Skip to content
https://crypto.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
98
GRADE
A+
FIX
0
REVIEW
2
PASS
7
INFO
0
Probed from Madrid, Spain
302 Found
Checks
9
7 PASS 2 REVIEW
B
TLS Certificate Expiry & Recommendations
68 days until leaf cert expires — 4 issues to address
REVIEW

Certificate validity

68
days left
0d 30d 60d 90d+

Recommended actions

  • Extend HSTS max-age to at least 31536000 (1 year) to meet the preload list criteria
  • Add includeSubDomains to the HSTS directive
  • Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN & Delivery
Cloudflare
REVIEW
Cloudflare
Info::
Site is served via Cloudflare CDN (edge: CDG)
Got: cf-ray: 9f075edc1ec59edc-CDG
CDN Detected: Cloudflare
Provider Cloudflare Evidence cf-ray: 9f075edc1ec59edc-CDG
A+
DNS Records
2 A records, 96 ms lookup
PASS
2 A records, 96 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 104.19.222.17, 104.19.223.17
Info::
Has 2 IPv6 (AAAA) record(s)
Got: 2606:4700::6813:de11, 2606:4700::6813:df11
Info::
2 nameserver(s) configured
Got: sima.ns.cloudflare.com, chad.ns.cloudflare.com
Info::
7 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 96 ms
Got: 96 ms
A104.19.222.17, 104.19.223.17
AAAA2606:4700::6813:de11, 2606:4700::6813:df11
CNAME
NSsima.ns.cloudflare.com, chad.ns.cloudflare.com
MX
5 mxa-00543801.gslb.pphosted.com
5 mxb-00543801.gslb.pphosted.com
10 aspmx.l.google.com
50 alt2.aspmx.l.google.com
50 alt1.aspmx.l.google.com
100 aspmx3.googlemail.com
100 aspmx2.googlemail.com
TXT
paloaltonetworks-site-verification=341cd8a6c026568fbf2f1d688bd2ab3a93300ac792771...
apple-domain-verification=k42cyDihDFgZyDji
teamviewer-sso-verification=3c92f68977df46f8a836faf3dee19b1c
apple-domain-verification=gkrEgGUVeHhuHMMruqzgVlhai0KyQuU8fFjhDCxRBZg
status-page-domain-verification=71jf0xbkm9dv
7baha1sqkqhek96j30iigj5jhj
google-site-verification=PCetuilY5Boe-estav7CPomAMy-r1Itp_pkS_w7zlb8
docusign=44e85aef-c293-4280-a57e-c6805015f751
twilio-domain-verification=8cef33ec97d09c8ffd8ca03b2a7ef585
_rj7cydrznqqclu1nvwivn7ci3u67pup
sdzzsstffjsvrm1tl6w3vzjhnwnk7w6x
stripe-verification=4C074D42C2767E2A9C88645EF9A435F8A6B32AF96C2C0AA8E459842ABBF1...
MS=ms89782890
google-site-verification=0BkiWmFJ3j6n9dB155uT7bjYG2W-SvIjaW43B2nVlic
facebook-domain-verification=8y8dsk7b387u8fdzhwd38r7918jd61
mixpanel-domain-verify=c76c83bd-b6f1-42d9-a0fc-b9046f981edb
segment-site-verification=ymbSTvWR2lTKLIR4Cxtyv1bEQz5ShY9J
mongodb-site-verification=3dYblW5pflsGhK9sIKXE02aRNButG7TG
886cc7c2-4930-4e6c-82f7-b749a331f6bf
box-domain-verification=bd7e193ce1d8807fc0c92872c1d8ebab1fc8207e9cddd5e2562279f6...
cursor-domain-verification-axv2zp=mYKLERga3bfWGVc9QKs4zFEH1
google-site-verification=I7WDPOWEyGgthDtKQo87fedNKpc0HBvj63qimMVfvQU
slack-domain-verification=3t9FUgZ4ZU1fSFKsi6RSvcHMatYSJsZ5n6zIQYPT
CKO=cli_mbaj5wmc4fpu7gy6arlev3ipsy
_x4vbsuduc7he5rma9yk4jq187rqtpqo
docker-verification=91d288c2-871b-4e61-ad9b-17dc7a66dded
jamf-site-verification=XIIIvRTCj711MkK70OauJA
SPF v=spf1 mx ip4:13.228.3.214/32 ip4:166.78.71.191/32 include:sendgrid.net include:...
google-site-verification=ZsldpD3RCgz2ntLBhPvWKAsL5uFtgUcxNuP5U0HDNe8
notion-domain-verification=FDuhhiLdG51uQQ069lihmtNg7812kZsCNV3zrF8Trap
shopify-verification-code=3qnHrrZ3HBGVPKTMpMgTOja8jUB3oj
atlassian-domain-verification=mPIKsb4ANOnJdLnDcm5/XNWhVwAf77WKi84paGU6D1gpB2lKTI...
google-site-verification=UmBlyd162v42XnvTlkcyJCcsFVFzbZP1xlqeAF1QrYY
google-site-verification=QBNOiaBV-QoDHr_zovE1c1GTZnj4LS0dvSp0LktqXjY
miro-verification=57041690cd985a8c994e4fc960e73460e844a257
tverrblc66rfaf718t8nkv3ska
_r7ph0jpxjinr0eiyfj2rnxb54691eyc
box-domain-verification=bd7e193ce1d8807fc0c92872c1d8ebab1fc8207e9cddd5e256
adobe-idp-site-verification=d1d24ca7de8f48eabcb6db556f51aeb77f354775e863452fee8f...
facebook-domain-verification=598suasmwyal84kh3gglgawu4kp26h
CAALookup not available with standard resolver
Resolved in 96 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A
Redirect Chain
1 redirect(s), 131 ms total
PASS
1 redirect(s), 131 ms total
Info::
Single redirect
Got: https://crypto.com → https://crypto.com/es-es (302)
Info::
Uses 302 (temporary) redirect
If permanent, use 301 instead.
Got: https://crypto.com

https://crypto.com

70 ms · HTTP/1.1

302

https://crypto.com/es-es

61 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://crypto.com30270 msHTTP/1.1cloudflare
2https://crypto.com/es-es20061 msHTTP/1.1cloudflare

See the visual redirect chain in the HTTP Probe tab →

If permanent, use 301 instead.

Why this matters

302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.

Learn more

Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).

Source: Google Search Central

A+
IPv6 Readiness
IPv6 reachable (17 ms)
PASS
IPv6 reachable (17 ms)
Info::
IPv6 is configured and reachable at 2606:4700::6813:de11, 2606:4700::6813:df11
Got: 17 ms connect
IPv6 Ready
AAAA Records 2606:4700::6813:de11, 2606:4700::6813:df11 Connection Reachable (17 ms)
A+
Crawlability
robots.txt present, sitemap with 20 URLs
PASS
robots.txt present, sitemap with 20 URLs
Info::
robots.txt is present
Got: 606 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 20 entries
Info::
Sitemap index with 20 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 606 B Sitemaps referenced 1 User-agents AdsBot-Google-Mobile, *, waybackurls, AdsBot-Google, Googlebot Blocking No — crawling allowed
User-agent: waybackurls
Disallow: /
Disallow: /*

User-agent: AdsBot-Google
User-agent: Googlebot
User-agent: AdsBot-Google-Mobile
Disallow: /document/*
Allow: /
Allow: /crm/
Allow: /crm/*
Disallow: /nft/login?*
Disallow: /nft/*?*lang=
Disallow: /nft/*?*editions-mode=


User-agent: *
Disallow: /feed/podcast/
Disallow: /podcast/
Disallow: /podcast/*
Disallow: /miami_moon_gp2024
Disallow: /cdn-cgi/*
Disallow: /cdn-cgi/
Disallow: /levelup-lite
Disallow: /*/levelup-lite
Disallow: /nft/login?*
Disallow: /nft/*?*lang=
Disallow: /nft/*?*editions-mode=


Sitemap: https://crypto.com/sitemap/sitemap-index.xml
sitemap.xml 200 OK
Type Sitemap Index URLs 20 entries Valid XML Yes
Child Sitemaps:
A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.crypto.com/
200https://crypto.com/

Preferred variant: non-www

HTTP → HTTPS

301http://crypto.com/ https://crypto.com/

Consistent

A+
Domain Intelligence
crypto.com — via Network Solutions, LLC, 33 years, 5 months old
PASS
crypto.com — via Network Solutions, LLC, 33 years, 5 months old
Info::
Domain registered until May 7, 2034 (8 years, 1 months remaining)
Info::
DNSSEC is enabled
Info::
Registrar: Network Solutions, LLC
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Domain expiry

2882 days

May 7, 2034

SSL certificate

68 days

Issued by Google Trust Services

Domain age

33 years, 5 months

Registered May 6, 1993

DNSSEC

Enabled

Protects against DNS spoofing

Hosting

Unknown

2606:4700::6813:df11

Registrar

Network Solutions, LLC

Unlocked 2 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar Network Solutions, LLC
Created May 6, 1993 (33 years, 5 months ago)
Expires May 7, 2034 (8 years, 1 months)
Last Updated May 9, 2024
Name Servers chad.ns.cloudflare.com, sima.ns.cloudflare.com
DNSSEC Enabled
Hosting
IP Address 2606:4700::6813:df11
Data source: rdap (0.1s)

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 112 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
30 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
17 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
25 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
112 ms
Total Time Total request time from DNS lookup through full response.
112 ms

Connection waterfall

DNS Lookup 30 ms TCP Connect 17 ms TLS Handshake 25 ms Server Processing 40 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback