Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.FIPv6 ReadinessActionIPv6 records exist but unreachableFIX
Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.
Advertising IPv6 (AAAA records) without a reachable server means IPv6-preferring clients silently fail every connection.
Learn more ▾ ▴
Modern browsers prefer IPv6 if AAAA exists (Happy Eyeballs algorithm). If the IPv6 server isn't reachable, browsers fall back to IPv4 — but with seconds of added latency per request. Either fix IPv6 reachability or remove the AAAA records.
Source: RFC 8305 (Happy Eyeballs)
DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations189 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Submit your domain to hstspreload.org to be added to the Chrome preload list
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 147 ms lookupPASS
| A | 98.90.93.33, 54.205.215.227 |
| AAAA | 2600:1f10:49b4:320c:a24d:803:c58d:2f08, 2600:1f10:49b4:320d:d6f2:8231:f8a4:eb1e |
| CNAME | — |
| NS | ns-1133.awsdns-13.org, ns-1824.awsdns-36.co.uk, ns-187.awsdns-23.com, ns-581.awsdns-08.net |
| MX | 10 mx1.veeam.com 10 mx2.veeam.com 10 mx5.veeam.com |
| TXT | 2pstz7rrsdzq36cv8gpmkqqhlckbyd01 Securiti-verification-id=OW8nxgndgmcr26JSj1fntEstiz1R/nAtHlQNNpJj7n0= adobe-idp-site-verification=885cdb9c5464071d5fafc8b793e3eb2dfa4dfd1c35c846964782... apple-domain-verification=LXdFmmkDGb8CJG6S atlassian-domain-verification=V4XWNb3296t7bRIG2DlVoWXtGKgQSoyQvDHJo2GrTN3FowDYHy... atlassian-sending-domain-verification=c1904824-439a-4e7d-8d44-56b3d0458953 canva-site-verification=b9Ff6_iTwYvVDAlPuG0_Mw cursor-domain-verification-9cffjf=765SkBSij0IIDTlE0VutyRF2f google-site-verification=02BHW6A8wQXTnywL_JFHTgCDMXbjDbS4yGp-ThLmavo google-site-verification=Al5MoytlENGBht50jO1j5S9FQUMppo0aP0PJIUolHQk google-site-verification=P3Nvam2C7ONbgz88RAqKtTnn__Fng8Tj9edDQ3k3NT0 google-site-verification=S-k0tnanwu_JrUF7SqFtjmLoUVWsCUzI28stNPDRfxE google-site-verification=WF5QoU27EtkDScNEdVh5KA1lNb7_jDSSdFkyp3D1kZk h1-domain-verification=r6z4VhDR9kLFo5fbLPpDascF3mfTy3FkXfkAfE2RSGCNY7kr infoblox-domain-mastery=51ba1de8ffc009b008faf8ec86c28a558f26192c65409572176b9f0c... jamf-site-verification=2cUUS22wdwAGzToD0OCTig mgverify=c29800353c03046c71a6f70e01960c35ed651b58312df54b1a4d5fa13c5fdb67 oci-domain-verification=yKPrvvGc50DjOogTG1so0sGitlQUKUmOKT3f7UUgYIB3A openai-domain-verification=dv-gXONtk3lIXAWWzYr9ycGw5P0 teamviewer-sso-verification=8100c167a4574b7a8b6876fe55f8ee68 uber-domain-verification=fa4bdf3e-ffe7-4aa4-982d-d636c2b8fbf4 SPF v=spf1 include:_spf.mta.veeam.com include:mktomail.com include:mailsenders.netsu... wiz-domain-verification=6a31834848503e4ca3d7d4d3126b6320078ec9d01e2d32d5d3546a4e... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 490 ms totalPASS
https://veeam.com
244 ms · HTTP/1.1
https://www.veeam.com/
245 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://veeam.com | 301 | 244 ms | HTTP/1.1 | nginx |
| 2 | https://www.veeam.com/ | 200 | 245 ms | HTTP/1.1 | nginx |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 4161 URLsPASS
User-agent: *
Disallow: /*.doc
Disallow: /*_wpp.pdf
Disallow: /*_rn.pdf
Disallow: /*_wn.pdf
Disallow: /*_pg.pdf
Disallow: /*_ds.pdf
Disallow: /*_ss.pdf
Disallow: /*_local.pdf
Disallow: /files/release_notes/*.pdf
Disallow: /files/guide/*.pdf
Disallow: /files/report/
Disallow: /pdf/
Disallow: /inc/
Disallow: /message.html
Disallow: /*/message.html
Disallow: /*_prod/
Disallow: /*-free-key
Disallow: /*-form-
Disallow: /*-form/
Disallow: /*-form$
Disallow: /*-form.html
Disallow: /university-archive/
Disallow: /*signin.html
Disallow: /signout
Disallow: /*/download.html
Disallow: */prm_download_x64.html
Disallow: */alt_download.html
Disallow: */alt_download_x64.html
Disallow: */prm_download.html
Disallow: /blog/*tag/
Disallow: /blog/*?s=
Disallow: /blog/*.php
Disallow: /*wp_validate/
Disallow: /wp_list/
Disallow: /*/plugins/
Disallow: /source/
Disallow: /beta/*
Disallow: */test/
Disallow: */tests/
Disallow: */resource-registration/
Disallow: */veeam-search-distributors.html
Sitemap: https://www.veeam.com/sitemap.xml
Sitemap: https://www.veeam.com/de/sitemap.xml
Sitemap: https://www.veeam.com/jp/sitemap.xml
Sitemap: https://www.veeam.com/cn/sitemap.xml
Sitemap: https://www.veeam.com/es-lat/sitemap.xml
Sitemap: https://www.veeam.com/br/sitemap.xml
Sitemap: https://www.veeam.com/tr/sitemap.xml
Sitemap: https://www.veeam.com/cz/sitemap.xml
Sitemap: https://www.veeam.com/pl/sitemap.xml
Sitemap: https://www.veeam.com/nl/sitemap.xml
Sitemap: https://www.veeam.com/es/sitemap.xml
Sitemap: https://www.veeam.com/ru/sitemap.xml
Sitemap: https://www.veeam.com/it/sitemap.xml
Sitemap: https://www.veeam.com/fr/sitemap.xml
Sitemap: https://www.veeam.com/blog/post-sitemap1.xml
Sitemap: https://www.veeam.com/blog/post-sitemap2.xml
Sitemap: https://www.veeam.com/blog/post-sitemap3.xml
ADomain Intelligenceveeam.com — via GoDaddy.com, LLC, 20 years, 1 months old, hosted on AWSPASS
EXPIRED
June 7, 2026
189 days
Issued by Amazon
20 years, 1 months
Registered June 7, 2006
Not enabled
Protects against DNS spoofing
AWS
ASN AS14618
98.90.93.33
GoDaddy.com, LLC
Expiry timeline
Recommended actions
- Domain has EXPIRED — renew immediately to avoid total site outage
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Consider enabling auto-renewal to prevent accidental expiration.
Domain expiry approaching — renew immediately and ensure auto-renew + alerting are configured.
Source: ICANN renewal policy
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice