www.htmlyse.com - Home

Test DNS, SSL/TLS, HTTP and HTML

Test results for htmlyse.com

Scanned on: Sat May 10 11:04:46 2025 GMT. Tested in 80 seconds

DNS Report

DNSSEC                 offered (OK)
Zone transfer (AXFR)   not allowed (OK)
CAA Record             offered (OK)
SPF Record             offered (OK)
DMARC Record           offered (OK)
MTA-STS                offered (OK)
TLSRPT Record          offered (OK)

Raw DNS Records

Name TTL Type Data
htmlyse.com 1800 SOA dara.ns.cloudflare.com dns @ cloudflare.com 2371865972 10000 2400 604800 1800
htmlyse.com 86400 NS dara.ns.cloudflare.com, IPv4: 173.245.58.91, IPv6: 2606:4700:50:0:0:0:adf5:3a5b
htmlyse.com 86400 NS tim.ns.cloudflare.com, IPv4: 173.245.59.145, IPv6: 2606:4700:58:0:0:0:adf5:3b91
htmlyse.com 300 A 87.106.157.195
htmlyse.com 300 CAA 0 issue comodoca.com
htmlyse.com 300 CAA 0 issue digicert.com; cansignhttpexchanges=yes
htmlyse.com 300 CAA 0 issue globalsign.com
htmlyse.com 300 CAA 0 issue letsencrypt.org
htmlyse.com 300 CAA 0 issue pki.goog; cansignhttpexchanges=yes
htmlyse.com 300 CAA 0 issue ssl.com
htmlyse.com 300 CAA 0 issuewild comodoca.com
htmlyse.com 300 CAA 0 issuewild digicert.com; cansignhttpexchanges=yes
htmlyse.com 300 CAA 0 issuewild letsencrypt.org
htmlyse.com 300 CAA 0 issuewild pki.goog; cansignhttpexchanges=yes
htmlyse.com 300 CAA 0 issuewild ssl.com
htmlyse.com 300 MX 10 mx00.kundenserver.de
htmlyse.com 300 MX 10 mx01.kundenserver.de
htmlyse.com 300 TXT v=spf1 include:_spf.perfora.net include:_spf.kundenserver.de a:www.htmlyse.com -all
_dmarc.htmlyse.com 300 TXT v=DMARC1;p=reject;rua= mailto : admin @ htmlyse.com;
_mta-sts.htmlyse.com 300 TXT v=STSv1; id=68746D6C79736568
_smtp._tls.htmlyse.com 300 TXT v=TLSRPTv1; rua= mailto : admin @ htmlyse.com
mta-sts.htmlyse.com 300 A 87.106.157.195
www.htmlyse.com 300 A 87.106.157.195

SSL/TLS Report

 A record via            supplied IP "87.106.157.195"
 rDNS (87.106.157.195):  www.htmlyse.com.
 Service detected:       HTTP


 SSL/TLS protocols 
 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   h2, http/1.1 (advertised)
 ALPN/HTTP2 h2, http/1.1 (offered)

 SSL/TLS server implementation bugs 

 No bugs found.

 Cipher categories 

 NULL ciphers (no encryption)                  not offered (OK) -- NULL:eNULL
 Anonymous NULL Ciphers (no authentication)    not offered (OK) -- aNULL:ADH
 Export ciphers (w/o ADH+NULL)                 not offered (OK) -- EXPORT:!ADH:!NULL
 LOW: 64 Bit + DES encryption (w/o export)     not offered (OK) -- LOW:DES:!ADH:!EXP:!NULL
 Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    not offered (OK) -- MEDIUM:!aNULL:!AES:!CAMELLIA:!ARIA:!CHACHA20:!3DES
 Triple DES Ciphers (Medium)                   not offered (OK) -- 3DES:!aNULL:!ADH
 High encryption (AES+Camellia, no AEAD)       not offered -- HIGH:!NULL:!aNULL:!DES:!3DES:!AESGCM:!CHACHA20:!AESGCM:!CamelliaGCM:!AESCCM8:!AESCCM
 Strong encryption (AEAD ciphers)              offered (OK) -- AESGCM:CHACHA20:AESGCM:CamelliaGCM:AESCCM8:AESCCM


 Robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 

 PFS is offered (OK)          TLS_AES_256_GCM_SHA384 
                              TLS_CHACHA20_POLY1305_SHA256 
                              ECDHE-ECDSA-CHACHA20-POLY1305 
                              TLS_AES_128_GCM_SHA256 
                              ECDHE-ECDSA-AES128-GCM-SHA256 
 Elliptic curves offered:     prime256v1 secp384r1 secp521r1 X25519 X448 


 Server preferences 

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.3
 Negotiated cipher            TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Cipher order
    TLSv1.2:   ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 
    TLSv1.3:   TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 
               TLS_AES_128_GCM_SHA256 


 Server defaults (Server Hello) 

 TLS extensions (standard)    "renegotiation info/#65281" "server name/#0"
                              "EC point formats/#11" "session ticket/#35"
                              "next protocol/#13172" "supported versions/#43"
                              "key share/#51" "supported_groups/#10"
                              "max fragment length/#1"
                              "application layer protocol negotiation/#16"
                              "extended master secret/#23"
 Session Ticket RFC 5077 hint 43200 seconds, session tickets keys seems to be rotated < daily
 SSL Session ID support       yes
 Session Resumption           Tickets: yes, ID: yes
 TLS clock skew               Random values, no fingerprinting possible 
 Signature Algorithm          ECDSA with SHA384
 Server key size              EC 256 bits
 Server key usage             Digital Signature
 Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
 Serial / Fingerprints        06F0F5A1C0229D0244D4DE4F681C41B68C14 / SHA1 23BD371C002E9AE04035BF874E57A5A0C3DA73EF
                              SHA256 9F9CDE90FD42E0E17D3A6B48B32BD89A7373634D4A6D692E77F0D62810BD1E94
 Common Name (CN)             www.htmlyse.com
 subjectAltName (SAN)         www.htmlyse.com 
 Issuer                       E6 (Let's Encrypt from US)
 Trust (hostname)             certificate does not match supplied URI (same w/o SNI)
 Chain of trust               Ok   
 EV cert (experimental)       no 
 Certificate Validity (UTC)   89 >= 60 days (2025-05-10 09:53 --> 2025-08-08 09:52)
 # of certificates provided   6
 Certificate Revocation List  http://e6.c.lencr.org/21.crl
 OCSP URI                     --
 OCSP stapling                not offered
 OCSP must staple extension   --
 DNS CAA RR (experimental)    available - please check for match with "Issuer" above
                              issue=comodoca.com, issue=digicert.com;,
                              issue=globalsign.com, issue=letsencrypt.org,
                              issue=pki.goog;, issue=ssl.com,
                              issuewild=comodoca.com, issuewild=digicert.com;,
                              issuewild=letsencrypt.org, issuewild=pki.goog;,
                              issuewild=ssl.com
 Certificate Transparency     yes (certificate extension)


 HTTP header response @ "/" 

 HTTP Status Code             301 Moved Permanently, redirecting to "https://www.htmlyse.com/"
 HTTP clock skew              0 sec from localtime
 Strict Transport Security    730 days=63072000 s, includeSubDomains, preload
 Public Key Pinning           3 keys, 1 s = 0 days (< 2592000 s = 30 days is not good enough), includeSubDomains
                   Host cert: ihayW/L1yS/QcF1C42q+kvOzRAF4eyACmOruFKs8rsA
                   Backups:   B6YXA7gyeIPUPUiudhXOWmzCl6k4Rq4slTkRSgBZO/4
                              U/pCLCPTSyCwvUeXePqytY685slnSbQwXIg2+tdwOQw
 Server banner                (no "Server" line in header, interesting!)
 Application banner           --
 Cookie(s)                    (none issued at "/") -- maybe better try target URL of 30x
 Security headers             X-Frame-Options SAMEORIGIN
                              X-XSS-Protection 1; mode=block
                              X-Content-Type-Options nosniff
                              Content-Security-Policy default-src 'none'; upgrade-insecure-requests;
                              img-src 'self' https://www.google-analytics.com/
                              https://stats.g.doubleclick.net/
                              https://www.google.com/; form-action 'self'
                              https://www.htmlyse.com/htmlyse; frame-ancestors
                              'self'; base-uri 'self'; style-src 'self';
                              font-src 'self'; connect-src 'self'; object-src
                              'none'; script-src 'self'
                              https://www.google-analytics.com/;
                              Expect-CT max-age=63072000,
                              report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                              Referrer-Policy no-referrer-when-downgrade, strict-origin-when-cross-origin
                              X-UA-Compatible IE=edge
 Reverse Proxy banner         --


 SSL/TLS vulnerabilities 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)
 ROBOT                                     Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible, no protocol below TLS 1.2 offered (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
 BEAST (CVE-2011-3389)                     no SSL3 or TLS1 (OK)
 LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


 Tested 370 ciphers, ordered by encryption strength 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                             
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256                             
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 256   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            


 Ciphers per protocol, ordered by encryption strength 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
TLS 1.3  
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                             
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256                             
TLS 1.2  
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 256   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            
TLS 1.1  
TLS 1  
SSLv3  
SSLv2  

 Client simulations 

 Android 2.3.7                No connection
 Android 4.0.4                No connection
 Android 4.1.1                No connection
 Android 4.2.2                No connection
 Android 4.3                  No connection
 Android 4.4.2                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 5.0.0                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 6.0                  TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 7.0 (native)         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 8.1 (native)         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Android 9.0 (native)         TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Android 10.0 (native)        TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Android 11 (native)          TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Android 12 (native)          TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Chrome 27 Win 7              No connection
 Chrome 28 Win 7              No connection
 Chrome 29 Win 7              No connection
 Chrome 30 Win 7              No connection
 Chrome 31 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 32 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 33 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 34 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 35 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 36 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 37 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 39 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 40 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 42 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 43 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 45 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 47 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 48 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 49 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 49 XP SP3             No connection
 Chrome 50 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Chrome 51 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Chrome 57 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Chrome 65 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Chrome 70 Win 10             TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Chrome 73 (Win 10)           TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Chrome 74 (Win 10)           TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Chrome 78 (Win 10)           TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Chrome 79 (Win 10)           TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Chrome 101 (Win 10)          TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Firefox 10.0.12 ESR Win 7    No connection
 Firefox 17.0.7 ESR Win 7     No connection
 Firefox 21 Fedora 19         No connection
 Firefox 21 Win 7             No connection
 Firefox 22 Win 7             No connection
 Firefox 24.2.0 ESR Win 7     No connection
 Firefox 24 Win 7             No connection
 Firefox 26 Win 8             No connection
 Firefox 27 Win 8             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 29 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 30 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 31.3.0 ESR Win 7     TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 31 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 32 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 34 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 35 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 37 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 39 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 41 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 42 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 44 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 45 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 46 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 47 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 49 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 49 XP SP3            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 53 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Firefox 59 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Firefox 62 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Firefox 66 (Win 8.1/10)      TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Firefox 71 (Win 10)          TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Firefox 100 (Win 10)         TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 IE 6 XP                      No connection
 IE 7 Vista                   No connection
 IE 8-10 Win 7                No connection
 IE 8 Win 7                   No connection
 IE 8 XP                      No connection
 IE 9 Win 7                   No connection
 IE 10 Win Phone 8.0          No connection
 IE 11 Win 7                  TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win 8.1                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1          TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1 Update   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win 10                 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win 10 Preview         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 12 Win 10               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 13 Win 10               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 13 Win Phone 10         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 15 Win 10               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Edge 17 (Win 10)             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Edge 101 Win 10 21H2         TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Opera 12.15 Win 7            No connection
 Opera 15 Win 7               No connection
 Opera 16 Win 7               No connection
 Opera 17 Win 7               No connection
 Opera 60 (Win 10)            TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Opera 65 (Win 10)            TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Opera 66 (Win 10)            TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Safari 5.1.9 OS X 10.6.8     No connection
 Safari 5 iOS 5.1.1           No connection
 Safari 6.0.4 OS X 10.8.4     No connection
 Safari 6 iOS 6.0.1           No connection
 Safari 7 iOS 7.1             No connection
 Safari 7 OS X 10.9           No connection
 Safari 8 iOS 8.0 Beta        No connection
 Safari 8 iOS 8.4             No connection
 Safari 8 OS X 10.10          No connection
 Safari 9 iOS 9               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 9 OS X 10.11          TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 10 iOS 10             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 10 OS X 10.12         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 12.1 (iOS 12.2)       TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Safari 12.1 (macOS 10.13.6)  TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Safari 13.0 (macOS 10.14.6)  TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Safari 15.4 (macOS 12.3.1)   TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Apple ATS 9 iOS 9            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Tor 17.0.9 Win 7             No connection
 Java 6u45                    No connection
 Java 7u25                    No connection
 Java 8b132                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u111                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u161                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u31                    TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 9.0.4                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 11.0.2 (OpenJDK)        TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
 Java 12.0.1 (OpenJDK)        TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit ECDH (P-256)
 Java 17.0.3 (OpenJDK)        TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 go 1.17.8                    TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 LibreSSL 2.8.3 (Apple)       TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 OpenSSL 0.9.8y               No connection
 OpenSSL 1.0.1h               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 OpenSSL 1.0.1l               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 OpenSSL 1.0.2e               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 OpenSSL 1.1.0j (Debian)      TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 OpenSSL 1.1.0l (Debian)      TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 OpenSSL 1.1.1b (Debian)      TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 OpenSSL 1.1.1d (Debian)      TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 OpenSSL 3.0.3 (git)          TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Apple Mail (16.0)            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Thunderbird (60.6)           TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Thunderbird (68.3)           TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Thunderbird (91.9)           TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Baidu Jan 2015               No connection
 BingBot Dec 2013             No connection
 BingPreview Dec 2013         No connection
 BingPreview Jan 2015         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 BingPreview Jun 2014         No connection
 Yahoo Slurp Jan 2015         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Googlebot Feb 2015           TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Googlebot Feb 2018           TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Googlebot Jun 2014           No connection
 Googlebot Oct 2013           No connection
 Yahoo Slurp Jun 2014         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Yahoo Slurp Oct 2013         No connection
 YandexBot 3.0                No connection
 YandexBot Jan 2015           TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 YandexBot May 2014           No connection
 YandexBot Sep 2014           TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)

Security HTTP Headers

HTTP Strict Transport Security (HSTS)   offered (OK)
Content Security Policy (CSP)           offered (OK)
X-Frame-Options                         offered (OK)
X-XSS-Protection                        offered (OK)
X-Content-Type-Options                  offered (OK)
Expect-CT                               offered (OK)
Referrer Policy                         offered (OK)
Feature Policy                          offered (OK)
Web Server Version Disclosure           not offered (OK)
Web Application Disclosure              not offered (OK)
HTTP Public Key Pins (HPKP)             offered, deprecated

Connection Performance
Keep Alive Connection                   offered (OK)
Content Encoding (Compression)          offered (Brotli) OK, for static pages or if no secrets in the page

Raw HTTP Headers

HTTP/1.1 200 OK
Connection keep-alive
Content-Encoding br
Content-Length 2475
Content-Security-Policy default-src 'none'; upgrade-insecure-requests; img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/; form-action 'self' https://www.htmlyse.com/htmlyse; frame-ancestors 'self'; base-uri 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/;
Content-Type text/html; charset=UTF-8
Date Sat, 10 May 2025 11:03:26 GMT
Expect-CT max-age=63072000, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Feature-Policy midi 'none'; accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Public-Key-Pins pin-sha256="ihayW/L1yS/QcF1C42q+kvOzRAF4eyACmOruFKs8rsA="; pin-sha256="B6YXA7gyeIPUPUiudhXOWmzCl6k4Rq4slTkRSgBZO/4="; pin-sha256="U/pCLCPTSyCwvUeXePqytY685slnSbQwXIg2+tdwOQw="; max-age=1; includeSubDomains
Referrer-Policy no-referrer-when-downgrade, strict-origin-when-cross-origin
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
Vary Accept-Encoding
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-UA-Compatible IE=edge
X-XSS-Protection 1; mode=block

Cleaned HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Test DNS, SSL/TLS, HTTP and HTML at htmlyse.com</title>
<base href="https://www.htmlyse.com/" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1" />
<meta name="description" content="Website tune-up made easy with htmlyse, a tool for checking your website's DNS, SSL/TLS security, HTTP headers and cleaning up HTML source." />
<link rel="stylesheet" href="https://www.htmlyse.com/css/style7.css" integrity="sha256-Gd+NGHMNlH1Ubqj6giuVn6Qt9f9i3JPA+Ja0yrNfQUE=" />
<link rel="icon" type="image/png" href="https://www.htmlyse.com/apple-touch-icon.png" />
<link rel="apple-touch-icon" sizes="180x180" href="https://www.htmlyse.com/apple-touch-icon.png" />
<meta name="twitter:site" content="@htmlyse" />
<meta name="twitter:creator" content="@htmlyse" />
<meta name="twitter:card" content="summary_large_image" />
<meta property="og:site_name" content="htmlyse.com - website tune-up" />
<meta property="og:title" content="Test DNS, SSL/TLS, HTTP and HTML at htmlyse.com" />
<meta property="og:description" content="Website tune-up made easy with htmlyse, a tool for checking your website's DNS, SSL/TLS security, HTTP headers and cleaning up HTML source." />
<meta property="og:url" content="https://www.htmlyse.com/" />
<meta property="og:image" content="https://www.htmlyse.com/img/htmlyse.png" />
<meta property="og:type" content="article" />
</head>
<body>
<div id="hctp"></div>
<div class="headnav">
<header>
<h1><a href="https://www.htmlyse.com/"><img title="Website Tune-Up Made Easy" src="https://www.htmlyse.com/img/logo.png" alt="www.htmlyse.com - Home" width="588" height="140" /></a></h1>
</header>
<nav>
<ul>
<li class="lfirst"><a href="https://www.htmlyse.com/" title="htmlyse.com - Home Page">Home</a></li>
<li><a href="https://www.htmlyse.com/info/cookies" title="Cookies Settings and Policy">Cookies</a></li>
<li><a href="https://www.htmlyse.com/info/privacy" title="Privacy Policy">Privacy</a></li>
<li><a href="https://www.htmlyse.com/info/terms" title="Terms of Service">Terms</a></li>
<li class="llast"><a href="#">Contact</a></li>
</ul>
</nav>
</div>
<section class="qform">
<h2>Test DNS, SSL/TLS, HTTP and HTML</h2>
<article>
<form action="https://www.htmlyse.com/htmlyse" method="post"><input type="text" title="Enter a valid domain" placeholder="enter address here e.g. www.htmlyse.com" name="d" value="" /> <button type="submit">Test Domain</button></form>
</article>
</section>
<div class="margin">
<section class="demos">
<h2 class="tcenter">Test results demos</h2>
<br />
<article>
<div><a href="https://www.htmlyse.com/htmlyse/dnslookup.org">dnslookup.org</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/secure64.com">secure64.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/ns1.com">ns1.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/ssllabs.com">ssllabs.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/htbridge.com">htbridge.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/howsmyssl.com">howsmyssl.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/tls13.mitm.watch">tls13.mitm.watch</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/htmlyse.com">htmlyse.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/mail-tester.com">mail-tester.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/report-uri.com">report-uri.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/gtmetrix.com">gtmetrix.com</a></div>
</article>
<article>
<div><a href="https://www.htmlyse.com/htmlyse/dyn.com">dyn.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/netgate.com">netgate.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/comodo.com">comodo.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/w3.org">w3.org</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/w3schools.com">w3schools.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/badssl.com">badssl.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/dnsmadeeasy.com">dnsmadeeasy.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/hackertarget.com">hackertarget.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/loadimpact.com">loadimpact.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/internet.nl">internet.nl</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/tools.geekflare.com">tools.geekflare.com</a></div>
</article>
<article>
<div><a href="https://www.htmlyse.com/htmlyse/dnsstuff.com">dnsstuff.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/ultratools.com">ultratools.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/uptrends.com">uptrends.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/checktls.com">checktls.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/whatsmydns.net">whatsmydns.net</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/tools.keycdn.com">tools.keycdn.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/sslchecker.com">sslchecker.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/wolfssl.com">wolfssl.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/mxtoolbox.com">mxtoolbox.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/viewdns.info">viewdns.info</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/dotcom-tools.com">dotcom-tools.com</a></div>
</article>
<article>
<div><a href="https://www.htmlyse.com/htmlyse/opendns.com">opendns.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/openssl.com">openssl.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/dnsperf.com">dnsperf.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/quad9.net">quad9.net</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/letsencrypt.org">letsencrypt.org</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/pentest-tools.com">pentest-tools.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/robotattack.org">robotattack.org</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/github.com">github.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/varvy.com">varvy.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/dnsspy.io">dnsspy.io</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/zonemaster.iis.se">zonemaster.iis.se</a></div>
</article>
</section>
<section>
<h2 class="tcenter">What we are testing?</h2>
<article>
<div class="rpblock rpblocky">
<div class="rptitle rptitley">
<h3>Domain Name System (DNS)</h3>
</div>
<div class="rpbody">Your visit to a website on the Internet begins with a DNS request. Your browser sends a query to the Domain Name Server requesting the IP address of the website you are visiting. If the resolution of the IP address fails for some reason, you cannot connect to that website. Our DNS scanner helps you identify problems and achieve a good DNS server configuration. You can analyse the following DNS lookups: SOA, NS, A, AAAA, CAA, MX, TXT and CNAME.</div>
</div>
</article>
<article>
<div class="rpblock rpblocky">
<div class="rptitle rptitley">
<h3>Secure Sockets Layer (SSL) and Transport Layer Security (TLS)</h3>
</div>
<div class="rpbody">SSL and TLS are cryptographic protocols that provide communications security over a computer network. SSL is a broken protocol and should NOT be used in modern secure environments. The TLS protocol provides you privacy and data integrity between your browser and the server you are connecting. By using TLS, all data between your browser and the server travels over the Internet in an encrypted state, and nobody can access or modify it. However, a poorly configured SSL / TLS server that uses any broken protocol, broken key exchange or broken encryption can give access to that data. The TLS report we provide helps you tune-up your server to modern security requirements, and detect issues in your server configuration. We analyse the SSL/TLS protocols used by server, NPN, ALPN, perfect forward secrecy (PFS), used elliptic curves, TLS extensions, server certificates, certificate transparency, supported ciphers and their strength, browser simulations and many more. We also scan your server for some known SSL/TLS vulnerabilities, such as Heartbleed, CCS, Ticketbleed, ROBOT, CRIME, BREACH, POODLE, TLS_FALLBACK_SCSV, SWEET32, FREAK, DROWN, LOGJAM, BEAST, LUCKY13 etc.</div>
</div>
</article>
<article>
<div class="rpblock rpblocky">
<div class="rptitle rptitley">
<h3>HTTP Security Headers</h3>
</div>
<div class="rpbody">HTTP security headers provide another layer of security for your website. These headers can restrict modern browsers from some known vulnerabilities. HTTP security headers can help strengthen the security of your website and using them is highly recommended. We check your website for the existence of the following security headers: Content-Security-Policy, Expect-CT, Public-Key-Pins (deprecated in Chrome), Referrer-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection and the new Feature-Policy header.</div>
</div>
</article>
<article>
<div class="rpblock rpblocky">
<div class="rptitle rptitley">
<h3>HTML Warnings and Errors</h3>
</div>
<div class="rpbody">Clean HTML is the foundation of a high performance website. Dirty and poorly written HTML code increases the CPU usage and time required to read, interpret and render the web page, because browsers are forced to guess the meaning of the code. For mobile devices, the use of the battery also increases. Our HTML code cleaner corrects and cleans HTML documents by correcting markup errors and updating the legacy code to modern standards. However, we recommend that you manually examine and test the produced code before using it on your production website.</div>
</div>
</article>
</section>
</div>
<footer>
<div class="margin">
<div class="cr">© Copyright 2019 htmlyse.com</div>
<div class="po"><a href="https://www.htmlyse.com/" title="htmlyse.com - Home Page">Home</a> <a href="https://www.htmlyse.com/info/cookies" title="Cookies Settings and Policy">Cookies</a> <a href="https://www.htmlyse.com/info/privacy" title="Privacy Policy">Privacy</a> <a href="https://www.htmlyse.com/info/terms" title="Terms of Service">Terms</a></div>
<div class="so"><a href="https://www.facebook.com/htmlyse" title="Facebook" target="_blank"><img src="https://www.htmlyse.com/img/fb.png" alt="Facebook" /></a> <a href="https://plus.google.com/104891928207828439964" title="Google+" target="_blank"><img src="https://www.htmlyse.com/img/gp.png" alt="Google+" /></a> <a href="https://twitter.com/htmlyse" title="Twitter" target="_blank"><img src="https://www.htmlyse.com/img/tw.png" alt="Twitter" /></a> <a href="https://www.pinterest.com/htmlyse/" title="Pinterest" target="_blank"><img src="https://www.htmlyse.com/img/pi.png" alt="Pinterest" /></a> <a href="https://www.linkedin.com/company/htmlyse" title="Linkedin" target="_blank"><img src="https://www.htmlyse.com/img/in.png" alt="Linkedin" /></a></div>
</div>
</footer>
<script src="https://www.htmlyse.com/js/js3.js" integrity="sha256-oVXoXIRWep+9FHmkLIfoXAmbdLzseLaEKGXHm+90mD0="></script> <noscript>Your browser does not support JavaScript!</noscript>
</body>
</html>

Warnings Errors and Accessibility


Accessibility Checks:

line 27 column 40 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 27 column 40 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 31 column 20 - Access: [13.1.1.1]: link text not meaningful.
line 34 column 5 - Access: [13.1.1.1]: link text not meaningful.
line 43 column 1 - Access: [2.1.1.5]: ensure information not conveyed through color alone (input).
line 144 column 17 - Access: [13.1.1.1]: link text not meaningful.
line 144 column 270 - Access: [13.1.1.1]: link text not meaningful.
line 145 column 17 - Access: [10.1.1.2]: new windows require warning (_blank).
line 145 column 93 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 145 column 93 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 145 column 159 - Access: [10.1.1.2]: new windows require warning (_blank).
line 145 column 247 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 145 column 247 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 145 column 312 - Access: [10.1.1.2]: new windows require warning (_blank).
line 145 column 382 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 145 column 382 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 145 column 447 - Access: [10.1.1.2]: new windows require warning (_blank).
line 145 column 526 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 145 column 526 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 145 column 593 - Access: [10.1.1.2]: new windows require warning (_blank).
line 145 column 677 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 145 column 677 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 148 column 1 - Access: [6.2.2.2]: text equivalents require updating (script).
line 148 column 1 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 148 column 1 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 148 column 1 - Access: [7.1.1.1]: remove flicker (script).
line 148 column 1 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 148 column 1 - Access: [1.1.10.1]: <script> missing <noscript> section.
Info: Document content looks like HTML5
No warnings or errors were found.