Check DNS, Urls + Redirects, Certificates and Content of your Website

0 in Queue, 0 of max. 8 Checks (04:35:17)
Why should you only use Prefix - Cookies? |
Hall of Fame - A+ and A
Short FAQ show Started 2023-12-27: Checks switched from .NET.4.8 Framework (Windows) to .NET.8.0 (global). New return values and error messages are visible, some new bugs.
2024-01-02: Now this website runs with NET.8. New bugs are possible! 2024-01-20: Switched back, now again NET.8.

  • How do I use that tool?

    • Insert a valid domain name, without http:// or https://, without www:
      • yourdomain.com
      If you check a domain name, non-www and www (if defined), http and https is checked.
    • Add a port or / and a file and path:
      • yourdomain.com:5001
      • yourdomain.com/subfolder-of-your-domain
      • yourdomain.com/subfolder/file-to-check.html
      • yourdomain.com:5001/subfolder/file-to-check.html
    • If a port is added, http / https of that port is checked. Never add mail ports. Your mail port isn't a http/https-port.
    • Insert a valid / public ipv4- or ipv6-address:
      • 1.1.1.1
      • 2a01:238:301b::1226
      • ipv6 with port:
        [2a01:238:301b::1226]:443
    • If you check an ip address, you may add your domain name in the "hostname" field.
      That's helpful if your domain has an ipv4-address and if you want to add an ipv6-address.
      You can check your ipv6-address without having an AAAA-record in your DNS.
      Checking ip addresses no DNS-checks are done -> that's very short and helpful, if your name server is buggy / slow.
      Sample: https://check-your-website.server-daten.de/?q=2a01:238:301b::1226&h=www.server-daten.de - Grade A.
  • Never check _acme-challenge - Subdomains. That's a valid dns name, but not a valid domain name, because it starts with a "_". So it's impossible to connect that subdomain via http / https. Check your main domain example.com. The _acme-challenge.example.com TXT entry ist checked, see the TXT part.
  • If you check a port, normally one check (http or https) is wrong. Ignore that wrong result. Typical programs use only one protocol with one port. There are some programs (Ookla Speedtest, VestaCP, WebMin) who are able to use one port with both protocols http/https.
  • Insert a valid Internationalized Domain Name (IDN)
    • First click: The IDN is transformed to the xn-- version.
    • Second click: The check starts with the xn-- version.
    • The result of an IDN-check shows both versions.
  • Sometimes special code parts are updated. That requires, that no check is running. So new jobs are added to the Queue, but not executed (max. 0 Checks). Wait some minutes.
  • QR Code of your domain name required? Double-click in the text box.

  • Which Grade should I have, if the domain name has a website?

    • If it is your first certificate: Grade B without HSTS and without Cookie errors. Yes, without HSTS, don't add HSTS if it's your first certificate.
    • If your certificate renew works: Grade A with HSTS. If your certificate renew really works, you may add the domain to the Google Preload list. Then browsers use always https to connect your domain. That's Grade A+.
    • Short:
      Fatal:
      • Domain doesn't end with a public suffix, isn't registered, private ip addresses are defined (Z, U, Y).
      • Port 80 and port 443 must answer, no TCP-errors (V, W), Timeouts (T), Server Errors (S)
      • No global SSL error or only Tls.1.3 (P), http over port 443 or https over port 80 (Q)
      • All certificates are valid (no N), no misconfiguration (M), no wrong redirects (R)
      • No old/weak connection or insecure Cipher Suites (O), no Loop (L), no different ip addresses of the same domain name with different answers (K)
      • No mixed content / missing resources, errors in svg definitions etc. (I)
      If you have one of these errors, users may have problems using your site.
      Better:
      • No http result (H)
      • Correct redirects (no F, E, D)
      • If non-www + www is defined: One destination (no C)
      • No cookies via http or cookie errors, all https cookies secure, SameSite-Attribute (B without warnings)
      • If HSTS is defined: No HSTS-parse errors
  • If you use HSTS and your certificate is invalid (wrong domain name, expired, revoked), visitors can't create an exception in their browser. So it's impossible to visit your site. HSTS requires an always valid certificate, so you shouldn't add HSTS if you don't know your certificate renew works.

    But if the certificate renew works, HSTS + Preload is an amazing feature. Browsers connect your domain only via https, so it's impossible to add cookies via http.

  • If your domain is preloaded: That means, your domain is in the alpha source code of Chrome included. Beta follows, then the stable version, two months. Check chrome://net-internals/#hsts - there "Query HSTS/PKP domain". Use server-daten.de to see the output of a preloaded domain, compare it with your domain. If you see "Not found", you have to wait some weeks.

  • I dont't run a website, I want to check my mail server ...

  • May be you have a pure mail server without a website. Then check it.
  • All standard mail ports are checked: 25, 110, 143, 465, 587, 993, 995. With their certificates, port 25 / 587 via STARTTLS.
  • See the Connections- and the Portcheck-Part.
  • Check your mail server Cipher Suites: Port 25, 465, 587, 993, 995.
  • Port 25 / 587 have an additional Open-Relay-Check. That's tested after switching to TLS via STARTTLS.
  • Some informations are domain-specific. If you check mail.yourdomain.net, you won't see a MX-result (because you don't have own MX entries with mail.yourdomain.net). Instead check yourdomain.net.
  • The result-calculation is website-specific. If you check a pure mail server without port 80 / 443, ignore the grade.
  • Don't check your mail ports directly, yourdomain.com:25, yourdomain.com:465 etc. is always wrong. Your mail port isn't a http- or https-port. To check your mail ports, check yourdomain.com

  • Cipher Suites...

  • 219 Cipher Suites are checked with an own-compiled OpenSsl-Version 1.1.1 (started 2022-08-09). That works with ipv4 and ipv6
  • That version checks some old and normally deactivated ciphers: RC4, -NULL-, anonymous ciphers.
  • 15 additional Ciphers are checked with the old OpenSsl 0.9.8. Ciphers with MD5, Export-Ciphers. That doesn't work with IPv6. These Ciphers are removed in OpenSsl 1.0.2.
  • Official versions: 1.1.1 doesn't check weak ciphers, 1.0.2 doesn't work with ipv6. Using these official versions it was impossible to check ipv6 with RC4 / -NULL- / anon.
  • Check of one combination Domain + IP + Port: Max. 60 - 120 seconds. Longer: Your configuration is too slow or you use too much Cipher Suites. Max. 10 - 20 are required. Half of all Cipher Checks need max. 120 seconds, 2 checks per second.
  • Ssl2 / Ssl3 active, insecure Ciphers or missing FS (Forward Secrecy) - Grade O. That's a global server configuration, so all ports are used to calculate the result.
  • Older results are not recalculated, so you may see results Grade B + no FS etc.


A+
 Top + Preload
695
A
 Top
2842
B
 no HSTS, unsecure Cookies
12553
C
 Many http status 200
6698
D
 redir http ⇒ http
628
E
 http ⇒ https other domain
6214
F
 https ⇒ http
954
H
 result http
7632
I
 Content problems
19642
J
 General Configuration
2003
K
 ip addresses with diff. status
195
L
 Loop - fatal
3836
M
 Misconfiguration
6585
N
 Certificate not trusted
81507
O
 old connection
7915
P
 Tls-Protocol error
5937
Q
 http sent over port 443
5436
R
 redir not existing domain
1040
S
 Server error (500)
10105
T
 Timeout
46737
U
 Unknown - no dns / wrong IDN
15630
V
 Connect failure
39272
W
 wrong Web-Response
8826
X
 DNS-problem Nameserver
55515
Y
 private IP
6732
Z
 private, tld not in PSL
3427

running jobs
0

Queue
0
#
error
0

started2018-10-272,033 days

Domains176.37 / day 358,557

last 24 hDom./Checks104/118

Checks264.31 / day 537,338

Current

nitter.poast.org
X
rentarecruiter.co.uk
F
mail.serha.gov.jm
X
oboticario.showkase.com.br
X
erp.grupoemega.com
X
wipopublish.ipophil.gov.ph
N
snapchat.com/t/wuxkbwxm
O-
cia.gov.edgekey.net
X
tntcraft.me
T
aior.dev
N
oz-ospf-net.stanford.edu
Y
horizonswb.com
N
testing.signifly.com
U
westcoastaerospace.com
N
ubilogix.com
N
falconepr.blogdns.org:4433
N
code.d3vr.de
U
d3vr.de
X
spesetop.ddns.net
X
135.125.239.20
P
bringmefriends.com
P
pedidos.guisason.co
N
superapp.ethiomobilemoney.et
T
el3.biz
V
xnxx.netxnxx.com
U
meurh.sicoobsp.coop.br
T
whatweather.today
C
comnetsa.com
X
portalcgm.riobranco.ac.gov.br
X
ha0314.duckdns.org
P
info.swsu.ru
X
demo.lomin.ai
U
104.181.146.77
T
recruiting.cargorunnerco.com
T
_acme-challenge.gspro.com.tw
X

Good

server-daten.de
A+
inswalst.com
A
cosmicmeta.io
A
pma.fti.ukdw.ac.id
A
whatweather.today
C
asamel.com
C
onartstructures.com
E
levchin.com
E
rentarecruiter.co.uk
F
accounts.dmm.com
H
dev.answeringlegal.com
I
filmowo.club
I
shubhyadav.tech
I
ukdw.ac.id
I
stfnews.com
I
aliciahebi.com
L
skibidilive.pw
M
wipopublish.ipophil.gov.ph
N
aior.dev
N
horizonswb.com
N
westcoastaerospace.com
N
ubilogix.com
N
falconepr.blogdns.org:4433
N
pedidos.guisason.co
N
yoanvallet.com
N
our-cause.org
N
simvw.com.br
N
dev.answeringlegalapp.com
N
94.152.156.22
N
imperialmortgagebank.com
N
a.chargebackautomation.com
N
test2.etl.addinn-group.com
N
xadow.us.to
N
query.tech.openmesh.network
N
187876.s480.storage.cloud.rt.ru
N

Worst

oz-ospf-net.stanford.edu
Y
fritz92-acasa24.dynv6.net
Y
siteweb1.fr
Y
nitter.poast.org
X
mail.serha.gov.jm
X
oboticario.showkase.com.br
X
erp.grupoemega.com
X
cia.gov.edgekey.net
X
d3vr.de
X
spesetop.ddns.net
X
comnetsa.com
X
portalcgm.riobranco.ac.gov.br
X
info.swsu.ru
X
_acme-challenge.gspro.com.tw
X
hiwaralssaea.com
X
templi.sk
X
ca-tls.r9.blockchain.foodrus.eu
X
paz.vds.nest.vn.ua
X
pveh10.myddns.me
X
devmail.ru
X
singhlabs.co.in
X
metabase.volologistica.com
X
relaunch.interregnum.live
X
take99.com
X
blockchain.foodrus.eu
X
loginqa.kloudconnect.com.au
X
mysocks.co.uk
X
el3.biz
V
ocsp.external.lmco.com
V
test.virasmart.co
V
dorianrossiaud-portfolio.ovh
V
bits.linode.com
V
karlaelliott.com
V
testing.signifly.com
U
code.d3vr.de
U
Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/" target="_blank">Check your Website</a>

Do you really want to support this project? Donate: Check-your-website, IBAN DE98 1001 0010 0575 2211 07, SWIFT/BIC PBNKDEFF, Euro


Jürgen Auer • Friedenstr. 37 • 10249 Berlin • +49(0)30 420 200 60 • info@sql-und-xml.de • USt-IdNr.: DE221734518

Errors, ideas, questions? Use the Contact form • A project using Server-Daten - Web Database solutions


两个鬼故事梦见死鱼东莞起名高新喷涂有限公司霸气村幼儿园各班创意起名纳吉尼按生辰八字公司起名字软件公司起名大全1000元投资重生之毒妃属牛晟字起名劳务公司起名大全一人得道刘起名字男100分千秋诸葛我评说一个勺子下载宝贝英文起名大全带口的字用起名帝国时代2hd人们互相关爱的作文别墅设计说明绝世高手陈扬的最快更新公众号名字怎么起姓顾和刘姓一起起什么名字凯申物流免费起名大全网打分王名怎么起名字湖南卫视在线看两女一个杯子图片种子是什么意思给宝宝起乳名男孩吗少年生前被连续抽血16次?多部门介入两大学生合买彩票中奖一人不认账让美丽中国“从细节出发”淀粉肠小王子日销售额涨超10倍高中生被打伤下体休学 邯郸通报单亲妈妈陷入热恋 14岁儿子报警何赛飞追着代拍打雅江山火三名扑火人员牺牲系谣言张家界的山上“长”满了韩国人?男孩8年未见母亲被告知被遗忘中国拥有亿元资产的家庭达13.3万户19岁小伙救下5人后溺亡 多方发声315晚会后胖东来又人满为患了张立群任西安交通大学校长“重生之我在北大当嫡校长”男子被猫抓伤后确诊“猫抓病”测试车高速逃费 小米:已补缴周杰伦一审败诉网易网友洛杉矶偶遇贾玲今日春分倪萍分享减重40斤方法七年后宇文玥被薅头发捞上岸许家印被限制高消费萧美琴窜访捷克 外交部回应联合利华开始重组专访95后高颜值猪保姆胖东来员工每周单休无小长假男子被流浪猫绊倒 投喂者赔24万小米汽车超级工厂正式揭幕黑马情侣提车了西双版纳热带植物园回应蜉蝣大爆发当地回应沈阳致3死车祸车主疑毒驾恒大被罚41.75亿到底怎么缴妈妈回应孩子在校撞护栏坠楼外国人感慨凌晨的中国很安全杨倩无缘巴黎奥运校方回应护栏损坏小学生课间坠楼房客欠租失踪 房东直发愁专家建议不必谈骨泥色变王树国卸任西安交大校长 师生送别手机成瘾是影响睡眠质量重要因素国产伟哥去年销售近13亿阿根廷将发行1万与2万面值的纸币兔狲“狲大娘”因病死亡遭遇山火的松茸之乡“开封王婆”爆火:促成四五十对奥巴马现身唐宁街 黑色着装引猜测考生莫言也上北大硕士复试名单了德国打算提及普京时仅用姓名天水麻辣烫把捣辣椒大爷累坏了

两个鬼故事 XML地图 TXT地图 虚拟主机 SEO 网站制作 网站优化