Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BTLS Certificate Expiry & Recommendations163 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Add includeSubDomains to the HSTS directive
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records4 A records, 18 ms lookupPASS
| A | 54.192.100.105, 54.192.100.104, 54.192.100.113, 54.192.100.106 |
| AAAA | — |
| CNAME | — |
| NS | ns-109.awsdns-13.com, ns-1475.awsdns-56.org, ns-1770.awsdns-29.co.uk, ns-851.awsdns-42.net |
| MX | 1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 alt4.aspmx.l.google.com 10 alt3.aspmx.l.google.com |
| TXT | BVZ71B+mKCBqRr1w3VIASfVh3pQZB03sHrBNBFpHX1o= MS=ms12400529 ZOOM_verify_SCYUdVERQLutYg2MMk5n1g _clickhouse-challenge=50106aaaf400edbcefac28bda83bc112729a303de14fb02fb2aacc7b33... adobe-idp-site-verification=0a066b06b8045615fcdf23249b39f3d914314bdfb3ee967c2e1f... apple-domain-verification=fUR5lrIb8ZXAgRZh atlassian-domain-verification=RxqzNQU9S390W85VwH10vVpz3Di558ORKIVSKmVAQT4+y7Ql0s... bugcrowd-verification=f0154a310f16c24b2f611860fa95ee0a ca3-7d04cacf69a549d4addeff17e6909a24 ca3-8a1e55e3fcee4fa491e23cbded2bc67e canva-site-verification=_JpZfL3nf2ijBh990p20Qg detectify-verification=12d573890acb6ade469e03765116c9e2 docker-verification=43fcdc1c-c507-4b42-a59f-bbe4ec0bb157 docusign=eedc187f-e4c6-4ac9-8e13-c6ccd40314b7 drift-domain-verification=24480bfa6b88081e403b5a627581c72e596dc1c3ed5645fe6efcd6... dropbox-domain-verification=r5b6zg48jbmp e2e721fe-abe5-42a4-927b-912cc5c69b36 facebook-domain-verification=2sqha4fft688a7u7q3figd59ep0w4b fastly-domain-delegation-789693-Kj90J2mV3G9-2024-07-19 google-site-verification=BqcVSfrFZjfdxdEO8uatlQkqe60OY_oN1l0lJZfmZ9k google-site-verification=H8kk7gZcBYmngKs49pHpvunadVcRo05xHvYFm8OIE-I google-site-verification=Mhehxk91tmdl972lIt1tUudqxk-UZ-dess1iBOOynkk google-site-verification=cXlmyZR0poIpagrHUTLcClMxgOT4IkJT0j7_1-e0tsU google-site-verification=ij4vG3FdwygeRWH5NW4N4caykX25Kd0e0WB4Mthyq20 google-site-verification=kqO9m7kdcbY5YskqQd2zJq54BQSHCF9uNP_E2s4yoAM google-site-verification=yq35AOMklIFyD7HelrWMtlretcRBQAt1AY7qTtwvdhg jamf-site-verification=iQrilIoGuZCr_m8AjCBWZA loom-site-verification=c0a47021adc14be19b38292b33d1d30f miro-verification=391fdb38d34cadae4ef10844ee78b9621782d343 mixpanel-domain-verify=163fe517-5be9-4a94-9755-d4f557dd500c pardot638801=5d51367473c46ae4c72b898ec13660f709def997e4a94c499727a407afb942ee reachdesk-verification=DUxgtvZRe02HbR5zQceu542WuioEOiKst7RqNUFgWSKm21dUpY3Qfq9LC... slack-domain-verification=I615FeKXlfrAPDJmDACA9SyJDK5G1ZGhti5m0hp1 status-page-domain-verification=mtln2tk244cb SPF v=spf1 include:mail.zendesk.com include:6cb9ee.workshop-spf.net include:_spf.sal... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
https://sproutsocial.com
84 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://sproutsocial.com | 200 | 84 ms | HTTP/1.1 | AmazonS3 |
A+Crawlabilityrobots.txt present, sitemap with 84 URLsPASS
User-agent: Googlebot
Sitemap: https://sproutsocial.com/sitemap.xml
Sitemap: https://sproutsocial.com/insights/sitemap_index.xml
Sitemap: https://sproutsocial.com/insights/video-sitemap.xml
User-agent: *
Sitemap: https://sproutsocial.com/sitemap.xml
Sitemap: https://sproutsocial.com/insights/sitemap_index.xml
Sitemap: https://sproutsocial.com/insights/video-sitemap.xml
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencesproutsocial.com — via GoDaddy Corporate Domains, LLC, 16 years, 9 months old, hosted on AWSPASS
98 days
September 22, 2026
163 days
Issued by Amazon
16 years, 9 months
Registered September 22, 2009
Not enabled
Protects against DNS spoofing
AWS
ASN AS16509
52.85.31.38
GoDaddy Corporate Domains, LLC
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice