Skip to content
https://epson.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
90
GRADE
A
FIX
0
REVIEW
4
PASS
5
INFO
0
Probed from New York, United Stated
200 OK
Checks
9
5 PASS 4 REVIEW
C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
Crawlability
robots.txt present, sitemap with 24298 URLs
REVIEW
robots.txt present, sitemap with 24298 URLs
Info::
robots.txt is present
Got: 1710 bytes
Info::
sitemap.xml is present
Warning::
sitemap.xml contains invalid XML
Search engines may not be able to parse the sitemap. Fix XML validation errors.
Info::
sitemap.xml contains 24298 entries
Info::
robots.txt references sitemap

Search engines may not be able to parse the sitemap. Fix XML validation errors.

Why this matters

An unparseable sitemap is silently ignored by Google — the URLs it advertises are never queued for crawl.

Learn more

Google's sitemap parser is strict about XML validity. A single unescaped `&` or unclosed tag invalidates the whole file. Run your sitemap through a validator (Search Console's Sitemaps report flags it) and fix the offending entry. Most generators escape correctly; mistakes usually come from manually-written entries.

Source: sitemaps.org / Google Search Central

robots.txt 200 OK
Size 1710 B Sitemaps referenced 1 User-agents CazoodleBot, MJ12bot, BLEXBot, AlphaBot, Ezooms, WebMeUp, Gigabot, SEMrushBot, MegaIndex.ru, SEOkicks-Robot, Exabot, LinkpadBot, *, dotbot/1.0, DotBot, Yandex, Baiduspider, Sogou web spider Blocking No — crawling allowed


# For all robots
User-agent: *
# Block access to specific groups of pages
Disallow: /cart
Disallow: /checkout
Disallow: /my-account
Disallow: /search
Disallow: /supportsearch
Disallow: /faqsearch
Disallow: /Product-Exclusion
Disallow: /Exclusion-folder-for-ink
Disallow: /Epson-Customer-Appreciation-Program
Disallow: /oidc
Disallow: /login/sign-up
Disallow: /notify
Disallow: /dealerlocator
Disallow: /servicelocator
Disallow: /*?q=*
Disallow: /*&q=*
Disallow: /*?bvroute=*
Disallow: /*&bvroute=*
Disallow: /*?bvstate=*
Disallow: /*&bvstate=*
Disallow: /globalid
Disallow: /_Incapsula_Resouce

# Allow search crawlers to discover the sitemap
Sitemap: https://ftp.epson.com/marketing/us-sitemap.xml

# Block CazoodleBot as it does not present correct accept content headers
User-agent: CazoodleBot
Disallow: /

# Block MJ12bot as it is just noise
User-agent: MJ12bot
Disallow: /

# Block dotbot as it cannot parse base urls properly
User-agent: dotbot/1.0
Disallow: /

# Block Gigabot
User-agent: Gigabot
Disallow: /

# Block SEMrushBot
User-agent: SEMrushBot
Disallow: /

# Block YandexBot
User-agent: Yandex
Disallow: /

# Block Baiduspider
User-agent: Baiduspider
Disallow: /

# Block DotBot
User-agent: DotBot
Disallow: /

# Block MegaIndex.ru
User-agent: MegaIndex.ru
Disallow: /

# Block BLEXBot
User-agent: BLEXBot
Disallow: /

# Block SEOkicks-Robot
User-agent: SEOkicks-Robot
Disallow: /

# Block Exabot
User-agent: Exabot
Disallow: /

# Block AlphaBot
User-agent: AlphaBot
Disallow: /

# Block Sogou Spider
User-agent: Sogou web spider
Disallow: /

# Block Ezooms
User-agent: Ezooms
Disallow: /

# Block LinkpadBot
User-agent: LinkpadBot
Disallow: /

# Block WebMeUp
User-agent: WebMeUp
Disallow: /
sitemap.xml 200 OK
Type URL Set URLs 24298 entries Valid XML No
Sample URLs:
B
TLS Certificate Expiry & Recommendations
72 days until leaf cert expires — 5 issues to address
REVIEW

Certificate validity

72
days left
0d 30d 60d 90d+

Recommended actions

  • Extend HSTS max-age to at least 31536000 (1 year) to meet the preload list criteria
  • Add includeSubDomains to the HSTS directive
  • Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN & Delivery
Incapsula
REVIEW
Incapsula
Info::
Site is served via Incapsula CDN
Got: x-iinfo: 52-45323651-45323659 NNNY CT(58 61 0) RT(1776889109550 21) q(0 0 0 0) r(1 1) U5
CDN Detected: Incapsula
Provider Incapsula Evidence x-iinfo: 52-45323651-45323659 NNNY CT(58 61 0) RT(1776889109550 21) q(0 0 0 0) r(1 1) U5
A+
DNS Records
2 A records, 15 ms lookup
PASS
2 A records, 15 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 45.60.45.158, 45.60.106.158
Info::
No IPv6 (AAAA) records
Info::
4 nameserver(s) configured
Got: ns-1393.awsdns-46.org, ns-200.awsdns-25.com, ns-2009.awsdns-59.co.uk, ns-622.awsdns-13.net
Info::
No MX records — email not configured via DNS
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 15 ms
Got: 15 ms
A45.60.45.158, 45.60.106.158
AAAA
CNAME
NSns-1393.awsdns-46.org, ns-200.awsdns-25.com, ns-2009.awsdns-59.co.uk, ns-622.awsdns-13.net
MX
TXT
0kt5nz3k3yzkpnbqzv3wprgjm29rb765
2BH6L3TGM7T82AGGNV05SR3B1D
30wtc5fjbcc1b31tnr4hxp98n4rtdp8g
5ghmsz6qrf511ld38qm080m1lbxsr0sp
6s7lhtj314pdbnx1j1526f3pqng6w49m
6vdft1n38qzwsl602qttx5z52n7pjdvg
94px5cpgx65v4nzh4lrzk0h1433nt2sm
_10nolu3b82cdteg8qzm9v0hr7pmkfxp
_3csiak7gw4xfugdc425b99ttw14ohul
_4tgee50bp5nmypy4ph7amhpwyjr5ppn
_8j1ppjmt57jifnplx8qguawonf5aoc5
_9j4q1xwrnp0ld1fmcjk03q231djn6lo
_9ti9ufd0g71w1moodjbjyppm169fvdf
_e1j7t0cumems9j8fuc56kerv864jjgk
_edd3qlynfdzst9wlsoh9fp8ig3hewrr
_el7giwxf095ad7blhff51dcmn661oai
_f65y4tubouij65k2ysaoy4ryvkmhubb
_ixappdabmvf35kzfvycdf74i1t1ycxx
_l7g338u1ytwmypnmz0v3l6gmn5reki5
_qtlrtz2z8069mve3sdsvruccc76rkfj
_vv044bhtp4r1p67u1rnv5ufuy9dmtfw
_zpknxgcfowrya7clfqqo51mvly229dn
b90jmcy9ydsryfm21jf88s568l175k5f
facebook-domain-verification=lkbvwgwpw8gyzpo7xznz9bnz9o5qmr
fr1f97xx2mkf6xvxfmsnhz8bd0lwl7pl
g0ss5bv37gd6dwh8rjz8gy9lpd0fk5xy
globalsign-domain-verification=8CAC41D3FC683A751FE146399622A95B
google-site-verification=DRmMDQmprF1myCRMf5c-ZN6sMQKs67xKgR6sPNmXr5Y
google-site-verification=EpwL6m_ZxbQgdOJi2QgB5VQ-ODSITh8tDwVPp6CEN9Y
google-site-verification=MJH1VNK8qxWuK_OIIreguHSkeac99zjHTLO3xZXhROE
google-site-verification=RoS0RSoopJPK9ZS37csJSyORDgdmpiAlTR--SBF-EJU
google-site-verification=vAD2spoOZ8TbjelzVRmLNolvUhtDd_C1uqC4b8K-3zI
j95vs9z4dk48c1t4j171xm0x6j2z1lwq
k3xw6ckn6y8yztkdybb40nt7f0v2tdfj
kpdtffyh9l01nn84jnx381jhk7qyvtrf
ms8j47ql08j1ptlvhkv8p2xjkxn6jzdz
ps75rs10korrnqrsf1vti9p73n
qol7a9h5hl4eklnfnctoebb73u
rk15zpm3n82flznr07ygbts3t71y3s35
SPF v=spf1 -all
wx2ftckmfz3frcdy2wbldzz79vcmk1nz
wzdwzp670lyvs6vy4dt3d76hdd95lfjy
xl2jpx724cjcqmrw94m97vr3wh7qwqr9
xykhcktjlnjvzrrpbxvsbk0kb6qz6gpd
ydydkj8dsnmzq7svfb97pz3m6q0njs6v
zp4v8lx609k3bc5pgk48z1nmmx094nh6
CAALookup not available with standard resolver
Resolved in 15 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+
Redirect Chain
No redirects — direct access
PASS
No redirects — direct access
Info::
No redirects — direct access
Got: https://epson.com

https://epson.com

254 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://epson.com200254 msHTTP/1.1*
A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.epson.com/
200https://epson.com/

Preferred variant: non-www

HTTP → HTTPS

301http://epson.com/ https://epson.com/

Consistent

A+
Domain Intelligence
epson.com — via MarkMonitor Inc., 35 years, 8 months old, hosted on INCAPSULA - Incapsula Inc, US
PASS
epson.com — via MarkMonitor Inc., 35 years, 8 months old, hosted on INCAPSULA - Incapsula Inc, US
Info::
Domain registered until Nov 20, 2026 (7 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: MarkMonitor Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: INCAPSULA - Incapsula Inc, US
Got: AS19551
Domain expiry

160 days

November 20, 2026

SSL certificate

72 days

Issued by DigiCert Inc

Domain age

35 years, 8 months

Registered February 1, 1991

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

INCAPSULA - Incapsula Inc, US

ASN AS19551

45.60.106.158

Registrar

MarkMonitor Inc.

Unlocked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable DNSSEC to protect visitors from DNS spoofing
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar MarkMonitor Inc.
Created February 1, 1991 (35 years, 8 months ago)
Expires November 20, 2026 (7 months)
Last Updated October 19, 2024
Name Servers ns-1393.awsdns-46.org, ns-200.awsdns-25.com, ns-2009.awsdns-59.co.uk, ns-622.awsdns-13.net
DNSSEC Not enabled
Hosting
IP Address 45.60.106.158
ASN AS19551 (INCAPSULA - Incapsula Inc, US)
Provider INCAPSULA - Incapsula Inc, US
Data source: rdap (0.1s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 135 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
6 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
17 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
20 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
135 ms
Total Time Total request time from DNS lookup through full response.
136 ms

Connection waterfall

DNS Lookup 6 ms TCP Connect 17 ms TLS Handshake 20 ms Server Processing 92 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback