Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
BRedirect Chain2 redirect(s), 508 ms totalREVIEW
https://gsk.com
145 ms · HTTP/1.1
https://gsk.com/en-gb/
204 ms · HTTP/1.1
https://www.gsk.com:443/en-gb/
160 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://gsk.com | 301 | 145 ms | HTTP/1.1 | |
| 2 | https://gsk.com/en-gb/ | 301 | 204 ms | HTTP/1.1 | |
| 3 | https://www.gsk.com:443/en-gb/ | 200 | 160 ms | HTTP/1.1 |
See the visual redirect chain in the HTTP Probe tab →
Each redirect adds latency. Try to minimize the chain to 1 hop.
Redirect chain — each hop adds latency; combine into one redirect where possible.
Source: Google Search Central / web.dev
BTLS Certificate Expiry & Recommendations70 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Add includeSubDomains to the HSTS directive
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 126 ms lookupPASS
| A | 2.16.169.14, 2.16.169.18 |
| AAAA | 2600:1419:6200:3d::214:8b53, 2600:1419:6200:3d::214:8b51 |
| CNAME | — |
| NS | c1-160.akashield.net, c2-160.akashield.net |
| MX | 5 mxa-001caa02.gslb.pphosted.com 5 mxb-001caa02.gslb.pphosted.com |
| TXT | /ZT+19PNJ/2m3OQQlu/JW4YRjiI= 43d3babd-5196-4168-82bf-ad91a5460a20 46314549aa271bd52a60e6c394471398a7daba94195caf7c0ad1a7fc747a8313 MS=ms52422680 ZOOM_verify_GmYSH5N2SsSVd5IiskLTtg _globalsign-domain-verification=YAlUiOIcLf2w_4JBXYS-cgwWWBpQPjQC4wL5YxrnTH _j8pkvojn5dc74oqpp4isjqzls4l1jlx adobe-idp-site-verification=1a542705d103b1b61fef7cfa8faae55aa98921c853154e0e5524... airtable-verification=f0f7584a3a686e37af7211c43ba80d06 amazonses:R/oqH7QHdio+vXCeQ6jzKFaT8654S73t569K6CKZs6I= anthropic-domain-verification-k4tnng=zZTIxB16agkNmVIynUVdECy7H apple-domain-verification=hE2oLHsSZHDdGLLE atlassian-domain-verification=l1Z8BYztMb8MijiuI8UIBmNYx3R9I8ZLs84apb6rXv/QCjpr4Y... atlassian-domain-verification=zdxihZXuWCS1onHmba6zHTL4mBi4q/6ec87WKUqW3bipKbmXHA... bd52c1f6be714d6ebc2a9c139597fe3a box-domain-verification=470291b1b8c20979f609467654e79c9e0238084b7fd6b133ead14488... box-domain-verification=928a3c1f9c024a2c53599a76d1045f9c46e2b0f896e5939a970fdc29... docker-verification=1396de14-7a6f-4a3d-b579-429042390261 extensis-domain-verification=aeb8a89b-268d-4d38-9724-cac550902cec facebook-domain-verification=fepox61pkp4llceghsrvo9wbdu50y3 facebook-domain-verification=s79fy8b705prth71j83ojr4yo7aahi facebook-domain-verification=xjk0szosgc4rjzr6q5tg7ct1qxv8ak gather-domain-verification=35662fc1-bcee-40a4-b7e1-42ecc944dc65 geneious.com:domain-verification=RDoSynWkKF7jSLjPkr8rHA google-site-verification=FcHW0uDF1wXynfK2g0JiKiHeIp5V96mJk-N0B8U5cuc google-site-verification=FpGtSQEL_7Dqynv0zkgWaWJrMCRgrocNGlG7iq8jyoE google-site-verification=RlJMNPbIJ3Qtx4t7sCrH7PeIRUcPio023L6RYPAbaBQ google-site-verification=Vo27n252DXp-qk_WuYlze_OCpQvgKAmdkpQ9pDZWKB4 google-site-verification=YJ3eiJWiETpqftuQRJbOWrNfbD6JeVZXcZzpITiNuFs google-site-verification=ZBRZsdsDYNKflXclgkWWMbWhxI6XxkcLmDnmxc1D6aE google-site-verification=vA092sTjMxEH8IFhOFZ8XAigFW3zrAZZhczejf6CPpw jamf-site-verification=p5wItSf-yJKparCJGipkMw lovable_verification=workspace_01kazp6p0je1crjnff3jnax7sw onetrust-domain-verification=4eb96f2474644460a5a09efee893f232 paloaltonetworks-site-verification=1bac94d7d45734bcd190306e3c54fe2701c5639884f8d... rhxplhd6jgwjqy4wty65v0h1swtqhnzt scq9sj3hqecv1t2dqckdtd20bg smartsheet-site-validation=0cQRK_ZUMaO-1J0URmGVc_ql0hS6q4Sk smartsheet-site-validation=4mq3K_8LjJ59cQI_a0GNX5SHj6dWumec smartsheet-site-validation=foYOl-7T6FYOs-xlxgc1u_FuLjFIX9vc smartsheet-site-validation=ogQOvGH4Rs8ENz08bTpkM6RowzmrIgBS smartsheet-site-validation=sbiSUBaozvUVWD-AQ4DS9Amgye1KJkgl successfactors-site-verification=ZWJjNzc1NDgwNTVhMDFiNzc1ZmEzNGU3NzRiNTRiMmJhMGY... twilio-domain-verification=66002f7976ba22a0e3a7a8d201f6c81f v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkNFyczmsiaWv1ohSXj... v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl3Ju9fsWggJqzUZfaE... SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all webexdomainverification.18AD=02d4c8a4-b214-447d-bcdb-51f7fe1e79d0 wiz-domain-verification=ec1bffcb8450b6792c1ccded256b4c098d169793814b908c22fbbbd9... workplace-domain-verification=z80XR6wn7ggP8MBuUTWbCupWiou1uy |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+IPv6 ReadinessIPv6 reachable (1 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 2004 URLsPASS
User-agent: *
Allow: /
Disallow: /search
Sitemap: https://www.gsk.com/sitemap.xml
- https://www.gsk.com/en-gb/
- https://www.gsk.com/en-gb/behind-the-science-magazine/
- https://www.gsk.com/en-gb/behind-the-science-magazine/combining-genetics-and-tech-to-double-success-rates/
- https://www.gsk.com/en-gb/behind-the-science-magazine/getting-ahead-of-infectious-diseases-with-advanced-technology/
- https://www.gsk.com/en-gb/behind-the-science-magazine/could-tiny-bubbles-released-from-bacteria-cells-pave-the-way-for-new-vaccine-technology/
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencegsk.com — via SafeNames Ltd., 28 years, 1 months oldPASS
20 days
August 6, 2026
70 days
Issued by Let's Encrypt
28 years, 1 months
Registered August 7, 1998
Not enabled
Protects against DNS spoofing
Unknown
2600:1419:6200:3d::214:8b51
SafeNames Ltd.
Expiry timeline
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice