Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
CTLS Certificate Expiry & RecommendationsAction22 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Renew certificate — 22 days remaining
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
A+DNS Records2 A records, 13 ms lookupPASS
| A | 104.18.35.192, 172.64.152.64 |
| AAAA | 2a06:98c1:3103::6812:23c0, 2a06:98c1:3107::ac40:9840 |
| CNAME | — |
| NS | gold.foundationdns.com, gold.foundationdns.net, gold.foundationdns.org |
| MX | 5 uspto-gov.mail.protection.outlook.com |
| TXT | MS=ms28666523 _qf2w9oo2ieh425rh0b6gjpp829vih2b apple-domain-verification=DQ6lsHErU2gvVyqF jetbrains-domain-verification=8sj6e0d8s6q4fvu86jcfzp0g5 facebook-domain-verification=6wqv4rmxkothypv5gij5080967l5ws ms-domain-verification=725c3c35-24ef-43fd-a26b-2736d7cea1a6 perplexity-ai-domain-verification-7tdkgd=M7VyHULqPpVV3g4SsM4BNc1mR webexdomainverification.7PUPU=2a587b5a-c181-4a6c-9d10-a13dcaa747bd google-site-verification=5eOb2YylR8fDTIkmIs3N0CaJ_IHjjikNS-Z7BDb9jvw google-site-verification=MB6vnwbxkyN6STcgBAa5U-W1H7VhU62fSuT95KrWhlk 3FKeZ5CH9TEaLgiiioa9/iDVB0WPJofaHBuumk1YRmcuggWFX3v3gDlSw5uSIbaSuvm/FsOYPRzhM87B... SnTiaz2QHOuDsjncHy2wc6dZmnzEFxbqKLWgzzrfBidPblmIGRxS9jP28Zb4xPjhhlE2YBm98Mu+Dhbx... adobe-idp-site-verification=fd06710ade06e49a5be3b877d16463b3f5f050a1e54eaaa1daff... SPF v=spf1 include:uspto.gov._nspf.valigov.email include:%{i}._ip.%{h}._ehlo.%{d}._s... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 598 ms totalPASS
https://uspto.gov
15 ms · HTTP/1.1
https://www.uspto.gov/
583 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://uspto.gov | 301 | 15 ms | HTTP/1.1 | cloudflare |
| 2 | https://www.uspto.gov/ | 200 | 583 ms | HTTP/1.1 | Apache |
See the visual redirect chain in the HTTP Probe tab →
A+IPv6 ReadinessIPv6 reachable (1 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 3 URLsPASS
User-agent: *
Disallow: /cgi-bin/
Disallow: /includes/
Disallow: /cybertraining/
Disallow: /ebc/portal/
Disallow: /images/
Sitemap: https://www.uspto.gov/sitemap.xml
Sitemap: https://foiadocuments.uspto.gov/foia_sitemap.xml
Sitemap: https://ipidentifier.uspto.gov/ipidentifier_sitemap.xml
Sitemap: https://www.uspto.gov/officialgazette/og_sitemap.xml
A+Domain Intelligenceuspto.gov — via get.gov, 28 years, 11 months oldPASS
17 days
August 1, 2026
22 days
Issued by Google Trust Services
28 years, 11 months
Registered October 2, 1997
Enabled
Protects against DNS spoofing
Unknown
2a06:98c1:3103::6812:23c0
get.gov
Expiry timeline
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry
- Renew the TLS certificate or verify auto-renewal is working
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice