Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations211 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
ADNS Records1 A records, 797 ms lookupPASS
| A | 128.148.252.217 |
| AAAA | — |
| CNAME | — |
| NS | bru-ns2.brown.edu, bru-ns1.brown.edu, ns1.ucsb.edu, bru-ns3.brown.edu |
| MX | 1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 alt4.aspmx.l.google.com 10 alt3.aspmx.l.google.com |
| TXT | google-gws-recovery-domain-verification=66047721 airtable-verification=5535dab3fd5abf3d31fb73a24ce236a4 google-site-verification=CQsMU3hqOZIhJQzTxe2xpgTi0oFRcZfAIwAqBPJeCr8 github-verification=ekYLSgdWns5XA28K32JpNpD53dWpQEHQAmg5y7BY google-site-verification=TMHmnaGXUBOvMT3SfOS-AlImdLqJ9-fWBx3okFv-uBk autodesk-domain-verification=qs3TZl-5r_Eh5r3JwjQW pardot944583=e2ba7ce8a862f5fcd3ad2c346b8e89deb9e7d3e1952c546e1dedd6e8ecdd7cef apple-domain-verification=crYG7A4bhGpvwTzq google-site-verification=5-rUknSihbRlOk_3K_AlpEjqssGk4rZhPgA4-s8qYlg google-site-verification=YIl4b2P-82QISbX5rb84-yWAGlchywgvaB-fxiuc4Uk cisco-ci-domain-verification=122c4cac85430ffd529f4c1f7dbc9a90b3d511cd9486b79c39b... google-site-verification=9NxSC7hDW1F0dOB7Hp5sj1b4Zh3YuOLsWALzm0W5e3M docusign=084c221f-92f9-4237-beb8-c25279422ee0 adobe-idp-site-verification=6ebcbf14066f71570c159fe8a0d1b1a2bcea03a236c4d12b0ce0... status-page-domain-verification=kq4dmwl07d6v atlassian-domain-verification=Hs1rCYbV9DaUuZH78ks2h7V68IDvaPFkmvb6vrxSU/3HXmysLg... pardot944583=81838c9b958042cc25cf7c1de9362605817a09e14335c6e99dce9e9c592a5d64 SPF v=spf1 ip4:128.148.0.0/16 ip4:209.235.66.235/32 ip4:74.122.104.0/22 ip4:35.163.1... google-site-verification=QCn0OSvWRvD7YeRHGZTwnSkQh0SDA5CKP4bck29jzO8 airtable-verification=bac4a54d6902a818e66feca75b8ef44c pardot944583=d49244476d8a6cb18f08efa3ad7d7ebe0fcae764e070dd67243617b7e0f315c5 pardot415652=d090abf01a8a7da7c4b0bc779d52e4a9b624669b43ae223775e6f75e2eb29df0 adobe-idp-site-verification=efe663bf-6c33-4611-9859-7439ff1a0e01 google-site-verification=Bew0eD4c4C7j72O-R9I1YordLnFaUr19jhN7vcYxOGM MS=ms84006939 facebook-domain-verification=hhq8qum3rrjsi7ukp7pp1lr8clnx88 docusign=131f5a77-49dc-43fd-bd19-02151927d2e3 jamf-site-verification=xpH6lXpID3w-BWP1Pf53Yw miro-verification=72ea693488717c97da4e2a48c89fdfee7e673b54 |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
Slow DNS adds latency to every page load. Consider a faster DNS provider.
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
ARedirect Chain1 redirect(s), 465 ms totalPASS
https://brown.edu
329 ms · HTTP/1.0
https://www.brown.edu/
136 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://brown.edu | 302 | 329 ms | HTTP/1.0 | BigIP |
| 2 | https://www.brown.edu/ | 200 | 136 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
If permanent, use 301 instead.
302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.
Learn more ▾ ▴
Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).
Source: Google Search Central
A+Crawlabilityrobots.txt present, sitemap with 4575 URLsPASS
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html
User-agent: *
# CSS, JS, Images
Allow: /core/*.css$
Allow: /core/*.css?
Allow: /core/*.js$
Allow: /core/*.js?
Allow: /core/*.gif
Allow: /core/*.jpg
Allow: /core/*.jpeg
Allow: /core/*.png
Allow: /core/*.svg
Allow: /profiles/*.css$
Allow: /profiles/*.css?
Allow: /profiles/*.js$
Allow: /profiles/*.js?
Allow: /profiles/*.gif
Allow: /profiles/*.jpg
Allow: /profiles/*.jpeg
Allow: /profiles/*.png
Allow: /profiles/*.svg
# Directories
Disallow: /core/
Disallow: /profiles/
# Files
Disallow: /README.md
Disallow: /composer/Metapackage/README.txt
Disallow: /composer/Plugin/ProjectMessage/README.md
Disallow: /composer/Plugin/Scaffold/README.md
Disallow: /composer/Plugin/VendorHardening/README.txt
Disallow: /composer/Template/README.txt
Disallow: /modules/README.txt
Disallow: /sites/README.txt
Disallow: /themes/README.txt
Disallow: /web.config
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register
Disallow: /user/password
Disallow: /user/login
Disallow: /user/logout
Disallow: /media/oembed
Disallow: /*/media/oembed
# Paths (no clean URLs)
Disallow: /index.php/admin/
Disallow: /index.php/comment/reply/
Disallow: /index.php/filter/tips
Disallow: /index.php/node/add/
Disallow: /index.php/search/
Disallow: /index.php/user/password
Disallow: /index.php/user/register
Disallow: /index.php/user/login
Disallow: /index.php/user/logout
Disallow: /index.php/media/oembed
Disallow: /index.php/*/media/oembed
A+Domain Intelligencebrown.edu — 40 years, 2 months old, hosted on BROWN - Brown University, USPASS
15 days
July 31, 2026
211 days
Issued by Internet2
40 years, 2 months
Registered August 27, 1986
Status unknown
Protects against DNS spoofing
BROWN - Brown University, US
ASN AS11078
128.148.252.217
Registrar unknown
Expiry timeline
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry