Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations102 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Add includeSubDomains to the HSTS directive
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records4 A records, 16 ms lookupPASS
| A | 151.101.128.81, 151.101.0.81, 151.101.64.81, 151.101.192.81 |
| AAAA | 2a04:4e42::81, 2a04:4e42:200::81, 2a04:4e42:400::81, 2a04:4e42:600::81 |
| CNAME | — |
| NS | dns0.bbc.co.uk, dns0.bbc.com, dns1.bbc.co.uk, dns1.bbc.com, ddns0.bbc.co.uk, ddns0.bbc.com, ddns1.bbc.co.uk, ddns1.bbc.com |
| MX | 10 cluster1.eu.messagelabs.com 20 cluster1a.eu.messagelabs.com |
| TXT | SPF v=spf1 ip4:212.58.224.0/19 ip4:132.185.0.0/16 +include:spf.sis.bbc.co.uk +includ... docusign=50f10407-e3e4-4f6a-aae4-712d4eb31329 docusign=a10ad7b6-cf7e-472d-8157-23061f5b5116 voUGv5zARbEV516E/S8Ugsy9/FOgDGg4n/rpmKZQRROVOj0+2tgzKw3Tk9+Ks6qVbNKU18KTrR5khxTQ... google-site-verification=Rhy5gpa1LeMjUY6gxrds3K4bhB_SUv-fYU9D3kpeAc8 google-site-verification=ITX3CwHXxGVfkCmhF4eSwdfo8h2ZGLAZ3zRpYvZi5XA dropbox-domain-verification=l5djk65wpy3z adobe-idp-site-verification=9b850a4a56e3fac19aea1e0ac5db302e5cefab444cd73519dce1... google-site-verification=RaiMXJBIiFvqXHd43kv_ekzmXT2l8ibq5Xy0mulndvU atlassian-domain-verification=SQsgJ5h/FqwMTXuSG/G4Nd1Gx6uX2keREOsZSa22D5XT46EsEu... Huddle J0kgGm0XqA3/6pLD4DHeC5x/dAduzT809P1Iwx/PRCYvVS32rv75RIHKC2aVz47dJxKhPlxGf3h3KXiL... apple-domain-verification=jFFO0rdS9IrxgWUR msfpkey=3e29l8m08bqxp19k63t73fj5b docker-verification=aab67462-78f7-4ade-a86b-358645923430 slack-domain-verification=wMCDUxtzgNFdmaVVeB6w6mDT8srz7ZIWqzV31zPu asv=0f1cb0a74a95764aafe8161309533029 access-domain-verification=d2445ac4134b4b6322bf8d546458c73e00100ee3eca47fa1a8646... mongodb-site-verification=XEpCXFkFHrAUlb6oIEIe3hJz6NjerLhU _globalsign-domain-verification=nru5P3kr6LQEU2v-_jv_VIViaFjoKlPwrKQsRqnKVf yahoo-verification-key=+1K3fj4MM7tT8erFBTbBdDwhSGqBf37fO60f7R7MHbE= |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 51 ms totalPASS
https://bbc.co.uk
11 ms · HTTP/1.1
https://www.bbc.co.uk/
40 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://bbc.co.uk | 301 | 11 ms | HTTP/1.1 | Varnish |
| 2 | https://www.bbc.co.uk/ | 200 | 40 ms | HTTP/1.1 | BBC-GTM |
See the visual redirect chain in the HTTP Probe tab →
A+IPv6 ReadinessIPv6 reachable (1 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 6 URLsPASS
# version: a28d9b8cc160dae99c5da44b61f9fb6a0c3a520e
# The BBC's Terms of Use: https://www.bbc.co.uk/terms
# - Explain the rules for using our services
# - Tell you what you can do with our content
#
# In short: Please use our site like a human, not a robot.
# That means:
# - No scraping, crawling, or systematic extraction of content
# - No use of BBC content for training or fine-tuning AI models, including large language models (LLMs)
# - No retrieval-augmented generation (RAG), AI-powered search, agentic AI or grounding using BBC content
# - No creating datasets from BBC content
# - No text and data mining (TDM) under Article 4 of the EU Directive on Copyright in the Digital Single Market
# - No using BBC content to create summaries for your own use
# - No business use without permission (details: https://www.bbc.co.uk/usingthebbc/terms/can-i-use-bbc-content-for-my-business/)
# - The BBC reserves all rights in its content and expressly opts out of any statutory exceptions in any jurisdiction for text and data mining, as permitted by law
# TL;DR: Browse, read, watch, enjoy - like a human.
#
# HTTPS www.bbc.co.uk
User-agent: *
Sitemap: https://www.bbc.co.uk/sitemap.xml
Sitemap: https://www.bbc.co.uk/sitemaps/https-index-uk-archive.xml
Sitemap: https://www.bbc.co.uk/sitemaps/https-index-uk-news.xml
Sitemap: https://www.bbc.co.uk/food/sitemap.xml
Sitemap: https://www.bbc.co.uk/bitesize/sitemap/sitemapindex.xml
Sitemap: https://www.bbc.co.uk/teach/sitemap/sitemapindex.xml
Sitemap: https://www.bbc.co.uk/sitemaps/https-index-uk-archive_video.xml
Sitemap: https://www.bbc.co.uk/sitemaps/https-index-uk-video.xml
Sitemap: https://www.bbc.co.uk/sitemaps/sitemap-uk-ws-topics.xml
Sitemap: https://www.bbc.co.uk/sport/sitemap.xml
Sitemap: https://www.bbc.co.uk/sitemaps/sitemap-uk-topics.xml
Sitemap: https://www.bbc.co.uk/ideas/sitemap.xml
Sitemap: https://www.bbc.co.uk/tiny-happy-people/sitemap/sitemapindex.xml
Disallow: /asset/
Disallow: /bitesize/search$
Disallow: /bitesize/search/
Disallow: /bitesize/search?
Disallow: /cbbc/search$
Disallow: /cbbc/search/
Disallow: /cbbc/search?
Disallow: /cbeebies/search$
Disallow: /cbeebies/search/
Disallow: /cbeebies/search?
Disallow: /chwilio/
Disallow: /chwilio$
Disallow: /chwilio?
Disallow: /iplayer/bigscreen/
Disallow: /iplayer/cbbc/episodes/
Disallow: /iplayer/cbbc/search
Disallow: /iplayer/cbeebies/episodes/
Disallow: /iplayer/cbeebies/search
Disallow: /iplayer/search
Disallow: /indepthtoolkit/smallprox$
Disallow: /indepthtoolkit/smallprox/
Disallow: /moderation/reports/
Disallow: /modules/musicnav/language/
Disallow: /news/0
Disallow: /radio/aod/
Disallow: /radio/aod$
Disallow: /radio/imda
Disallow: /radio/player/
Disallow: /radio/player$
Disallow: /search/
Disallow: /search$
Disallow: /search?
Disallow: /sport/alpha/
Disallow: /sounds/player/
Disallow: /sounds/player$
Disallow: /ugc$
Disallow: /ugc/
Disallow: /ugcsupport$
Disallow: /ugcsupport/
Disallow: /userinfo/
Disallow: /userinfo
Disallow: /food/favourites
Disallow: /food/menus/*/shopping-list
Disallow: /food/recipes/*/shopping-list
Disallow: /food/search*?*
Disallow: /sounds/search$
Disallow: /sounds/search/
Disallow: /sounds/search?
Disallow: /ws/includes
Disallow: /rd/search$
Disallow: /rd/search/
Disallow: /rd/search?
Disallow: /things/search$
Disallow: /things/search/
Disallow: /things/search?
User-agent: Amazonbot
Disallow: /
User-agent: magpie-crawler
Disallow: /
User-agent: CCBot
Disallow: /
User-Agent: omgili
Disallow: /
User-Agent: omgilibot
Disallow: /
User-agent: ClaudeBot
Disallow: /
User-agent: Claude-Web
Disallow: /
User-agent: anthropic-ai
Disallow: /
User-agent: cohere-ai
Disallow: /
User-agent: Bytespider
Disallow: /
User-agent: PetalBot
Disallow: /
User-agent: Scrapy
Disallow: /
User-agent: Applebot-Extended
Disallow: /
User-agent: GPTBot
Disallow: /
User-agent: ChatGPT-User
Disallow: /
User-agent: Google-Extended
Disallow: /
User-Agent: PerplexityBot
Disallow: /
User-agent: Perplexity-User
Disallow: /
User-agent: Google-CloudVertexBot
Disallow: /
User-agent: meta-externalagent
Disallow: /
User-agent: OAI-SearchBot
Disallow: /
User-agent: YandexAdditional
Disallow: /
User-agent: YandexAdditionalBot
Disallow: /
User-agent: TurnitinBot
Disallow: /
User-agent: Amzn-SearchBot
Disallow: /
User-agent: Amzn-User
Disallow: /
User-agent: ProRataInc
Disallow: /
User-agent: CloudflareBrowserRenderingCrawler
Disallow: /
User-agent: AhrefsBot
Disallow: /
A+Domain Intelligencebbc.co.uk — via British Broadcasting Corporation, 31 years, 9 months oldPASS
3075 days
December 13, 2034
102 days
Issued by GlobalSign nv-sa
31 years, 9 months
Registered December 13, 1994
Not enabled
Protects against DNS spoofing
Unknown
2a04:4e42::81
British Broadcasting Corporation
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice