Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BCrawlabilityno robots.txt, no sitemapREVIEW
robots.txt is optional but recommended. It tells search engine crawlers which pages to index.
No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.
Learn more ▾ ▴
A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.
Source: robotstxt.org
A sitemap helps search engines discover and index your pages more efficiently.
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
No robots.txt found
This is fine for most sites — a missing robots.txt allows all crawling by default.
No sitemap found
Adding a sitemap helps search engines discover your pages.
CHTTP Probe TimingActionTotal 1853 ms — DNS, TCP, TLS, TTFB, content transfer breakdownREVIEW
Connection waterfall
BTLS Certificate Expiry & Recommendations34 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 20 ms lookupPASS
| A | 45.60.102.26, 45.60.12.26 |
| AAAA | — |
| CNAME | — |
| NS | pdns1.cscdns.net, pdns2.cscdns.net |
| MX | 10 mx07-00096706.pphosted.com 10 mx08-00096706.pphosted.com |
| TXT | MS=ms15193738 MS=ms20672016 MS=ms60756024 vflqgpe3m0mlvh2fgokv48hb7s _74zhfwuf30nxpld0rzx4jhums6oixe4 c5tt7hfw7f0mcylb80ty2w5gtk0dnzd4 asv=9b3c31b5c0c5c724b930dc891a6a5164 0ed1fe018a87e5d0d94b47451d8085d60a5d593965 apple-domain-verification=zMaH8y3unMWhyW1w MS=BC48668F0ACDAC1C1E0091584E180338BA93CD8D SFMC-1RfVwQVVmBdJ6SzIlFrF4ip001D_bz_Ibcysko3M docusign=1b13fda8-ab72-49f4-91ca-7ff2d91199aa docusign=940600e4-b66d-4580-9b47-7473ce2fe241 docusign=9b581a06-bc87-41ff-a0dc-09edba37d90b zoho-verification=zb25287966.zmverify.zoho.in mentimeter-8b8b9b41-72d9-4f03-98df-60d40a789ebe cloudhealth=443ccb8d-7623-48f3-8699-c6edc0f598a6 google-gws-recovery-domain-verification=51243510 amazonses:+pP4lp3qHnOQY40qg0NNVazcPl97vjVonRk3slH74v4= adobe-sign-verification=fe9cdca76cd809222e1acae2866ae896 docker-verification=11e04c51-4845-4cda-9522-795e656a460d mongodb-site-verification=1ZxRCVG1CHBNEHCKmFZHU9MfjKAw0mcR mongodb-site-verification=rs81wcsQn2S42KYM0rhGpSPaxywGVGfC facebook-domain-verification=jko7uiiaedqwszu52arnykpu8zc4v9 workplace-domain-verification=sd1uQjZQtcmvrpnXsrQbXfzTQ0WMSI onetrust-domain-verification=c08a2586bede44bc9b4c1cfaf6af9f6b pendo-domain-verification=eb09359a-5866-43c2-b36e-078d49368d40 adobe-idp-site-verification=49ab72da-7526-41dc-aca1-05cbb8574d87 bill-one-domain-verification=b3f35c5a-be9a-4309-b6cb-d3d636438a69 bill-one-domain-verification=b5d584f1-03c9-453a-b136-7442a5517d07 bill-one-domain-verification=e3feea9f-a49f-43ec-ac97-1a0a40e7cc5d bill-one-domain-verification=e9183bf4-ca44-47ec-90c9-a7723a8160c7 google-site-verification=-F7e9prBd4iXAViyKY2JZLLFr1Ht0T26TJzLh66foUg google-site-verification=2Dkh3-WpmJuZztsHWpxJmjwZBxUXeN4wraKtGwLoE6U google-site-verification=7g2AhKp9mmHPGXW9MfRSbF5t-nsnIdOGY7xghGhRmE4 google-site-verification=FWtATqnJpwq_sUiRgAuMScKn8i0FavD-JVAF0XryNpM google-site-verification=Ovsc2mXudI6lyXAwLn1JbVTCmCU5rf7VsAgS9s9psl8 google-site-verification=QA2VJi-kvyktewZqcuDxi75oSdL89BNRgD2SD1uh8CI google-site-verification=YvOfoIZGL13OB-tlxp0vbnMh8ZGMUezqdTM_n2IVVUI google-site-verification=fs_OGxxiYIMsiml2_fidBE_kJrPRxZ2mhZ7bnL44yE4 google-site-verification=u7S8VodutD1C2leVjFjaHiOYLtB2ZAy9qnvXUx05XOQ google-site-verification=xLOiCrqpuZMX4u7brFUe_LUE4CKEnh3q_XTo8psC-20 launchdarkly-domain-verification=069ef07b-c5d2-4ff8-b500-26cca710a2dd worksmobile.certification.xafve0bdfy1d8bv1sg.ooujt3vqajkxk0.nutaxwxox SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com include:_spf.google.com -all DomainVerification=L01TNKM4HS6ALWCUVL16GHS7F9QMLWCTS7F6CW5TE7IRZBERBZQEJ772I2I4S... notion_verify_D32fzhTg2NhrxjjeTWUmsZykrzguMJTjmeWuK46eZA4V7t2CW8uoyRQoR4DdrUbexe... wiz-domain-verification=e0fb68cc181dcd04c85d33c88d8fa643fe07427d432c20640c05e3f8... Dynatrace-site-verification=e1257c24-02b0-4683-b1f0-ed10161afefc__97u4e8bo2j45de... adobe-idp-site-verification=9f7ba6cb679661e15900e307343fa54a100ee46ee0eeb0e78930... cisco-ci-domain-verification=dbbb79c5cff9ea41dfb1c7d46510219b80b1bd99f950622491d... atlassian-domain-verification=5AQye7yfqQafq0JCwZU37QOXdsscjD6JaDLeqH/sA4orPYaMU9... atlassian-domain-verification=djbdcM4iasxSArsZylY9DKHfxkN1luY2DCr0INjFEjmt0YdRuA... postman-domain-verification=0a738201543c77511d0e701c46c967856d9318c6a8dbeed56df1... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 26 ms totalPASS
https://pwc.com
10 ms · HTTP/1.1
https://www.pwc.com/
17 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://pwc.com | 301 | 10 ms | HTTP/1.1 | |
| 2 | https://www.pwc.com/ | 403 | 17 ms | HTTP/1.1 | AkamaiGHost |
See the visual redirect chain in the HTTP Probe tab →
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencepwc.com — via CSC Corporate Domains, Inc., 24 years, 9 months old, hosted on INCAPSULA - Incapsula Inc, USPASS
484 days
November 10, 2027
34 days
Issued by GlobalSign nv-sa
24 years, 9 months
Registered November 10, 2001
Not enabled
Protects against DNS spoofing
INCAPSULA - Incapsula Inc, US
ASN AS19551
45.60.102.26
CSC Corporate Domains, Inc.
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice