Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
BRedirect Chain1 redirect(s), 1363 ms totalREVIEW
https://uky.edu
490 ms · HTTP/1.1
https://www.uky.edu/
873 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://uky.edu | 301 | 490 ms | HTTP/1.1 | Apache/2.4.62 (AlmaLinux) OpenSSL/3.5.1 |
| 2 | https://www.uky.edu/ | 200 | 873 ms | HTTP/1.1 | Apache/2.4.62 (AlmaLinux) OpenSSL/3.5.1 |
See the visual redirect chain in the HTTP Probe tab →
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
CURL VariantsActionwww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Use 301 (permanent) instead of 302 (temporary)
BTLS Certificate Expiry & Recommendations190 days until leaf cert expires — 5 issues to addressREVIEW
Certificate validity
Recommended actions
- Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
- Extend HSTS max-age to at least 31536000 (1 year) to meet the preload list criteria
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
ADNS Records1 A records, 333 ms lookupPASS
| A | 128.163.35.46 |
| AAAA | — |
| CNAME | — |
| NS | sndc1.net.uky.edu, sndc2.net.uky.edu |
| MX | 10 uky-edu.mail.protection.outlook.com |
| TXT | d365mktkey=lvnbxpv16zb3b3fq87qgx1w2 SPF v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email include:mailgun.org ~all e2ma-verification=p2ggb airtable-verification=08fe52ad65a781013d8f064036e4c3f3 asv=e9dbc7f36805498586275767226fbeaa 6VKUoai4abGMplE1Jiq3h85euv/TsSNHn1etOi0KTa1aW4UhtimO70Bav5S3j4N9Ba+QyVRLm5Rzc0dE... cisco-ci-domain-verification=5580f815cfed6657f1b22c300d35a6b66f22360d25db7e5bd3b... amazonses:MKxf4B6NI9ZrPl7eGND1YGMb307IRLN0eYwoDUWKWpE= jamf-site-verification=4gvAry71nzooLy5CaIwegQ 00DDp0000017aZL=1TBcx00000002ra e2ma-verification=lsrfb e2ma-verification=1l8fb cisco-ci-domain-verification=24fd540ebf927ee4d9183d90e2c13628480017b3b0172e2fb2b... teamviewer-sso-verification=a65f5d182f1a4703aaf53ea73510508f brevo-code:59b3a18744d24f960bd78166f34f87c5 docusign=d8f39723-ce11-4288-b54f-6ee4a7856058 google-site-verification=EiUlE6YVyy5Boyg8nVab7FLE6blJkVjH-LIhgjv8rMQ d365mktkey=4j4h68c79ebqj3qp73n3jtwxv intersight=92ce70cc8c0776e6ce23d47d46d3d0c952091278684c4b49b17d0368908677e9 airtable-verification=a7013d71581bcea786dc1aa07cc9d89d 00Df4000004kS17=1TBVq0000000eYZ |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
Slow DNS adds latency to every page load. Consider a faster DNS provider.
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
A+Crawlabilityrobots.txt present, sitemap with 32 URLsPASS
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html
User-agent: *
# CSS, JS, Images
Allow: /core/*.css$
Allow: /core/*.css?
Allow: /core/*.js$
Allow: /core/*.js?
Allow: /core/*.gif
Allow: /core/*.jpg
Allow: /core/*.jpeg
Allow: /core/*.png
Allow: /core/*.svg
Allow: /profiles/*.css$
Allow: /profiles/*.css?
Allow: /profiles/*.js$
Allow: /profiles/*.js?
Allow: /profiles/*.gif
Allow: /profiles/*.jpg
Allow: /profiles/*.jpeg
Allow: /profiles/*.png
Allow: /profiles/*.svg
# Directories
Disallow: /core/
Disallow: /profiles/
# Files
Disallow: /README.md
Disallow: /composer/Metapackage/README.txt
Disallow: /composer/Plugin/ProjectMessage/README.md
Disallow: /composer/Plugin/Scaffold/README.md
Disallow: /composer/Plugin/VendorHardening/README.txt
Disallow: /composer/Template/README.txt
Disallow: /modules/README.txt
Disallow: /sites/README.txt
Disallow: /themes/README.txt
Disallow: /web.config
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register
Disallow: /user/password
Disallow: /user/login
Disallow: /user/logout
Disallow: /media/oembed
Disallow: /*/media/oembed
# Paths (no clean URLs)
Disallow: /index.php/admin/
Disallow: /index.php/comment/reply/
Disallow: /index.php/filter/tips
Disallow: /index.php/node/add/
Disallow: /index.php/search/
Disallow: /index.php/user/password
Disallow: /index.php/user/register
Disallow: /index.php/user/login
Disallow: /index.php/user/logout
Disallow: /index.php/media/oembed
Disallow: /index.php/*/media/oembed
A+Domain Intelligenceuky.edu — 39 years, 5 months old, hosted on UKYEDU - University of Kentucky, USPASS
19 days
July 31, 2026
190 days
Issued by Internet2
39 years, 5 months
Registered May 27, 1987
Status unknown
Protects against DNS spoofing
UKYEDU - University of Kentucky, US
ASN AS23162
128.163.35.46
Registrar unknown
Expiry timeline
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry