Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BTLS Certificate Expiry & Recommendations54 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryVercelREVIEW
A+DNS Records1 A records, 9 ms lookupPASS
| A | 216.150.1.1 |
| AAAA | — |
| CNAME | — |
| NS | ns-46.awsdns-05.com, ns-623.awsdns-13.net, ns-1210.awsdns-23.org, ns-1834.awsdns-37.co.uk |
| MX | 10 aspmx.l.google.com 20 alt1.aspmx.l.google.com 20 alt2.aspmx.l.google.com 30 aspmx2.googlemail.com 30 aspmx3.googlemail.com |
| TXT | facebook-domain-verification=im1dxkni9vbpdmsseldnl3x2d5xv2g google-site-verification=RN3Me5uqbKJXfStNtg6zRPujcLOWCRHSccynjSFO314 SPF v=spf1 include:_spf.google.com include:mailgun.org include:helpscoutemail.com in... |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect Chain0 redirect(s), 28 ms totalPASS
https://aeon.co
28 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://aeon.co | 429 | 28 ms | HTTP/1.1 | Vercel |
A+Crawlabilityrobots.txt present, sitemap with 5701 URLsPASS
# Default rules for all bots including Googlebot, Bingbot, Slurp, and DuckDuckBot
User-Agent: *
Disallow: /api/*
Disallow: /monitoring
Disallow: /_vercel/*
Disallow: /search?
Disallow: /*/preview$
Disallow: /syndication?
# Known AI training scrapers to block
User-agent: Applebot-Extended
User-agent: Bytespider
User-agent: CCBot
User-agent: ClaudeBot
User-agent: Diffbot
User-agent: FacebookBot
User-agent: Google-Extended
User-agent: GPTBot
User-agent: Omgilibot
Disallow: /
Sitemap: https://assets.aeon.co/sitemaps/aeon/main.xml
Sitemap: https://assets.aeon.co/sitemaps/aeon/news.xml
Sitemap: https://assets.aeon.co/sitemaps/aeon/video.xml
AURL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Use 301 (permanent) instead of 302 (temporary)
A+Domain Intelligenceaeon.co — via 1API GmbH, 14 years, 9 months old, hosted on AWSPASS
65 days
September 18, 2026
54 days
Issued by Let's Encrypt
14 years, 9 months
Registered September 19, 2011
Status unknown
Protects against DNS spoofing
AWS
ASN AS16509
216.150.1.1
1API GmbH
Expiry timeline
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry
Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.
Registrar lock (clientTransferProhibited et al.) prevents unauthorized domain transfers — strongest defense against domain hijacking.
Source: ICANN / domain-security best practice