Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations261 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 19 ms lookupPASS
| A | 18.210.63.196, 18.211.152.42 |
| AAAA | — |
| CNAME | — |
| NS | dns3.p06.nsone.net, dns1.p06.nsone.net, dns2.p06.nsone.net, dns4.p06.nsone.net |
| MX | 1 aspmx.l.google.com 5 alt2.aspmx.l.google.com 5 alt1.aspmx.l.google.com 10 alt3.aspmx.l.google.com 10 alt4.aspmx.l.google.com |
| TXT | v1uff0844kai9k3us8o0blq31d adobe-idp-site-verification=62bcde131337d67652c5065053b7b1bf966f7bb65d0b3b51fdbe... facebook-domain-verification=emht2ay473t6f36bfyoi8wj6e9h4bw jamf-site-verification=KWIMvVaa2zNjp91-6BevFA zapier-domain-verification-challenge=9ab57f3d-ac6b-44a5-89bf-b2f77be562a7 google-site-verification=U8j7kvi4rO-58_xD9RXgq2st1igkc1WWi5vGGqg6gc4 google-site-verification=Q02juZwtOQxKsyeG29o-RZLCCnF5_6r9mGc-KeOjfQg 2h4zsct4p4zgjyvgy7s3wq3jmp32nb2c slack-domain-verification=N4ObqeGvO0n4OQGkliEprc3Axb7N8syWHRAzHHXK mongodb-site-verification=2R4OTMoIEHP4oWMloxb4Yb2iwnNwfy9I google-site-verification=5l8MiH1h9bbfkIbAsdA9HlV2dF0GnIKfN9ieuIC7rwM MS=ms78885720 knowbe4-site-verification=7457bd252c5e8d712c3521f838a58f14 openai-domain-verification=dv-HRZMUexXO0s5dLEnG6bWsb3Y google-site-verification=lR20aOZBMv9tiyfX4c-rlBjG0-AYK1eNoU-77fssGUs docusign=3da7fb1c-7e87-4fce-854f-0e75c28d6287 anthropic-domain-verification-s7gfx6=BWNojozPjqB2zzxZQI1Pt9V97 google-site-verification=OgJVx4isMU3P-9FN4VVZzMLEwiDlFMi7xjEDrwI-LvA atlassian-domain-verification=0YfRooV677OJAUh28LDWebrKWAqc/xiIRQhXhaDNxebouVzzOc... SPF v=spf1 include:spf.protection.outlook.com ip4:167.89.0.0/17 ip4:208.117.48.0/20 ... Rp46nvXD2/uDHjX/YE5LWQVn8h8aYehJ+quak/8lXk5UpXM1jlc7bugCzarZ9LzQog+RfobrGCcaBCyZ... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 597 ms totalPASS
https://emarketer.com
390 ms · HTTP/1.1
https://www.emarketer.com/
207 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://emarketer.com | 301 | 390 ms | HTTP/1.1 | nginx |
| 2 | https://www.emarketer.com/ | 200 | 207 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 1 URLsPASS
User-agent: Google-Extended
Disallow: /content/
Disallow: /industry-kpis/
User-agent: *
Allow: /newsletters
Disallow: /learn/
Disallow: *thank-you
Disallow: /resources/
Disallow: /subject/
Disallow: /Articles/Email.aspx
Disallow: /articles/results.aspx?q=&
Disallow: /bin
Disallow: /CaptchaValidationLog
Disallow: /chart/*/async
Disallow: /chart/*/bind
Disallow: /chart/*/cancel
Disallow: /chart/*/catch_filter
Disallow: /chart/*/context
Disallow: /chart/*/debuggability
Disallow: /chart/*/direct_resolve
Disallow: /chart/*/errors
Disallow: /chart/*/es5
Disallow: /chart/*/finally
Disallow: /chart/*/join
Disallow: /chart/*/method
Disallow: /chart/*/nodeback
Disallow: /chart/*/promise
Disallow: /chart/*/promise_array
Disallow: /chart/*/queue
Disallow: /chart/*/schedule
Disallow: /chart/*/synchronous_inspection
Disallow: /chart/*/thenables
Disallow: /chart/*/util
Disallow: /chart/c/*/async
Disallow: /chart/c/*/bind
Disallow: /chart/c/*/cancel
Disallow: /chart/c/*/catch_filter
Disallow: /chart/c/*/context
Disallow: /chart/c/*/debuggability
Disallow: /chart/c/*/direct_resolve
Disallow: /chart/c/*/errors
Disallow: /chart/c/*/es5
Disallow: /chart/c/*/finally
Disallow: /chart/c/*/join
Disallow: /chart/c/*/method
Disallow: /chart/c/*/nodeback
Disallow: /chart/c/*/promise
Disallow: /chart/c/*/promise_array
Disallow: /chart/c/*/queue
Disallow: /chart/c/*/schedule
Disallow: /chart/c/*/synchronous_inspection
Disallow: /chart/c/*/thenables
Disallow: /chart/c/*/util
Disallow: /chart_jpgs
Disallow: /content/*/async
Disallow: /content/*/bind
Disallow: /content/*/cancel
Disallow: /content/*/catch_filter
Disallow: /content/*/context
Disallow: /content/*/debuggability
Disallow: /content/*/direct_resolve
Disallow: /content/*/errors
Disallow: /content/*/es5
Disallow: /content/*/finally
Disallow: /content/*/join
Disallow: /content/*/method
Disallow: /content/*/nodeback
Disallow: /content/*/promise
Disallow: /content/*/promise_array
Disallow: /content/*/queue
Disallow: /content/*/schedule
Disallow: /content/*/synchronous_inspection
Disallow: /content/*/thenables
Disallow: /content/*/util
Disallow: /Corporate/RegisterMe
Disallow: /Corporate/RequestInfo
Disallow: /corporate/request*
Disallow: /daily_process
Disallow: /docs
Disallow: /Emailer
Disallow: /emailpreferences.aspx
Disallow: /ErrorLog
Disallow: /EssentialMetrics
Disallow: /Extranet
Disallow: /Extranet.aspx
Disallow: /images/chart_gifs
Disallow: /images/chart_pdfs
Disallow: /images/chart_png300
Disallow: /images/chart_png460
Disallow: /images/interview_pdfs
Disallow: /images/Podcasts
Disallow: /images/mockups
Disallow: /include
Disallow: /Library
Disallow: /log
Disallow: /manage
Disallow: /MPTemplates
Disallow: /MyAccount
Disallow: /newsletter/*
Disallow: /newsletters/*
Disallow: /Newsletter_htm
Disallow: /newsroom/index.php/tag
Disallow: /newsroom/wp-admin
Disallow: /newsroom/wp-content/cache
Disallow: /PageBuilderControls
Disallow: /Products/AddToCart.aspx
Disallow: /products/explore
Disallow: /Products/Reports.aspx
Disallow: /Products/ShoppingCart.aspx
Disallow: /Products/subscriptionsSpecial.aspx
Disallow: /public_media/docs
Disallow: /public_media/images/Onboarding-Documents
Disallow: /public_media/images/StyleGuide
Disallow: /public_media/images/WPP
Disallow: /Results.aspx
Disallow: /retailnewsletter*
Disallow: /Store
Disallow: /*ThankYou*
Disallow: /umbraco
Disallow: /UnsubscribeConfirmation
Disallow: /uploads/excel/*
Disallow: /UserControls
Disallow: /web_admin
Disallow: /Scripts/
Disallow: /Styles/
Disallow: /page-data/
Disallow: /analysts/webapi/
Disallow: /dynamiccontent/webapi/
Disallow: /topics/category/undefined/
Disallow: /*/undefined
Disallow: /search
Disallow: */webapi/*
Sitemap: https://www.emarketer.com/sitemap/sitemap-index.xml
Host: https://www.emarketer.com
A+Domain Intelligenceemarketer.com — via NameCheap, Inc., 29 years, 7 months old, hosted on AWSPASS
200 days
February 1, 2027
261 days
Issued by Sectigo Limited
29 years, 7 months
Registered January 31, 1997
Not enabled
Protects against DNS spoofing
AWS
ASN AS14618
18.210.63.196
NameCheap, Inc.
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice