Skip to content
https://bmwgroup.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
85
GRADE
B
FIX
0
REVIEW
4
PASS
5
INFO
0
Probed from Madrid, Spain
302 Found
Checks
9
5 PASS 4 REVIEW
C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
Crawlability
no robots.txt, no sitemap
REVIEW
no robots.txt, no sitemap
Info::
No robots.txt found
robots.txt is optional but recommended. It tells search engine crawlers which pages to index.
Info::
No sitemap.xml found
A sitemap helps search engines discover and index your pages more efficiently.

robots.txt is optional but recommended. It tells search engine crawlers which pages to index.

Why this matters

No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.

Learn more

A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.

Source: robotstxt.org

A sitemap helps search engines discover and index your pages more efficiently.

Why this matters

No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.

Learn more

A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.

Source: sitemaps.org / Google Search Central

robots.txt No robots.txt found

No robots.txt found

This is fine for most sites — a missing robots.txt allows all crawling by default.

sitemap.xml No sitemap found

No sitemap found

Adding a sitemap helps search engines discover your pages.

B
TLS Certificate Expiry & Recommendations
87 days until leaf cert expires — 3 issues to address
REVIEW

Certificate validity

87
days left
0d 30d 60d 90d+

Recommended actions

  • Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN & Delivery
Akamai
REVIEW
Akamai
Info::
Site is served via Akamai CDN
Got: server header
CDN Detected: Akamai
Provider Akamai Evidence server header
A+
DNS Records
8 A records, 161 ms lookup
PASS
8 A records, 161 ms lookup
Info::
Resolves to 8 IPv4 address(es)
Got: 104.96.178.166, 104.96.180.163, 104.94.220.164, 104.96.181.163, 104.94.222.172, 104.94.221.164, 104.94.223.172, 104.96.179.166
Info::
No IPv6 (AAAA) records
Info::
4 nameserver(s) configured
Got: ns.bmw.de, ns4.m-online.net, ns3.m-online.net, ns2.m-online.net
Info::
2 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 161 ms
Got: 161 ms
A104.96.178.166, 104.96.180.163, 104.94.220.164, 104.96.181.163, 104.94.222.172, 104.94.221.164, 104.94.223.172, 104.96.179.166
AAAA
CNAME
NSns.bmw.de, ns4.m-online.net, ns3.m-online.net, ns2.m-online.net
MX
10 mx1.hc324-48.eu.iphmx.com
20 mx2.hc324-48.eu.iphmx.com
TXT
v=DMARC1; p=reject; rua=mailto:bgm.aggregate@bmwgroup.com, mailto:bmwagprod1@eu....
00D9X000004xwGz=1TB9X0000000Lnd
infoblox-domain-mastery=fdaac47cce6b075e372e9ba8a9a10cddef3f77a41e4e6f4d82fb3261...
00DWz000000uomv=1TBdr00000004A5
00D9X0000035vbp=1TB9X0000000AXF
00DFg000000IUsT=1TBFg0000001rTh
00D9O000004Wymj=1TB9O0000000Mrl
swisssign-check=o4zXJoJgwUzex4-angi4ux3DZ5A
00DFg000000FB1Z=1TBFg0000001VoA
00D9M000000MLdh=1TB9M0000000HGz
00DFg000000FBCr=1TBFg0000001VeT
00D9X000004xogv=1TB9X0000000NO1
00DMz000000FcJV=1TBMz0000000DID
00D9X000004xngj=1TB9X0000000B0H
00D9X000004xvWD=1TB9X0000000Gnx
00DMz000000Fcub=1TBMz0000000EuD
swisssign-check=-fEsl0MyQ0kdJUIDdC-o7-HPYls
00DMz000000NqxB=1TBMz0000000CSb
00DMz000000NqCP=1TBMz00000000pd
00D9O000004WyoL=1TB9O0000000AXI
00D9X000004xmzB=1TB9X0000000Ihh
00DMz000000Fc9p=1TBMz0000000B9x
00D9O000001NVnJ=1TB9O0000000Nnp
00D9X000004xvUb=1TB9X0000000MF3
00DMz000000Nr0P=1TBMz00000009hd
xb4vsm2k8p7kh17fhjf3hcr593bllf63
successfactors-site-verification=ZGRlZmIxNjhkNjcxZjFmMjczOTEwNWIyYTQ4ODU1YWZlOGR...
00D9O000004Wyzd=1TB9O0000000MOj
00D9X000004xoCz=1TB9X0000000Ax3
00D9V000004uGxR=1TB9V0000000QVZ
00D9V000004uEqn=1TB9V0000000Kzd
00D9X0000035vdR=1TB9X00000009GF
00DWz000000uruT=1TBdr00000006bh
apple-domain-verification=sobLiwh5QM2X15l3
bw=piOqdyepe9wMO9pn84X807HwcQMoOwWT5YPyb4DzIGc4
00D9V000004NatJ=1TB9V0000000Muz
00D9O000004WzKb=1TB9O0000000C7d
00D9X000004xoUj=1TB9X0000000AsD
00D9V000004uEh7=1TB9V0000000LxJ
teamviewer-sso-verification=e97ac350c1174b56a5f8eac544cdd7b2
00D9V000004Nazl=1TB9V0000000MOj
00DWz000000urPp=1TBdr00000006AH
brevo-code:5a69ccf2dd3a7bc1ff89aecae02fa1ba
openai-domain-verification=dv-5fPbds3vIRZztSBE7ga4W5m2
00DFg000000IUkQ=1TBFg0000001vPF
figma-domain-verification=f5a46a65e2d42080d654af335b6273251110ad997b78d6b48edbe1...
00DMz000000Nqqj=1TBMz00000009eR
wiz-domain-verification=2571e83621dca3f606c3fd4bedd8cef9bc52af789f348c55e7cada9b...
00D9V000002DMWD=1TB9V00000008lZ
00DMz000000Nr6r=1TBMz0000000Gsn
00DMz000000Fckv=1TBMz0000000Bcz
00D9V000004uEZ3=1TB9V0000000KTN
swisssign-check=_1CXBbMcJd2Zs0yBe9jWcjm9UJQ
00DMz000000NrEw=1TBMz0000000C2n
00DWz000000urb7=1TBSc0000001Gtx
00DMz000000Nqtx=1TBMz0000000E6D
swisssign-check=NblH7hPRNzquafF_C7ZUH7Cd3N8
00DWz000000uoyG=1TBSc0000001IsX
22229b94k58rg6kwnqwqpvm0j06q3srq
00DWz000000uoyD=1TBSc0000001JqD
00DMz000000NrEv=1TBMz0000000HiP
google-site-verification=Xxujq2IkZ3nbKZywFBP_EBNQ0S7LxHOhQtosPk1sen8
00D9X000004xliB=1TB9X0000000A10
MS=ms14316200
00DMz000000Nr8W=1TBMz0000000ACH
00DMz000000NrI9=1TBMz0000000FdN
00DMz000000NqHH=1TBMz0000000DdB
00DWz000000uoVB=1TBdr00000000BJ
00DMz000000FcbF=1TBMz0000000EXd
00D9X000004xvb3=1TB9X0000000KUz
00DFg000000FBET=1TBFg0000001W97
00D9V000004uEkL=1TB9V0000000P9h
00D9X000004xwFN=1TB9X0000000Obp
00D9Q0000013Grj=1TB9Q0000000Fjp
00D9V000004uEij=1TB9V0000000NPd
00D9V000002FbUL=1TB9V0000000R0D
00D9X000004xoOO=1TB9X0000000HKD
00DMz000000Nqlt=1TBMz0000000AfJ
00DWz000000upe9=1TBSc0000001FrR
cisco-ci-domain-verification=2116b5e67b1b05847cee5a3195f9e2834051257eb78d4fb47fc...
00DMz000000NrAB=1TBMz0000000Cu1
00DWz000000ur4r=1TBSc0000001GNh
00D9V000006A7Sz=1TB9V0000000LVt
00D9X000004xw2T=1TB9X0000000QNV
00D9Z000000IAaP=1TB9Z0000000JsH
_spf.salesforce.com
00DWz000000uqQX=1TBdr00000005Az
Dynatrace-site-verification=d2d48158-0553-4304-abe7-8736fd5e97f9__5f8s15v3ibuhg2...
00D9V000004uFAA=1TB9V0000000Nsf
SPF v=spf1 include:26p0f71f8.spf.checkpoint-spf.com include:spf.protection.outlook.c...
00DWz000000upUT=1TBSc0000001HQD
00D9M000000IlDO=1TB9M000000099l
00D9X000004xw45=1TB9X0000000IGH
00D9X0000035vaD=1TB9X00000007RN
00D9O000004Wz4T=1TB9O0000000OiH
00D9O000005gorx=1TB9O0000000LsT
00DWz000000up9V=1TBSc0000001INt
dtm-domain-verification=suKECW-dEALAUqnqPUQPhD-00HFd1WoYnCL_ayfIVg0
00DMz000000Nr6s=1TBMz0000000G4n
00DWz000000uqC1=1TBSc0000001HtF
00D9X0000035yg9=1TB9X0000000Agv
MS=ms68310984
00D9Q0000013G2f=1TB9Q0000000Fwj
webexdomainverification.=7954737d-3e46-469f-b682-2ed8120ffe00
00D9X000004xniO=1TB9X0000000Ne9
00DMz000000NqFd=1TBMz0000000HGz
00D9V000004uDgJ=1TB9V0000000Q49
00DWz000000uqqL=1TBdr0000000737
00D9V000002FbXZ=1TB9V0000000Ojt
sg4d409s4gkdqj6v5jbzy8m0tgx0bfn5
webexdomainverification.=ef77a46d-aff8-44f0-80f7-225956409ca5
00DMz000000Nq9B=1TBMz0000000HDm
00D9X000004xvXp=1TB9X0000000Hor
00DMz000000Nr8V=1TBMz0000000GKw
00DWz000000uqdR=1TBdr00000007W9
00DFg000000IUkP=1TBFg0000001scf
00D9Q000001RfmT=1TB9Q0000000OFF
00DWz000000urEX=1TBdr00000003fR
mistral-domain-verification=727596462963eab6f1e52a160fe0bdb6c1a074e1
webexdomainverification.=f79f3d15-6e08-4d1c-9263-1e2e03f21a18
00D9X000004xpIj=1TB9X0000000A4H
Dynatrace-site-verification=5e55612b-fc8a-4dce-816b-d3185c5e5628__3ovgn7u5okr21j...
adobe-sign-verification=15bb0cf14babc7e7f78038ee6a1fcdb9
00D9V000002DLvg=1TB9V00000007MU
00D9X000004xvft=1TB9X0000000Adh
00DFg000000IUm1=1TBFg0000001twv
00DFg000000IUqr=1TBFg0000001uOL
smartsheet-site-validation=HJhGBhfnkuEi0nxSVnFOZ-_BR5aLKm0u
00D9X0000035uZL=1TB9X00000009Pu
00DMz000000Nqp7=1TBMz0000000GWD
00DWz000000upHZ=1TBdr00000005e1
google-site-verification=fEphVPj2y9SiypgzIsWKjWy542aU0q-GvrZSH5ZUZjg
00D9O000004Wz7h=1TB9O0000000LNp
00D9X000004xmJF=1TB9X0000000Atp
_globalsign-domain-verification=aHLJSeNWYZMl-nJty-llsYxf2AlGsBkpJGgXJlcnbY
00DWz000000uo2K=1TBSc0000001JLZ
_globalsign-domain-verification=ZwEJ6Zf6zFd9nPcmRCtsZaoBtCWdGwwuPVMfRy8WZ_
00D9O000004Wyl7=1TB9O0000000OGr
00D9O000005gnz7=1TB9O0000000CcH
CAALookup not available with standard resolver
Resolved in 161 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A
Redirect Chain
1 redirect(s), 431 ms total
PASS
1 redirect(s), 431 ms total
Info::
Single redirect
Got: https://bmwgroup.com → https://www.bmwgroup.com/ (302)
Info::
WWW normalization redirect
Info::
Uses 302 (temporary) redirect
If permanent, use 301 instead.
Got: https://bmwgroup.com

https://bmwgroup.com

364 ms · HTTP/1.1

302

https://www.bmwgroup.com/

67 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://bmwgroup.com302364 msHTTP/1.1AkamaiGHost
2https://www.bmwgroup.com/40367 msHTTP/1.1

See the visual redirect chain in the HTTP Probe tab →

If permanent, use 301 instead.

Why this matters

302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.

Learn more

Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).

Source: Google Search Central

A
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Warning::
HTTP→HTTPS redirect uses 302 instead of 301
Got: 302 temporary redirect Expected: 301 permanent redirect

www / non-www

403https://www.bmwgroup.com/
200https://bmwgroup.com/

HTTP → HTTPS

302http://bmwgroup.com/ https://www.bmwgroup.com/

Use 301 (permanent) instead of 302 (temporary)

A+
Domain Intelligence
bmwgroup.com — via CSC Corporate Domains, Inc., 27 years, 10 months old, hosted on Akamai
PASS
bmwgroup.com — via CSC Corporate Domains, Inc., 27 years, 10 months old, hosted on Akamai
Info::
Domain registered until Nov 3, 2033 (7 years, 7 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: CSC Corporate Domains, Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: Akamai
Got: AS33905
Domain expiry

2697 days

November 3, 2033

SSL certificate

87 days

Issued by Let's Encrypt

Domain age

27 years, 10 months

Registered November 4, 1998

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

Akamai

ASN AS33905

104.96.179.166

Registrar

CSC Corporate Domains, Inc.

Unlocked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable DNSSEC to protect visitors from DNS spoofing
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar CSC Corporate Domains, Inc.
Created November 4, 1998 (27 years, 10 months ago)
Expires November 3, 2033 (7 years, 7 months)
Last Updated November 7, 2023
Name Servers ns.bmw.de, ns2.m-online.net, ns3.m-online.net, ns4.m-online.net
DNSSEC Not enabled
Hosting
IP Address 104.96.179.166
ASN AS33905 (AKAMAI-AMS, NL)
Provider Akamai
Data source: rdap (0.5s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 51 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
45 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
2 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
3 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
52 ms
Total Time Total request time from DNS lookup through full response.
52 ms

Connection waterfall

DNS Lookup 45 ms TCP Connect 2 ms TLS Handshake 3 ms Server Processing 2 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback