Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BCrawlabilityno robots.txt, no sitemapREVIEW
robots.txt is optional but recommended. It tells search engine crawlers which pages to index.
No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.
Learn more ▾ ▴
A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.
Source: robotstxt.org
A sitemap helps search engines discover and index your pages more efficiently.
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
No robots.txt found
This is fine for most sites — a missing robots.txt allows all crawling by default.
No sitemap found
Adding a sitemap helps search engines discover your pages.
BTLS Certificate Expiry & Recommendations86 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
ADNS Records2 A records, 568 ms lookupPASS
| A | 104.18.35.94, 172.64.152.162 |
| AAAA | — |
| CNAME | — |
| NS | ns1.p201.dns.oraclecloud.net, ns2.p201.dns.oraclecloud.net, ns3.p201.dns.oraclecloud.net, ns4.p201.dns.oraclecloud.net |
| MX | 10 mxb-00013f02.gslb.pphosted.com 10 mxa-00013f02.gslb.pphosted.com |
| TXT | h1-domain-verification=8umaj61L51VLifqrS81KsZvQjj2wAocuNApvEezzA4kbh7nj webexdomainverification.FP6V=ed4a732d-57df-4b7c-abeb-b4b2996eb96c infor-cloudsuite-domain-verification=G3VD4QUHD8985EN5P3W4XE5PPTDFUNARVL3WLU2PKJM... amazonses:iYVqzrbj79silXDpd4lIop0tV5t+TkPaOI85mXAx8YM= openai-domain-verification=dv-qnJgOPYFUxNWJCk27WKO55NG webexdomainverification.=0874c579-9d2f-4ec1-8cf6-4f482739065a onetrust-domain-verification=51501365bfef41fa996f859a71be5994 amazonses:OM8haeLLQVcL8nmDytoQdgmrh8UborYYF0t0kqtgJM8= webexdomainverification.FIM2=1bc82124-0d82-4f40-87b5-8d82740963c9 9b0a9801-c51f-49aa-86ec-5af9cbd78541 onetrust-domain-verification=70a4c3913b0b4d539775355b843091d9 docusign=f3d61bab-3f64-4a9d-9bf9-cad0f10370f3 postman-domain-verification=fd04b3c14be0ba693964d7b503d96f003995915eb7f6908ecb71... ciscocidomainverification=2ff3680fe390fe20d08b9853503f34c1448816bdde2b532465a2fe... TAxo9YB5KjJA681X4xJ696wLZLihCXS/imPuTG3HlFQ= docusign=b1536e74-c826-4260-85ac-1e10a1d2e0f9 367715422-5805514 webexdomainverification.=bc51ab5f-dece-40de-9899-d25dad4cc472 facebook-domain-verification=d7xv5sx2i1129ase02rfzs89zog1m3 Verification Code : 00D90000000wSzr=1TBfQ00000000Hl atlassian-domain-verification=UhafPb8a2U7ZNDs4Rz9mGA4RDMA4eJNt9xZaGSYIua5cGMDm1A... Dynatrace-site-verification=b13cd659-262f-4272-92a6-f62ba0cc9951__escdti1vab66qm webexdomainverification.=758d1893-4afc-4f82-b384-d131a92b895b v=verifydomain MS=ms34EDB1 Woj8kEvjpBnZONVrFtaL8Hg//Z/Zn /EOeTB8rWuurI= SPF v=spf1 include:_spf.pfizer.com include:spf1.pfizer.com include:_spf2.pfizer.com ... miro-verification=400915d42ec3ad6df33d3814aca2c3ea141b8968 onetrust-domain-verification=5eee91a2e0cc49e29d81643abbd6888f amazonses:TAxo9YB5KjJA681X4xJ696wLZLihCXS/imPuTG3HlFQ= google-site-verification=uPz4P6_6aqzsuwZ6MFwzfsS50zgmDB_rqmYHtZXNF_I atlassian-domain-verification=WPMZ+Siw/y+BK2/Z8p23bcHJvTCMuhrKGy5bTsNQTOYC80W2Uu... MS=ms72999098 Woj8kEvjpBnZONVrFtaL8Hg//Z/Zn+/EOeTB8rWuurI= amazonses:xeQo0tm5wDbPmd+BwLSyROKOel8/+9+Ju/nNaUhyhB8= facebook-domain-verification=7jf1he5ujth46ns602vho5ru4tux8h smartsheet-site-validation=vvgulNjzVyMad78Hr2Kq19qnILrV5IkP amazonses:rDmrepsAxkNUioDpS6AQb0p52GXM0KJpHyORONxbR2c= facebook-domain-verification=h6s6x557ds77sw1ez5aceuj5ux3bxu webexdomainverification.=83e0eace-42bc-4099-8ce8-fa24795d7174 Verification Code : 00DfV000000UumL=1TBfV00000004Wf webexdomainverification.FKUC=e132fcd5-1554-4178-8c6c-dc49b6ad3f11 smartsheet-site-validation=a6OYf3rkRiDSkYkbl92MwVkXP-oCjY3T apple-domain-verification=c5gM9MzHuGZ9zoKb smartsheet-site-validation=taihlykcsKZJ6Y3ueZ7OCrQHaEFl3gAA chariot=chariot+pfizer@praetorian.com uNFGRgumuYGwsaBCGa36aQOgQeSaV3hnCg5Bs5laQ07oh/fCTZUAyThG6/1v9yzhGc5oCUkmZ0qJG84+... miro-verification=334a54c1dd1ff1b14ba1c2d5f3861fcaf98d7135 Dynatrace-site-verification=b13cd659-262f-4272-92a6-f62ba0cc9951__escdti1vab66qm... google-site-verification=3xUkchGyl2CutL4GZU8tbI79-yC8-uqOtRRM6D-bxBs wiz-domain-verification=6a84828bcaf730f0a8f62024b18bf28a5d92fc252f6442aa7326a9e5... hcp-domain-verification=7c525a15296e73c172c6a8af900d61a1045205ed3f03268fdb2f49fb... SoLM7FZ7FajMog16mZmcV1vl59JOSPJHP+JVr78ZZdfHFvLgokkDPiJvOK3eREiNsjVcB7IL2F4NSrKn... canva-site-verification=p_8fLet0U-tcIMY4mIGIkw webexdomainverification.=43b98ce4-67e2-4a87-9f7d-36941d4c35c8 google-site-verification=_H1FNiEiiy83LtMgs_I_-VZ5_g84uu4uQcTrEmMCxFE bluebeam-verification=iwrciv1kd0og93k3dirndi5p0r5qm7 anthropic-domain-verification-dygje9=Qg3dECyebrnIrhN2uU0i7HJSy |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
Slow DNS adds latency to every page load. Consider a faster DNS provider.
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
ARedirect Chain1 redirect(s), 189 ms totalPASS
https://pfizer.com
66 ms · HTTP/1.1
https://www.pfizer.com/
123 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://pfizer.com | 301 | 66 ms | HTTP/1.1 | cloudflare |
| 2 | https://www.pfizer.com/ | 403 | 123 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencepfizer.com — via Nom-iq Ltd. dba COM LAUDE, 34 years, 5 months old, hosted on CloudflarePASS
284 days
April 29, 2027
86 days
Issued by Google Trust Services
34 years, 5 months
Registered April 28, 1992
Not enabled
Protects against DNS spoofing
Cloudflare
ASN AS13335
172.64.152.162
Nom-iq Ltd. dba COM LAUDE
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice