Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CDNS RecordsAction1 A records, 870 ms lookupREVIEW
| A | 160.92.168.33 |
| AAAA | — |
| CNAME | secure-www-sp-dila-prod.as8677.net |
| NS | — |
| MX | — |
| TXT | — |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.
Learn more ▾ ▴
RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.
Source: RFC 1034
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.
Learn more ▾ ▴
SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.
Source: RFC 7208 (SPF)
Slow DNS adds latency to every page load. Consider a faster DNS provider.
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
BRedirect Chain1 redirect(s), 1244 ms totalREVIEW
https://www.service-public.fr
765 ms · HTTP/1.1
https://www.service-public.gouv.fr/
479 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://www.service-public.fr | 301 | 765 ms | HTTP/1.1 | |
| 2 | https://www.service-public.gouv.fr/ | 200 | 479 ms | HTTP/1.1 |
See the visual redirect chain in the HTTP Probe tab →
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Preferred variant: www
HTTP → HTTPS
HTTP version does not redirect to HTTPS
BTLS Certificate Expiry & Recommendations334 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+Crawlabilityrobots.txt present, sitemap with 14 URLsPASS
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
User-agent: *
Disallow: /compte/*
Disallow: /contact/*
Disallow: /actualites/lettresp/archives/L*
Disallow: /allo-sp/*
Disallow: /accueil/
Disallow: /*?xtor=
# Disallow: */recherche*
Allow: */recherche-guidee/*.js
Allow: /demarches-silence-vaut-accord/recherche?page=
Disallow: */partager-par-courriel
Disallow: /*/personnalisation
Disallow: */telecharger-pdf
- https://www.service-public.fr/urlset-1.x...
- https://www.service-public.fr/urlset-2.x...
- https://www.service-public.fr/urlset-3.x...
- https://www.service-public.fr/urlset-4.x...
- https://www.service-public.fr/urlset-5.x...
- https://www.service-public.fr/urlset-6.x...
- https://www.service-public.fr/urlset-7.x...
- https://www.service-public.fr/urlset-8.x...
- https://www.service-public.fr/urlset-9.x...
- https://www.service-public.fr/urlset-10....
- https://www.service-public.fr/urlset-11....
- https://www.service-public.fr/urlset-12....
- https://www.service-public.fr/urlset-13....
- https://www.service-public.fr/urlset-14....
ADomain Intelligenceservice-public.fr — via NAMESHIELD, 25 years, 10 months old, hosted on ING-AS, FRPASS
EXPIRED
June 29, 2026
334 days
Issued by Sectigo Limited
25 years, 10 months
Registered October 5, 2000
Status unknown
Protects against DNS spoofing
ING-AS, FR
ASN AS47957
160.92.168.33
NAMESHIELD
Expiry timeline
Recommended actions
- Domain has EXPIRED — renew immediately to avoid total site outage
Consider enabling auto-renewal to prevent accidental expiration.
Domain expiry approaching — renew immediately and ensure auto-renew + alerting are configured.
Source: ICANN renewal policy