Skip to content
https://pku.edu.cn

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
88
GRADE
B
FIX
2
REVIEW
3
PASS
3
INFO
1
Probed from Madrid, Spain
200 OK
Checks
9
3 PASS 3 REVIEW 2 FIX
F
HTTP Probe Timing
Action
Total 4761 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
FIX
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
3.17 s
TCP Connect TCP Connect — time to establish a TCP connection to the server.
316 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
640 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
4.76 s
Total Time Total request time from DNS lookup through full response.
4.76 s

Connection waterfall

DNS Lookup 3.17 s TCP Connect 316 ms TLS Handshake 640 ms Server Processing 638 ms Content Transfer 1 ms
D
CDN & Delivery
Action
No CDN detected
FIX
No CDN detected
Warning::
No CDN detected
A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.
No CDN detected

Consider using a CDN to improve global delivery speed and reduce origin load.

C
DNS Records
Action
1 A records, 2893 ms lookup
REVIEW
1 A records, 2893 ms lookup
Info::
Resolves to 1 IPv4 address(es)
Got: 162.105.131.160
Info::
Single A record — no DNS redundancy
Multiple A records provide failover if one server goes down.
Info::
Has 1 IPv6 (AAAA) record(s)
Got: 2001:da8:201:1512::a269:83a0
Warning::
CNAME record at zone apex
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
Got: www.lb.pku.edu.cn
Info::
No NS records found
Info::
No MX records — email not configured via DNS
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
No SPF record found in TXT records
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Warning::
DNS resolution is slow (2893 ms)
Slow DNS adds latency to every page load. Consider a faster DNS provider.
Got: 2893 ms
A162.105.131.160
AAAA2001:da8:201:1512::a269:83a0
CNAMEwww.lb.pku.edu.cn
NS
MX
TXT
CAALookup not available with standard resolver
Resolved in 2893 ms

Multiple A records provide failover if one server goes down.

Why this matters

Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.

Learn more

Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.

Source: SRE practice / DNS architecture

A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.

Why this matters

CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.

Learn more

RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.

Source: RFC 1034

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.

Why this matters

Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.

Learn more

SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.

Source: RFC 7208 (SPF)

Slow DNS adds latency to every page load. Consider a faster DNS provider.

Why this matters

DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.

Source: DNS performance benchmarks

B
Crawlability
no robots.txt, no sitemap
REVIEW
no robots.txt, no sitemap
Info::
No robots.txt found
robots.txt is optional but recommended. It tells search engine crawlers which pages to index.
Info::
No sitemap.xml found
A sitemap helps search engines discover and index your pages more efficiently.

robots.txt is optional but recommended. It tells search engine crawlers which pages to index.

Why this matters

No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.

Learn more

A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.

Source: robotstxt.org

A sitemap helps search engines discover and index your pages more efficiently.

Why this matters

No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.

Learn more

A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.

Source: sitemaps.org / Google Search Central

robots.txt No robots.txt found

No robots.txt found

This is fine for most sites — a missing robots.txt allows all crawling by default.

sitemap.xml No sitemap found

No sitemap found

Adding a sitemap helps search engines discover your pages.

B
TLS Certificate Expiry & Recommendations
337 days until leaf cert expires — 5 issues to address
REVIEW

Certificate validity

337
days left
0d 30d 60d 90d+

Recommended actions

  • Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
  • Add includeSubDomains to the HSTS directive
  • Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+
Redirect Chain
No redirects — direct access
PASS
No redirects — direct access
Info::
No redirects — direct access
Got: https://www.pku.edu.cn

https://www.pku.edu.cn

1609 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://www.pku.edu.cn2001609 msHTTP/1.1nginx
A+
IPv6 Readiness
IPv6 reachable (274 ms)
PASS
IPv6 reachable (274 ms)
Info::
IPv6 is configured and reachable at 2001:da8:201:1512::a269:83a0
Got: 274 ms connect
IPv6 Ready
AAAA Records 2001:da8:201:1512::a269:83a0 Connection Reachable (274 ms)
A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.pku.edu.cn/
https://pku.edu.cn/

HTTP → HTTPS

301http://www.pku.edu.cn/ https://www.pku.edu.cn/

Consistent

Domain Intelligence
Domain intelligence data not available
INFO
Domain intelligence data not available

RDAP and WHOIS lookup both failed

All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback