Infrastructure - https://js.org BeaverCheck Audit

B

TLS Certificate Expiry & Recommendations

42 days until leaf cert expires — 2 issues to address

REVIEW

Certificate validity

42

days left

0d 30d 60d 90d+

Recommended actions

Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy

A+

DNS Records

3 A records, 48 ms lookup

PASS

3 A records, 48 ms lookup

Resolves to 3 IPv4 address(es)

Got: 104.26.8.84, 104.26.9.84, 172.67.73.64

Has 3 IPv6 (AAAA) record(s)

Got: 2606:4700:20::681a:854, 2606:4700:20::ac43:4940, 2606:4700:20::681a:954

2 nameserver(s) configured

Got: pam.ns.cloudflare.com, miles.ns.cloudflare.com

2 mail exchanger(s) configured

CAA records not checked

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

SPF record present in TXT

DNS resolution time: 48 ms

Got: 48 ms

A	104.26.8.84, 104.26.9.84, 172.67.73.64
AAAA	2606:4700:20::681a:854, 2606:4700:20::ac43:4940, 2606:4700:20::681a:954
CNAME	—
NS	pam.ns.cloudflare.com, miles.ns.cloudflare.com
MX	10 mx1.improvmx.com 20 mx2.improvmx.com
TXT	github-verification=Co5XEGjgZ54phI90tdeEbcXBt0LErl0nKNUpqPmR SPF v=spf1 -all
CAA	Lookup not available with standard resolver

Resolved in 48 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+

Redirect Chain

No redirects — direct access

PASS

No redirects — direct access

Got: https://js.org

https://js.org

265 ms · HTTP/1.1 FINAL

#	URL	Status	Time	Protocol	Server
1	https://js.org	200	265 ms	HTTP/1.1	cloudflare

A+

IPv6 Readiness

IPv6 reachable (17 ms)

PASS

IPv6 reachable (17 ms)

IPv6 is configured and reachable at 2606:4700:20::681a:854, 2606:4700:20::ac43:4940, 2606:4700:20::681a:954

Got: 17 ms connect

IPv6 Ready

AAAA Records 2606:4700:20::681a:854, 2606:4700:20::ac43:4940, 2606:4700:20::681a:954 Connection Reachable (17 ms)

A

Crawlability

no robots.txt, sitemap with 6 URLs

PASS

no robots.txt, sitemap with 6 URLs

No robots.txt found

robots.txt is optional but recommended. It tells search engine crawlers which pages to index.

sitemap.xml is present

sitemap.xml is valid XML

sitemap.xml contains 6 entries

robots.txt is optional but recommended. It tells search engine crawlers which pages to index.

Why this matters

No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.

Learn more ▾

A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.

Source: robotstxt.org

robots.txt No robots.txt found

No robots.txt found

This is fine for most sites — a missing robots.txt allows all crawling by default.

sitemap.xml 200 OK

Type URL Set URLs 6 entries Valid XML Yes

Sample URLs:

A+

URL Variants

www/non-www, trailing slash, HTTP→HTTPS

PASS

www/non-www, trailing slash, HTTP→HTTPS

www/non-www redirect configured correctly (preferred: non-www)

HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.js.org/

200https://js.org/

Preferred variant: non-www

HTTP → HTTPS

301http://js.org/ → https://js.org/

Consistent

A+

Domain Intelligence

js.org — via NameCheap, Inc., 30 years, 3 months old

PASS

js.org — via NameCheap, Inc., 30 years, 3 months old

Domain registered until Jun 25, 2032 (6 years, 3 months remaining)

DNSSEC is enabled

Registrar: NameCheap, Inc.

Registrar lock is NOT enabled

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Domain expiry

2201 days

June 25, 2032

SSL certificate

42 days

Issued by Let's Encrypt

Domain age

30 years, 3 months

Registered June 26, 1996

DNSSEC

Enabled

Protects against DNS spoofing

Hosting

Unknown

2606:4700:20::681a:854

Registrar

NameCheap, Inc.

Unlocked 2 NS records

Expiry timeline

Today

+1 year

Domain expiry SSL expiry Danger zone (≤30 days)

Recommended actions

Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers

Registrar NameCheap, Inc.

Created June 26, 1996 (30 years, 3 months ago)

Expires June 25, 2032 (6 years, 3 months)

Last Updated March 18, 2023

Name Servers miles.ns.cloudflare.com, pam.ns.cloudflare.com

DNSSEC Enabled

Hosting

IP Address 2606:4700:20::681a:854

Data source: rdap (0.6s)

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more ▾

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+

HTTP Probe Timing

Total 289 ms — DNS, TCP, TLS, TTFB, content transfer breakdown

PASS

DNS Lookup

47 ms

TCP Connect

16 ms

TLS Handshake

21 ms

Time to First Byte

289 ms

Total Time

289 ms

Connection waterfall

DNS Lookup 47 ms TCP Connect 16 ms TLS Handshake 21 ms Server Processing 205 ms Content Transfer 0 ms

A

CDN & Delivery

Cloudflare (DYNAMIC)

PASS

Cloudflare (DYNAMIC)

Site is served via Cloudflare CDN (edge: CDG)

Got: cf-ray: 9eff055fb841f100-CDG

CDN cache status: DYNAMIC

CDN Detected: Cloudflare

Provider Cloudflare Cache Status DYNAMIC Evidence cf-ray: 9eff055fb841f100-CDG