Skip to content
https://bankofamerica.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
87
GRADE
B
FIX
0
REVIEW
4
PASS
5
INFO
0
Probed from Amsterdam, Netherlands
301 Moved Permanently
Checks
9
5 PASS 4 REVIEW
C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
REVIEW
www/non-www, trailing slash, HTTP→HTTPS
Critical::
Both www and non-www versions serve content
Got: Both variants return 200 Expected: One variant 301-redirects to the other
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.bankofamerica.com/
200https://bankofamerica.com/

Inconsistent — duplicate content risk

HTTP → HTTPS

301http://bankofamerica.com/ https://bankofamerica.com/

Consistent

B
TLS Certificate Expiry & Recommendations
147 days until leaf cert expires — 3 issues to address
REVIEW

Certificate validity

147
days left
0d 30d 60d 90d+

Recommended actions

  • Add includeSubDomains to the HSTS directive
  • Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN & Delivery
AWS CloudFront (FunctionGeneratedResponse from cloudfront)
REVIEW
AWS CloudFront (FunctionGeneratedResponse from cloudfront)
Info::
Site is served via AWS CloudFront CDN (edge: AMS58-P2)
Got: x-amz-cf-id: NDm0PNkkG971nID2g3oXKW39Evs2EZCLluReGTRXangqU0Mon9GBRg==
Info::
CDN cache status: FunctionGeneratedResponse from cloudfront
CDN Detected: AWS CloudFront
Provider AWS CloudFront Cache Status FunctionGeneratedResponse from cloudfront Evidence x-amz-cf-id: NDm0PNkkG971nID2g3oXKW39Evs2EZCLluReGTRXangqU0Mon9GBRg==
A+
DNS Records
3 A records, 10 ms lookup
PASS
3 A records, 10 ms lookup
Info::
Resolves to 3 IPv4 address(es)
Got: 3.173.21.90, 3.173.22.90, 3.173.23.90
Info::
No IPv6 (AAAA) records
Info::
7 nameserver(s) configured
Got: a.ns-bac.com, b.ns-bac.org, c.ns-bac.net, d.ns-bac.info, e.ns-boa.biz, f.ns-boa.us, g.ns-bac.com
Info::
2 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 10 ms
Got: 10 ms
A3.173.21.90, 3.173.22.90, 3.173.23.90
AAAA
CNAME
NSa.ns-bac.com, b.ns-bac.org, c.ns-bac.net, d.ns-bac.info, e.ns-boa.biz, f.ns-boa.us, g.ns-bac.com
MX
10 mxa-0000ec05.gslb.pphosted.com
10 mxb-0000ec05.gslb.pphosted.com
TXT
MS=ms26780064
00D0b000000De84=1TBKW000000GmaA
00D2g0000000ZPI=1TBD1000000003M
00D300000000K1b=1TBKZ0000004CFQ
00D300000000Lsb=1TBHp0000008OIF
00D300000005zGi=1TBKe000000oLob
00D3000000071D4=1TBKX0000008OLJ
00D30000000nW2o=1TBKd000000000B
00D30000000nqfl=1TBHt000000CaRH
00D30000001FXpf=1TBHt000000000Q
00D30000001H1Cv=1TBHt000000000B
00D30000001H88T=1TBKX000000Gmb7
00D30000001HRSt=1TBKe000000blLi
00D36000000rZom=1TBHq0000004C9D
00D37000000J5Lh=1TBKb000000TN74
00D400000007EoN=1TBKY000000fxU2
00D46000000aATr=1TBKk0000000007
00D4C0000008x25=1TBD10000004CCb
00D60000000KTAU=1TBKZ000000001T
00D700000009PLP=1TBKe0000004C9D
00D750000000NEs=1TBDh0000004CB9
00D8I0000016LkC=1TBDa000000000a
00DDE0000045mMg=1TBDE000000CaRH
00DDY0000000PuC=1TBDY0000004C9D
00DDn00000122RU=1TBDn0000004C9E
00DDn0000014WHa=1TBDn000000XZAR
00DDn0000014WMF=1TBDn0000000006
00DE0000000ZaqE=1TBHt000000XZEJ
00DHo000007ESQH=1TBHo000000sXtb
00Dd0000000fllf=1TBKh000000Kynr
_mue2mr9ttx0pb28iu4vju44fyivlze2
79HRM45BZQL4W6DODHCJ08ICCEPI4ZZ95OPF1PODC
N73NW9KHOCFO1J30DG9M0U52P3KJYN458U7T7MOAO
apple-domain-verification=8NQqHRIawsPLpi0W
apple-domain-verification=d7eRv0GK7kdI6vEs
apple-domain-verification=rELhhF8gjKgBEMuH
ccisso=4d9729b7-b770-4856-947d-935d1b4dca9c
docusign=7d338bac-902f-4792-8cdb-89a34b44ccf6
docusign=7f619a20-e6e1-47ba-88e2-5ffde1224228
facebook-domain-verification=vzgeob2q58bgtl7degzq855tbt3nld
onetrust-domain-verification=e788a6ac2ccb43818ec10f692be6c065
webexdomainverification.=28c49c72-742e-4204-a733-18e8a8982a47
webexdomainverification.=9caf3cdf-4b7a-4806-8346-9a9591002ef3
webexdomainverification.AU51=01da9742-a899-4543-b134-6dba5c7669f0
webexdomainverification.BV9Q=6a8ae93e-8405-4430-91c6-1095ff8ab83a
webexdomainverification.D04F=58ac4583-65d7-4b3d-89e2-2657f01be854
webexdomainverification.D182=d3bd60b7-b138-488e-9ce4-bb6a965bd46c
webexdomainverification.DMQQ=2397072c-14ba-446b-af2b-b7d82b0c3d84
webexdomainverification.DPFR=fc6d9245-b5e5-456d-a469-6332595f0a02
webexdomainverification.EPKA=0bb7fd7a-0b2a-4645-ab25-62a5a06a68f1
webexdomainverification.KK43=938a1277-bf6a-441d-949c-c22f81ce00e0
webexdomainverification.KK48=150225ca-a113-4206-9228-4e3460b52486
webexdomainverification.1TKBV=0b486704-ef66-4735-96f0-8b4af777b303
webexdomainverification.1TKU2=55bfd798-3032-4b19-9e4d-1a3cdc9f83dd
webexdomainverification.7VRFC=41f26899-9147-46be-927a-64a4921bce12
webexdomainverification.8BOEU=a4a75bdf-0a9d-419b-bad5-09ed7837a3a4
apple-domain-verification=_tTrLth1tZlC6XJXF7Ot2qt-U0o_cPfdE1qif1tDlDo
XP24tQeCoyIoYKFUDBai/TAmSrkfqDi8E276kwIOINKuXcgwMZwhckPM+6x5egH7+IV5OFBRNkdgRIHm...
SPF v=spf1 ip4:171.161.41.178 ip4:171.159.227.167 ip4:171.161.147.155 include:spf-00...
CAALookup not available with standard resolver
Resolved in 10 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A
Redirect Chain
1 redirect(s), 182 ms total
PASS
1 redirect(s), 182 ms total
Info::
Single redirect
Got: https://bankofamerica.com → https://www.bankofamerica.com/ (301)
Info::
WWW normalization redirect

https://bankofamerica.com

21 ms · HTTP/1.1

301

https://www.bankofamerica.com/

161 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://bankofamerica.com30121 msHTTP/1.1CloudFront
2https://www.bankofamerica.com/200161 msHTTP/1.1

See the visual redirect chain in the HTTP Probe tab →

A+
Crawlability
robots.txt present, sitemap with 27 URLs
PASS
robots.txt present, sitemap with 27 URLs
Info::
robots.txt is present
Got: 3312 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 27 entries
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 3312 B Sitemaps referenced 1 User-agents * # applies to all robots, gsa-crawler # Special rule just for Google Search Appliance, OmniExplorer_Bot, Googlebot-Mobile, msnbot-mobile, YahooSeeker/M1A1-R2D2 Blocking No — crawling allowed
User-agent: *             # applies to all robots

Disallow: /global         # disallow indexing of restricted areas

Disallow: /cfdocs

Disallow: /thirdparty

Disallow: /directbenefits

Disallow: /groupbanking

Disallow: /incubator

Disallow: /signin

Disallow: /associatebanking

Disallow: /cgi-bin

Disallow: /deposits/*.pdf$

Disallow: /deposits/*.swf$

Disallow: /deposits/*.txt$

Disallow: /products/deposits/

Disallow: /banking-information/associatebanking/

Disallow: /banking-information/employeebanking/

Disallow: /products/employeebanking/

Disallow: /employeebanking

Disallow: /employeebankingandinvestments

Disallow: /*slider-module.go

Disallow: */hp-assets/

Disallow: /financial-wellness/    


# Disallow URLs with tracking parameters

Disallow: /adtrack/

Disallow: /*adlink

Disallow: /*cm_mmc

Disallow: /weblinking/

Disallow: /mortgage_network/

Disallow: /*cm_sp

Disallow: /*reason=QKN

Disallow: /*msg=OnlineIdEmpty

Disallow: /*SOURCE_URL


# Disallow mobile content

Disallow: /promos/jump/package/iPhone/

Disallow: /promos/jump/package/mobile/


User-agent: gsa-crawler  # Special rule just for Google Search Appliance

Disallow: /global

Disallow: /cfdocs

Disallow: /thirdparty

Disallow: /directbenefits

Disallow: /groupbanking

Disallow: /incubator

Disallow: /signin

Disallow: /cgi-bin

Disallow: /deposits/*.pdf$

Disallow: /deposits/*.swf$

Disallow: /deposits/*.txt$

Disallow: /products/deposits/

Disallow: /banking-information/associatebanking/

Disallow: /banking-information/employeebanking/

Disallow: /products/employeebanking/

Disallow: /employeebanking

Disallow: /employeebankingandinvestments

Disallow: /*slider-module.go

Disallow: */hp-assets/

Disallow: /financial-wellness/  


# Disallow URLs with tracking parameters

Disallow: /adtrack/

Disallow: /*adlink

Disallow: /*cm_mmc

Disallow: /weblinking/

Disallow: /mortgage_network/

Disallow: /*cm_sp

Disallow: /*reason=QKN

Disallow: /*msg=OnlineIdEmpty

Disallow: /*SOURCE_URL


# Disallow mobile content

Disallow: /promos/jump/package/iPhone/

Disallow: /promos/jump/package/mobile/


User-agent: OmniExplorer_Bot

Disallow: /


# Allow mobile content for primary mobile bots


User-agent: Googlebot-Mobile

User-agent: msnbot-mobile

User-agent: YahooSeeker/M1A1-R2D2

Disallow: /global

Disallow: /cfdocs

Disallow: /thirdparty

Disallow: /directbenefits

Disallow: /groupbanking

Disallow: /incubator

Disallow: /signin

Disallow: /associatebanking

Disallow: /cgi-bin

Disallow: /deposits/*.pdf$

Disallow: /deposits/*.swf$

Disallow: /deposits/*.txt$

Disallow: /products/deposits/

Disallow: /banking-information/associatebanking/

Disallow: /banking-information/employeebanking/

Disallow: /products/employeebanking/

Disallow: /employeebanking

Disallow: /employeebankingandinvestments

Disallow: /*slider-module.go

Disallow: */hp-assets/

Disallow: /financial-wellness/  


# Disallow URLs with tracking parameters

Disallow: /adtrack/

Disallow: /*adlink

Disallow: /*cm_mmc

Disallow: /weblinking/

Disallow: /mortgage_network/

Disallow: /*cm_sp

Disallow: /*reason=QKN

Disallow: /*msg=OnlineIdEmpty

Disallow: /*SOURCE_URL


sitemap: https://www.bankofamerica.com/content/sitemap_index.xml


#Deployed from SPARTA

#CAST ID for this deployment #78658

#www robots.txt


A+
Domain Intelligence
bankofamerica.com — via CSC Corporate Domains, Inc., 27 years, 8 months old, hosted on AWS
PASS
bankofamerica.com — via CSC Corporate Domains, Inc., 27 years, 8 months old, hosted on AWS
Info::
Domain registered until Dec 28, 2026 (8 months remaining)
Info::
DNSSEC is enabled
Info::
Registrar: CSC Corporate Domains, Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: AWS
Got: AS16509
Domain expiry

167 days

December 28, 2026

SSL certificate

147 days

Issued by DigiCert Inc

Domain age

27 years, 8 months

Registered December 28, 1998

DNSSEC

Enabled

Protects against DNS spoofing

Hosting

AWS

ASN AS16509

3.173.21.90

Registrar

CSC Corporate Domains, Inc.

Unlocked 7 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar CSC Corporate Domains, Inc.
Created December 28, 1998 (27 years, 8 months ago)
Expires December 28, 2026 (8 months)
Last Updated December 24, 2025
Name Servers a.ns-bac.com, b.ns-bac.org, c.ns-bac.net, d.ns-bac.info, e.ns-boa.biz, f.ns-boa.us, g.ns-bac.com
DNSSEC Enabled
Hosting
IP Address 3.173.21.90
ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)
Provider AWS
Data source: rdap (0.2s)

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 19 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
5 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
1 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
7 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
19 ms
Total Time Total request time from DNS lookup through full response.
19 ms

Connection waterfall

DNS Lookup 5 ms TCP Connect 1 ms TLS Handshake 7 ms Server Processing 6 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback