Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DURL VariantsActionwww/non-www, trailing slash, HTTP→HTTPSFIX
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
HTTP version does not redirect to HTTPS
DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BTLS Certificate Expiry & Recommendations101 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
ADNS Records2 A records, 244 ms lookupPASS
| A | 45.60.122.189, 45.60.132.189 |
| AAAA | — |
| CNAME | — |
| NS | exp5.experian.com, exp4.experian.com, exp1.experian.com |
| MX | 10 mxa-001a8401.gslb.pphosted.com 10 mxb-001a8401.gslb.pphosted.com |
| TXT | 4979d7a9-95da-45d6-8256-46c06692b137 google-site-verification=_CzkO_yH4LEfS7uhxeijlI3278c2zzIIvsAStmgDQxI atlassian-domain-verification=chaJ9QZ1uYouvwlxXkOzFbMqrmtFIaTUyqQTQ2M8oI3LixIRJI... atlassian-domain-verification=2UP8PtW7OUTWZ3snoYIS4au3bBIaQco5v9Tjg6kD6DeQKBaKHw... atlassian-domain-verification=5PhGjpSOC8Pg8sMKrlD4lcoPwXX82ja2XMpa5jPPC2sWvS330o... google-site-verification=jIYGbnOnO6TlBOQ4zkFDuiY-KfyoGmosip_iE9pjWh8 openai-domain-verification=dv-jvmygIIUA7HE6heWkPyw71Lx 99mOmKTf3fEllrauuIoiRBTzMqBWuuK7A/PVEg/Lq3rDqtzRWlWN2irMvgd4AGKOYWSoLIebg9/11kwO... 945794887365bf4153f76bc5614f9c3fc5b789a32d31f9ce43bf8c2e844d637b tiktok-verification=ttd_C6BACHVJ6980HBVLBCVG MS=ms68299638 dell-technologies-domain-verification=experian.com_4a0ef54e-e718-4636-8827-33800... mongodb-site-verification=XbwyjuGypxXfJJ8fHjQ7a46NnytkfcKO onetrust-domain-verification=d8d5022b46694d44b80503fd8e2dc2f1 0c067c19-828d-4727-ba5a-2b338869eab5 postman-domain-verification=da04729402b56a3ae2d05a60ca984ba1b7dae54d66724788d247... docusign=a8cd06f8-3032-4f9e-9a30-8ffa72057880 SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all nkH59fzF1LXBR9fDPDFESBdcl7KZlHDFVNc1ha2tjyjkNCgiJqueohuGAfrj8pnx google-site-verification=TiBnF3Hih2YfH8962dvcb5xm1KPjXAsYBLcWC9W3huc twilio-domain-verification=f87dc8503f62e7dc30e0e30e28a71420 google-site-verification=aLC6g_bTFsNYfw8ap0HPCxIPZ_MLnYq0N83lkwee3OE cursor-domain-verification-g61rd0=IkpAWQe6Geth9svhHXGZdeBrL cloudflare_dashboard_sso=b3a5d77fb0739161a134e85eb5923bd7 status-page-domain-verification=wc18gck2dcdk mongodb-site-verification=ssqgF22JD34CTbGDX7FEwBlf5mVgVDR4 atlassian-domain-verification=nkH59fzF1LXBR9fDPDFESBdcl7KZlHDFVNc1ha2tjyjkNCgiJq... mongodb-site-verification=VhUwPx2rLTARcVepy83J3N3NFBfq6Dxs mgverify=8e05d5c269fbe857c2dc1a042f6655e85461369038df459f8a93c16b52894455 atlassian-domain-verification=Z9WGykK/0v7NUFzV6UstvX9evo3aeL0gaHELoUrNEvDuV3iWfO... atlassian-domain-verification=GChaCn5wUrOB8cJqKaWbi56TitKcq/tWoOOYFyrVRUAxJeXfNT... mongodb-site-verification=p3ro9cei0xpeVfLDnfIki4ArrQrEfqF3 apple-domain-verification=60J6LZGDvRt4tiSK Dynatrace-site-verification=52e29a09-9c6e-47f6-842c-32a39050e5db__urti2l1mpr0ufb... atlassian-domain-verification=m1VsNcoamVYeoFztGZM/WKkpuKK7AaDvwkJ8qY6q9KcGKaJrIB... 1password-site-verification=SYP3JW644ZCDZFTA65L4D5QPVU anthropic-domain-verification-kshbgn=vrC8xUYYtgPvcCWrm9NaAXBFL twilio-domain-verification=9c1b4c11134f3830aa9c1d44e9678f65 logmein-verification-code=7f034067-0183-481c-b7ed-d4e2058b20fb atlassian-sending-domain-verification=ad4325ab-0ad1-44e6-8431-57cfee9e2776 safebreach-domain-verification=296f1bb4-b30a-4117-a4a2-d627010e4575 google-site-verification=uObOn1kLQRN5545ozlIlwPwzxk-kYugcXuW6fvrJ5vo datadome-domain-verify=1dx8mabC0e8AZ89sKmcpsEu7dzGLtdEs status-page-domain-verification=yprxmxkxcccj docker-verification=604bfd3b-f13b-4187-adeb-333861efc09e apple-domain-verification=hTWCkeEE3xo-qLAYYUslgbgih-nxBM-joqYNwkCrYGU pendo-domain-verification=KBa3Ol2UuLCyQ1kvca50WV-za2M mgverify=853729892a1a77eb304a3adbc3f72cd0aa1f35fdd370f46abc9623a5636dbb08 stripe-verification=E2C16082059B2D2CC7B923B9AE1662038D2C0DF55A870D2C1F7D6FD8F1EA... zapier-domain-verification-challenge=b6adbaec-3526-421c-9c3f-c4a5ae68d164 canva-site-verification=rJOB1y7h0EOs9-Bl4AgATw vuhevpg4yk insomnia-validation=e92033e2cc894e50882302bb17f8209e6fe037dc266d53d5969720765055... status-page-domain-verification=knn4v2xn3yn8 fe20fc33-ae84-4bd6-b076-54e0a7aa9a61 globalsign-domain-verification=DFA4D993D6DE5810902B1736C23253D4 smartsheet-site-validation=2_KwCnOURA9pRV0SPFW-nmWCXiKqTUPO astro-domain-verification=cmhjk0xue205k01nqpnggb6hp amazonses:WS1VyWQwep7n8PmqYc6pW9MLtc/jnhNeL6hI4WWoVhE= jamf-site-verification=LygxmZoT7iXt7v8Hs-Q0bA b9CXCcS2L6Q2IOFgw+yp9FE6y0i5ET9JnfJuttyDNs7afgr6Gu9JHydi7D9B6VQa5LZfATW903PGt7Cr... logmein-verification-code=831536cb-bf31-4718-8a46-4f2b6e215866 atlassian-domain-verification=4E51O1sBzPnnOkUd13zC/wiMbJxleOHcguILtoYXal6JVtOIrQ... 51ec14c0-d7ef-4def-9243-272daac23121 mixpanel-domain-verify=3ebbef95-d449-4279-9a99-dfaac114fa5d |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
Slow DNS adds latency to every page load. Consider a faster DNS provider.
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
ARedirect Chain1 redirect(s), 915 ms totalPASS
https://experian.com
285 ms · HTTP/1.1
https://www.experian.com/
629 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://experian.com | 301 | 285 ms | HTTP/1.1 | |
| 2 | https://www.experian.com/ | 200 | 629 ms | HTTP/1.1 |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 152 URLsPASS
User-Agent: PetalBot
Disallow: /
User-Agent: *
Disallow: /*/aem-test
Disallow: /ARFResponse
Disallow: /assets/access/documentation/
Disallow: /blogs/*/comments/
Disallow: /blogs/*/plugins/
Disallow: /blogs/*/wp-admin/
Disallow: /forms/submit.form
Disallow: /ncaconline/
Disallow: /NetConnect
Disallow: /products/pdf/
Disallow: /script/ScriptServlet
Disallow: /single-crm/
Disallow: /site-includes/
Disallow: /WebDelivery
Allow: /blogs/*/wp-admin/admin-ajax.php
Sitemap: https://www.experian.com/credit-cards/sitemap-0.xml
Sitemap: https://www.experian.com/static/exp/sitemap-0.xml
Sitemap: https://www.experian.com/blogs/ask-experian/blog-sitemap/sitemap-0.xml
Sitemap: https://www.experian.com/blogs/business-information/sitemap_index.xml
Sitemap: https://www.experian.com/blogs/employer-services/sitemap_index.xml
Sitemap: https://www.experian.com/blogs/global-insights/sitemap_index.xml
Sitemap: https://www.experian.com/blogs/healthcare/sitemap_index.xml
Sitemap: https://www.experian.com/blogs/insights/sitemap_index.xml
Sitemap: https://www.experian.com/blogs/marketing-forward/sitemap_index.xml
Sitemap: https://www.experian.com/blogs/news/sitemap_index.xml
Sitemap: https://www.experian.com/blogs/small-business-matters/sitemap_index.xml
A+Domain Intelligenceexperian.com — via Network Solutions, LLC, 29 years, 10 months old, hosted on INCAPSULA - Incapsula Inc, USPASS
101 days
October 27, 2026
101 days
Issued by Sectigo Limited
29 years, 10 months
Registered October 28, 1996
Not enabled
Protects against DNS spoofing
INCAPSULA - Incapsula Inc, US
ASN AS19551
45.60.122.189
Network Solutions, LLC
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice