Infrastructure
· 17 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.FIPv6 ReadinessActionIPv6 records exist but unreachableFIX
Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.
Advertising IPv6 (AAAA records) without a reachable server means IPv6-preferring clients silently fail every connection.
Learn more ▾ ▴
Modern browsers prefer IPv6 if AAAA exists (Happy Eyeballs algorithm). If the IPv6 server isn't reachable, browsers fall back to IPv4 — but with seconds of added latency per request. Either fix IPv6 reachability or remove the AAAA records.
Source: RFC 8305 (Happy Eyeballs)
BCAA RecordsNo CAA records (any CA may issue certificates)REVIEW
CReverse DNSAction0/4 IPs match cert SANREVIEW
BRedirect Chain1 redirect(s), 1310 ms totalREVIEW
https://sbs.army
579 ms · HTTP/1.1
https://usforces.army/
732 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://sbs.army | 301 | 579 ms | HTTP/1.1 | cloudflare |
| 2 | https://usforces.army/ | 200 | 732 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
BTLS Certificate Expiry & Recommendations79 days until leaf cert expires — 2 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BOperational Status PageNo status page link detectedREVIEW
BHealth Check EndpointNo conventional health endpoint foundREVIEW
A+DNS Records2 A records, 36 ms lookupPASS
| A | 104.21.68.128, 172.67.195.138 |
| AAAA | 2606:4700:3030::ac43:c38a, 2606:4700:3034::6815:4480 |
| CNAME | — |
| NS | ignat.ns.cloudflare.com, teagan.ns.cloudflare.com |
| MX | 0 mx.services |
| TXT | google-site-verification=SlV0Yp9Qk91RLB4Y17lbk4-EWG66rNoT_Q13xLtUstQ SPF v=spf1 include:_spf.ukraine.com.ua include:mxsspf.sendpulse.com ~all |
| CAA | Lookup not available with standard resolver |
A+Subdomain TakeoverNo subdomain takeover risk detectedPASS
A+DNSSECSigned and validatingPASS
A+Multi-Resolver DNS SpeedMean 17ms across 3 resolvers (spread 16ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 3 URLsPASS
User-agent: *
Allow: */uploads
Allow: /*/*.js
Allow: /*/*.css
Allow: /wp-*.png
Allow: /wp-*.jpg
Allow: /wp-*.jpeg
Allow: /wp-*.gif
Allow: /wp-*.svg
Allow: /wp-*.pdf
Allow: /wp-admin/admin-ajax.php
Disallow: /cgi-bin
Disallow: /?s=
Disallow: /archives/
Disallow: *?replytocom
Disallow: *?attachment_id
Disallow: *cscategory
Disallow: /wp-content/uploads/*.pdf
Disallow: /wp-admin
Disallow: /wp-json/
Disallow: /wp-login.php
Disallow: /wp-register.php
Disallow: */?
Disallow: */embed
Sitemap: https://sbs.army/sitemap_index.xml
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencesbs.army — via Hosting Ukraine LLC, 2 years, 1 months old, hosted on CloudflarePASS
326 days
June 7, 2027
79 days
Issued by Google Trust Services
2 years, 1 months
Registered June 7, 2024
Enabled
Protects against DNS spoofing
Cloudflare
ASN AS13335
172.67.195.138
Hosting Ukraine LLC
Expiry timeline
Recommended actions
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice