https://willys-restaurant.lovable.app
Infrastructure
· 17 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
89
GRADE
B
FIX
0
REVIEW
8
PASS
8
INFO
1
Probed from Madrid, Spain
200 OK
Checks
178 PASS 8 REVIEW
BDNSSECUnsigned (DNSSEC not deployed)REVIEW
DNSSEC
Unsigned (DNSSEC not deployed)
Unsigned (DNSSEC not deployed)
Info::
DNSSEC is not deployed
The zone is not DNSSEC-signed. Users on validating resolvers (Cloudflare 1.1.1.1, Quad9 9.9.9.9, growing default in mobile resolvers) get no protection against DNS spoofing for this domain. Most registrars now offer DNSSEC at a single click; consider enabling it for sites where authenticity matters (banking, healthcare, government).
BCAA RecordsNo CAA records (any CA may issue certificates)REVIEW
CAA Records
No CAA records (any CA may issue certificates)
No CAA records (any CA may issue certificates)
Info::
No CAA records published
Without CAA records, any publicly-trusted CA can issue certificates for this domain. Adding a CAA record (`yourdomain. IN CAA 0 issue "letsencrypt.org"`) restricts issuance to CAs you authorize. Required by CAB Forum baseline since 2017; the default of 'any CA' is widely supported but is the broader attack surface for issuance fraud.
CReverse DNSAction0/4 IPs match cert SANREVIEW
Reverse DNS
Action0/4 IPs match cert SAN
0/4 IPs match cert SAN
Info::
PTR lookup failed for 185.41.148.2: lookup 185.41.148.2: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
Info::
PTR lookup failed for 185.41.148.1: lookup 185.41.148.1: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
Info::
PTR lookup failed for 2a07:8240::2: lookup 2a07:8240::2: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
Info::
PTR lookup failed for 2a07:8240::1: lookup 2a07:8240::1: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
BCrawlabilityrobots.txt present, no sitemapREVIEW
Crawlability
robots.txt present, no sitemap
robots.txt present, no sitemap
Info::
robots.txt is present
Got: 160 bytes
Info::
No sitemap.xml found
A sitemap helps search engines discover and index your pages more efficiently.
Info::
robots.txt does not reference a sitemap
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
A sitemap helps search engines discover and index your pages more efficiently.
Why this matters
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
Why this matters
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
robots.txt 200 OK
Size 160 B Sitemaps referenced 0 User-agents Googlebot, Bingbot, Twitterbot, facebookexternalhit, * Blocking No — crawling allowed
User-agent: Googlebot
Allow: /
User-agent: Bingbot
Allow: /
User-agent: Twitterbot
Allow: /
User-agent: facebookexternalhit
Allow: /
User-agent: *
Allow: /
sitemap.xml No sitemap found
No sitemap found
Adding a sitemap helps search engines discover your pages.
BTLS Certificate Expiry & Recommendations61 days until leaf cert expires — 2 issues to addressREVIEW
TLS Certificate Expiry & Recommendations
61 days until leaf cert expires — 2 issues to address
Certificate validity
61
days left
0d 30d 60d 90d+
Recommended actions
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
BCDN & DeliveryCloudflareREVIEW
CDN & Delivery
Cloudflare
Cloudflare
Info::
Site is served via Cloudflare CDN (edge: CDG)
Got: cf-ray: 9fbe7592eb80783e-CDG
CDN Detected: Cloudflare
Provider Cloudflare Evidence cf-ray: 9fbe7592eb80783e-CDG
BCDN Cache ObservabilityNo CDN cache-status headers in the responseREVIEW
CDN Cache Observability
No CDN cache-status headers in the response
No CDN cache-status headers in the response
Info::
No CDN cache-status headers in the response
Without an X-Cache / CF-Cache-Status / X-Vercel-Cache / Age header, you can't tell from outside whether a request hit the cache or went to origin. Operationally important: enables debugging stale-content reports and verifying cache rules. Most managed CDN platforms emit at least one of these by default; absence often means the platform's diagnostic headers are stripped at an upstream proxy.
BOperational Status PageNo status page link detectedREVIEW
Operational Status Page
No status page link detected
No status page link detected
Info::
No operational status page link detected
Status pages communicate planned maintenance and incidents to users -- a hallmark of operationally-mature services. Most SaaS teams publish one via Atlassian Statuspage, Instatus, BetterUptime, or a self-hosted Cachet. Smaller sites legitimately don't need one; flagged as Info, not a failure.
ADNS Records2 A records, 31 ms lookupPASS
DNS Records
2 A records, 31 ms lookup
2 A records, 31 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 185.41.148.2, 185.41.148.1
Info::
Has 2 IPv6 (AAAA) record(s)
Got: 2a07:8240::2, 2a07:8240::1
Info::
No NS records found
Info::
No MX records — email not configured via DNS
Info::
No SPF record found in TXT records
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Info::
DNS resolution time: 31 ms
Got: 31 ms
| A | 185.41.148.2, 185.41.148.1 |
| AAAA | 2a07:8240::2, 2a07:8240::1 |
| CNAME | — |
| NS | — |
| MX | — |
| TXT | — |
| CAA | Lookup not available with standard resolver |
Resolved in 31 ms
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Why this matters
Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.
Learn more ▾ ▴
SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.
Source: RFC 7208 (SPF)
A+Subdomain TakeoverNo subdomain takeover risk detectedPASS
Subdomain Takeover
No subdomain takeover risk detected
No subdomain takeover risk detected
Info::
No CNAME record present
A+Multi-Resolver DNS SpeedMean 24ms across 3 resolvers (spread 11ms)PASS
Multi-Resolver DNS Speed
Mean 24ms across 3 resolvers (spread 11ms)
Mean 24ms across 3 resolvers (spread 11ms)
Info::
Cloudflare: 18ms
Got: 18ms via 1.1.1.1:53
Info::
Quad9: 25ms
Got: 25ms via 9.9.9.9:53
Info::
Google: 29ms
Got: 29ms via 8.8.8.8:53
A+Redirect ChainNo redirects — direct accessPASS
Redirect Chain
No redirects — direct access
No redirects — direct access
Info::
No redirects — direct access
Got: https://willys-restaurant.lovable.app
https://willys-restaurant.lovable.app
129 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://willys-restaurant.lovable.app | 200 | 129 ms | HTTP/1.1 | cloudflare |
A+IPv6 ReadinessIPv6 reachable (17 ms)PASS
IPv6 Readiness
IPv6 reachable (17 ms)
IPv6 reachable (17 ms)
Info::
IPv6 is configured and reachable at 2a07:8240::2, 2a07:8240::1
Got: 17 ms connect
IPv6 Ready
AAAA Records 2a07:8240::2, 2a07:8240::1 Connection Reachable (17 ms)
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Info::
HTTP correctly 301-redirects to HTTPS
www / non-www
https://www.willys-restaurant.lovable.app/
200https://willys-restaurant.lovable.app/
HTTP → HTTPS
301http://willys-restaurant.lovable.app/ → https://willys-restaurant.lovable.app/
Consistent
A+HTTP Probe TimingTotal 190 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
HTTP Probe Timing
Total 190 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
30 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
17 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
22 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
190 msTotal Time Total request time from DNS lookup through full response.
191 msConnection waterfall
DNS Lookup 30 ms TCP Connect 17 ms TLS Handshake 22 ms Server Processing 121 ms Content Transfer 0 ms
A+Health Check EndpointHealth endpoint at https://willys-restaurant.lovable.app/health (HTTP 200)PASS
Health Check Endpoint
Health endpoint at https://willys-restaurant.lovable.app/health (HTTP 200)
Health endpoint at https://willys-restaurant.lovable.app/health (HTTP 200)
Info::
Public health endpoint at https://willys-restaurant.lovable.app/health
Got: https://willys-restaurant.lovable.app/health
Domain IntelligenceDomain intelligence data not availableINFO
Domain Intelligence
Domain intelligence data not available
Domain intelligence data not available
RDAP and WHOIS lookup both failed
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.