www.htmlyse.com - Home

Test DNS, SSL/TLS, HTTP and HTML

Test results for htmlyse.com

Scanned on: Wed Feb 7 22:38:27 2024 GMT. Tested in 109 seconds

DNS Report

DNSSEC                 offered (OK)
Zone transfer (AXFR)   not allowed (OK)
CAA Record             offered (OK)
SPF Record             offered (OK)
DMARC Record           offered (OK)
MTA-STS                offered (OK)
TLSRPT Record          offered (OK)

Raw DNS Records

Name TTL Type Data
htmlyse.com 1800 SOA dara.ns.cloudflare.com dns @ cloudflare.com 2332467518 10000 2400 604800 1800
htmlyse.com 86400 NS dara.ns.cloudflare.com, IPv4: 172.64.32.91, IPv6: 2606:4700:50:0:0:0:adf5:3a5b
htmlyse.com 86400 NS tim.ns.cloudflare.com, IPv4: 173.245.59.145, IPv6: 2803:f800:50:0:0:0:6ca2:c191
htmlyse.com 300 A 87.106.157.195
htmlyse.com 300 CAA 0 issue comodoca.com
htmlyse.com 300 CAA 0 issue digicert.com; cansignhttpexchanges=yes
htmlyse.com 300 CAA 0 issue globalsign.com
htmlyse.com 300 CAA 0 issue letsencrypt.org
htmlyse.com 300 CAA 0 issue pki.goog; cansignhttpexchanges=yes
htmlyse.com 300 CAA 0 issuewild comodoca.com
htmlyse.com 300 CAA 0 issuewild digicert.com; cansignhttpexchanges=yes
htmlyse.com 300 CAA 0 issuewild letsencrypt.org
htmlyse.com 300 CAA 0 issuewild pki.goog; cansignhttpexchanges=yes
htmlyse.com 300 MX 10 mx00.kundenserver.de
htmlyse.com 300 MX 10 mx01.kundenserver.de
htmlyse.com 300 TXT v=spf1 include:_spf.perfora.net include:_spf.kundenserver.de a:www.htmlyse.com -all
_dmarc.htmlyse.com 300 TXT v=DMARC1;p=reject;rua= mailto : admin @ htmlyse.com;
_mta-sts.htmlyse.com 300 TXT v=STSv1; id=68746D6C79736568
_smtp._tls.htmlyse.com 300 TXT v=TLSRPTv1; rua= mailto : admin @ htmlyse.com
mta-sts.htmlyse.com 300 A 87.106.157.195
www.htmlyse.com 300 A 87.106.157.195

SSL/TLS Report

 A record via            supplied IP "87.106.157.195"
 rDNS (87.106.157.195):  www.htmlyse.com.
 Service detected:       HTTP


 SSL/TLS protocols 
 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   h2, http/1.1 (advertised)
 ALPN/HTTP2 h2, http/1.1 (offered)

 SSL/TLS server implementation bugs 

 No bugs found.

 Cipher categories 

 NULL ciphers (no encryption)                  not offered (OK) -- NULL:eNULL
 Anonymous NULL Ciphers (no authentication)    not offered (OK) -- aNULL:ADH
 Export ciphers (w/o ADH+NULL)                 not offered (OK) -- EXPORT:!ADH:!NULL
 LOW: 64 Bit + DES encryption (w/o export)     not offered (OK) -- LOW:DES:!ADH:!EXP:!NULL
 Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    not offered (OK) -- MEDIUM:!aNULL:!AES:!CAMELLIA:!ARIA:!CHACHA20:!3DES
 Triple DES Ciphers (Medium)                   not offered (OK) -- 3DES:!aNULL:!ADH
 High encryption (AES+Camellia, no AEAD)       not offered -- HIGH:!NULL:!aNULL:!DES:!3DES:!AESGCM:!CHACHA20:!AESGCM:!CamelliaGCM:!AESCCM8:!AESCCM
 Strong encryption (AEAD ciphers)              offered (OK) -- AESGCM:CHACHA20:AESGCM:CamelliaGCM:AESCCM8:AESCCM


 Robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 

 PFS is offered (OK)          TLS_AES_256_GCM_SHA384 
                              TLS_CHACHA20_POLY1305_SHA256 
                              ECDHE-ECDSA-CHACHA20-POLY1305 
                              TLS_AES_128_GCM_SHA256 
                              ECDHE-RSA-AES128-GCM-SHA256 
                              ECDHE-ECDSA-AES128-GCM-SHA256 
 Elliptic curves offered:     prime256v1 secp384r1 secp521r1 X25519 X448 


 Server preferences 

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.3
 Negotiated cipher            TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Cipher order
    TLSv1.2:   ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 
               ECDHE-ECDSA-CHACHA20-POLY1305 
    TLSv1.3:   TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 
               TLS_AES_128_GCM_SHA256 


 Server defaults (Server Hello) 

 TLS extensions (standard)    "renegotiation info/#65281" "server name/#0"
                              "EC point formats/#11" "session ticket/#35"
                              "status request/#5" "next protocol/#13172"
                              "supported versions/#43" "key share/#51"
                              "supported_groups/#10" "max fragment length/#1"
                              "application layer protocol negotiation/#16"
                              "extended master secret/#23"
 Session Ticket RFC 5077 hint 43200 seconds, session tickets keys seems to be rotated < daily
 SSL Session ID support       yes
 Session Resumption           Tickets: yes, ID: yes
 TLS clock skew               Random values, no fingerprinting possible 

  Server Certificate #1
   Signature Algorithm          SHA256 with RSA
   Server key size              RSA 2048 bits
   Server key usage             Digital Signature, Key Encipherment
   Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
   Serial / Fingerprints        04686775ED6236CD4D8C4CB2B253FC4BF70C / SHA1 81CAFE768950737FE568B157CEBEE0B1D7D47D3B
                                SHA256 63B2467600C6317020119E5B24BF1072FF49933153A2C98581137D51F1AE76AF
   Common Name (CN)             www.htmlyse.com
   subjectAltName (SAN)         htmlyse.com mta-sts.htmlyse.com www.htmlyse.com
   Issuer                       R3 (Let's Encrypt from US)
   Trust (hostname)             Ok via SAN (same w/o SNI)
   Chain of trust               NOT ok (expired)
   EV cert (experimental)       no 
   Certificate Validity (UTC)   89 >= 60 days (2024-02-07 20:47 --> 2024-05-07 20:47)
   # of certificates provided   3
   Certificate Revocation List  --
   OCSP URI                     http://r3.o.lencr.org
   OCSP stapling                offered
   OCSP must staple extension   supported
   DNS CAA RR (experimental)    available - please check for match with "Issuer" above
                                issue=comodoca.com, issue=digicert.com;,
                                issue=globalsign.com, issue=letsencrypt.org,
                                issue=pki.goog;, issuewild=comodoca.com,
                                issuewild=digicert.com;,
                                issuewild=letsencrypt.org, issuewild=pki.goog;
   Certificate Transparency     yes (certificate extension)

  Server Certificate #2
   Signature Algorithm          SHA256 with RSA
   Server key size              EC 256 bits
   Server key usage             Digital Signature
   Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
   Serial / Fingerprints        03719E36C4A2F0D16988AE037AD30E27BB76 / SHA1 4F7E6DEE734004E96A5C400669475CA6268CBCBB
                                SHA256 F5A1472F637A33B9FC6E2F894338A2A3F2B6798B12255DC3BCCF99BDCF498CCE
   Common Name (CN)             www.htmlyse.com
   subjectAltName (SAN)         htmlyse.com mta-sts.htmlyse.com www.htmlyse.com
   Issuer                       R3 (Let's Encrypt from US)
   Trust (hostname)             Ok via SAN (same w/o SNI)
   Chain of trust               NOT ok (expired)
   EV cert (experimental)       no 
   Certificate Validity (UTC)   89 >= 60 days (2024-02-07 20:48 --> 2024-05-07 20:48)
   # of certificates provided   3
   Certificate Revocation List  --
   OCSP URI                     http://r3.o.lencr.org
   OCSP stapling                offered
   OCSP must staple extension   supported
   DNS CAA RR (experimental)    available - please check for match with "Issuer" above
                                issue=comodoca.com, issue=digicert.com;,
                                issue=globalsign.com, issue=letsencrypt.org,
                                issue=pki.goog;, issuewild=comodoca.com,
                                issuewild=digicert.com;,
                                issuewild=letsencrypt.org, issuewild=pki.goog;
   Certificate Transparency     yes (certificate extension)


 HTTP header response @ "/" 

 HTTP Status Code             301 Moved Permanently, redirecting to "https://www.htmlyse.com/"
 HTTP clock skew              0 sec from localtime
 Strict Transport Security    730 days=63072000 s, includeSubDomains, preload
 Public Key Pinning           3 keys, 1 s = 0 days (< 2592000 s = 30 days is not good enough), includeSubDomains
                   Host cert: ihayW/L1yS/QcF1C42q+kvOzRAF4eyACmOruFKs8rsA
                   Backups:   B6YXA7gyeIPUPUiudhXOWmzCl6k4Rq4slTkRSgBZO/4
                              U/pCLCPTSyCwvUeXePqytY685slnSbQwXIg2+tdwOQw
 Server banner                (no "Server" line in header, interesting!)
 Application banner           --
 Cookie(s)                    (none issued at "/") -- maybe better try target URL of 30x
 Security headers             X-Frame-Options SAMEORIGIN
                              X-XSS-Protection 1; mode=block
                              X-Content-Type-Options nosniff
                              Content-Security-Policy default-src 'none'; upgrade-insecure-requests;
                              img-src 'self' https://www.google-analytics.com/
                              https://stats.g.doubleclick.net/
                              https://www.google.com/; form-action 'self'
                              https://www.htmlyse.com/htmlyse; frame-ancestors
                              'self'; base-uri 'self'; style-src 'self';
                              font-src 'self'; connect-src 'self'; object-src
                              'none'; script-src 'self'
                              https://www.google-analytics.com/;
                              Expect-CT max-age=63072000,
                              report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                              Referrer-Policy no-referrer-when-downgrade, strict-origin-when-cross-origin
                              X-UA-Compatible IE=edge
 Reverse Proxy banner         --


 SSL/TLS vulnerabilities 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)
 ROBOT                                     Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible, no protocol below TLS 1.2 offered (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=63B2467600C6317020119E5B24BF1072FF49933153A2C98581137D51F1AE76AF
                                           could help you to find out
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
 BEAST (CVE-2011-3389)                     no SSL3 or TLS1 (OK)
 LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


 Tested 364 ciphers, ordered by encryption strength 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                             
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256                             
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 256   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            


 Ciphers per protocol, ordered by encryption strength 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
TLS 1.3  
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                             
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256                             
TLS 1.2  
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 256   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            
TLS 1.1  
TLS 1  
SSLv3  
SSLv2  

 Client simulations 

 Android 2.3.7                No connection
 Android 4.0.4                No connection
 Android 4.1.1                No connection
 Android 4.2.2                No connection
 Android 4.3                  No connection
 Android 4.4.2                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 5.0.0                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 6.0                  TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 7.0                  TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
 Chrome 27 Win 7              No connection
 Chrome 28 Win 7              No connection
 Chrome 29 Win 7              No connection
 Chrome 30 Win 7              No connection
 Chrome 31 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 32 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 33 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 34 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 35 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 36 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 37 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 39 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 40 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 42 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 43 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 45 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 47 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 48 OS X               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 49 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 49 XP SP3             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 50 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Chrome 51 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Chrome 57 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Chrome 65 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Chrome 69 Win 7              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Chrome 70 Win 10             TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Firefox 10.0.12 ESR Win 7    No connection
 Firefox 17.0.7 ESR Win 7     No connection
 Firefox 21 Fedora 19         No connection
 Firefox 21 Win 7             No connection
 Firefox 22 Win 7             No connection
 Firefox 24.2.0 ESR Win 7     No connection
 Firefox 24 Win 7             No connection
 Firefox 26 Win 8             No connection
 Firefox 27 Win 8             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 29 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 30 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 31.3.0 ESR Win 7     TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 31 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 32 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 34 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 35 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 37 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 39 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 41 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 42 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 44 OS X              TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 45 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 46 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 47 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 49 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 49 XP SP3            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 53 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Firefox 59 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Firefox 62 Win 7             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 IE 6 XP                      No connection
 IE 7 Vista                   No connection
 IE 8-10 Win 7                No connection
 IE 8 Win 7                   No connection
 IE 8 XP                      No connection
 IE 9 Win 7                   No connection
 IE 10 Win Phone 8.0          No connection
 IE 11 Win 7                  TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win 8.1                TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1          TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win Phone 8.1 Update   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win 10                 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 IE 11 Win 10 Preview         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 12 Win 10               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 13 Win 10               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 13 Win Phone 10         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Edge 15 Win 10               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Opera 12.15 Win 7            No connection
 Opera 15 Win 7               No connection
 Opera 16 Win 7               No connection
 Opera 17 Win 7               No connection
 Safari 5.1.9 OS X 10.6.8     No connection
 Safari 5 iOS 5.1.1           No connection
 Safari 6.0.4 OS X 10.8.4     No connection
 Safari 6 iOS 6.0.1           No connection
 Safari 7 iOS 7.1             No connection
 Safari 7 OS X 10.9           No connection
 Safari 8 iOS 8.0 Beta        No connection
 Safari 8 iOS 8.4             No connection
 Safari 8 OS X 10.10          No connection
 Safari 9 iOS 9               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 9 OS X 10.11          TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 10 iOS 10             TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Safari 10 OS X 10.12         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Tor 17.0.9 Win 7             No connection
 Apple ATS 9 iOS 9            TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Baidu Jan 2015               No connection
 BingBot Dec 2013             No connection
 BingPreview Dec 2013         No connection
 BingPreview Jun 2014         No connection
 BingPreview Jan 2015         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Googlebot Oct 2013           No connection
 Googlebot Jun 2014           No connection
 Googlebot Feb 2015           TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Googlebot Feb 2018           TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Yahoo Slurp Oct 2013         No connection
 Yahoo Slurp Jun 2014         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Yahoo Slurp Jan 2015         TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 YandexBot 3.0                No connection
 YandexBot May 2014           No connection
 YandexBot Sep 2014           TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 YandexBot Jan 2015           TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 6u45                    No connection
 Java 7u25                    No connection
 Java 8b132                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u111                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u161                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u31                    TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 9.0.4                   TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 OpenSSL 0.9.8y               No connection
 OpenSSL 1.0.1h               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 OpenSSL 1.0.1l               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 OpenSSL 1.0.2e               TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)

Security HTTP Headers

HTTP Strict Transport Security (HSTS)   offered (OK)
Content Security Policy (CSP)           offered (OK)
X-Frame-Options                         offered (OK)
X-XSS-Protection                        offered (OK)
X-Content-Type-Options                  offered (OK)
Expect-CT                               offered (OK)
Referrer Policy                         offered (OK)
Feature Policy                          offered (OK)
Web Server Version Disclosure           not offered (OK)
Web Application Disclosure              not offered (OK)
HTTP Public Key Pins (HPKP)             offered, deprecated

Connection Performance
Keep Alive Connection                   offered (OK)
Content Encoding (Compression)          offered (Brotli) OK, for static pages or if no secrets in the page

Raw HTTP Headers

HTTP/1.1 200 OK
Connection keep-alive
Content-Encoding br
Content-Length 2475
Content-Security-Policy default-src 'none'; upgrade-insecure-requests; img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.google.com/; form-action 'self' https://www.htmlyse.com/htmlyse; frame-ancestors 'self'; base-uri 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com/;
Content-Type text/html; charset=UTF-8
Date Wed, 07 Feb 2024 22:36:38 GMT
Expect-CT max-age=63072000, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Feature-Policy midi 'none'; accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Public-Key-Pins pin-sha256="ihayW/L1yS/QcF1C42q+kvOzRAF4eyACmOruFKs8rsA="; pin-sha256="B6YXA7gyeIPUPUiudhXOWmzCl6k4Rq4slTkRSgBZO/4="; pin-sha256="U/pCLCPTSyCwvUeXePqytY685slnSbQwXIg2+tdwOQw="; max-age=1; includeSubDomains
Referrer-Policy no-referrer-when-downgrade, strict-origin-when-cross-origin
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
Vary Accept-Encoding
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-UA-Compatible IE=edge
X-XSS-Protection 1; mode=block

Cleaned HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Test DNS, SSL/TLS, HTTP and HTML at htmlyse.com</title>
<base href="https://www.htmlyse.com/" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1" />
<meta name="description" content="Website tune-up made easy with htmlyse, a tool for checking your website's DNS, SSL/TLS security, HTTP headers and cleaning up HTML source." />
<link rel="stylesheet" href="https://www.htmlyse.com/css/style7.css" integrity="sha256-Gd+NGHMNlH1Ubqj6giuVn6Qt9f9i3JPA+Ja0yrNfQUE=" />
<link rel="icon" type="image/png" href="https://www.htmlyse.com/apple-touch-icon.png" />
<link rel="apple-touch-icon" sizes="180x180" href="https://www.htmlyse.com/apple-touch-icon.png" />
<meta name="twitter:site" content="@htmlyse" />
<meta name="twitter:creator" content="@htmlyse" />
<meta name="twitter:card" content="summary_large_image" />
<meta property="og:site_name" content="htmlyse.com - website tune-up" />
<meta property="og:title" content="Test DNS, SSL/TLS, HTTP and HTML at htmlyse.com" />
<meta property="og:description" content="Website tune-up made easy with htmlyse, a tool for checking your website's DNS, SSL/TLS security, HTTP headers and cleaning up HTML source." />
<meta property="og:url" content="https://www.htmlyse.com/" />
<meta property="og:image" content="https://www.htmlyse.com/img/htmlyse.png" />
<meta property="og:type" content="article" />
</head>
<body>
<div id="hctp"></div>
<div class="headnav">
<header>
<h1><a href="https://www.htmlyse.com/"><img title="Website Tune-Up Made Easy" src="https://www.htmlyse.com/img/logo.png" alt="www.htmlyse.com - Home" width="588" height="140" /></a></h1>
</header>
<nav>
<ul>
<li class="lfirst"><a href="https://www.htmlyse.com/" title="htmlyse.com - Home Page">Home</a></li>
<li><a href="https://www.htmlyse.com/info/cookies" title="Cookies Settings and Policy">Cookies</a></li>
<li><a href="https://www.htmlyse.com/info/privacy" title="Privacy Policy">Privacy</a></li>
<li><a href="https://www.htmlyse.com/info/terms" title="Terms of Service">Terms</a></li>
<li class="llast"><a href="#">Contact</a></li>
</ul>
</nav>
</div>
<section class="qform">
<h2>Test DNS, SSL/TLS, HTTP and HTML</h2>
<article>
<form action="https://www.htmlyse.com/htmlyse" method="post"><input type="text" title="Enter a valid domain" placeholder="enter address here e.g. www.htmlyse.com" name="d" value="" /> <button type="submit">Test Domain</button></form>
</article>
</section>
<div class="margin">
<section class="demos">
<h2 class="tcenter">Test results demos</h2>
<br />
<article>
<div><a href="https://www.htmlyse.com/htmlyse/dnslookup.org">dnslookup.org</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/secure64.com">secure64.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/ns1.com">ns1.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/ssllabs.com">ssllabs.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/htbridge.com">htbridge.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/howsmyssl.com">howsmyssl.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/tls13.mitm.watch">tls13.mitm.watch</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/htmlyse.com">htmlyse.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/mail-tester.com">mail-tester.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/report-uri.com">report-uri.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/gtmetrix.com">gtmetrix.com</a></div>
</article>
<article>
<div><a href="https://www.htmlyse.com/htmlyse/dyn.com">dyn.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/netgate.com">netgate.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/comodo.com">comodo.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/w3.org">w3.org</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/w3schools.com">w3schools.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/badssl.com">badssl.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/dnsmadeeasy.com">dnsmadeeasy.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/hackertarget.com">hackertarget.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/loadimpact.com">loadimpact.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/internet.nl">internet.nl</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/tools.geekflare.com">tools.geekflare.com</a></div>
</article>
<article>
<div><a href="https://www.htmlyse.com/htmlyse/dnsstuff.com">dnsstuff.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/ultratools.com">ultratools.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/uptrends.com">uptrends.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/checktls.com">checktls.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/whatsmydns.net">whatsmydns.net</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/tools.keycdn.com">tools.keycdn.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/sslchecker.com">sslchecker.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/wolfssl.com">wolfssl.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/mxtoolbox.com">mxtoolbox.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/viewdns.info">viewdns.info</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/dotcom-tools.com">dotcom-tools.com</a></div>
</article>
<article>
<div><a href="https://www.htmlyse.com/htmlyse/opendns.com">opendns.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/openssl.com">openssl.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/dnsperf.com">dnsperf.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/quad9.net">quad9.net</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/letsencrypt.org">letsencrypt.org</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/pentest-tools.com">pentest-tools.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/robotattack.org">robotattack.org</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/github.com">github.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/varvy.com">varvy.com</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/dnsspy.io">dnsspy.io</a></div>
<div><a href="https://www.htmlyse.com/htmlyse/zonemaster.iis.se">zonemaster.iis.se</a></div>
</article>
</section>
<section>
<h2 class="tcenter">What we are testing?</h2>
<article>
<div class="rpblock rpblocky">
<div class="rptitle rptitley">
<h3>Domain Name System (DNS)</h3>
</div>
<div class="rpbody">Your visit to a website on the Internet begins with a DNS request. Your browser sends a query to the Domain Name Server requesting the IP address of the website you are visiting. If the resolution of the IP address fails for some reason, you cannot connect to that website. Our DNS scanner helps you identify problems and achieve a good DNS server configuration. You can analyse the following DNS lookups: SOA, NS, A, AAAA, CAA, MX, TXT and CNAME.</div>
</div>
</article>
<article>
<div class="rpblock rpblocky">
<div class="rptitle rptitley">
<h3>Secure Sockets Layer (SSL) and Transport Layer Security (TLS)</h3>
</div>
<div class="rpbody">SSL and TLS are cryptographic protocols that provide communications security over a computer network. SSL is a broken protocol and should NOT be used in modern secure environments. The TLS protocol provides you privacy and data integrity between your browser and the server you are connecting. By using TLS, all data between your browser and the server travels over the Internet in an encrypted state, and nobody can access or modify it. However, a poorly configured SSL / TLS server that uses any broken protocol, broken key exchange or broken encryption can give access to that data. The TLS report we provide helps you tune-up your server to modern security requirements, and detect issues in your server configuration. We analyse the SSL/TLS protocols used by server, NPN, ALPN, perfect forward secrecy (PFS), used elliptic curves, TLS extensions, server certificates, certificate transparency, supported ciphers and their strength, browser simulations and many more. We also scan your server for some known SSL/TLS vulnerabilities, such as Heartbleed, CCS, Ticketbleed, ROBOT, CRIME, BREACH, POODLE, TLS_FALLBACK_SCSV, SWEET32, FREAK, DROWN, LOGJAM, BEAST, LUCKY13 etc.</div>
</div>
</article>
<article>
<div class="rpblock rpblocky">
<div class="rptitle rptitley">
<h3>HTTP Security Headers</h3>
</div>
<div class="rpbody">HTTP security headers provide another layer of security for your website. These headers can restrict modern browsers from some known vulnerabilities. HTTP security headers can help strengthen the security of your website and using them is highly recommended. We check your website for the existence of the following security headers: Content-Security-Policy, Expect-CT, Public-Key-Pins (deprecated in Chrome), Referrer-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection and the new Feature-Policy header.</div>
</div>
</article>
<article>
<div class="rpblock rpblocky">
<div class="rptitle rptitley">
<h3>HTML Warnings and Errors</h3>
</div>
<div class="rpbody">Clean HTML is the foundation of a high performance website. Dirty and poorly written HTML code increases the CPU usage and time required to read, interpret and render the web page, because browsers are forced to guess the meaning of the code. For mobile devices, the use of the battery also increases. Our HTML code cleaner corrects and cleans HTML documents by correcting markup errors and updating the legacy code to modern standards. However, we recommend that you manually examine and test the produced code before using it on your production website.</div>
</div>
</article>
</section>
</div>
<footer>
<div class="margin">
<div class="cr">© Copyright 2019 htmlyse.com</div>
<div class="po"><a href="https://www.htmlyse.com/" title="htmlyse.com - Home Page">Home</a> <a href="https://www.htmlyse.com/info/cookies" title="Cookies Settings and Policy">Cookies</a> <a href="https://www.htmlyse.com/info/privacy" title="Privacy Policy">Privacy</a> <a href="https://www.htmlyse.com/info/terms" title="Terms of Service">Terms</a></div>
<div class="so"><a href="https://www.facebook.com/htmlyse" title="Facebook" target="_blank"><img src="https://www.htmlyse.com/img/fb.png" alt="Facebook" /></a> <a href="https://plus.google.com/104891928207828439964" title="Google+" target="_blank"><img src="https://www.htmlyse.com/img/gp.png" alt="Google+" /></a> <a href="https://twitter.com/htmlyse" title="Twitter" target="_blank"><img src="https://www.htmlyse.com/img/tw.png" alt="Twitter" /></a> <a href="https://www.pinterest.com/htmlyse/" title="Pinterest" target="_blank"><img src="https://www.htmlyse.com/img/pi.png" alt="Pinterest" /></a> <a href="https://www.linkedin.com/company/htmlyse" title="Linkedin" target="_blank"><img src="https://www.htmlyse.com/img/in.png" alt="Linkedin" /></a></div>
</div>
</footer>
<script src="https://www.htmlyse.com/js/js3.js" integrity="sha256-oVXoXIRWep+9FHmkLIfoXAmbdLzseLaEKGXHm+90mD0="></script> <noscript>Your browser does not support JavaScript!</noscript>
</body>
</html>

Warnings Errors and Accessibility


Accessibility Checks:

line 27 column 40 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 27 column 40 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 31 column 20 - Access: [13.1.1.1]: link text not meaningful.
line 34 column 5 - Access: [13.1.1.1]: link text not meaningful.
line 43 column 1 - Access: [2.1.1.5]: ensure information not conveyed through color alone (input).
line 144 column 17 - Access: [13.1.1.1]: link text not meaningful.
line 144 column 270 - Access: [13.1.1.1]: link text not meaningful.
line 145 column 17 - Access: [10.1.1.2]: new windows require warning (_blank).
line 145 column 93 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 145 column 93 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 145 column 159 - Access: [10.1.1.2]: new windows require warning (_blank).
line 145 column 247 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 145 column 247 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 145 column 312 - Access: [10.1.1.2]: new windows require warning (_blank).
line 145 column 382 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 145 column 382 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 145 column 447 - Access: [10.1.1.2]: new windows require warning (_blank).
line 145 column 526 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 145 column 526 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 145 column 593 - Access: [10.1.1.2]: new windows require warning (_blank).
line 145 column 677 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 145 column 677 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 148 column 1 - Access: [6.2.2.2]: text equivalents require updating (script).
line 148 column 1 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 148 column 1 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 148 column 1 - Access: [7.1.1.1]: remove flicker (script).
line 148 column 1 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 148 column 1 - Access: [1.1.10.1]: <script> missing <noscript> section.
Info: Document content looks like HTML5
No warnings or errors were found.