Skip to content
https://www.accenture.com/de-de/about/contact-us#contactus-formheader

Infrastructure

· 17 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
85
GRADE
B
FIX
1
REVIEW
5
PASS
11
INFO
0
Probed from New York, United Stated
200 OK
Checks
17
11 PASS 5 REVIEW 1 FIX
F
IPv6 Readiness
Action
IPv6 records exist but unreachable
FIX
IPv6 records exist but unreachable
Warning::
IPv6 DNS records exist but server is not reachable
Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.
Got: 2600:9000:2514:2400:d:5159:5a00:93a1, 2600:9000:2514:1800:d:5159:5a00:93a1, 2600:9000:2514:5200:d:5159:5a00:93a1, 2600:9000:2514:6c00:d:5159:5a00:93a1, 2600:9000:2514:ca00:d:5159:5a00:93a1, 2600:9000:2514:fc00:d:5159:5a00:93a1, 2600:9000:2514:e00:d:5159:5a00:93a1, 2600:9000:2514:9800:d:5159:5a00:93a1
Info::
IPv6 connection error
Got: dial tcp6 [2600:9000:2514:2400:d:5159:5a00:93a1]:443: connect: no route to host
IPv6 Misconfigured
AAAA Records 2600:9000:2514:2400:d:5159:5a00:93a1, 2600:9000:2514:1800:d:5159:5a00:93a1, 2600:9000:2514:5200:d:5159:5a00:93a1, 2600:9000:2514:6c00:d:5159:5a00:93a1, 2600:9000:2514:ca00:d:5159:5a00:93a1, 2600:9000:2514:fc00:d:5159:5a00:93a1, 2600:9000:2514:e00:d:5159:5a00:93a1, 2600:9000:2514:9800:d:5159:5a00:93a1 Connection UNREACHABLE

Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.

Why this matters

Advertising IPv6 (AAAA records) without a reachable server means IPv6-preferring clients silently fail every connection.

Learn more

Modern browsers prefer IPv6 if AAAA exists (Happy Eyeballs algorithm). If the IPv6 server isn't reachable, browsers fall back to IPv4 — but with seconds of added latency per request. Either fix IPv6 reachability or remove the AAAA records.

Source: RFC 8305 (Happy Eyeballs)

B
DNSSEC
Unsigned (DNSSEC not deployed)
REVIEW
Unsigned (DNSSEC not deployed)
Info::
DNSSEC is not deployed
The zone is not DNSSEC-signed. Users on validating resolvers (Cloudflare 1.1.1.1, Quad9 9.9.9.9, growing default in mobile resolvers) get no protection against DNS spoofing for this domain. Most registrars now offer DNSSEC at a single click; consider enabling it for sites where authenticity matters (banking, healthcare, government).
B
CAA Records
No CAA records (any CA may issue certificates)
REVIEW
No CAA records (any CA may issue certificates)
Info::
No CAA records published
Without CAA records, any publicly-trusted CA can issue certificates for this domain. Adding a CAA record (`yourdomain. IN CAA 0 issue "letsencrypt.org"`) restricts issuance to CAs you authorize. Required by CAB Forum baseline since 2017; the default of 'any CA' is widely supported but is the broader attack surface for issuance fraud.
B
Reverse DNS
0/12 IPs match cert SAN
REVIEW
0/12 IPs match cert SAN
Info::
PTR for 13.35.93.109 does not match any cert SAN: server-13-35-93-109.jfk50.r.cloudfront.net
Common when behind a CDN or shared hosting (PTR points at the provider's hostname). Mismatch can also affect mail deliverability if this IP sends email -- many MTAs reject mail when forward+reverse DNS disagree.
Info::
PTR for 13.35.93.15 does not match any cert SAN: server-13-35-93-15.jfk50.r.cloudfront.net
Common when behind a CDN or shared hosting (PTR points at the provider's hostname). Mismatch can also affect mail deliverability if this IP sends email -- many MTAs reject mail when forward+reverse DNS disagree.
Info::
PTR for 13.35.93.104 does not match any cert SAN: server-13-35-93-104.jfk50.r.cloudfront.net
Common when behind a CDN or shared hosting (PTR points at the provider's hostname). Mismatch can also affect mail deliverability if this IP sends email -- many MTAs reject mail when forward+reverse DNS disagree.
Info::
PTR for 13.35.93.117 does not match any cert SAN: server-13-35-93-117.jfk50.r.cloudfront.net
Common when behind a CDN or shared hosting (PTR points at the provider's hostname). Mismatch can also affect mail deliverability if this IP sends email -- many MTAs reject mail when forward+reverse DNS disagree.
Info::
PTR lookup failed for 2600:9000:2514:2400:d:5159:5a00:93a1: lookup 2600:9000:2514:2400:d:5159:5a00:93a1: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
Info::
PTR lookup failed for 2600:9000:2514:1800:d:5159:5a00:93a1: lookup 2600:9000:2514:1800:d:5159:5a00:93a1: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
Info::
PTR lookup failed for 2600:9000:2514:5200:d:5159:5a00:93a1: lookup 2600:9000:2514:5200:d:5159:5a00:93a1: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
Info::
PTR lookup failed for 2600:9000:2514:6c00:d:5159:5a00:93a1: lookup 2600:9000:2514:6c00:d:5159:5a00:93a1: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
Info::
PTR lookup failed for 2600:9000:2514:ca00:d:5159:5a00:93a1: lookup 2600:9000:2514:ca00:d:5159:5a00:93a1: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
Info::
PTR lookup failed for 2600:9000:2514:fc00:d:5159:5a00:93a1: lookup 2600:9000:2514:fc00:d:5159:5a00:93a1: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
Info::
PTR lookup failed for 2600:9000:2514:e00:d:5159:5a00:93a1: lookup 2600:9000:2514:e00:d:5159:5a00:93a1: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
Info::
PTR lookup failed for 2600:9000:2514:9800:d:5159:5a00:93a1: lookup 2600:9000:2514:9800:d:5159:5a00:93a1: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
B
TLS Certificate Expiry & Recommendations
76 days until leaf cert expires — 1 issues to address
REVIEW

Certificate validity

76
days left
0d 30d 60d 90d+

Recommended actions

  • Submit your domain to hstspreload.org to be added to the Chrome preload list
B
Operational Status Page
No status page link detected
REVIEW
No status page link detected
Info::
No operational status page link detected
Status pages communicate planned maintenance and incidents to users -- a hallmark of operationally-mature services. Most SaaS teams publish one via Atlassian Statuspage, Instatus, BetterUptime, or a self-hosted Cachet. Smaller sites legitimately don't need one; flagged as Info, not a failure.
A
DNS Records
4 A records, 41 ms lookup
PASS
4 A records, 41 ms lookup
Info::
Resolves to 4 IPv4 address(es)
Got: 13.35.93.109, 13.35.93.15, 13.35.93.104, 13.35.93.117
Info::
Has 8 IPv6 (AAAA) record(s)
Got: 2600:9000:2514:2400:d:5159:5a00:93a1, 2600:9000:2514:1800:d:5159:5a00:93a1, 2600:9000:2514:5200:d:5159:5a00:93a1, 2600:9000:2514:6c00:d:5159:5a00:93a1, 2600:9000:2514:ca00:d:5159:5a00:93a1, 2600:9000:2514:fc00:d:5159:5a00:93a1, 2600:9000:2514:e00:d:5159:5a00:93a1, 2600:9000:2514:9800:d:5159:5a00:93a1
Warning::
CNAME record at zone apex
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
Got: d13iavm24b37u0.cloudfront.net
Info::
4 nameserver(s) configured
Got: ns-1488.awsdns-58.org, ns-1679.awsdns-17.co.uk, ns-33.awsdns-04.com, ns-745.awsdns-29.net
Info::
No MX records — email not configured via DNS
Info::
No SPF record found in TXT records
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Info::
DNS resolution time: 41 ms
Got: 41 ms
A13.35.93.109, 13.35.93.15, 13.35.93.104, 13.35.93.117
AAAA2600:9000:2514:2400:d:5159:5a00:93a1, 2600:9000:2514:1800:d:5159:5a00:93a1, 2600:9000:2514:5200:d:5159:5a00:93a1, 2600:9000:2514:6c00:d:5159:5a00:93a1, 2600:9000:2514:ca00:d:5159:5a00:93a1, 2600:9000:2514:fc00:d:5159:5a00:93a1, 2600:9000:2514:e00:d:5159:5a00:93a1, 2600:9000:2514:9800:d:5159:5a00:93a1
CNAMEd13iavm24b37u0.cloudfront.net
NSns-1488.awsdns-58.org, ns-1679.awsdns-17.co.uk, ns-33.awsdns-04.com, ns-745.awsdns-29.net
MX
TXT
CAALookup not available with standard resolver
Resolved in 41 ms

A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.

Why this matters

CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.

Learn more

RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.

Source: RFC 1034

SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.

Why this matters

Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.

Learn more

SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.

Source: RFC 7208 (SPF)

A+
Subdomain Takeover
CNAME points at managed service(s) — verify configuration
PASS
CNAME points at managed service(s) — verify configuration
Info::
CNAME targets AWS CloudFront — verify ownership
CNAME targets CloudFront. Distribution names are GUID-style so accidental re-registration is unlikely, but a deleted distribution will return errors. Verify the CloudFront distribution is still active.
Got: d13iavm24b37u0.cloudfront.net
A+
Multi-Resolver DNS Speed
Mean 7ms across 3 resolvers (spread 16ms)
PASS
Mean 7ms across 3 resolvers (spread 16ms)
Info::
Quad9: 1ms
Got: 1ms via 9.9.9.9:53
Info::
Cloudflare: 3ms
Got: 3ms via 1.1.1.1:53
Info::
Google: 17ms
Got: 17ms via 8.8.8.8:53
A+
Redirect Chain
No redirects — direct access
PASS
No redirects — direct access
Info::
No redirects — direct access
Got: https://www.accenture.com/de-de/about/contact-us#contactus-formheader

https://www.accenture.com/de-de/about/co...

50 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://www.accenture.com/de-de/about/co...20050 msHTTP/1.1
A+
Crawlability
robots.txt present, sitemap with 109 URLs
PASS
robots.txt present, sitemap with 109 URLs
Info::
robots.txt is present
Got: 836 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 109 entries
Info::
Sitemap index with 109 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 836 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed
User-agent: *

Disallow: */Careers/Registration

Disallow: */Careers/Form

Disallow: */Careers/Profiles

Disallow: */error/

Disallow: */loginpage

Disallow: */sitecore/

Disallow: */BucketContent

Disallow: */RedesignBucket

Disallow: */core/

Disallow: */?sc_lang

Disallow: */secure/

Disallow: */clients/

Disallow: */client/

Disallow: */a-com-no-follow-no-index/

Disallow: */_acnmedia/

Disallow: */_globalreferences/

Disallow: /us-en/careers/admin/careersxmlresult

Disallow: /*/header/global-header/

Disallow: /*.nocache.html

Disallow: */content/acom/

Disallow: /*tlaAppCB

Disallow: */careers/jobsearch?

Disallow: */search/ai-search

Disallow: */search/results

Disallow: /*WHB

Disallow: /*Channel

Disallow: /*channel 

Disallow: /*target_id

Disallow: /*utm_source

sitemap: https://www.accenture.com/sitemap-index.xml
sitemap.xml 200 OK
Type Sitemap Index URLs 109 entries Valid XML Yes
Child Sitemaps:
A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: www)
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.accenture.com/de-de/about/contact-us
301https://accenture.com/de-de/about/contact-us

Preferred variant: www

Trailing Slash

301https://www.accenture.com/de-de/about/contact-us/
200https://www.accenture.com/de-de/about/contact-us#contactus-formheader

HTTP → HTTPS

301http://www.accenture.com/de-de/about/contact-us https://www.accenture.com/de-de/about/contact-us

Consistent

A
Domain Intelligence
accenture.com — via CSC Corporate Domains, Inc., 26 years, 2 months old, hosted on ACCENTURE - Accenture LLP, US
PASS
accenture.com — via CSC Corporate Domains, Inc., 26 years, 2 months old, hosted on ACCENTURE - Accenture LLP, US
Warning::
Domain expires in 46 days
Consider enabling auto-renewal to prevent accidental expiration.
Got: Expires Aug 29, 2026
Info::
DNSSEC is enabled
Info::
Registrar: CSC Corporate Domains, Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: ACCENTURE - Accenture LLP, US
Got: AS3573
Domain expiry

45 days

August 29, 2026

SSL certificate

76 days

Issued by DigiCert Inc

Domain age

26 years, 2 months

Registered August 29, 2000

DNSSEC

Enabled

Protects against DNS spoofing

Hosting

ACCENTURE - Accenture LLP, US

ASN AS3573

170.248.56.19

Registrar

CSC Corporate Domains, Inc.

Unlocked 5 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Renew the domain or enable auto-renewal to prevent accidental expiry
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar CSC Corporate Domains, Inc.
Created August 29, 2000 (26 years, 2 months ago)
Expires August 29, 2026 (1 months)
Last Updated May 15, 2026
Name Servers amrns1501.accenture.com, apans3501.accenture.com, cfans1001.accenture.com, cfans1002.accenture.com, emens3501.accenture.com
DNSSEC Enabled
Hosting
IP Address 170.248.56.19
ASN AS3573 (ACCENTURE - Accenture LLP, US)
Provider ACCENTURE - Accenture LLP, US
Data source: rdap (0.1s)

Consider enabling auto-renewal to prevent accidental expiration.

Why this matters

Domain expiry approaching — renew immediately and ensure auto-renew + alerting are configured.

Source: ICANN renewal policy

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 55 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
36 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
1 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
4 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
53 ms
Total Time Total request time from DNS lookup through full response.
56 ms

Connection waterfall

DNS Lookup 36 ms TCP Connect 1 ms TLS Handshake 4 ms Server Processing 12 ms Content Transfer 2 ms
A+
CDN & Delivery
AWS CloudFront (Hit from cloudfront)
PASS
AWS CloudFront (Hit from cloudfront)
Info::
Site is served via AWS CloudFront CDN (edge: JFK50-P8)
Got: x-amz-cf-id: V0kmLp3PkYB1OdCnEW3e4m6Zau690bD5Qk7KlYcXyo3miXqyO5842A==
Info::
CDN cache status: Hit from cloudfront
CDN Detected: AWS CloudFront
Provider AWS CloudFront Cache Status Hit from cloudfront Evidence x-amz-cf-id: V0kmLp3PkYB1OdCnEW3e4m6Zau690bD5Qk7KlYcXyo3miXqyO5842A==
A+
CDN Cache Observability
Cache state: HIT
PASS
Cache state: HIT
Info::
CDN cache state observable via 3 header(s)
Got: age=4584, x-cache=Hit from cloudfront, x-served-by=cache-iad-kcgs7200158-IAD
A+
Health Check Endpoint
Health endpoint at https://www.accenture.com/health (HTTP 200)
PASS
Health endpoint at https://www.accenture.com/health (HTTP 200)
Info::
Public health endpoint at https://www.accenture.com/health
Got: https://www.accenture.com/health
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback