Infrastructure - https://rakuten.com BeaverCheck Audit

D

CDN & Delivery

Action

No CDN detected

FIX

No CDN detected

A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.

No CDN detected

Consider using a CDN to improve global delivery speed and reduce origin load.

C

IPv6 Readiness

Action

No IPv6 support

REVIEW

No IPv6 support

No IPv6 (AAAA) records found

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

No IPv6 Support

About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B

URL Variants

www/non-www, trailing slash, HTTP→HTTPS

REVIEW

www/non-www, trailing slash, HTTP→HTTPS

Both www and non-www versions serve content

Got: Both variants return 200 Expected: One variant 301-redirects to the other

HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.rakuten.com/

200https://rakuten.com/

Inconsistent — duplicate content risk

HTTP → HTTPS

301http://rakuten.com/ → https://www.rakuten.com/

Consistent

B

TLS Certificate Expiry & Recommendations

145 days until leaf cert expires — 4 issues to address

REVIEW

Certificate validity

145

days left

0d 30d 60d 90d+

Recommended actions

Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
Enable DNSSEC on your domain for DNS spoofing protection
Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy

A+

DNS Records

2 A records, 21 ms lookup

PASS

2 A records, 21 ms lookup

Resolves to 2 IPv4 address(es)

Got: 216.238.190.103, 216.238.190.102

No IPv6 (AAAA) records

6 nameserver(s) configured

Got: a18-64.akam.net, a2-65.akam.net, a12-67.akam.net, a5-67.akam.net, a1-60.akam.net, a3-66.akam.net

1 mail exchanger(s) configured

CAA records not checked

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

SPF record present in TXT

DNS resolution time: 21 ms

Got: 21 ms

A	216.238.190.103, 216.238.190.102
AAAA	—
CNAME	—
NS	a18-64.akam.net, a2-65.akam.net, a12-67.akam.net, a5-67.akam.net, a1-60.akam.net, a3-66.akam.net
MX	0 rakuten-com.mail.protection.outlook.com
TXT	openai-domain-verification=dv-yIg8cLxdcKMGDzeMRf2ZsmQz ZOOM_verify_1CUyk4ZURzG11xU4RW6Ncw postman-domain-verification=90596f90e47bda3896cdfc5d9874977e08bc189e6baa1532ee48... tdc1k22c30v6pd8z8n3jlpmd2rrzww73 _fb0prf460ks451hmyj68br1a12mgezk atlassian-domain-verification=W9E9ZswMlhU5YJu4DFAkbgVoji7ICcjqlquvr11WaUSQekHTPu... google-site-verification=c0AJwAwQPiYFrMzTaBOhVUJF_GmAK4n9vo7lZuhkPCA google-site-verification=sQxhhR8u56lx5nsXf-nHZlXW9yYtoRIhezNjhZioqlg apple-domain-verification=H6mtoIlYoA4bu3C1 wiz-domain-verification=d69bd87487a0e543048721c80a4a8a17207a66a45861483db817854c... 9b13xykjgrg42gy4lcrj3zgxs0xhk6s1 liveramp-site-verification=QjUZMPTinikRmbBj9w8NM5L9nWMBHfUnIwV4xzn-XSk _iedmxnweku8ldrefg3c2567gc8qcfzz cursor-domain-verification-qe2sb0=YkfDXxtiIYKppYU0KPwJYPSPk 7l3v5k4stjltzk08xlvz5lchpdqyyvk3 adobe-idp-site-verification=5aefb7fe-df28-4971-8c37-a5b48aa8714f google-site-verification=3xZBbDGNysB4H9ymSueYzZjOA_oyj7T4zWwOP6Nm5gk 20d3007bd0db4582ac8eeaa3fa58bf22 1tlb8sw5ygwkmb6c7k0297f01fwz8yk8 4ce9fc790a9779efff0490924e22aa2179c40a8a30f85aef58025f837b41aeef _ia2ibxtdm9th4uixczbb5tj7nrbezbd cloudhealth=45b59fc3-9ea7-424e-8791-0462136574b0 google-site-verification=sSEOp4KFXaZFxIJ9IpI2TiN37AE-aBEDS6eFFLlI-FE google-site-verification=r0CdsPG-g75LRJA1Cch65miCrleeIiXDVwhbXZntIkU fdyqv2nzgbcy7xtbwsc69jmmq2fm7z3y poVgrRG6GB3NT0KPPq7oWF12+WkAlodJJxWfxrhKjEH6j0GDIT0gvt+0YeaP5I0fgWvh/3gveh1/JS1G... anthropic-domain-verification-sdwgw9=skFbusy2rM8YcXQcpHH71WrY5 datadome-domain-verify=8lhO8J1K2o2qsxtyKmPuORHNxDznYsaK SPF v=spf1 include:spf01.rakuten.co.jp include:spf02.rakuten.co.jp include:spf03.rak... miro-verification=547580ac2359fc358182fce2a4f982612555ed95 beautifulai-site-verification=9b01a22a-d7d1-437d-a7db-09d81b2f738c fastly-domain-delegation-mpgbsgmv37nkhm3ysjaz-738762-2024-02-09 docker-verification=4130453a-343b-4c07-970f-e2317d31b4c9 atlassian-domain-verification=IUQIr8gZ06LRVZuRAUPe9if8wYA4IpyORQmHQID1YMCkup8TXN... docusign=de9d93c8-371e-4190-83de-dbe818614795
CAA	Lookup not available with standard resolver

Resolved in 21 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A

Redirect Chain

1 redirect(s), 118 ms total

PASS

1 redirect(s), 118 ms total

Single redirect

Got: https://rakuten.com → https://www.rakuten.com/ (301)

WWW normalization redirect

https://rakuten.com

97 ms · HTTP/1.1

301

https://www.rakuten.com/

21 ms · HTTP/1.1 FINAL

#	URL	Status	Time	Protocol	Server
1	https://rakuten.com	301	97 ms	HTTP/1.1	nginx/1.28.0
2	https://www.rakuten.com/	200	21 ms	HTTP/1.1	nginx

See the visual redirect chain in the HTTP Probe tab →

A+

Crawlability

robots.txt present, sitemap with 15 URLs

PASS

robots.txt present, sitemap with 15 URLs

robots.txt is present

Got: 2621 bytes

sitemap.xml is present

sitemap.xml is valid XML

sitemap.xml contains 15 entries

Sitemap index with 15 child sitemaps

robots.txt references sitemap

robots.txt 200 OK

Size 2621 B Sitemaps referenced 2 User-agents *, naverbot, yeti, grapeshot Blocking No — crawling allowed

User-agent: *
Disallow: *disallow=1*
Disallow: /.well-known/
Disallow: /*-xfas
Disallow: /*-xfcat
Disallow: /product/
Disallow: /prod-cats/
Disallow: /editUserInfos.do
Disallow: /utilities/
Disallow: /landing_merchant.jsp
Disallow: /2010.htm
Disallow: /compare/
Disallow: /searchproducts.htm
Disallow: /searchproducts_all.htm
Disallow: /searchcomparison.htm
Disallow: /search/special.htm
Disallow: /search/all.htm
Disallow: /search/stores.htm
Disallow: /myus/
Disallow: /account-info.htm
Disallow: /whitelist/
Disallow: /*?referrerid
Disallow: /*&campaign_entity_id
Disallow: /*&sourceName
Disallow: /*&eeid
Disallow: /*&sourceId
Disallow: /*&src
Disallow: /*&utm_source
Disallow: /*&utm_medium
Disallow: /*&utm_campaign
Disallow: /*&AutoLoginID
Disallow: /*&mpl_id
Disallow: /*&referrid
Disallow: /*&referrerdid
Disallow: /*&referrer
Disallow: /unifiedSearch/
Disallow: /refer-a-friend/
Disallow: /frontendEvents.do
Disallow: /button/
Disallow: /giveaway_rules/
Disallow: /wp-json/
Disallow: /feed/merchant-feed.xml
Disallow: /feed/offer-feed.xml
Disallow: /customer/feed/offer-feed.xml
Disallow: /customer/feed/merchant-feed.xml
Disallow: /logonUserServicesStartupAction.do
Disallow: /myaccount/
Disallow: /pending-cash-back.htm
Disallow: /sem/
Disallow: /ebatesCaptcha.do
Disallow: /mobile/
Disallow: /cgi-bin/
Disallow: /blog-preview/
Disallow: /blog/wp-includes/
Disallow: /blog/wp-login.php
Disallow: /blog/wp-admin/*
Disallow: /blog/wp-register.php
Disallow: /blog/search/*
Disallow: /email/
Disallow: /account/
Disallow: /ajax/
Disallow: /auth/getLogonForm.do
Disallow: /zh/index.htm
Disallow: /kr/index.htm
Disallow: /sg/index.htm
Disallow: /sem2015/
Disallow: /ad-scans/
Disallow: /_stores/
Disallow: /hotels/search-results.htm
Disallow: /hotels/verify.htm
Disallow: /hotels/reservation-management.htm
Disallow: /hotels/reservation-payment.htm
Disallow: /hotels/reservation-confirmation.htm
Disallow: /kr/
Disallow: /blog1/
Disallow: *bvstate=
Disallow: *maxp=
Disallow: *minp=
Disallow: *rtg=
Disallow: *po_c=
Disallow: *bo=
Disallow: *queryId=
Disallow: *querySubId=
Disallow: /*.vm
Disallow: /sorting/
Disallow: /m/
Disallow: /shop/search/
Disallow: /shop/*/search/
Disallow: /shop/member/
Disallow: /shop/order/
Disallow: /shop/messages/
Disallow: /shop/wishlist/
Disallow: /shop/mycoupons/
Disallow: /shop/browsing_history/
Disallow: /shop/preference-center-rmail/
Disallow: /amexblue/

User-agent: naverbot
Allow: /kr/
User-agent: yeti
Allow: /kr/
User-agent: grapeshot
Allow: /shop/search/

Sitemap: https://www.rakuten.com/sitemap-index.xml
Sitemap: https://www.rakuten.com/products/product_sitemap.xml

sitemap.xml 200 OK

Type Sitemap Index URLs 15 entries Valid XML Yes

Child Sitemaps:

A+

Domain Intelligence

rakuten.com — via MarkMonitor Inc., 29 years old, hosted on AWS

PASS

rakuten.com — via MarkMonitor Inc., 29 years old, hosted on AWS

Domain registered until Sep 11, 2026 (4 months remaining)

DNSSEC is not enabled

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Registrar: MarkMonitor Inc.

Registrar lock is NOT enabled

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Hosting: AWS

Got: AS16509

Domain expiry

89 days

September 11, 2026

SSL certificate

145 days

Issued by DigiCert Inc

Domain age

29 years

Registered September 12, 1997

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

AWS

ASN AS16509

216.238.190.103

Registrar

MarkMonitor Inc.

Unlocked 6 NS records

Expiry timeline

Today

+1 year

Domain expiry SSL expiry Danger zone (≤30 days)

Recommended actions

Renew the domain or enable auto-renewal to prevent accidental expiry
Enable DNSSEC to protect visitors from DNS spoofing
Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers

Registrar MarkMonitor Inc.

Created September 12, 1997 (29 years ago)

Expires September 11, 2026 (4 months)

Last Updated August 10, 2024

Name Servers a1-60.akam.net, a12-67.akam.net, a18-64.akam.net, a2-65.akam.net, a3-66.akam.net, a5-67.akam.net

DNSSEC Not enabled

Hosting

IP Address 216.238.190.103

ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)

Provider AWS

Data source: rdap (0.2s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more ▾

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more ▾

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+

HTTP Probe Timing

Total 94 ms — DNS, TCP, TLS, TTFB, content transfer breakdown

PASS

DNS Lookup

7 ms

TCP Connect

22 ms

TLS Handshake

44 ms

Time to First Byte

95 ms

Total Time

95 ms

Connection waterfall

DNS Lookup 7 ms TCP Connect 22 ms TLS Handshake 44 ms Server Processing 22 ms Content Transfer 0 ms