Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
CURL VariantsActionwww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Use 301 (permanent) instead of 302 (temporary)
BTLS Certificate Expiry & Recommendations58 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
A+DNS Records2 A records, 12 ms lookupPASS
| A | 104.17.111.190, 104.17.110.190 |
| AAAA | — |
| CNAME | — |
| NS | lex.ns.cloudflare.com, nucum.ns.cloudflare.com |
| MX | 4 eu-smtp-inbound-1.mimecast.com 4 eu-smtp-inbound-2.mimecast.com |
| TXT | 08261f74-adda-45ae-bab0-9b7e8919b7c7 0c333ae6-6e62-4dd3-bd75-bbbe8c00a9e3 56l0x50ygt1fkr23c9npqsrmwqr2cvhb 6mhwwb8qmrthfb7qmpjlkhr6w30yrqk7 77b755eb-0c8f-462f-9071-e147b4823dba MS=ms61882158 Z8kBemfkazJ2i4ysd4p6BpfEKVVRKFT0hQCLeyk8itVhI7FgQo/fof5BCS1pgLO13FaYp+KaVmX2pPT7... _7medm2uqul87tj3d47vgw0kjs7tvycm _9acsisu491ieex01chikb1wu70u61ev _qzf1ow8akt4j08t4s2mpxnfm03j00ap adobe-idp-site-verification=7d354030906008d5dcab28dc74cff0b4c3f868aa68415212c708... amazonses:Hk45M0qWK+GZ2iX9XJ0TVVq2mc+DayOePbXsYVp/abQ= amazonses:ULRvjmdH/bCZZFgF/xINBm531pRwaQntnQRX/m4r5Zc= amazonses:ivqwfLhOGGWGY27uhxdFOA4LwWOJLR+4cr1nUQ4Guh4= amazonses:q6HVI+PeonYnqfC7kDzNqCrUyIXQnena/tC1RgTQZ/s= anthropic-domain-verification-mae9zt=OrJVGKqpLLCr3R2xm97n1UkaA apple-domain-verification=0z9Q3j82qURKE0jE apple-domain-verification=DhDDkLn3rLrZDuNx apple-domain-verification=dJCKMZtNMZrBxvyv atlassian-domain-verification=7S7bsIrOwlHLdBG0OLNWITmcgqmnW8uaUKxRjA4McIJx1ThN46... atlassian-sending-domain-verification=681c02b7-bef7-4652-a1c3-b5999a7056c2 confluent-verification=5cd8b60d-2121-4b7a-8dc9-6c3fb6a7bc43 docusign=8f67c3ac-0e31-428a-b89b-d6c05efbcc57 facebook-domain-verification=nkrm6s56pcmfep9h0lgko47xsxxml5 figma-domain-verification=82306f7d5e6d9b44f70bf7e951c99627e467dcb0111c988d3ae206... formstack-domain-verification=bc1d27a650a1f333058871330e43d4c1 google-site-verification=-houjDGhv3j4boUHMyT2w-kmHVFMJBopLlqOV9CRtXE google-site-verification=N5etRfpe1AcCZMdSJz5sVicQHzzIr9RbU9cQTjQ94vE google-site-verification=RHYH2O4q7639HXg9OOtkhwU1GoSz2yrwFQ95dmHzArI google-site-verification=iDXI17Esaf_WqUOMbG7t1tkZ3cD3I2B81texGDyCmLE have-i-been-pwned-verification=361b42c0181f1c91867b0c7731657e90 include:5924315.spf03.hubspotemail.net include:spf1.formassembly.com knowbe4-site-verification=6f2a12971b44215b655214e401300716 krp4xlxh54n2p0jgnklc2sy826wnbqfd miro-verification=e0eb88c47512f1b3e347014c28cd69d732b8cc38 onetrust-domain-verification=67ea4d2fa6f84245aa04d058118d26ad onetrust-domain-verification=e66d1551d1154391a5e51733b7fc58a8 parkable-domain-verification=tfyMMTd19z2TedD63DPVMyjFILPMgwM4IP7J2elpykE= teamviewer-sso-verification=db65502554224be3a892d0a1d7d23ac7 SPF v=spf1 redirect=390fwuvj._spf._d.mim.ec xwwmlgcbfg256thhdv0150228ks7rkzb zoho-verification=zb43177975.zmverify.zoho.com |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 61 ms totalPASS
https://cambridge.org
23 ms · HTTP/1.1
https://www.cambridge.org
38 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://cambridge.org | 301 | 23 ms | HTTP/1.1 | cloudflare |
| 2 | https://www.cambridge.org | 200 | 38 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 2 URLsPASS
User-agent: Yandex
Disallow: /
User-agent: ChatGPT-User
Disallow: /
User-agent: ChatGPT
Disallow: /
User-agent: *
Allow: /concrete/*.css
Allow: /concrete/*.js
Allow: /concrete/*.jpg
Allow: /concrete/*.svg
Allow: /concrete/*.png
Allow: /concrete/*.gif
Allow: /packages/*.css
Allow: /packages/*.js
Allow: /packages/*.jpg
Allow: /packages/*.svg
Allow: /packages/*.png
Allow: /packages/*.gif
Allow: /blocks/*.css
Allow: /blocks/*.js
Allow: /blocks/*.jpg
Allow: /blocks/*.svg
Allow: /blocks/*.png
Allow: /blocks/*.gif
Allow: /tools/packages/cambridge_themes/getSocialImage
Allow: /tools/packages/cambridge_themes/miniCart*
Disallow: /aca/authorinformation/
Disallow: /blocks
Disallow: /concrete
Disallow: /config
Disallow: /controllers
Disallow: /css
Disallow: /elements
Disallow: /helpers
Disallow: /jobs
Disallow: /js
Disallow: /languages
Disallow: /libraries
Disallow: /mail
Disallow: /models
Disallow: /packages
Disallow: /single_pages
Disallow: /themes
Disallow: /tools
Disallow: /updates
Disallow: /branding
Disallow: /wm-ecommerce-web/academic/addtocart
Disallow: /wm-ecommerce-web/english/addtocart
Disallow: /wm-ecommerce-web/academic/cart
Disallow: /wm-ecommerce-web/english/cart
Disallow: /wm-ecommerce-web/education/cart
Disallow: */c5catalogue/
Disallow: /resources
Disallow: /core/dashboard
Disallow: /core/my-core
Disallow: /core/services/aop-*
Allow: /core/services/aop-cambridge-core/content/view/
Allow: /core/services/aop-cambridge-core/altmetric
Allow: /core/services/aop-file-manager/file
Allow: /aus/interchange
Allow: /files/*.jpg
Allow: /files/*.jpeg
Allow: /files/*.png
Allow: /files/*.gif
Disallow: /files
Disallow: /series/
Disallow: /titles/
Disallow: /uk
Allow: /uk/bookshop
Allow: /uk/education
Allow: /uk/jobs
Allow: /uk/linguistics
Allow: /uk/chemistry
Allow: /uk/stm
Allow: /uk/resources
Disallow: /engage/*/submit-process
Disallow: /engage/*/author-dashboard
Disallow: /engage/*/administration-dashboard
Disallow: /engage/_nuxt
Disallow: */storefront/
Disallow: /engage/demo
Disallow: /engage/*/retract-process
Disallow: /engage/*/test
Disallow: /highereducation/_nuxt
Disallow: /highereducation/my-account
Disallow: /package.json
Disallow: /api/ecommerce/bag
Disallow: /node
Disallow: /*?*site_view=
Disallow: /*?*nestedTab=
Disallow: /*?*ccm_paging_p_b=
Disallow: /*?*layout=
Disallow: /*?*f%5B*%5D=
Disallow: /*?*options[]=
Disallow: /*?*options%5B%5D=
Disallow: /*?f[*
Disallow: /*&f[*
Disallow: /*element_properties.*
Disallow: /*form_defaults.*
Disallow: /*property_group_options.*
Disallow: /*style_builder.*
Disallow: /checkout/
Disallow: /signin
Disallow: /register
User-agent: Twitterbot
Disallow: *
Disallow: /download_file/
Disallow: /manifests
Disallow: /infographic
Sitemap: https://www.cambridge.org/highereducation/sitemap_index.xml
A+Domain Intelligencecambridge.org — via CSC Corporate Domains, Inc., 28 years, 4 months old, hosted on CloudflarePASS
170 days
December 30, 2026
58 days
Issued by Google Trust Services
28 years, 4 months
Registered April 18, 1998
Not enabled
Protects against DNS spoofing
Cloudflare
ASN AS13335
104.17.111.190
CSC Corporate Domains, Inc.
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice