www.htmlyse.com - Home

Test DNS, SSL/TLS, HTTP and HTML

Test results for internet.nl

Scanned on: Wed May 6 20:28:26 2020 GMT. Tested in 409 seconds

DNS Report

DNSSEC                 offered (OK)
Zone transfer (AXFR)   not allowed (OK)
CAA Record             not offered
SPF Record             offered (OK)
DMARC Record           offered (OK)
MTA-STS                not offered
TLSRPT Record          not offered

Raw DNS Records

Name TTL Type Data
internet.nl 3600 SOA ns.nlnetlabs.nl sysadmin @ nlnetlabs.nl 1588790557 14400 3600 604800 3600
internet.nl 60 NS ns.nlnetlabs.nl, IPv4: 185.49.140.60, IPv6: 2a04:b900:0:0:8:0:0:60
internet.nl 60 NS ns2.surfnet.nl, IPv4: 192.87.36.2, IPv6: 2001:610:3:200a:192:87:36:2
internet.nl 60 NS ns3.surfnet.nl, IPv4: 195.169.124.71, IPv6: 2001:610:0:800c:195:169:124:71
internet.nl 60 A 62.204.66.10
internet.nl 60 AAAA 2a00:d00:ff:162:62:204:66:10
internet.nl 60 MX 10 internet.nl
internet.nl 60 TXT v=spf1 mx include:_spf.prolocation.net -all
_dmarc.internet.nl 60 TXT v=DMARC1; p=reject;
_mta-sts.internet.nl 60 TXT v=spf1 -all
_mta-sts.internet.nl 60 TXT v=DKIM1; p=
_smtp._tls.internet.nl 60 TXT v=DKIM1; p=
_smtp._tls.internet.nl 60 TXT v=spf1 -all
www.internet.nl 60 A 62.204.66.10
www.internet.nl 60 AAAA 2a00:d00:ff:162:62:204:66:10
www.internet.nl 60 CNAME proloprod.internet.nl

SSL/TLS Report

 Further IP addresses:   2a00:d00:ff:162:62:204:66:10 
 A record via            supplied IP "62.204.66.10"
 rDNS (62.204.66.10):    internet.nl.
 Service detected:       HTTP


 SSL/TLS protocols 
 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 http/1.1 (offered)

 SSL/TLS server implementation bugs 

 No bugs found.

 Cipher categories 

 NULL ciphers (no encryption)                  not offered (OK) -- NULL:eNULL
 Anonymous NULL Ciphers (no authentication)    not offered (OK) -- aNULL:ADH
 Export ciphers (w/o ADH+NULL)                 not offered (OK) -- EXPORT:!ADH:!NULL
 LOW: 64 Bit + DES encryption (w/o export)     not offered (OK) -- LOW:DES:!ADH:!EXP:!NULL
 Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    not offered (OK) -- MEDIUM:!aNULL:!AES:!CAMELLIA:!ARIA:!CHACHA20:!3DES
 Triple DES Ciphers (Medium)                   not offered (OK) -- 3DES:!aNULL:!ADH
 High encryption (AES+Camellia, no AEAD)       not offered -- HIGH:!NULL:!aNULL:!DES:!3DES:!AESGCM:!CHACHA20:!AESGCM:!CamelliaGCM:!AESCCM8:!AESCCM
 Strong encryption (AEAD ciphers)              offered (OK) -- AESGCM:CHACHA20:AESGCM:CamelliaGCM:AESCCM8:AESCCM


 Robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 

 PFS is offered (OK)          TLS_AES_256_GCM_SHA384 
                              TLS_CHACHA20_POLY1305_SHA256 
                              ECDHE-RSA-AES256-GCM-SHA384 
                              DHE-RSA-AES256-GCM-SHA384 
                              ECDHE-RSA-CHACHA20-POLY1305 
                              TLS_AES_128_GCM_SHA256 
                              ECDHE-RSA-AES128-GCM-SHA256 
                              DHE-RSA-AES128-GCM-SHA256 
 Elliptic curves offered:     prime256v1 secp384r1 secp521r1 X25519 X448 


 Server preferences 

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.3
 Negotiated cipher            TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Cipher order
    TLSv1.2:   ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 
               ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-GCM-SHA384 
               DHE-RSA-AES128-GCM-SHA256 
    TLSv1.3:   TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 
               TLS_AES_128_GCM_SHA256 


 Server defaults (Server Hello) 

 TLS extensions (standard)    "renegotiation info/#65281" "server name/#0"
                              "EC point formats/#11" "session ticket/#35"
                              "status request/#5" "supported versions/#43"
                              "key share/#51" "supported_groups/#10"
                              "max fragment length/#1"
                              "application layer protocol negotiation/#16"
                              "extended master secret/#23"
 Session Ticket RFC 5077 hint 300 seconds, session tickets keys seems to be rotated < daily
 SSL Session ID support       yes
 Session Resumption           Tickets: yes, ID: yes
 TLS clock skew               Random values, no fingerprinting possible 
 Signature Algorithm          SHA256 with RSA
 Server key size              RSA 2048 bits
 Server key usage             Digital Signature, Key Encipherment
 Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication
 Serial / Fingerprints        7AF25682F451965A4E9854AC5079DCD6 / SHA1 3044AAAD1F0A81A97B26C035EAE46994807036B9
                              SHA256 C9DDD6BB3826192FC70E0B1CFD665DD559849410F31ACDFA11ADCF966ABD3E1E
 Common Name (CN)             internet.nl
 subjectAltName (SAN)         internet.nl e-mailveilig.internet.nl
                              emailveilig.internet.nl en.internet.nl
                              ipv6.internet.nl nl.internet.nl
                              platforminternet.nl
                              platforminternetstandaarden.nl
                              toolbox.internet.nl www.internet.nl
                              www.platforminternet.nl
                              www.platforminternetstandaarden.nl 
 Issuer                       Sectigo RSA Domain Validation Secure Server CA (Sectigo Limited from GB)
 Trust (hostname)             Ok via SAN and CN (same w/o SNI)
 Chain of trust               Ok   
 EV cert (experimental)       no 
 Certificate Validity (UTC)   165 >= 60 days (2020-04-08 00:00 --> 2020-10-18 23:59)
 # of certificates provided   2
 Certificate Revocation List  --
 OCSP URI                     http://ocsp.sectigo.com
 OCSP stapling                offered
 OCSP must staple extension   --
 DNS CAA RR (experimental)    not offered
 Certificate Transparency     yes (certificate extension)


 HTTP header response @ "/" 

 HTTP Status Code             200 OK
 HTTP clock skew              +20 sec from localtime
 Strict Transport Security    180 days=15552000 s, just this domain
 Public Key Pinning           --
 Server banner                gunicorn/20.0.4
 Application banner           --
 Cookie(s)                    (none issued at "/")
 Security headers             X-Frame-Options SAMEORIGIN
                              X-XSS-Protection 1; mode=block
                              X-Content-Type-Options nosniff
                              Content-Security-Policy default-src 'self' *.internet.nl; frame-ancestors
                              'none'
                              Referrer-Policy strict-origin-when-cross-origin
 Reverse Proxy banner         --


 SSL/TLS vulnerabilities 

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK)
 ROBOT                                     Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible, no protocol below TLS 1.2 offered (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=C9DDD6BB3826192FC70E0B1CFD665DD559849410F31ACDFA11ADCF966ABD3E1E
                                           could help you to find out
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no common primes detected
 BEAST (CVE-2011-3389)                     no SSL3 or TLS1 (OK)
 LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)


 Tested 364 ciphers, ordered by encryption strength 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                             
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              
 x9f     DHE-RSA-AES256-GCM-SHA384         DH 3072    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256        
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256                             
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
 x9e     DHE-RSA-AES128-GCM-SHA256         DH 3072    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                


 Ciphers per protocol, ordered by encryption strength 

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
-----------------------------------------------------------------------------------------------------------------------------
TLS 1.3  
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                             
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256                             
TLS 1.2  
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384              
 x9f     DHE-RSA-AES256-GCM-SHA384         DH 3072    AESGCM      256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384                
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256        
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              
 x9e     DHE-RSA-AES128-GCM-SHA256         DH 3072    AESGCM      128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256                
TLS 1.1  
TLS 1  
SSLv3  
SSLv2  

 Client simulations 

 Android 2.3.7                No connection
 Android 4.0.4                No connection
 Android 4.1.1                No connection
 Android 4.2.2                No connection
 Android 4.3                  No connection
 Android 4.4.2                TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Android 5.0.0                TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 6.0                  TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Android 7.0                  TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
 Chrome 27 Win 7              No connection
 Chrome 28 Win 7              No connection
 Chrome 29 Win 7              No connection
 Chrome 30 Win 7              No connection
 Chrome 31 Win 7              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 32 Win 7              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 33 Win 7              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 34 OS X               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 35 Win 7              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 36 Win 7              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 37 OS X               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 39 OS X               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 40 OS X               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 42 OS X               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 43 OS X               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 45 OS X               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 47 OS X               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 48 OS X               TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 49 Win 7              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 49 XP SP3             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Chrome 50 Win 7              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
 Chrome 51 Win 7              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
 Chrome 57 Win 7              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
 Chrome 65 Win 7              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
 Chrome 69 Win 7              TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
 Chrome 70 Win 10             TLSv1.3 TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Firefox 10.0.12 ESR Win 7    No connection
 Firefox 17.0.7 ESR Win 7     No connection
 Firefox 21 Fedora 19         No connection
 Firefox 21 Win 7             No connection
 Firefox 22 Win 7             No connection
 Firefox 24.2.0 ESR Win 7     No connection
 Firefox 24 Win 7             No connection
 Firefox 26 Win 8             No connection
 Firefox 27 Win 8             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 29 OS X              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 30 OS X              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 31.3.0 ESR Win 7     TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 31 OS X              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 32 OS X              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 34 OS X              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 35 OS X              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 37 OS X              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 39 OS X              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 41 OS X              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 42 OS X              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 44 OS X              TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 45 Win 7             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 46 Win 7             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 47 Win 7             TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Firefox 49 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Firefox 49 XP SP3            TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Firefox 53 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
 Firefox 59 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
 Firefox 62 Win 7             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
 IE 6 XP                      No connection
 IE 7 Vista                   No connection
 IE 8-10 Win 7                No connection
 IE 8 Win 7                   No connection
 IE 8 XP                      No connection
 IE 9 Win 7                   No connection
 IE 10 Win Phone 8.0          No connection
 IE 11 Win 7                  TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 3072 bit DH (ffdhe3072)
 IE 11 Win 8.1                TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 3072 bit DH (ffdhe3072)
 IE 11 Win Phone 8.1          No connection
 IE 11 Win Phone 8.1 Update   TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 3072 bit DH (ffdhe3072)
 IE 11 Win 10                 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 IE 11 Win 10 Preview         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 12 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 13 Win Phone 10         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Edge 15 Win 10               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
 Opera 12.15 Win 7            No connection
 Opera 15 Win 7               No connection
 Opera 16 Win 7               No connection
 Opera 17 Win 7               No connection
 Safari 5.1.9 OS X 10.6.8     No connection
 Safari 5 iOS 5.1.1           No connection
 Safari 6.0.4 OS X 10.8.4     No connection
 Safari 6 iOS 6.0.1           No connection
 Safari 7 iOS 7.1             No connection
 Safari 7 OS X 10.9           No connection
 Safari 8 iOS 8.0 Beta        No connection
 Safari 8 iOS 8.4             No connection
 Safari 8 OS X 10.10          No connection
 Safari 9 iOS 9               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 9 OS X 10.11          TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 10 iOS 10             TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Safari 10 OS X 10.12         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Tor 17.0.9 Win 7             No connection
 Apple ATS 9 iOS 9            TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Baidu Jan 2015               No connection
 BingBot Dec 2013             No connection
 BingPreview Dec 2013         No connection
 BingPreview Jun 2014         No connection
 BingPreview Jan 2015         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Googlebot Oct 2013           No connection
 Googlebot Jun 2014           No connection
 Googlebot Feb 2015           TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Googlebot Feb 2018           TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
 Yahoo Slurp Oct 2013         No connection
 Yahoo Slurp Jun 2014         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Yahoo Slurp Jan 2015         TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 YandexBot 3.0                No connection
 YandexBot May 2014           No connection
 YandexBot Sep 2014           TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 YandexBot Jan 2015           TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 6u45                    No connection
 Java 7u25                    No connection
 Java 8b132                   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u111                   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 8u161                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 Java 8u31                    TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
 Java 9.0.4                   TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 0.9.8y               No connection
 OpenSSL 1.0.1h               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.0.1l               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
 OpenSSL 1.0.2e               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)

Security HTTP Headers

HTTP Strict Transport Security (HSTS)   offered (OK)
Content Security Policy (CSP)           offered (OK)
X-Frame-Options                         offered (OK)
X-XSS-Protection                        offered (OK)
X-Content-Type-Options                  offered (OK)
Expect-CT                               not offered
Referrer Policy                         offered (OK)
Feature Policy                          not offered
Web Server Version Disclosure           offered (NOT ok)
Web Application Disclosure              not offered (OK)
HTTP Public Key Pins (HPKP)             not offered, deprecated

Connection Performance
Keep Alive Connection                   offered (OK)
Content Encoding (Compression)          not offered

Raw HTTP Headers

HTTP/1.1 200 OK
Cache-Control no-cache, no-store, must-revalidate
Connection Keep-Alive
Content-Length 11520
Content-Security-Policy default-src 'self' *.internet.nl; frame-ancestors 'none'
Content-Type text/html; charset=utf-8
Date Wed, 06 May 2020 20:26:58 GMT
Keep-Alive timeout=5, max=100
Pragma no-cache
Referrer-Policy strict-origin-when-cross-origin
Server gunicorn/20.0.4
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1; mode=block

Cleaned HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE.</title>
<meta name="viewport" content="width=device-width,initial-scale=1.0" />
<meta name="description" content="Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, TLS, HSTS, DMARC, DKIM, SPF, STARTTLS and DANE." />
<meta name="keywords" content="IPv6, DNSSEC, HTTPS, HSTS, TLS, DMARC, DKIM, SPF, STARTTLS, DANE, test, test tool, check, validation, Internet, Internet Standards, open standards, modern standards, security, internet security, mail, email security, website, website security, internet connection, secure connection, email authentication, encryption, ciphers, cipher suites, PKI, SSL certificate, TLS certificate, website certificaat, Internet Standards Platform" />
<meta name="author" content="Platform Internetstandaarden / Internet Standards Platform" />
<link rel="icon" href="/static/favicon.png" sizes="32x32" />
<link rel="icon" href="/static/favicon.png" sizes="192x192" />
<link rel="apple-touch-icon-precomposed" href="/static/favicon.png" />
<meta name="msapplication-TileImage" content="/static/favicon.png" />
<link rel="stylesheet" type="text/css" href="/static/css/style-min.css" />
<link rel="stylesheet" type="text/css" href="/static/css/print-min.css" media="print" />
<script src="/static/js/jquery-2.1.3.min.js"></script>
<script src="/static/js/imagecheck-min.js" type="text/javascript" defer="defer"></script>
<script type="text/javascript" src="/static/js/headroom-min.js"></script>
<script type="text/javascript" src="/static/js/functions-min.js"></script>
</head>
<body class="home">
<div class="hidethis" aria-hidden="true"><span id="matomo-url">//matomo.internet.nl/</span> <span id="matomo-siteid">1</span> <span id="matomo-subdomain-tracking">*.internet.nl</span></div>
<div class="skiplink"><a href="#content">Go to the content</a></div>
<div class="skiplink" id="skiplink-sitenav"><a href="#sitenav">Go to the main menu</a></div>
<div class="skiplink"><a href="#footer">Go to the footer</a></div>
<header>
<div class="wrap">
<div id="masthead">
<p id="site-title"><a href="/"><span class="hidden">Internet.nl</span></a></p>
<p id="site-description"><span class="hidden">Is your Internet up-to-date?</span></p>
</div>
<div id="language-switch-header-container">
<ul class="language-switch-list">
<li><button class="active-language" disabled="disabled">English</button></li>
<li>
<form action="/change_language/" method="post"><input type='hidden' name='csrfmiddlewaretoken' value='27L3nUssxb6c8QTUQVm65USr2execND67GBuIdMwAF1s8POr9e1ASYsa7vY7jofO' /> <input type="hidden" name="previous-page" value="/" /> <input type="hidden" name="language" value="nl" /> <button>Nederlands</button></form>
</li>
</ul>
</div>
<nav id="sitenav">
<ul>
<li class="current"><a href="/">Home</a></li>
<li class=""><a href="/news/">News</a></li>
<li class=""><a href="/faqs/">Knowledge base</a></li>
<li class=""><a href="/halloffame/">Hall of Fame</a></li>
<li class=""><a href="/about/">About Internet.nl</a></li>
</ul>
</nav>
</div>
</header>
<main id="content" class="clearfix" tabindex="-1">
<div class="mainwrap">
<div class="introwrap">
<section class="wrap">
<h1 class="hidethis">Home</h1>
<p><span>Modern Internet Standards provide for more reliability and further growth of the Internet.<br />
Are you using them?</span></p>
</section>
</div>
<div class="wrap">
<section class="block websitetest">
<div class="wrapper">
<div class="title-and-explanation">
<h2>Test your website</h2>
<div>Modern address? Signed domain? Secure connection? Security options?</div>
<p class="read-more"><a href="/test-site/">About the test</a></p>
</div>
<form action="/site/" method="post"><label class="text-input" for="web-url">Your domain name: <input id="web-url" type="text" name="url" placeholder="www.example.nl" /></label>
<div class="contains-button"><button>Start test</button></div>
</form>
</div>
</section>
<section class="block emailtest">
<div class="wrapper">
<div class="title-and-explanation">
<h2>Test your email</h2>
<div>Modern address? Signed domain? Anti-phishing? Secure connection?</div>
<p class="read-more"><a href="/test-mail/">About the test</a></p>
</div>
<form action="/mail/" method="post"><label class="text-input" for="mail-url">Your email address: <span class="emailfield before"><input id="mail-url" class="email" type="text" name="url" placeholder="example.nl" /></span></label>
<div class="contains-button"><button>Start test</button></div>
</form>
</div>
</section>
<section class="block connectiontest">
<div class="wrapper">
<div class="title-and-explanation">
<h2>Test your connection</h2>
<div>Modern addresses reachable?<br />
Domain signatures validated?</div>
<p class="read-more"><a href="/test-connection/">About the test</a></p>
</div>
<form action="/connection/" method="post">
<div class="contains-button"><button>Start test</button></div>
</form>
</div>
</section>
</div>
</div>
<div class="wrap">
<section class="block news">
<h2>News</h2>
<ul>
<li><a href="/article/introducing-new-TLS-guidelines">New TLS guidelines landed in Internet.nl</a></li>
<li><a href="/article/next-major-release-will-use-new-TLS-guidelines">Next major release of Internet.nl will use the new TLS guidelines</a></li>
<li><a href="/article/open-source-release">Open source release Internet.nl including 'security headers'</a></li>
<li><a href="/article/email-test-on-internetnl-extended">Email test on Internet.nl extended</a></li>
<li><a href="/article/internetnl-checks-strictness-anti-mail-spoofing-standards">Internet.nl now also checks strictness anti-mail-spoofing standards</a></li>
<li><a href="/article/improved-internetnl-test-for-modern-internet-standards">Improved Internet.nl test for modern Internet Standards</a></li>
</ul>
<p class="read-more"><a href="/articles/">To the news overview</a></p>
</section>
<section class="block hall-of-fame">
<h2>Hall of Fame</h2>
<p>584 domains with double 100%<br />
Latest entry: 06-05-2020</p>
<ol>
<li><a href="/mail/doccontrol.nl/359066/">doccontrol.nl</a></li>
<li><a href="/mail/speciaalbierwinkel.nl/358494/">speciaalbierwinkel.nl</a></li>
<li><a href="/mail/netsphere.cz/358169/">netsphere.cz</a></li>
<li><a href="/mail/maxxor.org/358098/">maxxor.org</a></li>
<li><a href="/site/bnn.go.id/858672/">bnn.go.id</a></li>
<li><a href="/mail/fn-ce.net/357647/">fn-ce.net</a></li>
<li><a href="/mail/lexmedia.ro/357245/">lexmedia.ro</a></li>
<li><a href="/mail/openateliersharen.nl/357449/">openateliersharen.nl</a></li>
<li><a href="/mail/markyourmedia.nl/356666/">markyourmedia.nl</a></li>
<li><a href="/site/baitong.eu/855873/">baitong.eu</a></li>
</ol>
<p class="read-more"><a href="/halloffame/">To Hall of Fame - Champions!</a></p>
</section>
<section class="block dark stats">
<h2>Statistics</h2>
<h3>289564 website tests</h3>
<ol>
<li class="passed"><span class="visuallyhidden">Passed</span> 100% score: <span>8445 websites</span></li>
<li class="notpassed"><span class="visuallyhidden">Failed</span> 0-99% score: <span>281119 websites</span></li>
</ol>
<h3>109324 email tests</h3>
<ol>
<li class="passed"><span class="visuallyhidden">Passed</span> 100% score: <span>2063 mail servers</span></li>
<li class="notpassed"><span class="visuallyhidden">Failed</span> 0-99% score: <span>107261 mail servers</span></li>
</ol>
<h3>22451 connection tests</h3>
<ol>
<li class="passed"><span class="visuallyhidden">Passed</span> 100% score: <span>5995 connections</span></li>
<li class="notpassed"><span class="visuallyhidden">Failed</span> 0-99% score: <span>16456 connections</span></li>
</ol>
</section>
</div>
</main>
<footer id="footer"><img id="flag" src="/static/clear.gif" alt="" />
<div class="wrap">Internet.nl is an initiative of the Internet community and the Dutch government.
<hr />
<ul>
<li><a class="footlink" href="/disclosure/">Responsible disclosure</a></li>
<li><a class="footlink" href="/privacy/">Privacy statement</a></li>
<li><a class="footlink" href="/copyright/">Copyright</a></li>
<li class="follow-us"><a class="footlink twitterfollow" href="https://twitter.com/internet_nl">Follow us on Twitter</a></li>
</ul>
</div>
</footer>
<script type="text/javascript" src="/static/js/menu-min.js" defer="defer"></script>
<script type="text/javascript" src="/static/js/accordion-min.js" defer="defer"></script>
<script type="text/javascript" src="/static/js/matomo-min.js"></script>
</body>
</html>

Warnings Errors and Accessibility


Accessibility Checks:

line 25 column 3 - Access: [6.1.1.1]: style sheets require testing (link).
line 26 column 3 - Access: [6.1.1.1]: style sheets require testing (link).
line 29 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 29 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 29 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 29 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 29 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 29 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 42 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 42 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 42 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 42 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 42 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 42 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 43 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 43 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 43 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 43 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 43 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 43 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 44 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 44 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 44 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 44 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 44 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 44 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 90 column 13 - Access: [2.1.1.5]: ensure information not conveyed through color alone (input).
line 91 column 15 - Access: [2.1.1.5]: ensure information not conveyed through color alone (input).
line 91 column 15 - Access: [12.4.1.1]: associate labels explicitly with form controls.
line 92 column 15 - Access: [2.1.1.5]: ensure information not conveyed through color alone (input).
line 105 column 31 - Access: [13.1.1.1]: link text not meaningful.
line 108 column 24 - Access: [13.1.1.1]: link text not meaningful.
line 160 column 15 - Access: [12.4.1.3]: associate labels explicitly with form controls (id).
line 163 column 15 - Access: [2.1.1.5]: ensure information not conveyed through color alone (input).
line 192 column 49 - Access: [2.1.1.5]: ensure information not conveyed through color alone (input).
line 248 column 15 - Access: [13.1.1.3]: link text too long.
line 269 column 15 - Access: [13.1.1.3]: link text too long.
line 413 column 5 - Access: [7.1.1.5]: remove flicker (animated gif).
line 413 column 5 - Access: [2.1.1.1]: ensure information not conveyed through color alone (image).
line 414 column 5 - Access: [1.1.1.1]: <img> missing 'alt' text.
line 414 column 5 - Access: [1.1.2.1]: <img> missing 'longdesc' and d-link.
line 436 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 436 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 436 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 436 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 436 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 436 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 437 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 437 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 437 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 437 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 437 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 437 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
line 438 column 3 - Access: [6.2.2.2]: text equivalents require updating (script).
line 438 column 3 - Access: [6.3.1.1]: programmatic objects require testing (script).
line 438 column 3 - Access: [8.1.1.1]: ensure programmatic objects are accessible (script).
line 438 column 3 - Access: [7.1.1.1]: remove flicker (script).
line 438 column 3 - Access: [2.1.1.4]: ensure information not conveyed through color alone (script).
line 438 column 3 - Access: [1.1.10.1]: <script> missing <noscript> section.
Info: Document content looks like HTML5
No warnings or errors were found.