https://hexo.io
Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
99
GRADE
A+
FIX
0
REVIEW
2
PASS
7
INFO
0
Probed from Madrid, Spain
200 OK
Checks
97 PASS 2 REVIEW
BTLS Certificate Expiry & Recommendations72 days until leaf cert expires — 4 issues to addressREVIEW
TLS Certificate Expiry & Recommendations
72 days until leaf cert expires — 4 issues to address
Certificate validity
72
days left
0d 30d 60d 90d+
Recommended actions
- Add includeSubDomains to the HSTS directive
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryNetlifyREVIEW
CDN & Delivery
Netlify
Netlify
Info::
Site is served via Netlify CDN
Got: x-nf-request-id: 01KPVNS348H864KA8PMMRXYF9K
CDN Detected: Netlify
Provider Netlify Evidence x-nf-request-id: 01KPVNS348H864KA8PMMRXYF9K
A+DNS Records2 A records, 45 ms lookupPASS
DNS Records
2 A records, 45 ms lookup
2 A records, 45 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 35.157.26.135, 63.176.8.218
Info::
Has 2 IPv6 (AAAA) record(s)
Got: 2a05:d014:58f:6200::258, 2a05:d014:58f:6200::259
Info::
4 nameserver(s) configured
Got: dns4.p05.nsone.net, dns3.p05.nsone.net, dns2.p05.nsone.net, dns1.p05.nsone.net
Info::
2 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 45 ms
Got: 45 ms
| A | 35.157.26.135, 63.176.8.218 |
| AAAA | 2a05:d014:58f:6200::258, 2a05:d014:58f:6200::259 |
| CNAME | — |
| NS | dns4.p05.nsone.net, dns3.p05.nsone.net, dns2.p05.nsone.net, dns1.p05.nsone.net |
| MX | 10 mxa.mailgun.org 10 mxb.mailgun.org |
| TXT | google-site-verification=6xXgDnnOzAo6XGvsKE-9aBpouKHxWk33e9fVQ1FBliQ SPF v=spf1 include:mailgun.org ~all google-site-verification=0Zq-jBw1yXup5ArceioaroZRl_8wZvdm5AeYthuBCzk |
| CAA | Lookup not available with standard resolver |
Resolved in 45 ms
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Why this matters
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
Redirect Chain
No redirects — direct access
No redirects — direct access
Info::
No redirects — direct access
Got: https://hexo.io
https://hexo.io
105 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://hexo.io | 200 | 105 ms | HTTP/1.1 | Netlify |
A+IPv6 ReadinessIPv6 reachable (36 ms)PASS
IPv6 Readiness
IPv6 reachable (36 ms)
IPv6 reachable (36 ms)
Info::
IPv6 is configured and reachable at 2a05:d014:58f:6200::258, 2a05:d014:58f:6200::259
Got: 36 ms connect
IPv6 Ready
AAAA Records 2a05:d014:58f:6200::258, 2a05:d014:58f:6200::259 Connection Reachable (36 ms)
A+Crawlabilityrobots.txt present, sitemap with 468 URLsPASS
Crawlability
robots.txt present, sitemap with 468 URLs
robots.txt present, sitemap with 468 URLs
Info::
robots.txt is present
Got: 104 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 468 entries
Info::
robots.txt does not reference a sitemap
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
Why this matters
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
robots.txt 200 OK
Size 104 B Sitemaps referenced 0 User-agents * Blocking No — crawling allowed
User-agent: *
Disallow: /hexo-theme-landscape/
Disallow: /hexo-theme-light/
Disallow: /hexo-theme-phase/
sitemap.xml 200 OK
Type URL Set URLs 468 entries Valid XML Yes
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS
www / non-www
301https://www.hexo.io/
200https://hexo.io/
Preferred variant: non-www
HTTP → HTTPS
301http://hexo.io/ → https://hexo.io/
Consistent
A+Domain Intelligencehexo.io — via Gandi SAS, 12 years, 3 months oldPASS
Domain Intelligence
hexo.io — via Gandi SAS, 12 years, 3 months old
hexo.io — via Gandi SAS, 12 years, 3 months old
Info::
Domain registered until Mar 14, 2027 (10 months remaining)
Info::
Registrar: Gandi SAS
Info::
Registrar lock is enabled
Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.
Domain expiry
274 days
March 14, 2027
SSL certificate
72 days
Issued by Let's Encrypt
Domain age
12 years, 3 months
Registered March 14, 2014
DNSSEC
Status unknown
Protects against DNS spoofing
Hosting
Unknown
2a05:d014:58f:6200::258
Registrar
Gandi SAS
Locked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Registrar Gandi SAS
Created March 14, 2014 (12 years, 3 months ago)
Expires March 14, 2027 (10 months)
Last Updated December 2, 2025
Name Servers dns1.p05.nsone.net, dns2.p05.nsone.net, dns3.p05.nsone.net, dns4.p05.nsone.net
Hosting
IP Address 2a05:d014:58f:6200::258
Data source: whois (1.1s)
Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.
Why this matters
Registrar lock (clientTransferProhibited et al.) prevents unauthorized domain transfers — strongest defense against domain hijacking.
Source: ICANN / domain-security best practice
A+HTTP Probe TimingTotal 149 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
HTTP Probe Timing
Total 149 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
36 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
35 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
36 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
149 msTotal Time Total request time from DNS lookup through full response.
150 msConnection waterfall
DNS Lookup 36 ms TCP Connect 35 ms TLS Handshake 36 ms Server Processing 42 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.