Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BCrawlabilityno robots.txt, no sitemapREVIEW
robots.txt is optional but recommended. It tells search engine crawlers which pages to index.
No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.
Learn more ▾ ▴
A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.
Source: robotstxt.org
A sitemap helps search engines discover and index your pages more efficiently.
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
No robots.txt found
This is fine for most sites — a missing robots.txt allows all crawling by default.
No sitemap found
Adding a sitemap helps search engines discover your pages.
BTLS Certificate Expiry & Recommendations332 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 84 ms lookupPASS
| A | 99.83.221.243, 75.2.43.168 |
| AAAA | — |
| CNAME | — |
| NS | pdns2.cscdns.net, pdns1.cscdns.net |
| MX | 1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 alt3.aspmx.l.google.com 10 alt4.aspmx.l.google.com |
| TXT | google-site-verification=uwGsaSm3Yn_dKaYNQTyOt7lhG3EvyvUgsfWARqFGxt0 amazonses:1Q+NAiv+FGZnWAyWMgFg4qieTnsTL79XQeqrN4xEhfI= google-site-verification=gy158zX4W62wB7zWa_d-TLtrvltIhVCUUP78TxGUHDw jamf-site-verification=cUZHn-s-pzOfoP4nVU40pg facebook-domain-verification=0j0ot2w8nvh75t05vmjww3tbe9fbjq have-i-been-pwned-verification=dweb_963ylqs9cm6m5fttj6emikgv rG1CFqA4koKvzhExNcoL7QOZC3BhBeSCVSmwo57K1hY google-site-verification=qAyoZAGfGrqzKocx9OF4sUveRKVXPSn-_rj1VRKLs0A SPF v=spf1 include:_u.itv.com._spf.smart.ondmarc.com ~all stripe-verification=6acbed9239055976dfa14e8f271445c41269980619098b7d66eaf624aa06... google-site-verification=2nzXwkacyVchS6o8WPySNRRpiiJXkTCIOjKS4wRzeTk google-site-verification=y8ofqZeKaLhUPlLVuPHRGcv17-F0ayz1mhk4y0_y0Xw rippling-domain-verification=6fa1e97837a022c0 factorial-domain-verification=hEFabgkZEB8ie7ESjppNYhKHTHy9XrCmsnZiRGMEoA4SDvusdh... logmein-verification-code=pjsgtRT35HCEskNtxmwgSLFgU MS=ms52158236 §5pjfp08dgy4mbbqwkn2l0p4tykbgyd5m 1b4mvrg87jkkbn7qkkx6kddpgfk7nm2 facebook-domain-verification=un4mkzpw8btyo1njoq5mbhhdgd26lg google-site-verification=gNSkRmdV8cZtxTU02tiX61Xdt25tH-1DFAED24vQOPk smartsheet-site-validation=1jczhD2Kai7_rgCSRRQRKwvKpOJzYhiR docker-verification=5a406e4d-a98f-4526-bebe-b28f57762c13 amazonses:TThqV7EOJHAmSLXADq+jJJ1xi0uZHDHpK+LtfoY3WHI= adobe-idp-site-verification=c1c96115b9a99be4673fc11c5f2c16655fe6ac34f8ebdb95c809... apple-domain-verification=O0sG7R0y3mWud4yx have-i-been-pwned-verification=dc8541ee076ea0f94a8fa7a0f99debec klaviyo-site-verification=SgM5DW launchdarkly-domain-verification=c03235b2-6ea0-4903-a0b1-97e79ffa6baf amazonses:epxoxxIeDiALxhPalU6kleNPv5Eq/6zfNsO5Om5xtow= amazonses:k0D9TSbziBswUsAgiuZRuPeI+iZiQQHh4DC30VIF4C8= 38ztxs8fdzpmmbkkfxyy76m4mynxffry ZOOM_verify_llRLzKpzQ0Y4PdloDSAZMz airtable-verification=f09b608207420bee6860efd6c7a61b29 happeo-site-verification=4bb6fc2c4f174e5baa9869766d43d803 _u1m8m7ry1txmiq87m3nunj2zket70sk stripe-verification=19160fa2249f356fbf8ab7e0607e5eba36094f9cf8fa0aa3996af78ffaba... facebook-domain-verification=uvhgw1ygmzkro2ktrm61bppb6wg7ez flexera-domain-verification-ccyfxajzkskkqajc google-site-verification=HKW9Y07V4ZFJS3Se67DYffHAOfZW0W0hq0zLrbePNX8 openai-domain-verification=dv-JHPKtGbesLtvJSdDDmn1KcYi cloudhealth=362a9392-5e5b-4396-969a-814cf09bc5e0 cisco-ci-domain
verification=533e0cbdeb9f2483f1a70556accdd28cf4f9a526b65e6d4df1a... atlassian-domain-verification=kPdUajgGl0vJUDuGXcjmxZBqeSn8LVszGFw6DLK5AoonBGqUQh... _globalsign-domain-verification=WUOocVFQHuh3AApC7i-nlRfI24lEdHkSNGMVaaL5FJ google-site-verification=NzCMUO-KODfdedQVhRR4s1aWYDGCup73gtgvcUAx1Hk google-site-verification=sMNe8oonqcORpl07cQh8gLnHTwsH-fVAHuHIIs_c03Q glm5nbctfxq88pkdmmfsgczlzbx7g9pz google-site-verification=ttRCJTWST4-sUWzhbwE6z3roApKJjFmyEZjP21P_iJ0 u1m8m7ry1txmiq87m3nunj2zket70sk aDvzgpVgZW8mxrEuBvZn7B8BtNyqMs2t73ZBnU7veZ4 7Wh-l9LPic0W4WhVTfdprmnuke8 google-site-verification=XOJnWX_HDhsouZKfvrP3dUUHoxLMrOhKzMugRfhwEbM airtable-verification=c85a949cb81f4e8eac1227fd97e765c2 amazonses:I2ixfd0fX41CAHbGjOhnFQS02QouC6Tdoo67zi9Ax1o= MS=ms64056266 qelm9krr5ooladbkpgmpo88im5 logmein-verification-code=b8dcf2da-52fc-4606-a530-5929d53aac93 google-site-verification=jMteVJMujKHKz1pus-6XRWRQK5TltUiYEUG0uB4kCLw k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUDfb2i2luVslE8dnxOA4tbw7AZsKGC3a... DirectFedAuthUrl=https://itv.okta-emea.com/app/itv_mediaproxypoc_1/exka8x4jhghXv... 8s9ptmrn7a7uraeqdupgb7viiu miro-verification=4fafa0db1ae75faae7e7ca8d0b60632e187f9a71 x319h5647wb9gngtq4gskc3bbzbqbd14 elevenlabs=JjVHmGb3KM7LEneoExIrg-A64rHnaYce4KKcss0JNhc _globalsign-domain-verification=qaiayFDuDa45xUCndHKlpy0iNo4erAizwKeOfnkMhD google-site-verification=h6fOU-w4jenLJgk56gRe7yc2b_NWwdP1JNeuOao4qmQ _tx2hannf845o7xy3b5pjke8af29j37w dropbox-domain-verification=eve3qehqjvbx |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect Chain0 redirect(s), 169 ms totalPASS
https://itv.com
169 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://itv.com | 301 | 169 ms | HTTP/1.1 | awselb/2.0 |
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Consistent
A+Domain Intelligenceitv.com — via CSC Corporate Domains, Inc., 31 years, 11 months old, hosted on AWSPASS
106 days
October 31, 2026
332 days
Issued by Amazon
31 years, 11 months
Registered November 1, 1994
Not enabled
Protects against DNS spoofing
AWS
ASN AS16509
75.2.43.168
CSC Corporate Domains, Inc.
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice