Skip to content
https://zomato.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
89
GRADE
B
FIX
1
REVIEW
3
PASS
5
INFO
0
Probed from Amsterdam, Netherlands
301 Moved Permanently
Checks
9
5 PASS 3 REVIEW 1 FIX
D
CDN & Delivery
Action
No CDN detected
FIX
No CDN detected
Warning::
No CDN detected
A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.
No CDN detected

Consider using a CDN to improve global delivery speed and reduce origin load.

C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
Crawlability
no robots.txt, no sitemap
REVIEW
no robots.txt, no sitemap
Info::
No robots.txt found
robots.txt is optional but recommended. It tells search engine crawlers which pages to index.
Info::
No sitemap.xml found
A sitemap helps search engines discover and index your pages more efficiently.

robots.txt is optional but recommended. It tells search engine crawlers which pages to index.

Why this matters

No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.

Learn more

A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.

Source: robotstxt.org

A sitemap helps search engines discover and index your pages more efficiently.

Why this matters

No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.

Learn more

A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.

Source: sitemaps.org / Google Search Central

robots.txt No robots.txt found

No robots.txt found

This is fine for most sites — a missing robots.txt allows all crawling by default.

sitemap.xml No sitemap found

No sitemap found

Adding a sitemap helps search engines discover your pages.

B
TLS Certificate Expiry & Recommendations
308 days until leaf cert expires — 4 issues to address
REVIEW

Certificate validity

308
days left
0d 30d 60d 90d+

Recommended actions

  • Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
  • Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+
DNS Records
3 A records, 13 ms lookup
PASS
3 A records, 13 ms lookup
Info::
Resolves to 3 IPv4 address(es)
Got: 13.250.244.244, 52.77.14.236, 47.130.13.208
Info::
No IPv6 (AAAA) records
Info::
4 nameserver(s) configured
Got: ns-1286.awsdns-32.org, ns-1692.awsdns-19.co.uk, ns-290.awsdns-36.com, ns-671.awsdns-19.net
Info::
5 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 13 ms
Got: 13 ms
A13.250.244.244, 52.77.14.236, 47.130.13.208
AAAA
CNAME
NSns-1286.awsdns-32.org, ns-1692.awsdns-19.co.uk, ns-290.awsdns-36.com, ns-671.awsdns-19.net
MX
1 aspmx.l.google.com
5 alt2.aspmx.l.google.com
5 alt1.aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
TXT
1pnjjb976t7ibv64fgrj493rru
48sfdvgdff4d02p5icen6damkm
695f6c6e7e3c9ef75b2cd233076f6ffc83d95f05c5cb71d145d3b32b9150b213
6vtg3aj924ngq0aihmjdubmatr
MS=681EABA93C6738668E47C44B5C6F731BCC209CBA
MS=ms61350724
OSSRH-79203
ZOOM_verify_LuCSrep5aiBpuCPPrBRJAt
_8x9n3t8rcpq3xg6tn8xrjf8on17tzhy
_oskepjy0rqq1pchcepvruzizjb7lzbv
adobe-sign-verification=6a09126310927f379735c2b7d09e1928
amazonses:3ufcI9pD6ZqyPNibcDPmG70sgJIGL96bhztrM07aetY=
anthropic-domain-verification-xjx687=GDqnaUGwk94lp5Iu6pBAu28Ny
apple-domain-verification=RkO6Ca9pwkhEVb3j
asv=ee90273cd94d45be0643f9560ab11a13
atlassian-domain-verification=iJ/zffeNyj/cdw9nnzBhqAewaQ8jbKCdZ6MhkaED5oCmIINjjn...
atlassian-domain-verification=xk1sbtz9KG9OVSRfeHaeL+vc+9DRfFAqj3u+VN31tRUucHQyL4...
cursor-domain-verification-vbx172=NydsW2Yu3HM70y3YUDC9KAKlG
facebook-domain-verification=1ruwb1jydxmw9hzm1k1l3fslew576w
figma-domain-verification=8e670da40fe0ead528359492b3b4605d50a9e15bdbec7c98e78c36...
fpk2mb0acamnl9mut8blgglu3f
google-site-verification=6DiggAJt4qMxLocEM80xq8VDJSdn9bxLsFqDkpXX4hI
google-site-verification=Sp13-UHI3mhI_6mGbZ72rjIBjVcp4aJ-IKw4mEfMHn4
jamf-site-verification=e_tZjI-GTGFDvNgEUzLKjQ
jnjto9sa32t0a63khd417b1aes
mongodb-site-verification=pStQEfLyuqXcvxeCLWbclfznUKZlkxE9
new-relic-domain-verification=f46254d748a3482685d5f42e31380261
new-relic-domain-verification=fd1f55add7e34b85b7139aeda73273f1
openai-domain-verification=dv-3tY8wU5lsawR3rOAeuM0JU56
perplexity-ai-domain-verification-vkr3h0=ZIYZpIgcdW65jjcvsMAF8E88U
postman-domain-verification=30a0a24129c092612d0831890f2aea95557f9f8c39ae947d9e72...
slack-domain-verification=KalvLHjMZv47X3wXx1Vw9WSAeRJQ4XEMDZMTtDBR
twilio-domain-verification=35e81b8100d53ee70ce9f5c2d7f17078
v=MCPv1; k=ed25519; p=/NyTc+yEqkrRLRN9Q6PQvL87KZB51AXc53olfURAiP0=
SPF v=spf1 include:_spf.google.com include:helpscoutemail.com include:_spf.salesforc...
yandex-verification: 40f795c808dc1e7e
zoho-verification=zb78844917.zmverify.zoho.com
CAALookup not available with standard resolver
Resolved in 13 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+
Redirect Chain
0 redirect(s), 633 ms total
PASS
0 redirect(s), 633 ms total
Info::
Redirect overhead: 633 ms total
Got: 633 ms

https://zomato.com

633 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://zomato.com301633 msHTTP/1.1awselb/2.0
A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

403https://www.zomato.com/
200https://zomato.com/

HTTP → HTTPS

301http://zomato.com/ https://www.zomato.com:443/

Consistent

A+
Domain Intelligence
zomato.com — via 101domain GRS Limited, 20 years, 5 months old, hosted on AWS
PASS
zomato.com — via 101domain GRS Limited, 20 years, 5 months old, hosted on AWS
Info::
Domain registered until Feb 24, 2033 (6 years, 11 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: 101domain GRS Limited
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: AWS
Got: AS16509
Domain expiry

2415 days

February 24, 2033

SSL certificate

308 days

Issued by Amazon

Domain age

20 years, 5 months

Registered February 24, 2006

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

AWS

ASN AS16509

13.250.244.244

Registrar

101domain GRS Limited

Unlocked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable DNSSEC to protect visitors from DNS spoofing
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar 101domain GRS Limited
Created February 24, 2006 (20 years, 5 months ago)
Expires February 24, 2033 (6 years, 11 months)
Last Updated May 22, 2023
Name Servers ns-1286.awsdns-32.org, ns-1692.awsdns-19.co.uk, ns-290.awsdns-36.com, ns-671.awsdns-19.net
DNSSEC Not enabled
Hosting
IP Address 13.250.244.244
ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)
Provider AWS
Data source: rdap (0.3s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A
HTTP Probe Timing
Total 636 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
3 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
157 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
318 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
636 ms
Total Time Total request time from DNS lookup through full response.
636 ms

Connection waterfall

DNS Lookup 3 ms TCP Connect 157 ms TLS Handshake 318 ms Server Processing 158 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback