Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BTLS Certificate Expiry & Recommendations153 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Submit your domain to hstspreload.org to be added to the Chrome preload list
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records4 A records, 99 ms lookupPASS
| A | 13.249.228.123, 13.249.228.124, 13.249.228.94, 13.249.228.63 |
| AAAA | — |
| CNAME | — |
| NS | ns-381.awsdns-47.com, ns-1495.awsdns-58.org, ns-616.awsdns-13.net, ns-1743.awsdns-25.co.uk |
| MX | 1 aspmx.l.google.com 5 alt2.aspmx.l.google.com 5 alt1.aspmx.l.google.com 10 alt3.aspmx.l.google.com 10 alt4.aspmx.l.google.com |
| TXT | apple-domain-verification=HVcqj6adUo39535i google-site-verification=o1-Z5_XysLkNRL_Fr0XzMxTNDGCHoVJzwmOgG5apYrs atlassian-domain-verification=SvE4jaub7awLiMuXWZa/MJuI10LQaiwUVcYdQa2xKuCB6Y6dKD... notion-domain-verification=Yg69TXpuZUoTBv5Ri6zQhMtHrF7gDDypUiwiwsKcc8Q lemlist-verif=3a27e226 slack-domain-verification=wvKukMkbZSVirrbxUeRN90GH6W7HoJVKjCqpdsCc rippling-domain-verification=217697edd61756fc onetrust-domain-verification=2580b3683efb4e6f91ea1440cc1bee77 Notion_verify_4qsvK9AQNWyTTydLGyF3ysuoJuYcgPfo6qzsKeWsJba9ayET3MJsMLQA2AhsM6HGMa... adobe-idp-site-verification=27c19071d43cf50bb319f12dca1b494fb4ac78700f01158bc53c... _1l13uk3o31dwxht8gy20uftkq7njy9i facebook-domain-verification=h9w15klgw91n2ot3lw77t035wqw2vb google-site-verification=L4cTbeDJCawV2WcUBdIg0ZohUIzmQsyri0cW9Vfx3ms stripe-verification=448ebe2b06a2eba394d9e73a16a897dee98918e6e8593961f56e86bb6296... wrike-verification=MTc5Mjk4MTpjOWI1MzY4ODdmMGU4ZDA1NDI4MWJiM2ZkYmJhMmE0YzMzMmVkO... airtable-verification=1424b5a97e88024b52c0d21bf8a1cd64 google-site-verification=22yq8uEpGxlFe2r7H413v6Wor4yaJDF_XM0wsOxoXjs asv=89178be4f98e857aed14bc7a748446eb jamf-site-verification=EPAkOUuclyfbWuPrE4bFJg anthropic-domain-verification-v74473=mmo7JLEzQN3oOrEhxNuzyUxja MS=ms33481336 google-site-verification=ZdmG6lG1KKqyINxvbgMYMLtigj2Zjc5qasxPp7ikZ3I google-site-verification=XW_EN8p8Aq6F0vXQo8QJFXTzZH3bHQnLYA4TFyPN63E ibmid=0b0660a3-b186-469a-8b70-25eac0c5a095 google-site-verification=12Dz3BKB7bWfhvTLookytJl2LUfhuheBky3SokggYkc google-site-verification=psmb0t3fy95_06_HZTTKA42vG8jQp8utdBMGYCgbJn8 google-site-verification=pZwqaQca9efqhei-uJPD1AYhimUB37qXYq-2jvp-mhc amazonses:OkYxgsklLbk4Efq6tshR+hWtLlWSmWy6A49YvL6zwqw= SPF v=spf1 include:spf1.wetransfer.com include:servers.mcsv.net include:_spf.google.... ZOOM_verify_KL0Tx6QHRE-pFo1TUH489w google-site-verification=QgqEa_4yOMSHcWSMtJrG4M0jeBwKBK07p7E5A73Ht_Q |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
https://wetransfer.com
96 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://wetransfer.com | 200 | 96 ms | HTTP/1.1 |
A+Crawlabilityrobots.txt present, sitemap with 4 URLsPASS
User-agent: *
Disallow: /*?*
Disallow: /api/ui/
Disallow: /api/
Disallow: /ter-optout
Disallow: /pm-optout
Disallow: /mar-optout
Disallow: /renewal-reminder-optout
Disallow: /wallpaper/
Disallow: /wallpapers/
Disallow: /unlisted/
Disallow: /transfers/*
Disallow: /accounts/*
Disallow: /verify-mobile
Sitemap: https://wetransfer.com/sitemap.xml
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencewetransfer.com — via Key-Systems GmbH, 18 years, 7 months old, hosted on AWSPASS
152 days
December 14, 2026
153 days
Issued by Amazon
18 years, 7 months
Registered December 14, 2007
Not enabled
Protects against DNS spoofing
AWS
ASN AS16509
13.249.228.123
Key-Systems GmbH
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice