Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
BTLS Certificate Expiry & Recommendations53 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Add includeSubDomains to the HSTS directive
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records1 A records, 139 ms lookupPASS
| A | 130.236.18.52 |
| AAAA | 2001:6b0:17:f100::18:52 |
| CNAME | — |
| NS | ns3.liu.se, ns4.liu.se, sunic.sunet.se |
| MX | 20 liu-se.mail.protection.outlook.com |
| TXT | onetrust-domain-verification=6395e087f71047acbfed803444d7225c Wj9GiC5Odz69gYhwyRfmweCsYW09jv3XC8WopVAdvMFF/lyoYPJnLKHnwXYRKf9Hxhh197Tri7V3Xxsa... canva-site-verification=G1DsDdUTb-poz0XM3Jb_EQ SPF v=spf1 +ip4:130.236.0.0/16 +ip6:2001:6b0:17::/48 include:spf.protection.outlook.... ZOOM_verify__IVTfY8nSHOL-qRMRLRBEg MS=ms22226716 adobe-idp-site-verification=c5cff5372afafaee2faa9836950eb48bffb02fec9b5af3fab9bc... autodesk-domain-verification=ve1q8LiBOwQ-7cjPTV0Y MS=ms85100167 google-site-verification=BqNguxZguI-ROsTDOffJYIbpp3xG-AnGw1UuB9bLz_8 TeXoJcGilMACE4ZaaVK68AEKhdEDMrLv google-site-verification=3KQVNJpqJy1SccT-B4gOno8UGDneIdJA1EUfercg7l0 |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
https://liu.se
185 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://liu.se | 200 | 185 ms | HTTP/1.1 | Apache |
A+IPv6 ReadinessIPv6 reachable (51 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 1 URLsPASS
# Robots.txt for https://liu.se/
User-agent: *
Disallow: /temp/
Disallow: /temporary/
Disallow: /test/
Disallow: /sok
Disallow: /en/search
Sitemap: https://liu.se/sitemap
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligenceliu.se — via NMU Group, 39 years, 8 months oldPASS
165 days
December 31, 2026
53 days
Issued by Let's Encrypt
39 years, 8 months
Registered February 25, 1987
Status unknown
Protects against DNS spoofing
Unknown
2001:6b0:17:f100::18:52
NMU Group
Expiry timeline
Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.
Registrar lock (clientTransferProhibited et al.) prevents unauthorized domain transfers — strongest defense against domain hijacking.
Source: ICANN / domain-security best practice