https://metamask.io
Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
98
GRADE
A+
FIX
0
REVIEW
1
PASS
8
INFO
0
Probed from Madrid, Spain
200 OK
Checks
98 PASS 1 REVIEW
BTLS Certificate Expiry & Recommendations68 days until leaf cert expires — 3 issues to addressREVIEW
TLS Certificate Expiry & Recommendations
68 days until leaf cert expires — 3 issues to address
Certificate validity
68
days left
0d 30d 60d 90d+
Recommended actions
- Extend HSTS max-age to at least 31536000 (1 year) to meet the preload list criteria
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 52 ms lookupPASS
DNS Records
2 A records, 52 ms lookup
2 A records, 52 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 172.64.147.181, 104.18.40.75
Info::
Has 2 IPv6 (AAAA) record(s)
Got: 2a06:98c1:3101::6812:284b, 2a06:98c1:3100::ac40:93b5
Info::
2 nameserver(s) configured
Got: langston.ns.cloudflare.com, adelaide.ns.cloudflare.com
Info::
1 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 52 ms
Got: 52 ms
| A | 172.64.147.181, 104.18.40.75 |
| AAAA | 2a06:98c1:3101::6812:284b, 2a06:98c1:3100::ac40:93b5 |
| CNAME | — |
| NS | langston.ns.cloudflare.com, adelaide.ns.cloudflare.com |
| MX | 1 smtp.google.com |
| TXT | google-site-verification=YtaNNt_XG9lp97tHolcYR0NqdyhSkGWdfpMCFUVru4U SPF v=spf1 include:_spf.google.com include:mailgun.org include:4795067.spf01.hubspot... google-site-verification=wZKzd-THRf5G2HJgdiwxNVdgWUzC7rDouF9iQ-vOOlo miro-verification=06aec59d07be7d0932c66052bef4e0ec9f560256 google-gws-recovery-domain-verification=61510561 google-site-verification=SNHFOPocvIFZ-TWTBZmyJVV2h69GGrm2dvsyWJQTLTs google-site-verification=Y6oJ8FmCqgthVbVXmD887zcwGohYjgUaCa3miLVMQYY 00371316 OSSRH-94282 google-site-verification=cCJ7DbV5ygpeEX7pYsZSgkfwMgIjUiTLjLDvEita4mM |
| CAA | Lookup not available with standard resolver |
Resolved in 52 ms
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Why this matters
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
Redirect Chain
No redirects — direct access
No redirects — direct access
Info::
No redirects — direct access
Got: https://metamask.io
https://metamask.io
216 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://metamask.io | 200 | 216 ms | HTTP/1.1 | cloudflare |
A+IPv6 ReadinessIPv6 reachable (17 ms)PASS
IPv6 Readiness
IPv6 reachable (17 ms)
IPv6 reachable (17 ms)
Info::
IPv6 is configured and reachable at 2a06:98c1:3101::6812:284b, 2a06:98c1:3100::ac40:93b5
Got: 17 ms connect
IPv6 Ready
AAAA Records 2a06:98c1:3101::6812:284b, 2a06:98c1:3100::ac40:93b5 Connection Reachable (17 ms)
A+Crawlabilityrobots.txt present, sitemap with 5 URLsPASS
Crawlability
robots.txt present, sitemap with 5 URLs
robots.txt present, sitemap with 5 URLs
Info::
robots.txt is present
Got: 144 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 5 entries
Info::
Sitemap index with 5 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 144 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed
User-Agent: *
Allow: /llms.txt
Disallow: /storybook
Disallow: /playground
Disallow: /stylesheet
Sitemap: https://metamask.io/sitemap-index.xml
sitemap.xml 200 OK
Type Sitemap Index URLs 5 entries Valid XML Yes
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS
www / non-www
301https://www.metamask.io/
200https://metamask.io/
Preferred variant: non-www
HTTP → HTTPS
301http://metamask.io/ → https://metamask.io/
Consistent
ADomain Intelligencemetamask.io — via Cloudflare, Inc, 10 years, 11 months oldPASS
Domain Intelligence
metamask.io — via Cloudflare, Inc, 10 years, 11 months old
metamask.io — via Cloudflare, Inc, 10 years, 11 months old
Warning::
Domain expires in 70 days
Consider enabling auto-renewal to prevent accidental expiration.
Got: Expires Jul 2, 2026
Info::
Registrar: Cloudflare, Inc
Info::
Registrar lock is enabled
Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.
Domain expiry
19 days
July 2, 2026
SSL certificate
68 days
Issued by Google Trust Services
Domain age
10 years, 11 months
Registered July 2, 2015
DNSSEC
Status unknown
Protects against DNS spoofing
Hosting
Unknown
2a06:98c1:3101::6812:284b
Registrar
Cloudflare, Inc
Locked 2 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry
Registrar Cloudflare, Inc
Created July 2, 2015 (10 years, 11 months ago)
Expires July 2, 2026 (2 months)
Last Updated July 14, 2025
Name Servers langston.ns.cloudflare.com, adelaide.ns.cloudflare.com
Registrant Consensys Software Inc
Hosting
IP Address 2a06:98c1:3101::6812:284b
Data source: whois (1.0s)
Consider enabling auto-renewal to prevent accidental expiration.
Why this matters
Domain expiry approaching — renew immediately and ensure auto-renew + alerting are configured.
Source: ICANN renewal policy
Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.
Why this matters
Registrar lock (clientTransferProhibited et al.) prevents unauthorized domain transfers — strongest defense against domain hijacking.
Source: ICANN / domain-security best practice
A+HTTP Probe TimingTotal 339 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
HTTP Probe Timing
Total 339 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
40 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
17 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
22 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
283 msTotal Time Total request time from DNS lookup through full response.
340 msConnection waterfall
DNS Lookup 40 ms TCP Connect 17 ms TLS Handshake 22 ms Server Processing 203 ms Content Transfer 57 ms
ACDN & DeliveryCloudflare (DYNAMIC)PASS
CDN & Delivery
Cloudflare (DYNAMIC)
Cloudflare (DYNAMIC)
Info::
Site is served via Cloudflare CDN (edge: CDG)
Got: cf-ray: 9f08200dbeea986b-CDG
Info::
CDN cache status: DYNAMIC
CDN Detected: Cloudflare
Provider Cloudflare Cache Status DYNAMIC Evidence cf-ray: 9f08200dbeea986b-CDG
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.