Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BTLS Certificate Expiry & Recommendations189 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryAkamaiREVIEW
A+DNS Records2 A records, 28 ms lookupPASS
| A | 2.17.35.19, 2.16.8.83 |
| AAAA | — |
| CNAME | — |
| NS | a7-65.akam.net, a3-64.akam.net, a1-179.akam.net, a8-66.akam.net, a26-67.akam.net, a20-66.akam.net |
| MX | — |
| TXT | 9pqb3gtylkl084922kk6h8g0l7fnzbn0 b0ktbpx68l37fvxq58fkbqwp1gg9k4gy 60vqrrb0gcnj7ccvd363ddyzg0hplddr google-site-verification=2qSWKNVNb4PO5xP4WF17Xr-O_ITO5-5KYAgIPutXByE F5CB-F102-317B-3B51-2A29-42A3-AD10-7D03 7GLOHC2NGG8QGB9S5A1F2GC2UO |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.
Learn more ▾ ▴
SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.
Source: RFC 7208 (SPF)
A+Redirect ChainNo redirects — direct accessPASS
https://www.gob.mx
263 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://www.gob.mx | 200 | 263 ms | HTTP/1.1 |
A+Crawlabilityrobots.txt present, sitemap with 3 URLsPASS
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
User-agent: Googlebot
Disallow:
User-agent: googlebot-image
Disallow:
User-agent: googlebot-mobile
Disallow:
User-agent: AdsBot-Google
Disallow:
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencewww.gob.mx — via AKKY ONLINE SOLUTIONS, S.A. DE C.V., 24 years, 5 months old, hosted on AkamaiPASS
228 days
February 28, 2027
189 days
Issued by DigiCert Inc
24 years, 5 months
Registered March 1, 2002
Status unknown
Protects against DNS spoofing
Akamai
ASN AS20940
2.17.35.19
AKKY ONLINE SOLUTIONS, S.A. DE C.V.
Expiry timeline
Recommended actions
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice