Skip to content
https://freshworks.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
87
GRADE
B
FIX
0
REVIEW
3
PASS
6
INFO
0
Probed from Madrid, Spain
301 Moved Permanently
Checks
9
6 PASS 3 REVIEW
C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
REVIEW
www/non-www, trailing slash, HTTP→HTTPS
Critical::
Both www and non-www versions serve content
Got: Both variants return 200 Expected: One variant 301-redirects to the other
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.freshworks.com/
200https://freshworks.com/

Inconsistent — duplicate content risk

HTTP → HTTPS

301http://freshworks.com/ https://freshworks.com/

Consistent

B
TLS Certificate Expiry & Recommendations
277 days until leaf cert expires — 3 issues to address
REVIEW

Certificate validity

277
days left
0d 30d 60d 90d+

Recommended actions

  • Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+
DNS Records
4 A records, 103 ms lookup
PASS
4 A records, 103 ms lookup
Info::
Resolves to 4 IPv4 address(es)
Got: 13.224.83.30, 13.224.83.122, 13.224.83.95, 13.224.83.40
Info::
No IPv6 (AAAA) records
Info::
4 nameserver(s) configured
Got: ns-360.awsdns-45.com, ns-1058.awsdns-04.org, ns-1937.awsdns-50.co.uk, ns-564.awsdns-06.net
Info::
5 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 103 ms
Got: 103 ms
A13.224.83.30, 13.224.83.122, 13.224.83.95, 13.224.83.40
AAAA
CNAME
NSns-360.awsdns-45.com, ns-1058.awsdns-04.org, ns-1937.awsdns-50.co.uk, ns-564.awsdns-06.net
MX
1 aspmx.l.google.com
5 alt2.aspmx.l.google.com
5 alt1.aspmx.l.google.com
10 aspmx3.googlemail.com
10 aspmx2.googlemail.com
TXT
google-site-verification=x4E8t-5wWeLO8Hqtyw7QN4yu82bAh5XlsnoYVwtECRM
google-site-verification=hT_R830sl5E13Ye6U4JKHUg4DsAVC_L6ecBkJSmws7c
canva-site-verification=d29GqBGpfpoY-JO4i0NNJQ
atlassian-domain-verification=lvSwio2W6egrCJJ2JEstGLwpYiXFbilpLx6tCtEO7KKqThKctb...
ca3-1f997c45f05847809f614d641dbf8b1c
google-site-verification=vFnsA0d4RtZOjKkCEw360SN9cP1VFaNvWJOmfARJpV4
docker-verification=4f7fb203-9067-4816-a25c-a6a8e2fd69ee
ctr.freshworks.com-box-domain-verification=0eca537afcb6c358bed1134c3aeb9235fe963...
jamf-site-verification=m1AipXex6C34UEnIB_JRxg
google-site-verification=0j2bXdt9N1XTCVc40iRZIGjHZ25qdKFi6CPqrYdEZRw
google-site-verification=ylTuTVDZcuJw_HGbWuMQTuWolIU4hTzBpLS2xSIymXk
google-site-verification=p1kXiLh_RXdISzpdgWbzTnGp0pbeWIXKOYGHN98BTwc
google-site-verification=eN5F9sZN7j5hLqXvB6Ogw7pkJe8rfYBBYAvciNIQcbg
MS=3D52D080D16A0A20CF30FD4A0267D3603F888272
tn3384f631qtcstbdratkk4vd8
zoom-domain-verification=ZOOM_verify_5ebce87cd8f84e0e8095c672eebbf9b9
prt.freshworks.com-box-domain-verification=0eca537afcb6c358bed1134c3aeb9235fe963...
slack-domain-verification=UyZ6cKweLc46SAV0qi3qQSlcteL4VwQcttmictgs
slack-domain-verification=Na8wqhPjIRhdWVDkLkU8UwD41Vfs2NAZmqHu9lk4
ps-cd-verification=ff83f94d-4103-4830-8b02-85b1328b6f72
1password-site-verification=OSS7WSKZU5HOXFVYYNWNVYZ7HA
OSSRH-97294
include:48900367.spf03.hubspotemail.net
google-site-verification=1b2ApenyCQ7ezMxNYUS1RXL-pIuixJd3IDheE_36BQE
apple-domain-verification=1tBTkf02juIq9Lpx
AZT2INHZUBHBVAT3RMKCN75YGA
pendo-domain-verification=Ew5I1zEOssPjwuHA4HPi95mJnL0
F71827793B
google-site-verification=_yEMF7ZySfoMHJ8PPbMCQP-lpz4JzWlt87zmQ8jC83A
google-site-verification=3Y6kugvB_hvAaJax139MlAxFuCJC3j7XOGkiNGq6ZA8
facebook-domain-verification=2r86y9b1hc6knckok5o2ak09nog77l
asv=d89864fd636177104793484f75f3cf57
northpass-domain-verification=93f05ea92caf0b92dbf75e7be51e2800
SPF v=spf1 include:_spf.google.com include:sendgrid.net include:_spf.salesforce.com ...
docusign=b9ad7836-f509-4f18-88bd-b5f226a4ddc8
google-site-verification=abtEYsB-2Q0tfwh5UXDW8hp_Vptvd9bDJmOCayAyYtA
vnd.freshworks.com-box-domain-verification=0eca537afcb6c358bed1134c3aeb9235fe963...
atlassian-domain-verification=W8+vmpAfQzNu5HnckQ0LCfD7aOaq6AjNaMoWrjkQvYvSlCj0ba...
atlassian-domain-verification=5zt0/tlIj0K5LVzDpSUc3hi808H43aXfyfme8alPJsbQEf5yMj...
17E2D1051A6A0277A6D394482E719281D2562F9
zoom-domain-verification=ZOOM_verify_b337a0d7c87e4efebdcc115890b67e79
h1-domain-verification=Eo9sNcDw5Hjhmr7uuN9Eect6k7My5Rj6JrAnxMEFH4PNp9Ay
launchdarkly-domain-verification=949a0617-975b-4dda-bf13-c7d7dca51054
hcp-domain-verification=3dcd5cb164926b73061f388c3828dc6c9d22b591a92344b057199cb5...
uber-domain-verification=0cf45fb8-2350-4514-8ea6-8ae248da0ed2
openai-domain-verification=dv-prdAcmuTQ593WiQUHDWExnpY
_ucrekrn5mr752ii78ixaikp7148jvjm
google-site-verification=_WBKNluhzl3h9gqgoFlh6DKIjGr8d3PewUqTCM33OCU
google-site-verification=0OC_LWr13N0jQelM8gD5JmWhceCe3_5ovisnZzqkURg
cursor-domain-verification-ms89bd=wiKUixdHtyMhurfWJCzRMcE0I
stripe-verification=EBC843C010CA18703F390BE6DD2733A9CB4C17921B2332D7366FABD2868D...
google-site-verification=UoTxlrhtbkJazBpcBy2z3Fu38L4W9tfZEmtz026clDk
google-site-verification=1G7LkSDkhNMGrGY2sS4zyUNqekvAoisJ7pjSSoFyXec
google-site-verification=qw5BljWdEvAPOMwXRjf7y5V-YtY7MYEoXCLaA5dUUKQ
google-site-verification=S4-m_m0gyMRgOGL9r0byIgURCXb_FCDmGATrovQ0lcI
q4CVpPwGjyNRDWMv
anthropic-domain-verification-52g3gm=Syyz6TtgbzFplI4j53XkofY5C
w42NRE7Mv3uVADnX
CAALookup not available with standard resolver
Resolved in 103 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A
Redirect Chain
1 redirect(s), 132 ms total
PASS
1 redirect(s), 132 ms total
Info::
Single redirect
Got: https://freshworks.com → https://www.freshworks.com/ (301)
Info::
WWW normalization redirect

https://freshworks.com

11 ms · HTTP/1.1

301

https://www.freshworks.com/

121 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://freshworks.com30111 msHTTP/1.1CloudFront
2https://www.freshworks.com/200121 msHTTP/1.1cloudflare

See the visual redirect chain in the HTTP Probe tab →

A+
Crawlability
robots.txt present, sitemap with 7 URLs
PASS
robots.txt present, sitemap with 7 URLs
Info::
robots.txt is present
Got: 420 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 7 entries
Info::
Sitemap index with 7 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 420 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed
User-agent: *
Disallow:
Disallow: */demo-thank-you
Disallow: */thank-you
Disallow: */lp/
Disallow: */?utm_source=
Disallow: */?wtime=

# Block tracking parameters
Disallow: /*?utm_
Disallow: /*&utm_
Disallow: /*?fbclid
Disallow: /*?gclid
Disallow: /*?msclkid

# AI Content Signals
Content-Signal: ai-train=no
Content-Signal: search=yes
Content-Signal: ai-input=yes

Sitemap: https://www.freshworks.com/sitemaps/index.xml
sitemap.xml 200 OK
Type Sitemap Index URLs 7 entries Valid XML Yes
Child Sitemaps:
A+
Domain Intelligence
freshworks.com — via GoDaddy.com, LLC, 28 years, 7 months old, hosted on AWS
PASS
freshworks.com — via GoDaddy.com, LLC, 28 years, 7 months old, hosted on AWS
Info::
Domain registered until Feb 12, 2027 (9 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: GoDaddy.com, LLC
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: AWS
Got: AS16509
Domain expiry

243 days

February 12, 2027

SSL certificate

277 days

Issued by Amazon

Domain age

28 years, 7 months

Registered February 13, 1998

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

AWS

ASN AS16509

13.224.83.40

Registrar

GoDaddy.com, LLC

Unlocked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable DNSSEC to protect visitors from DNS spoofing
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar GoDaddy.com, LLC
Created February 13, 1998 (28 years, 7 months ago)
Expires February 12, 2027 (9 months)
Last Updated January 3, 2024
Name Servers ns-1058.awsdns-04.org, ns-1937.awsdns-50.co.uk, ns-360.awsdns-45.com, ns-564.awsdns-06.net
DNSSEC Not enabled
Hosting
IP Address 13.224.83.40
ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)
Provider AWS
Data source: rdap (0.3s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 41 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
30 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
1 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
4 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
41 ms
Total Time Total request time from DNS lookup through full response.
41 ms

Connection waterfall

DNS Lookup 30 ms TCP Connect 1 ms TLS Handshake 4 ms Server Processing 6 ms Content Transfer 0 ms
A+
CDN & Delivery
AWS CloudFront (Hit from cloudfront)
PASS
AWS CloudFront (Hit from cloudfront)
Info::
Site is served via AWS CloudFront CDN (edge: MAD53-P6)
Got: x-amz-cf-id: 4Oh4XjRHru23-7Etdptf0Nx6uv3OCQZoIS9tjT5uqj_ZRrq3PANi0A==
Info::
CDN cache status: Hit from cloudfront
CDN Detected: AWS CloudFront
Provider AWS CloudFront Cache Status Hit from cloudfront Evidence x-amz-cf-id: 4Oh4XjRHru23-7Etdptf0Nx6uv3OCQZoIS9tjT5uqj_ZRrq3PANi0A==
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback