Why is the registrant contact redacted in most WHOIS lookups?

GDPR Article 6 (effective 25 May 2018) made publishing personal data (registrant name, email, phone, address) without lawful basis a regulatory risk for European registrars. ICANN responded with the Temporary Specification for gTLD Registration Data (May 2018), allowing registrars to redact personal contact details by default. The permanent ICANN Registration Data Policy is effective 21 August 2025 and codifies post-GDPR behaviour for all gTLD registries: minimum publication of registrar name + IANA ID, status codes (RFC 5731), creation/expiration/last-update dates, and nameservers; redaction permitted (and effectively standard) for registrant name, organisation, postal address, phone, fax, and email. Abuse contact for the registrar must always be public. ccTLDs (.es, .uk, .de, .fr) operate under their own national policies — some preceded GDPR redaction, others publish more for legal-entity registrants.

Why do .es, .uk, and .com.br return different fields than .com?

ccTLDs (country-code top-level domains) operate under national authority, not ICANN's gTLD contract framework, so each registry sets its own data model and disclosure policy. ICANN's Registration Data Policy (effective 21 August 2025) applies only to gTLDs (.com/.net/.org/.info, plus all New gTLDs like .app/.dev). Spanish .es is operated by Red.es and uses an XML-based protocol with stricter privacy by default than legacy gTLD WHOIS. UK .uk is operated by Nominet and follows DPA / UK GDPR rules; non-trading individuals can opt out of WHOIS publication entirely. Brazilian .com.br requires CAPTCHA for heavy queries and rate-limits aggressively. Some ccTLDs (Germany .de, Netherlands .nl) provide RDAP; others remain WHOIS-only. Always check the specific ccTLD policy when building automation that crosses TLD boundaries.

How current is the data, and what does the lifecycle look like?

RDAP reflects the registry's current state, which the registrar pushes via EPP (RFC 5731 Hollenbeck 2009). Most updates propagate within 24 hours; some registrars batch updates daily or run end-of-day reconciliation. New domain registrations are typically visible within 60 minutes. Transfers follow a 5-day Form of Authorisation (FOA) window per ICANN Transfer Policy (default approval if Registrar of Record doesn't respond) during which the domain shows pendingTransfer status; expirations move to autoRenewPeriod (45 days), then redemptionPeriod (30 days, restorable for a fee), then pendingDelete (5 days), then drop. ICANN policies set these timing windows; registries may add further holding periods. DNSSEC delegation changes (DS records at parent zone) appear immediately if signed. The expirationDate in RDAP is the contractual expiration; actual deletion follows the redemption + pendingDelete grace periods.

WHOIS Lookup Online Free

Q: WHOIS vs RDAP — what's the difference and which does this tool use?

WHOIS (RFC 3912 Daigle 2004) is the legacy protocol over TCP port 43: send a free-form text query, receive free-form text response. Each registrar invents its own field labels ('Registrar:', 'Sponsoring Registrar:', 'Registrar Name:'), making automated parsing brittle. RDAP (Registration Data Access Protocol) is the IETF-blessed modern replacement specified across RFC 7480 (HTTP usage, Newton/Ellacott/Kong, March 2015), RFC 9082 (query format, Hollenbeck & Newton, June 2021, obsoleting RFC 7482), RFC 7483 (JSON response schema, Newton & Hollenbeck, March 2015), and RFC 7484 (bootstrap registry for finding the authoritative service, Blanchet, March 2015). RDAP returns structured JSON with predictable field names ('ldhName', 'events', 'nameservers'), making automated parsing reliable. This tool uses RDAP via the IANA bootstrap (rdap.iana.org/dns/example.com), then parses the JSON for display. Most gTLDs and modern ccTLDs publish RDAP; a few legacy ccTLDs are still WHOIS-only.

Q: What do EPP status codes (clientHold, serverTransferProhibited) mean?

EPP (Extensible Provisioning Protocol, RFC 5731 Hollenbeck, August 2009) is the protocol registrars use to manage domains at registries. Each domain carries one or more status codes that control its operational state. 'client'-prefixed codes are set by the registrar (the contracted party closest to the registrant): clientHold (DNS delegation suspended, often unpaid renewal), clientTransferProhibited (registrar blocks transfers — common default to prevent unauthorised hijacking), clientDeleteProhibited, clientUpdateProhibited, clientRenewProhibited. 'server'-prefixed codes are set by the registry (the TLD operator): serverHold, serverTransferProhibited (often court order or UDRP dispute), serverDeleteProhibited, serverUpdateProhibited, serverRenewProhibited. Server codes outrank client codes — only the registry can clear them. Other states: ok (no restrictions), pendingCreate/Delete/Renew/Transfer/Update, inactive (no nameservers configured).

WHOIS Lookup — RDAP, Registrar, Status Codes & Domain Age

WHOIS lookups query domain registration metadata: registrar, creation/expiration dates, nameservers, EPP status codes, and (where not redacted) registrant contact details. The protocol stack has two layers: legacy WHOIS over TCP port 43 (RFC 3912 Daigle, September 2004), and the modern RDAP suite over HTTPS — RFC 7480 (HTTP usage; Newton, Ellacott & Kong, March 2015), RFC 9082 (query format; Hollenbeck & Newton, June 2021, obsoleting RFC 7482), RFC 7483 (JSON response schema; Newton & Hollenbeck, March 2015), and RFC 7484 (bootstrap registry; Blanchet, March 2015). RDAP returns structured JSON with predictable field names; legacy WHOIS returns free-form text that varies per-TLD. Domain status codes (clientHold, serverTransferProhibited, etc.) come from RFC 5731 (Hollenbeck, August 2009) EPP. Since GDPR (May 2018) most gTLD registrants are redacted; ICANN's Registration Data Policy effective 21 August 2025 codifies the post-Temporary-Specification publication minimums and redaction rules. This tool queries the public RDAP service via the IANA bootstrap (rdap.iana.org), parses the JSON, and displays registrar, dates, nameservers, and parsed status codes.

How to do a WHOIS lookup

Enter a domain name (no protocol or path — example.com, not https://example.com/path).
The tool queries the IANA RDAP bootstrap to find the authoritative RDAP server for the TLD, then issues an RDAP query.
Review parsed JSON: registrar (with IANA ID), key dates, nameservers, EPP status codes (with brief descriptions per RFC 5731).
Use the abuse contact (always public per ICANN policy) to report malware/phishing — registrant contact is typically redacted under the post-GDPR Registration Data Policy.

Common use cases

Checking domain expiration before renewing or buying a similar one — RDAP returns ISO-8601 dates with timezone.
Identifying the registrar of a domain to initiate a transfer — IANA registrar IDs disambiguate similarly-named registrars.
Finding the abuse contact for a domain hosting malicious content — kept public under ICANN's Registration Data Policy.
Verifying domain age via creationDate — newer domains correlate with phishing in trust scoring; older domains carry reputation history.

Frequently asked questions

Why is the registrant contact redacted in WHOIS?

GDPR Art 6 (May 2018) made publishing personal data without lawful basis a regulatory risk. ICANN's Registration Data Policy effective 21 August 2025 codifies the post-GDPR rules: registrar/dates/status/nameservers public, registrant contact redacted by default. Abuse contact is always public per ICANN policy.

WHOIS vs RDAP — which does this tool use?

RDAP via IANA bootstrap (RFC 7484). RDAP returns structured JSON with named fields (RFC 7483 schema); legacy WHOIS over TCP port 43 (RFC 3912) returns free-form text per registrar. RDAP is the IETF modern replacement; legacy WHOIS remains fallback for some ccTLDs.

What do clientHold and serverTransferProhibited mean?

Per RFC 5731 (EPP, Hollenbeck 2009): 'client'-prefixed codes are set by the registrar (clientHold = DNS delegation suspended, often unpaid renewal); 'server'-prefixed by the registry (serverTransferProhibited = registry blocks transfers, often court order or UDRP). Server codes outrank client codes.

Why do .es, .uk, .com.br return different fields than .com?

ccTLDs operate under national authority, not ICANN's gTLD framework. ICANN's Registration Data Policy (21 Aug 2025) applies only to gTLDs (.com/.net/.org + New gTLDs). .es uses Red.es, .uk uses Nominet — each with stricter privacy and different field sets.

How current is the data, and what's the lifecycle?

Most updates propagate within 24h via EPP. Transfers go through a 5-day Form of Authorisation (FOA) window per ICANN Transfer Policy (default approval if Registrar of Record doesn't respond) — pendingTransfer status during the window; expirations move autoRenewPeriod (45d) → redemptionPeriod (30d, restorable) → pendingDelete (5d) → drop.

How RDAP modernised WHOIS — and what GDPR redaction did to public data

WHOIS as a protocol predates DNS itself; RFC 812 (1982) formalised it and RFC 3912 (Daigle, 2004) modernised the spec. The wire format is a TCP request to port 43: send a query string, receive free-form text. Each registrar invents its own field labels ('Registrar:', 'Sponsoring Registrar:', 'Registrar Name:'), making automated parsing brittle and forcing tooling to maintain regex libraries per registrar. RDAP fixes this by replacing TCP+text with HTTPS+JSON: RFC 7480 specifies how to issue HTTP GET requests with predictable URL patterns (/domain/example.com), RFC 9082 (the current query syntax, replacing RFC 7482 in June 2021) defines the path structure, and RFC 7483 specifies the JSON response schema with named fields like 'ldhName', 'events', 'nameservers', and 'status'. The IANA RDAP Bootstrap registry (RFC 7484) tells clients which RDAP server is authoritative for a given gTLD or IP block. EPP status codes (RFC 5731, 2009) classify domain state: 'client'-prefixed codes are set by the registrar (clientHold, clientTransferProhibited), 'server'-prefixed codes by the registry. Server codes outrank client codes — only the registry can clear them. Post-GDPR (May 2018), ICANN published the Temporary Specification redacting registrant personal data; this evolved into the permanent Registration Data Policy effective 21 August 2025, which codifies minimum publication (registrar info, status, dates, nameservers) while allowing redaction of personal contact details. The practical impact: WHOIS for most gTLDs now shows you who runs the domain technically (registrar) but rarely who owns it (registrant) without a legal request or accreditation.

Registrar identification with IANA Registrar ID
Created/updated/expiration dates as ISO-8601 with timezone
Nameserver listing parsed from RDAP 'nameservers' array
EPP status code parsing per RFC 5731 with descriptions
RDAP JSON parsing per RFC 9082 (current spec, obsoletes RFC 7482)
Live IANA bootstrap query (RFC 7484) to find the authoritative RDAP service

Free. No signup. Browser tools (subnet, JWT, password strength) run locally; lookup tools query public APIs (Cloudflare DoH, RDAP, certificate logs). Full per-tool breakdown at /methodology/.

Sources (7)

Daigle, L. (2004). WHOIS Protocol Specification. RFC 3912, IETF (September 2004 — TCP port 43, obsoletes RFC 954).
Newton, A., Ellacott, B., & Kong, N. (2015). HTTP Usage in the Registration Data Access Protocol (RDAP). RFC 7480, IETF (March 2015).
Hollenbeck, S., & Newton, A. (2021). Registration Data Access Protocol (RDAP) Query Format. RFC 9082, IETF (June 2021 — obsoletes RFC 7482).
Newton, A., & Hollenbeck, S. (2015). JSON Responses for the Registration Data Access Protocol (RDAP). RFC 7483, IETF (March 2015).
Blanchet, M. (2015). Finding the Authoritative Registration Data (RDAP) Service. RFC 7484, IETF (March 2015 — RDAP bootstrap registry; obsoleted by RFC 9224 in 2022).
Hollenbeck, S. (2009). Extensible Provisioning Protocol (EPP) Domain Name Mapping. RFC 5731, IETF (August 2009 — domain status codes: clientHold, serverTransferProhibited, etc.).
ICANN (2025). Registration Data Policy. ICANN consensus policy effective 21 August 2025 (codifies post-GDPR Temporary Specification, redaction rules and minimum publication requirements for gTLD registries).

These are the IETF RFCs, NIST publications, and W3C standards the tool implements or queries. Locate them on the IETF Datatracker (datatracker.ietf.org) or the official standards body.

Related guides

DNS Propagation — Why "Wait 48 Hours" Is Mostly WrongDNS changes do not propagate — caches expire. Here is how TTL, negative caching, and public resolvers actually work during a migration.

By Marco B. · Last verified June 2026 — runs in your browser