Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BTLS Certificate Expiry & Recommendations42 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
A+DNS Records2 A records, 11 ms lookupPASS
| A | 104.18.34.194, 172.64.153.62 |
| AAAA | 2a06:98c1:3100::ac40:993e, 2a06:98c1:3107::6812:22c2 |
| CNAME | — |
| NS | arya.ns.cloudflare.com, marty.ns.cloudflare.com |
| MX | 1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 alt4.aspmx.l.google.com 10 alt3.aspmx.l.google.com |
| TXT | 2D34B15AF7 MS=ms15763670 MS=ms67476150 adobe-idp-site-verification=8c7a3cee9e38155fd04884783cbea412c941f6f8d3283fbe249c... atlassian-domain-verification=tCydWmOGd+Rs/4SyiebpPC3gF24zWVPuEDPVALLwzfuNuW7KXx... browserstack-domain-verification=49fae9d0-ea85-4c63-9f45-61a6392b652f dd3r9tskpnxblzshvfw9sn8cchz039dy docker-verification=c809030c-9b33-4682-8c48-b74b14c52caa docusign=76124daf-f40a-4454-9196-92eeb20d7748 globalsign-domain-verification=efmeVF7VgYDiuMgzeILWvMI4EvyHmVFubigh3hBSgB google-site-verification=Dx6NCS4O_qW8tX3jGaYHU2lqzazrO39HpOBZBck8Mv0 google-site-verification=RSYwxpSLLGDrzm6YMwhbDYhX09Yb908Tc9lG6PIL2Ms google-site-verification=UfMeHZnHkC1rXRJJqytuILQtB7KgRFYgo8uZqbWci70 google-site-verification=rQVyx9ByDSS2K_-8PTj_Yq9DsLCO4DDfRwSMg3sCpAY google-site-verification=zaIoN5wR4xc0F2ajteJsRrlRj1F_6y9YZaVz2n8lCT4 h1-domain-verification=BumHRoKUkRqfDMLnpE1a7RMD4gxJCx9jqHcox9SUKvrxuoT1 h1-domain-verification=dc2i2KYhiesNjFKbY6wSdweM7NsC5zFHGVqfu14jqMZfqbaM m8+Dr7yX+RpPLO3Rxm56s/OS48RvTPZgP4Fhn4mf0BF91ioyGylfvpOTDBZnGCgkE16TpvKnBQqeVZVH... mixpanel-domain-verify=2f841f3d-e0e5-45d2-9e58-7cc8f5f8bd7b pardot130671=11dc3662d0836fcb9b9a60375ee866f7dac3deee023ae94d2cf795f0f5d54e75 pardot130671=f78a9c9305e329497da4147aa9535baf345128e8aa1dcd9236bcad5ed431a423 pardot_130671=d26f8d46333097d8139a4b5f7bec787965e835c5f3e4dccfa1078b8705384a7e pardot_130671_*=e7f6f9d851bfd3611e2e136c49b44be9c87b4064e6a0104767446d6b69ad46c3 segment-site-verification=Ue6Tfs1hHqrzjG2zi1QWNCy9dARGJqaT SPF v=spf1 ip4:54.202.202.57 ip4:44.235.247.155 ip4:52.12.244.9 ip4:52.37.56.227 inc... zapier-domain-verification-challenge=b227849b-8369-4fad-a596-4d0c894a77a5 |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 382 ms totalPASS
https://angieslist.com
18 ms · HTTP/1.1
https://www.angi.com/
364 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://angieslist.com | 301 | 18 ms | HTTP/1.1 | cloudflare |
| 2 | https://www.angi.com/ | 200 | 364 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+IPv6 ReadinessIPv6 reachable (2 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 17 URLsPASS
# -+++++++- .:.
# =+++++++= +++++.
# .+++++++++. +++++.
# :++++.++++: .-=-.
# =++++ ++++-
# .++++- =+++=. +++=: .=+++++: .=++++=. -+++= +++++
# .++++. -++++: ++++++++++++++- -++++++++++++++ +++++.
# -++++ ++++- ++++++-:-+++++= .++++++::=++++++ +++++.
# +++++ ++++= +++++: -++++= :+++++ =+++++ +++++.
# .:++++= =++++. +++++: -++++= :+++++ -+++++ +++++.
# :=+++++++++++==++++: +++++: -++++= :+++++ -+++++ +++++.
# =++++++++++++++++++++= +++++: -++++= :+++++ -++++= +++++.
# :+++++++=*###*=+++++++++ +++++: -++++= :+++++ -++++= +++++.
# :+++++- :**##= =++++++. +++++: -++++= :+++++ -++++= +++++.
# +++++. +++*#: :+++++- +++++: -++++= :+++++ =++++= +++++.
# .++++= ++++*. -+++++ +++++: -++++= .++++++::=+++++= +++++.
# .++++= :++++= +++++. +++++: -++++= -++++++++=++++= +++++.
# +++++=:-+++++. =++++: +++++: -++++= .=++++-.:++++= +++++.
# .=++++++++++- ..... ..... ..... :++++= .....
# :+++++++=. ::::: -++++-
# ... .+++++=..-+++++
# :++++++++++++:
# :=++++++=:
#
# Hello, Home Improvement Hero. Stumbled into the attic instead of the front door?
# Here's a thought: Instead of snooping through our crawl space, why not build up your career with us?
# Swing by https://www.angi.com/careers - it's the blueprint for your next big project.
# Hammer time's over for now, human.
# Onward, bots:
# Door is Locked for These Bots:
User-agent: AhrefsBot
Disallow: /
User-agent: Screaming Frog SEO Spider
Disallow: /
User-agent: SemrushBot
Disallow: /
# Yandex
User-agent: Yandex
Disallow: /
# Everyone Else:
User-agent: *
Allow: /
Disallow: *#!
# Parameters
Disallow: /*?navigation_impression_id=
Disallow: /*?navigation_source_impression_id=
Disallow: /*?postalCode=
Disallow: /*?redirect=
Disallow: /*?showcaseId=
Disallow: /*?sku_impression_id=
Disallow: /articles/*.htm?page=
# Directories
Disallow: /companylist/t/
Disallow: /companylist/us/xx/
Disallow: /write-review/
Disallow: /al-web-badge/
# Authentication
Disallow: /oauth2/
# Sitemaps:
Sitemap: https://www.angi.com/sitemap/articles-sitemap-index.xml
Sitemap: https://www.angi.com/sitemap/geo-sitemap-index.xml
Sitemap: https://www.angi.com/sitemap/leaf-sitemap-index.xml
Sitemap: https://www.angi.com/sitemap/nearme-sitemap.xml
Sitemap: https://www.angi.com/sitemap/statecat-sitemap.xml
Sitemap: https://www.angi.com/sitemap/topic-sitemap.xml
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
- https://www.angi.com/sitemap/AL_Articles...
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligenceangieslist.com — via Lexsynergy Limited, 30 years, 4 months oldPASS
305 days
May 16, 2027
42 days
Issued by Google Trust Services
30 years, 4 months
Registered May 15, 1996
Not enabled
Protects against DNS spoofing
Unknown
2a06:98c1:3107::6812:22c2
Lexsynergy Limited
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice