Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations71 days until leaf cert expires — 2 issues to addressREVIEW
Certificate validity
Recommended actions
- Submit your domain to hstspreload.org to be added to the Chrome preload list
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
A+DNS Records2 A records, 92 ms lookupPASS
| A | 172.64.155.119, 104.18.32.137 |
| AAAA | 2a06:98c1:310d::ac40:9b77, 2a06:98c1:3104::6812:2089 |
| CNAME | — |
| NS | bob.ns.cloudflare.com, sharon.ns.cloudflare.com |
| MX | 10 mxa-0085c101.gslb.pphosted.com 10 mxb-0085c101.gslb.pphosted.com |
| TXT | docusign=b164ee08-6b8d-4be0-ae34-2472cd60d7ab pendo-domain-verification=f8c3b117-306e-4234-acfc-88344e23c67a cisco-ci-domain-verification=339b1cf9c229f4787c3905d17a7c89b9a915822530a01bf6006... onetrust-domain-verification=57e0332429184605902c298bc904a247 wiz-domain-verification=65d7cc0114a4cc0f057f12fb9b96f36c3b5ffe040c7da22e89bcded6... mongodb-site-verification=qnpvpcXZbHR4ItsSQyx1pjHkKjqx3klY onetrust-domain-verification=d70376cb3f694b4fa8ece43853c17915 XDb63QoAZrULlrBF wework-site-verification=Ya4tT8723R9RYWWe apple-domain-verification=xZdBFCwphv15y88N apple-domain-verification=VgUD9yr0AG9q6tQq cursor-domain-verification-bnemd5=idl647hbmTakjCblGuNDX8RVP 0185d409-4776-4f17-a68f-1dd8b374986d canva-site-verification=0vcE2wk96orWR2AG9rf0bg onetrust-domain-verification=39707d5d22ba4edcbdc9bf357a517519 google-site-verification=s170_jausEPWddzj9qRDQ2XC27jhSJTYrKs0tBUVxSA onetrust-domain-verification=831ea95f8e1c4adeb515a600727869ae webexdomainverification.PH9L=beb51ab8-2645-4128-9fca-dc2f77f9dabe adobe-idp-site-verification=9de219b9cada3fc3788e293fd7d75bbe0db35b8d984958ef73e5... SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com include:docebosaas.com ~all stripe-verification=2D80C849099F72C41E3F94A59D15B9B24F84D5B4500CE1855C7A3A0A09A4... onetrust-domain-verification=ec35ce06d03e40cfb02d68aea7ddc1dd atlassian-domain-verification=+2UZRd+hRXppTRczhr09TT2wwaWKd30IBwMbwKZrVkOxbyzMA8... onetrust-domain-verification=8cfa181a01254d9f9174db089e879065 paloaltonetworks-site-verification=40470467ac8a2d654bc208b7e89b09b9cb4b5070f2ddb... onetrust-domain-verification=965acedf534242fa9631a45deb92cf58 MJ_VFY=a74d382330d1924ef6abb929f8ff2124.txt expensify-domain-verification=ADAB8C6BA0 onetrust-domain-verification=1b8fc70e00b94a3eb4fe94185bf0a7ef citrix-verification-code=e029a89e-34e9-4df9-aede-69bc398d508f sysQl-rM0ohY0Qo2f6gF-r61U8U anthropic-domain-verification-yx44rm=huo6rd9SRJHUVbu2fSo30ZvV0 onetrust-domain-verification=ca988fc173944f248144ff6cad8d863a OSSRH-59088 onetrust-domain-verification=5e7b16c6ac0b4834a38c3af1a24dd7f0 drift-domain-verification=2e8de17fc6c7047e1e02fb3de199709716f873aea7adca6ffde786... docker-verification=8d348101-febf-465e-9db8-d5ea8ee59618 00DEk00000e7hyr=1TBEk0000000qZh onetrust-domain-verification=b6736db26f364a1ebf3c223962f10ca5 onetrust-domain-verification=b872c9744c6d45a08d89efc4ff2a2b8f onetrust-domain-verification=a9938eb634154a519ff8e84c8555e2e0 google-site-verification=s7VTRbsD2smQrldqyQ3U5zKp_r3CiALFUJFEVlaI-P0 neat-pulse-domain-verification-5NzDJwX=46fa0e63-a211-4939-a997-df0d44117a6c onetrust-domain-verification=e8702c62c3dd415fa37cafdf612bed97 fastly-domain-delegation-AWE2EgDaAh-20230802 openai-domain-verification=dv-fLDzlrNnCIHK19tuewgOkgQJ postman-domain-verification=43b5f2e6ec2b82c9f50ac8af47fd100a6d89da11e8c6943458f0... airtable-verification=3d3ecb4e021b7469e2364ac7c3fa4123 smartsheet-site-validation=7BSvHYmHW05qswY71SS5fEd_j7vzG4aQ windsurf-verification=6vl9-FcfFd-wDPvvw3v1YTLyyzjhidyGV4tJTd45gDU= onetrust-domain-verification=e891df1ec6344fd8941c2efd3bd73bee |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 179 ms totalPASS
https://onetrust.com
81 ms · HTTP/1.1
https://www.onetrust.com/
98 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://onetrust.com | 301 | 81 ms | HTTP/1.1 | cloudflare |
| 2 | https://www.onetrust.com/ | 200 | 98 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+IPv6 ReadinessIPv6 reachable (16 ms)PASS
ACrawlabilityrobots.txt present, no sitemapPASS
A sitemap helps search engines discover and index your pages more efficiently.
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
Sitemap: https://www.onetrust.com/sitemap.xml
User-agent: *
Disallow: /terms/
Disallow: /support/
Disallow: /signature/
Disallow: /product-documentation/
Disallow: /pdf/
Disallow: /paypal/
Disallow: /operations/
Disallow: /hr/
Disallow: /email/
Disallow: /dataguidance/
Disallow: /client-logos/
Disallow: /assets/
Disallow: /build/
Disallow: /sales-demo-video/
Disallow: /webex/
Disallow: /*.xls
No sitemap found
Adding a sitemap helps search engines discover your pages.
A+Domain Intelligenceonetrust.com — via NameCheap, Inc., 22 years, 6 months oldPASS
183 days
January 12, 2027
71 days
Issued by Google Trust Services
22 years, 6 months
Registered January 12, 2004
Enabled
Protects against DNS spoofing
Unknown
2a06:98c1:310d::ac40:9b77
NameCheap, Inc.
Expiry timeline
Recommended actions
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice