Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
BRedirect Chain2 redirect(s), 430 ms totalREVIEW
https://open.edu
129 ms · HTTP/1.1
https://www.open.edu/
243 ms · HTTP/1.1
https://www.open.ac.uk/
59 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://open.edu | 302 | 129 ms | HTTP/1.1 | |
| 2 | https://www.open.edu/ | 301 | 243 ms | HTTP/1.1 | cloudflare |
| 3 | https://www.open.ac.uk/ | 200 | 59 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
Each redirect adds latency. Try to minimize the chain to 1 hop.
Redirect chain — each hop adds latency; combine into one redirect where possible.
Source: Google Search Central / web.dev
If permanent, use 301 instead.
302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.
Learn more ▾ ▴
Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).
Source: Google Search Central
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BTLS Certificate Expiry & Recommendations91 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records1 A records, 22 ms lookupPASS
| A | 137.108.200.104 |
| AAAA | — |
| CNAME | — |
| NS | dns2.easydns.net, nse-2.open.ac.uk, dns1.easydns.com, nse-1.open.ac.uk, dns3.easydns.org, nse-0.open.ac.uk |
| MX | 10 open-edu.mail.protection.outlook.com |
| TXT | B6B0975F-29DA-4863-AD9B-4CE3671954ED QuoVadis=9a987046-9ec6-40b4-a739-41ad71aa5c85 google-site-verification=KLQmkBsMNGjV3_nUmOkJw07lK3ZIXeFBPvilow84wXk SPF v=spf1 include:spf.protection.outlook.com ip4:137.108.232.47 ip4:137.108.232.48... |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Crawlabilityrobots.txt present, sitemap with 2863 URLsPASS
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
# BEGIN OL Managed content
User-agent: *
User-Agent: GPTBot
User-Agent: Amazonbot
User-Agent: CCBot
User-Agent: ClaudeBot
User-Agent: Google-Extended
Allow: /
Disallow: /openlearn/admin/
Disallow: /openlearncreate/admin/
Disallow: /openlearn/profiles/
Disallow: /openlearn/badges/
# END OL Managed content
AURL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Use 301 (permanent) instead of 302 (temporary)
A+Domain Intelligenceopen.edu — 29 years, 6 months old, hosted on JANET Jisc Services Limited, GBPASS
383 days
July 31, 2027
91 days
Issued by Sectigo Limited
29 years, 6 months
Registered February 25, 1997
Status unknown
Protects against DNS spoofing
JANET Jisc Services Limited, GB
ASN AS786
137.108.200.104
Registrar unknown