp-site-verification=ab4d9ce3473a73e81f46238da34ea4967fd5ac80e5c43fbfa8dff46d06a5321c
ok
1
0
www.x.com
adobe-sign-verification=c693a744ee2d282a36a43e6e724c5ea
ok
1
0
www.x.com
apple-domain-verification=sEij6tJOW11fVNrG
ok
1
0
www.x.com
atlassian-domain-verification=j6u0o1PTkobCXC84uEF/sWpIPtaZURBVYqKzmTvT8wugLcHT1vvrzzA63iP1qSLN
ok
1
0
www.x.com
atlassian-sending-domain-verification=bd424180-8645-4de5-bd6a-285479c7577a
ok
1
0
www.x.com
figma-domain-verification=ee8420edd01965ba297f3438c907cfc6fbbaa1ee90a07b28f28bcfca8e6017bb-1729630998
ok
1
0
www.x.com
google-site-verification=8yQmoVhQedzlt36RPeQP41ytrEFk9aHEnde_xm0626g
ok
1
0
www.x.com
google-site-verification=F6u9mGL--d2lbLljvH3b1UUgXtevQPdcamKr9c8914A
ok
1
0
www.x.com
google-site-verification=lEZNYWieV7-UbDJafAm0u_RvNFb7GGqIYWAP4JmG5qs
ok
1
0
www.x.com
google-site-verification=rbRGYlOADDbtUYJTGd8GEDm0PwPZExviDSaSH4JLR8Q
ok
1
0
www.x.com
google-site-verification=reUF-TgZq93ZGtzImw42sfYglI2hY0QiGRmfc4jeKbs
ok
1
0
www.x.com
kkdl3qb3tcrmdhfsm803p67r0my0svs8
ok
1
0
www.x.com
shopify-verification-code=cUZazKrqCWgcshrcGvgfFR1lieuhRF
ok
1
0
www.x.com
slack-domain-verification=Csk4bjCPFnJaDLLaKFUwCTFuUpCVvnYlAm2Tba0i
ok
1
0
www.x.com
stripe-verification=46F7B88485621DC18923B43D12E90E6CDBCE232F2FEBCF084E6EFA91F6BA707D
ok
1
0
www.x.com
v=spf1 ip4:199.16.156.0/22 ip4:199.59.148.0/22 include:_spf.google.com include:_spf.salesforce.com include:_oerp.x.com include:phx1.rp.oracleemaildelivery.com include:iad1.rp.oracleemaildelivery.com -all
ok
1
0
_acme-challenge.x.com
6GwKrhPY9sPM6MXRfGkiHhMtzOqpH83gyZp-Q3Q4TPc
looks good, correct length, correct characters
1
0
_acme-challenge.x.com
dSh870PM9aUHbQdLjqv0HPtroHi3qfPY8wKGCh3ib50
looks good, correct length, correct characters
1
0
_acme-challenge.www.x.com
FNpinS5k8wt0djBjDRhBZGdtj6dJLwegAewgoxxlGM4
looks good, correct length, correct characters
1
0
_acme-challenge.x.com.x.com

Name Error - The domain name does not exist
1
0
_acme-challenge.www.x.com.x.com

Name Error - The domain name does not exist
1
0
_acme-challenge.www.x.com.www.x.com

Name Error - The domain name does not exist
1
0

 

16. DomainService - Entries

TypeDomainPrefValueDNS-errornum AnswersStatusDescription
MX

x.com
1
ASPMX.L.GOOGLE.COM
05ok

A


74.125.133.26
01ok

AAAA


2a00:1450:400c:c1f::1b
01ok

CNAME


00ok
MX

x.com
5
ALT2.ASPMX.L.GOOGLE.COM
05ok

A


142.250.147.26
01ok

AAAA


2a00:1450:4025:c01::1a
01ok

CNAME


00ok
MX

x.com
5
ALT1.ASPMX.L.GOOGLE.COM
05ok

A


192.178.213.27
01ok

AAAA


2a00:1450:4013:c1e::1a
01ok

CNAME


00ok
MX

x.com
10
ALT4.ASPMX.L.GOOGLE.COM
05ok

A


172.253.144.26
01ok

AAAA


2404:6800:4003:c24::1b
01ok

CNAME


00ok
MX

x.com
10
ALT3.ASPMX.L.GOOGLE.COM
05ok

A


172.253.130.26
01ok

AAAA


2a00:1450:4010:c20::1b
01ok

CNAME


00ok
SPF
TXT
x.com

v=spf1 ip4:199.16.156.0/22 ip4:199.59.148.0/22 include:_spf.google.com include:_spf.salesforce.com include:_oerp.x.com include:phx1.rp.oracleemaildelivery.com include:iad1.rp.oracleemaildelivery.com -all
ok

TXT
_spf.google.com

v=spf1 include:_netblocks.google.com include:_netblocks2.google.com ~all
ok

TXT
_spf.salesforce.com

v=spf1 exists:%{i}._spf.mta.salesforce.com -all
ok

TXT
_oerp.x.com

v=spf1 ip4:144.34.32.247 ip4:144.34.33.247 ip4:144.34.8.247 ip4:144.34.9.247 -all
ok

TXT
phx1.rp.oracleemaildelivery.com

v=spf1 ip4:162.88.4.0/23 ip4:162.88.25.0/24 ip4:192.29.103.128/25 ip4:208.76.63.0/24 ip4:216.146.32.0/24 ~all
ok

TXT
iad1.rp.oracleemaildelivery.com

v=spf1 ip4:147.154.32.0/25 ip4:162.88.8.0/24 ip4:162.88.24.0/24 ip4:162.88.36.0/24 ip4:208.76.62.0/24 ip4:216.146.33.0/24 ~all
ok

TXT
_netblocks.google.com

v=spf1 ip4:74.125.0.0/16 ip4:209.85.128.0/17 ~all
ok

TXT
_netblocks2.google.com

v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all
ok
_dmarc
TXT
_dmarc.x.com

v=DMARC1; p=reject; rua=mailto:caf935f12c8645b2921b0749d1fcd49e@dmarc-reports.cloudflare.net
ok

TXT
x.com._report._dmarc.dmarc-reports.cloudflare.net

mailto:caf935f12c8645b2921b0749d1fcd49e@dmarc-reports.cloudflare.net
okMail domain unequal current domain. Check required, if there is a confirming _report._dmarc-Record. See RFC 7489, 7.1.

TXT
x.com._report._dmarc.dmarc-reports.cloudflare.net

v=DMARC1;
okConfirmed. Sending reports to external domain is allowed.

				 
			

				 
			
17. Cipher Suites



Skipped, CDN used or too many ip addresses

				 
			
18. Portchecks



No open Ports <> 80 / 443 found, so no additional Ports checked.



				 
			

				 
			

Permalink: https://check-your-website.server-daten.de/?i=a9bfc3d3-28f4-40ac-9291-f8d875012ced

				 
			


Last Result: https://check-your-website.server-daten.de/?q=x.com - 2026-01-06 02:59:05

				 
			
Do you like this page? Support this tool, add a link on your page:

				 
			
<a href="https://check-your-website.server-daten.de/?q=x.com" target="_blank">Check this Site: x.com</a>

				 
			

				 
			


Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro

				 
			
QR-Code of this page - https://check-your-website.server-daten.de/?d=x.com

				 
			

				 
			



Jürgen Auer • Friedenstr. 37 • 10249 Berlin • +49(0)30 420 200 60 • info@sql-und-xml.de • 
USt-IdNr.: DE221734518

				 
			


Errors, ideas, questions? Use the 
Contact form • A project using

Server-Daten - Web Database solutions