Skip to content
https://visa.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
85
GRADE
B
FIX
0
REVIEW
5
PASS
4
INFO
0
Probed from Madrid, Spain
301 Moved Permanently
Checks
9
4 PASS 5 REVIEW
B
Redirect Chain
2 redirect(s), 518 ms total
REVIEW
2 redirect(s), 518 ms total
Warning::
2 redirects before reaching final URL
Each redirect adds latency. Try to minimize the chain to 1 hop.
Info::
WWW normalization redirect
Info::
Redirect overhead: 518 ms total
Got: 518 ms
Info::
Cross-domain redirect detected

https://visa.com

68 ms · HTTP/1.1

301

https://www.visa.com/

257 ms · HTTP/1.1

301

https://www.visa.es/

193 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://visa.com30168 msHTTP/1.1cloudflare
2https://www.visa.com/301257 msHTTP/1.1cloudflare
3https://www.visa.es/200193 msHTTP/1.1cloudflare

See the visual redirect chain in the HTTP Probe tab →

Each redirect adds latency. Try to minimize the chain to 1 hop.

Why this matters

Redirect chain — each hop adds latency; combine into one redirect where possible.

Source: Google Search Central / web.dev

C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
Crawlability
robots.txt present, no sitemap
REVIEW
robots.txt present, no sitemap
Info::
robots.txt is present
Got: 0 bytes
Info::
No sitemap.xml found
A sitemap helps search engines discover and index your pages more efficiently.
Info::
robots.txt does not reference a sitemap
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.

A sitemap helps search engines discover and index your pages more efficiently.

Why this matters

No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.

Learn more

A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.

Source: sitemaps.org / Google Search Central

Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.

Why this matters

robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.

Source: sitemaps.org

robots.txt 200 OK
Size 0 B Sitemaps referenced 0 User-agents Blocking No — crawling allowed
sitemap.xml No sitemap found

No sitemap found

Adding a sitemap helps search engines discover your pages.

B
TLS Certificate Expiry & Recommendations
180 days until leaf cert expires — 3 issues to address
REVIEW

Certificate validity

180
days left
0d 30d 60d 90d+

Recommended actions

  • Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN & Delivery
Cloudflare
REVIEW
Cloudflare
Info::
Site is served via Cloudflare CDN (edge: CDG)
Got: cf-ray: 9eff1fbd882bd63e-CDG
CDN Detected: Cloudflare
Provider Cloudflare Evidence cf-ray: 9eff1fbd882bd63e-CDG
A+
DNS Records
2 A records, 87 ms lookup
PASS
2 A records, 87 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 162.159.152.2, 162.159.153.2
Info::
No IPv6 (AAAA) records
Info::
6 nameserver(s) configured
Got: a10-64.akam.net, a2-65.akam.net, a1-190.akam.net, melinda.ns.cloudflare.com, lloyd.ns.cloudflare.com, a9-64.akam.net
Info::
4 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 87 ms
Got: 87 ms
A162.159.152.2, 162.159.153.2
AAAA
CNAME
NSa10-64.akam.net, a2-65.akam.net, a1-190.akam.net, melinda.ns.cloudflare.com, lloyd.ns.cloudflare.com, a9-64.akam.net
MX
10 portal2i.visa.com
10 portal3i.visa.com
10 portal1i.visa.com
10 portal4i.visa.com
TXT
atlassian-domain-verification=V7iyJiSHbTej8pjYVDdifzDO44z9HjUdZoVx1N48z/bxWLFQOJ...
docusign=c28711b5-a692-43dd-be6a-6995c5b18557
anthropic-domain-verification-ztq038=zYgHaF7HhlfwR4zeTlaOwSL4j
atlassian-sending-domain-verification=87862fd9-4bfb-4812-9255-78a4fc007224
google-site-verification=su9lQPkUMh3hlUElos__qihVpscTSmRb2AcHoa7O9iw
google-site-verification=Z_saFDzsd7vBwmgnBe1kxey5kMUZBbdIK2tfCsLTfhg
mixpanel-domain-verify=17d9eb00-9045-426e-a00c-0d7519fd5416
prttljx8jt0cndm8h4r8zk561y9zpqhd
postman-domain-verification=7cad7643b5b5e6267dace41fff950f2cb05f467c689d83380d23...
atlassian-domain-verification=/PlCzjmee+i8uVopeuSsU7ob7JACJeZ/nhiCKfzTXPT7kqStx5...
pigeonholelive-site-verification=4639ede809730bca0e52c45cd165dbe7
apple-domain-verification=OllinA0hXqDzZa6E
facebook-domain-verification=bkt7djhno98ijvg9fh8e4ohjq0k9tc
c33f8ds7v87st2j5lhwjy85t89gl8g57
google-site-verification=-JaYZik_MGBFoW1N_G_bXiSVDZfOk4WY-VTihaYmcvM
atlassian-domain-verification=G1hyhv/p8ypy0UtJXAVS1o2m/DPKM1UoA9FNjz/ZIxbY7AcL9Z...
397c4xs320y27dbx7m8vvp5st057046y
axios-domain-verification-ws7kt1=LxuAft0qnf4Gak8Yht7Cgianb
pendo-domain-verification=e6d7c929-b00e-4ae6-b735-887c0140aac7
ciscocidomainverification=73baf9f547b8c3d245f6977cae332dd81280a6609fb0336c5d3747...
0 contactemail hostmaster@visa.com
onetrust-domain-verification=824570fb233a4a509fc6025568860c01
atlassian-domain-verification=7zr/X7MYe1RLzdXboOQfgkBfeb6kAB892u84YHeyPVkhkgUC8b...
paloaltonetworks-site-verification=8b74ee21bee8880948eb89aa925f0484d80b572e625d8...
pexip-ms-tenant-domain-verification=598cf152-df41-47e7-ba4d-a7d3deef9d16
onetrust-domain-verification=a3ac6f032e624cec9263d8e27844602d
reftab-domain-verification=791713d815b7b07479c448d8e0fdfbf6
atlassian-domain-verification=iEmKn5pjANXzZRAwXcf27C2OaOQjGvGWwgaNxQKuSFGGa/uVgu...
ZOOM_verify_7BUaGiZgQwal26U_iC4SsA
google-site-verification=_QB_AQpQJwqEb6SFmz9t40ON4OIyL98OjKp6sWpgk6I
wrike-verification=MjE3MzIxNjpmYzExNDY5MTQyZjQxMzFhYmM1NjA4NzRjZGIyODIwMmYyMDAwO...
ca3-475f15e992de4b01858f158660feee46
adobe-idp-site-verification=9412b2b713f814b868784d5dd88e8ccc0be77857884c13286595...
applause-verification:450573e4-24a6-44ee-9d2a-07dfacb7af96
flexera-domain-verification-dlnjobedgexinqca
miro-verification=09958a3210ba4a37e940cddffd4f6d0cae827010
iamplMiZSKnXGuzVnt+Iapluyr+Lhol93c20YOmmcGFCWT9W1VdLRNQGNRto8nqgmTx5QodeW7cMP1BJ...
pendo-domain-verification=jjuLihCfcepKvkyI7eP3PkEw0u0
docker-verification=a7da3d5a-2641-42b2-98ea-ab420afe2c02
jamf-site-verification=XmGZNq15YNhXrfc7i9pmpw
docusign=83b99b90-8588-47c0-8a39-f45650959019
astro-domain-verification=clyx6ucjf0j2h01ov5423nwl4
MS=ms43679998
atlassian-domain-verification=HayM3UDHtHmDyfgxN4mOpNxSsB4Wcw7vsijQo4amFRmJ4XcvkY...
wrike-verification=NDI5NTgzNDphYjQ1MWNkYTQ0YjI1YzhlMThjNzNjOWQwNjE1MDUyZDY5NjA1N...
mongodb-site-verification=OKAeAotWTXaEULqyQtW69spNzulqghWm
perplexity-ai-domain-verification-w446vz=wrySuZC5Z1LoXIsAetcIRD1ze
atlassian-domain-verification=a0ZlgUYBsYkEDk57K0B/3LjHNN4enn9XLFryUZ5N0l8QdXtHw1...
SPF v=spf1 ip4:198.241.162.0/24 ip4:198.241.168.0/24 ip4:198.241.159.0/24 ip4:72.46....
CAALookup not available with standard resolver
Resolved in 87 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.visa.com/
200https://visa.com/

Preferred variant: non-www

HTTP → HTTPS

301http://visa.com/ https://www.visa.com/

Consistent

A+
Domain Intelligence
visa.com — via MarkMonitor Inc., 32 years, 7 months old, hosted on Cloudflare
PASS
visa.com — via MarkMonitor Inc., 32 years, 7 months old, hosted on Cloudflare
Info::
Domain registered until Mar 9, 2028 (1 years, 10 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: MarkMonitor Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: Cloudflare
Got: AS13335
Domain expiry

602 days

March 9, 2028

SSL certificate

180 days

Issued by CLOUDFLARE, INC.

Domain age

32 years, 7 months

Registered March 8, 1994

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

Cloudflare

ASN AS13335

162.159.152.2

Registrar

MarkMonitor Inc.

Unlocked 6 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable DNSSEC to protect visitors from DNS spoofing
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar MarkMonitor Inc.
Created March 8, 1994 (32 years, 7 months ago)
Expires March 9, 2028 (1 years, 10 months)
Last Updated February 5, 2026
Name Servers a1-190.akam.net, a10-64.akam.net, a2-65.akam.net, a9-64.akam.net, lloyd.ns.cloudflare.com, melinda.ns.cloudflare.com
DNSSEC Not enabled
Hosting
IP Address 162.159.152.2
ASN AS13335 (CLOUDFLARENET - Cloudflare, Inc., US)
Provider Cloudflare
Data source: rdap (0.3s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 102 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
30 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
16 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
26 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
102 ms
Total Time Total request time from DNS lookup through full response.
102 ms

Connection waterfall

DNS Lookup 30 ms TCP Connect 16 ms TLS Handshake 26 ms Server Processing 30 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback