Skip to content
https://simon.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
90
GRADE
A
FIX
1
REVIEW
2
PASS
6
INFO
0
Probed from Madrid, Spain
301 Moved Permanently
Checks
9
6 PASS 2 REVIEW 1 FIX
D
CDN & Delivery
Action
No CDN detected
FIX
No CDN detected
Warning::
No CDN detected
A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.
No CDN detected

Consider using a CDN to improve global delivery speed and reduce origin load.

C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
TLS Certificate Expiry & Recommendations
164 days until leaf cert expires — 2 issues to address
REVIEW

Certificate validity

164
days left
0d 30d 60d 90d+

Recommended actions

  • Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+
DNS Records
1 A records, 126 ms lookup
PASS
1 A records, 126 ms lookup
Info::
Resolves to 1 IPv4 address(es)
Got: 135.222.185.61
Info::
Single A record — no DNS redundancy
Multiple A records provide failover if one server goes down.
Info::
No IPv6 (AAAA) records
Info::
2 nameserver(s) configured
Got: udns2.cscdns.uk, udns1.cscdns.net
Info::
1 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 126 ms
Got: 126 ms
A135.222.185.61
AAAA
CNAME
NSudns2.cscdns.uk, udns1.cscdns.net
MX
5 simon-com.mail.protection.outlook.com
TXT
atlassian-domain-verification=BGKqgs8MARFyU/BBEf6WezKY502UkleqCtBpWro7lv9u35FS1x...
fastly-domain-delegation-00338810-Pj05H2hV4G3-2025-03-31
_lhmrq00jkel08tnpya25dtyzuw0amxt
postman-domain-verification=c17dbf91c46ff8b969f9e22dca4e6466faf1379acebac6134ae2...
gu5h4pdaaqd3n3df3uhur44f54
docusign=6e20a13c-8006-4010-bfec-c61b6f40a449
klaviyo-site-verification=YgnVSm
badge-domain-verification-v2pyax=T2UHDkLU17oTI2BrZf3512S7Y
canva-site-verification=l18BfjecOmCANdM4ym63KQ
apple-domain-verification=IvgUFOq_XIWvqrqmKGWtKzG2cTmcSyT4TlpFZbW8Em8
klaviyo-site-verification=SumnKP
facebook-domain-verification=re8bp2og4wl83ni8fml07eqgulbmek
google-site-verification=gZyAJ5HLGmnXsQQuAqpF86tN6VOsRbjQbUBsK5wfESo
anthropic-domain-verification-s04mf7=A0vufhyozBS3pOvJixjvWXVCW
_globalsign-domain-verification=SQONiBgTxRVzPPtIHjei_IUGCiAa0KxoVWFw1QfVes
SPF v=spf1 include:spf1.simon.com include:spf2.simon.com -all
onetrust-domain-verification=2d4fde0f525a4c0fae7651bbe1d5b8fa
postman-domain-verification=d552cd9f2b05401a7f8c7934cd6ebd2ffe8dc4cc7cfcd1155352...
docusign=ea8a4ccf-8919-4405-b80e-2cad6222da7f
u7uvbu5f87kgq9l4scbu6gn4ml
google-site-verification=qaOAEpWccWlM1RXTApsY71HqVB4nHsloNxFkffJF4uU
google-site-verification=DslJlrOwIY7Eq9xjQ-QrGRVmY96VU2KUjZloYfuYEu8
977hw9xmm24ny9bl4qf2qgz27rqjs1xb
google-site-verification=8z-QU0TSJ96_RIQI9C2LO9rE_sTRzJngBVWaxVl2-iQ
google-site-verification=ZXOj0-wqdWghdU3OYbSatHvAEQpZYSNASxv1Vczj1wA
CAALookup not available with standard resolver
Resolved in 126 ms

Multiple A records provide failover if one server goes down.

Why this matters

Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.

Learn more

Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.

Source: SRE practice / DNS architecture

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A
Redirect Chain
1 redirect(s), 747 ms total
PASS
1 redirect(s), 747 ms total
Info::
Single redirect
Got: https://simon.com → https://www.simon.com/ (301)
Info::
WWW normalization redirect
Info::
Redirect overhead: 747 ms total
Got: 747 ms

https://simon.com

295 ms · HTTP/1.1

301

https://www.simon.com/

452 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://simon.com301295 msHTTP/1.1Microsoft-Azure-Application-Gateway/v2
2https://www.simon.com/200452 msHTTP/1.1

See the visual redirect chain in the HTTP Probe tab →

A+
Crawlability
robots.txt present, sitemap with 3 URLs
PASS
robots.txt present, sitemap with 3 URLs
Info::
robots.txt is present
Got: 7267 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 3 entries
Info::
Sitemap index with 3 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 7267 B Sitemaps referenced 1 User-agents Bravebot, Brightbot 1.0, Google-Extended, LAIONDownloader, Operator, Poseidon Research Crawler, Thinkbot, ChatGPT-Agent, BuddyBot, Diffbot, IbouBot, PhindBot, Applebot, ChatGPT-User, amazon-kendra, CCBot, Webzio-Extended, Amazonbot, Crawlspace, panscient.com, Google-Firebase, Meta-ExternalFetcher, *, bigsur.ai, Cotoyogi, MyCentralAIScraperBot, YaK, DeepSeekBot, GoogleOther-Video, quillbot.com, DuckAssistBot, AI2Bot, aiHitBot, AmazonBuyForMe, KlaviyoAIBot, SemrushBot-OCOB, YandexAdditionalBot, GoogleOther-Image, LinerBot, Applebot-Extended, meta-webindexer, bedrockbot, img2dataset, SemrushBot-SWA, OpenAI, QualifiedBot, TerraCotta, VelenPublicWebCrawler, iaskspider/2.0, NovaAct, PetalBot, Claude-Web, FacebookBot, Perplexity-User, PerplexityBot, ImagesiftBot, NotebookLM, QuillBot, CloudVertexBot, ISSCyberRiskCrawler, GoogleAgent-Mariner, Ai2Bot-Dolma, EchoboxBot, Factset_spyderbot, SBIntuitionsBot, Scrapy, Timpibot, GoogleOther, omgili, FriendlyCrawler, Gemini-Deep-Research, Devin, YouBot, Meta-ExternalAgent, ShapBot, Google-NotebookLM, Awario, cohere-training-data-crawler, Linguee Bot, netEstate Imprint Crawler, Claude-SearchBot, GPTBot, wpbot, atlassian-bot, Andibot, ClaudeBot, Echobot Bot, PanguBot, Cloudflare-AutoRAG, Panscient, cohere-ai, Kangaroo Bot, MistralAI-User, Sidetrade indexer bot, Claude-User, meta-externalfetcher, Anomura, TikTokSpider, Bingbot, OAI-SearchBot, WARDBot, ChatGPT-User/2.0, Datenbank Crawler, ICC-Crawler, MistralAI-User/1.0, anthropic-ai, AddSearchBot, Bytespider, meta-externalagent, omgilibot, FirecrawlAgent, facebookexternalhit, Google-CloudVertexBot, YandexAdditional Blocking No — crawling allowed
# Simon content is made available for your personal, non-commercial 
# use and is subject to our Terms of Use which prohibit commercial use of any information on this site: 

# https://www.simon.com/legal 

# Use of any device, tool, or process designed to data mine or scrape the content 

# using automated means is prohibited without prior written permission from 

# Simon Media Properties, or its’ parent Simon Property Group, Inc.  Prohibited uses include but are not limited to: 

# (1) text and data mining activities under Art. 4 of the EU Directive on Copyright in the Digital Single Market; 

# (2) the development of any software, machine learning, artificial intelligence (AI), and/or large language models (LLMs); 

# (3) creating or providing archived or cached data sets containing our content to others; and/or 

# (4) any commercial purposes. 

# As a condition of accessing this website, you agree to abide by the 

# following content signals: 

# (a)  If a content-signal = yes, you may collect content for the 

#      corresponding use. 

# (b)  If a content-signal = no, you may not collect content for the 

#      corresponding use. 

# (c)  If the website operator does not include a content signal for a 

#      corresponding use, the website operator neither grants nor restricts 

#      permission via content signal with respect to the corresponding use. 

# The content signals and their meanings are: 

# search: building a search index and providing search results (e.g., returning 

#         hyperlinks and short excerpts from your website's contents). Search 

#         does not include providing AI-generated search summaries. 

# ai-input: inputting content into one or more AI models (e.g., retrieval 

#           augmented generation, grounding, or other real-time taking of 

#           content for generative AI search answers). 

# ai-train: training or fine-tuning AI models. 


# ANY RESTRICTIONS EXPRESSED VIA CONTENT SIGNALS ARE EXPRESS RESERVATIONS OF 

# RIGHTS UNDER ARTICLE 4 OF THE EUROPEAN UNION DIRECTIVE 2019/790 ON COPYRIGHT 

# AND RELATED RIGHTS IN THE DIGITAL SINGLE MARKET. 


User-agent: AddSearchBot

User-agent: AI2Bot

User-agent: Ai2Bot-Dolma

User-agent: aiHitBot

User-agent: AmazonBuyForMe

User-agent: atlassian-bot

User-agent: amazon-kendra

User-agent: Amazonbot

User-agent: Andibot

User-agent: Anomura

User-agent: Awario

User-agent: bedrockbot

User-agent: bigsur.ai

User-agent: Bravebot

User-agent: Brightbot 1.0

User-agent: BuddyBot

User-agent: Bytespider

User-agent: CCBot

User-agent: ClaudeBot

User-agent: Cloudflare-AutoRAG

User-agent: CloudVertexBot

User-agent: cohere-ai

User-agent: cohere-training-data-crawler

User-agent: Cotoyogi

User-agent: Crawlspace

User-agent: Datenbank Crawler

User-agent: DeepSeekBot

User-agent: Devin

User-agent: Diffbot

User-agent: Echobot Bot

User-agent: EchoboxBot

User-agent: Factset_spyderbot

User-agent: FirecrawlAgent

User-agent: FriendlyCrawler

User-agent: Google-Extended

User-agent: GoogleOther

User-agent: GoogleOther-Image

User-agent: GoogleOther-Video

User-agent: GPTBot

User-agent: iaskspider/2.0

User-agent: IbouBot

User-agent: ICC-Crawler

User-agent: ImagesiftBot

User-agent: img2dataset

User-agent: ISSCyberRiskCrawler

User-agent: Kangaroo Bot

User-agent: KlaviyoAIBot

User-agent: LAIONDownloader

User-agent: LinerBot

User-agent: Linguee Bot

User-agent: meta-externalagent

User-agent: MistralAI-User

User-agent: MistralAI-User/1.0

User-agent: MyCentralAIScraperBot

User-agent: netEstate Imprint Crawler

User-agent: NotebookLM

User-agent: NovaAct

User-agent: omgili

User-agent: omgilibot

User-agent: Operator

User-agent: PanguBot

User-agent: Panscient

User-agent: panscient.com

User-agent: PetalBot

User-agent: Perplexity-User

User-agent: PerplexityBot

User-agent: PhindBot

User-agent: Poseidon Research Crawler

User-agent: QualifiedBot

User-agent: QuillBot

User-agent: quillbot.com

User-agent: SBIntuitionsBot

User-agent: Scrapy

User-agent: SemrushBot-OCOB

User-agent: SemrushBot-SWA

User-agent: ShapBot

User-agent: Sidetrade indexer bot

User-agent: TerraCotta

User-agent: Thinkbot

User-agent: TikTokSpider

User-agent: Timpibot

User-agent: VelenPublicWebCrawler

User-agent: WARDBot

User-agent: Webzio-Extended

User-agent: wpbot

User-agent: YaK

User-agent: YandexAdditional

User-agent: YandexAdditionalBot

User-agent: YouBot

Disallow: / 


User-agent: anthropic-ai 

Content-signal: search=yes, ai-train=no, ai-input=no 
Allow: / 

User-agent: Applebot 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: Applebot-Extended 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: Bingbot 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: ChatGPT-Agent 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: ChatGPT-User 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: ChatGPT-User/2.0 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: Claude-SearchBot 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: Claude-Web 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: Claude-User 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: DuckAssistBot 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: FacebookBot 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: facebookexternalhit 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: Gemini-Deep-Research 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: Google-CloudVertexBot 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: Google-Firebase 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: Google-NotebookLM 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: GoogleAgent-Mariner 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: Meta-ExternalAgent 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: meta-externalfetcher 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: Meta-ExternalFetcher 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: meta-webindexer 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: OAI-SearchBot 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 

User-agent: OpenAI 

Content-signal: search=yes, ai-train=no, ai-input=yes 
Allow: / 


User-agent: * 

Disallow: /brand/ 

Disallow: /contentstream/ 

Disallow: /contentstreamcsi/ 

Disallow: /email/rscdealemailcreate/ 

Disallow: /errors/ 

Disallow: /retailshowcase/reporting/PrintAllRSCOffers.aspx 

Disallow: /system/ 

Disallow: /wifi/ 

Disallow: /mall/*/directions/ 

Disallow: /mall/*/directions 

Disallow: /mall/*/stores/print/* 

Disallow: /bot-challenge 

Sitemap: https://www.simon.com/sitemap.xml
sitemap.xml 200 OK
Type Sitemap Index URLs 3 entries Valid XML Yes
Child Sitemaps:
A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

307https://www.simon.com/
200https://simon.com/

HTTP → HTTPS

301http://simon.com/ https://www.simon.com/

Consistent

A+
Domain Intelligence
simon.com — via CSC Corporate Domains, Inc., 29 years, 1 months old, hosted on Microsoft Azure
PASS
simon.com — via CSC Corporate Domains, Inc., 29 years, 1 months old, hosted on Microsoft Azure
Info::
Domain registered until Aug 20, 2026 (3 months remaining)
Info::
DNSSEC is enabled
Info::
Registrar: CSC Corporate Domains, Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: Microsoft Azure
Got: AS8075
Domain expiry

67 days

August 20, 2026

SSL certificate

164 days

Issued by DigiCert Inc

Domain age

29 years, 1 months

Registered August 21, 1997

DNSSEC

Enabled

Protects against DNS spoofing

Hosting

Microsoft Azure

ASN AS8075

135.222.185.61

Registrar

CSC Corporate Domains, Inc.

Unlocked 2 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Renew the domain or enable auto-renewal to prevent accidental expiry
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar CSC Corporate Domains, Inc.
Created August 21, 1997 (29 years, 1 months ago)
Expires August 20, 2026 (3 months)
Last Updated August 16, 2025
Name Servers udns1.cscdns.net, udns2.cscdns.uk
DNSSEC Enabled
Hosting
IP Address 135.222.185.61
ASN AS8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
Provider Microsoft Azure
Data source: rdap (0.3s)

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 337 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
45 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
98 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
98 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
338 ms
Total Time Total request time from DNS lookup through full response.
338 ms

Connection waterfall

DNS Lookup 45 ms TCP Connect 98 ms TLS Handshake 98 ms Server Processing 97 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback