Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
CCrawlabilityActionrobots.txt present, sitemap with 0 URLsREVIEW
Search engines may not be able to parse the sitemap. Fix XML validation errors.
An unparseable sitemap is silently ignored by Google — the URLs it advertises are never queued for crawl.
Learn more ▾ ▴
Google's sitemap parser is strict about XML validity. A single unescaped `&` or unclosed tag invalidates the whole file. Run your sitemap through a validator (Search Console's Sitemaps report flags it) and fix the offending entry. Most generators escape correctly; mistakes usually come from manually-written entries.
Source: sitemaps.org / Google Search Central
An empty sitemap provides no value. Add <url> entries for your pages.
An empty sitemap signals 'no content to index' to Google — actively harmful versus having no sitemap at all.
Learn more ▾ ▴
Google compares URLs in the sitemap against URLs it has crawled. An empty sitemap on a site with thousands of pages signals abandonment. Either populate it correctly (most CMSes auto-generate) or delete the file and let Google crawl normally.
Source: Google Search Central / sitemaps.org
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
# www.robotstxt.org/
User-agent: *
Disallow: /api/*
Disallow: *?view_only=
crawl-delay: 10
# Robots that have misbehaved
User-agent: PingBot
User-agent: PerplexityBot
User-agent: GPTBot
User-agent: BaiduSpider
Disallow: *
BTLS Certificate Expiry & Recommendations77 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryGoogle Cloud CDNREVIEW
A+DNS Records1 A records, 24 ms lookupPASS
| A | 35.190.84.173 |
| AAAA | — |
| CNAME | — |
| NS | ns-cloud-e4.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e1.googledomains.com |
| MX | 10 mxa.mailgun.org 10 mxb.mailgun.org |
| TXT | SPF v=spf1 include:servers.mcsv.net include:mailgun.org include:spf.mandrillapp.com ... |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
https://osf.io
447 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://osf.io | 200 | 447 ms | HTTP/1.1 | nginx |
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+HTTP Probe TimingTotal 168 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
Connection waterfall
Domain IntelligenceDomain intelligence data not availableINFO
RDAP and WHOIS lookup both failed