Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BDNS Records4 A records, 31 ms lookupREVIEW
| A | 141.101.90.106, 141.101.90.105, 141.101.90.104, 141.101.90.107 |
| AAAA | 2a06:98c1:3200::90:81, 2a06:98c1:3200::90:82, 2a06:98c1:3200::90:83, 2a06:98c1:3200::90:80 |
| CNAME | education.gouv.fr.cdn.cloudflare.net |
| NS | — |
| MX | — |
| TXT | — |
| CAA | Lookup not available with standard resolver |
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.
Learn more ▾ ▴
RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.
Source: RFC 1034
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.
Learn more ▾ ▴
SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.
Source: RFC 7208 (SPF)
BTLS Certificate Expiry & Recommendations30 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Renew certificate — 30 days remaining
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
A+Redirect ChainNo redirects — direct accessPASS
https://www.education.gouv.fr
157 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://www.education.gouv.fr | 200 | 157 ms | HTTP/1.1 | cloudflare |
A+IPv6 ReadinessIPv6 reachable (17 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 7 URLsPASS
# ==========================================================
# 1. BOTS TOTALEMENT BANNIS (Scrapers & Moteurs indésirables)
# ==========================================================
User-agent: Bytespider
User-agent: PetalBot
User-agent: IbouBot
User-agent: BLEXBot
User-agent: DataForSeoBot
User-agent: scoopit-crawler
User-agent: Sogou web spider
User-agent: Baiduspider
User-agent: YandexBot
User-agent: SemrushBot
Disallow: /
# ==========================================================
# 2. BOTS VIP
# ==========================================================
User-agent: Googlebot
User-agent: Googlebot-Image
User-agent: bingbot
User-agent: msnbot
User-agent: UptimeRobot
# --- BLOCAGES DRUPAL ---
Disallow: /recherche?
Disallow: /recherche/
Disallow: /search/
Disallow: /core/
Disallow: /modules/
Disallow: /profiles/
Disallow: /includes/
Disallow: /taxonomy/
Disallow: /print/
Disallow: /admin/
Disallow: /user/
Disallow: /comment/reply/
Disallow: /filter/tips/
Disallow: /node/add/
Disallow: /node/*/edit
Disallow: /index.php/
Disallow: /web.config
Disallow: /install.php
Disallow: /update.php
Disallow: /README.txt
# --- AUTORISATIONS EXPLICITES ---
Allow: /*.css$
Allow: /*.css?
Allow: /*.js$
Allow: /*.js?
Allow: /*.gif$
Allow: /*.jpg$
Allow: /*.jpeg$
Allow: /*.png$
Allow: /*.svg$
Allow: /*.webp$
Allow: /*.pdf$
Allow: /sites/default/files/
# ==========================================================
# 3. TOUS LES AUTRES (IA, Outils divers, Bots inconnus)
# ==========================================================
User-agent: *
Crawl-delay: 10
# --- EXCLUSIONS DRUPAL ---
Disallow: /recherche?
Disallow: /recherche/
Disallow: /search/
Disallow: /core/
Disallow: /modules/
Disallow: /profiles/
Disallow: /includes/
Disallow: /taxonomy/
Disallow: /print/
Disallow: /admin/
Disallow: /user/
Disallow: /comment/reply/
Disallow: /filter/tips/
Disallow: /node/add/
Disallow: /node/*/edit
Disallow: /index.php/
Disallow: /web.config
Disallow: /install.php
Disallow: /update.php
Disallow: /README.txt
# --- AUTORISATIONS EXPLICITES ---
Allow: /*.css$
Allow: /*.css?
Allow: /*.js$
Allow: /*.js?
Allow: /*.gif$
Allow: /*.jpg$
Allow: /*.jpeg$
Allow: /*.png$
Allow: /*.svg$
Allow: /*.webp$
Allow: /*.pdf$
Allow: /sites/default/files/
# XML sitemap
Sitemap: https://www.education.gouv.fr/sitemap.xml
- https://www.education.gouv.fr/edugouv-si...
- https://www.education.gouv.fr/edugouv-si...
- https://www.education.gouv.fr/edugouv-si...
- https://www.education.gouv.fr/edugouv-si...
- https://www.education.gouv.fr/edugouv-si...
- https://www.education.gouv.fr/edugouv-si...
- https://www.education.gouv.fr/edugouv-si...
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: www
HTTP → HTTPS
Consistent
A+Domain Intelligenceeducation.gouv.fr — via AVENIR TELEMATIQUE, 29 years, 7 months oldPASS
29 days
August 10, 2026
30 days
Issued by Hellenic Academic and Research Institutions CA
29 years, 7 months
Registered January 30, 1997
Status unknown
Protects against DNS spoofing
Unknown
2a06:98c1:3200::90:82
AVENIR TELEMATIQUE
Expiry timeline
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry
- Renew the TLS certificate or verify auto-renewal is working