Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
BRedirect Chain1 redirect(s), 2166 ms totalREVIEW
https://shutterfly.com
872 ms · HTTP/1.1
https://www.shutterfly.com/
1294 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://shutterfly.com | 301 | 872 ms | HTTP/1.1 | Apache |
| 2 | https://www.shutterfly.com/ | 200 | 1294 ms | HTTP/1.1 |
See the visual redirect chain in the HTTP Probe tab →
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BHTTP Probe TimingTotal 892 ms — DNS, TCP, TLS, TTFB, content transfer breakdownREVIEW
Connection waterfall
BTLS Certificate Expiry & Recommendations296 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 11 ms lookupPASS
| A | 76.223.88.49, 13.248.216.157 |
| AAAA | — |
| CNAME | — |
| NS | a2-65.akam.net, a1-239.akam.net, a5-65.akam.net, a20-66.akam.net, a10-66.akam.net, a3-67.akam.net |
| MX | 10 mxa-00204601.gslb.pphosted.com 10 mxb-00204601.gslb.pphosted.com |
| TXT | miro-verification=96e76065ec97d0446990574fee360e8769bd7832 docker-verification=0ac34eb5-e728-4136-a20f-374c528dbc81 docusign=50c2339b-907f-41e5-a4a5-4183b40b27f0 google-site-verification=FkdmAWsv2Otks4LsHHOL38cNKlKlRl1s72J1wL8kDJU google-site-verification=quf0mk7xogFQZMNQk6AI-N53DY7-U2xZxGBgm1FvFdg mongodb-site-verification=hc452NvFHtrlWeGBanVmAYT7WsW7Wvc8 +PbngGdnnFBKCsIQvKgn2BFKrTWmg7Rm8Jx3hwL5yQRBiaMI2GiQyeVTG4wK3JBkThQ5Zs3KL0BS/eEx... mongodb-site-verification=04yEVPj5jvK4JbAgv391tXdQSMUv88Hu mongodb-site-verification=bZhzdUNaOgabfu1gbj6xRYr0AG8y5Bl3 anthropic-domain-verification-fj0rf8=BGkQQG2p7cSWxyE2FM9jJhuRB google-site-verification=xjozBocX2i5-04z8llDaXygqDekBiv05hGeJSW7-lvo google-site-verification=DgOztH8xjKTMjyeZkctGaOeSdxT6h_ryOqJOxdCI47I vmware-cloud-verification-04d4351d-18dd-4c92-bf81-ce573a0490e0 Foxit-domain-verification=3986f9947ab218f003c7fcfb1d2eeb78 SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com -all facebook-domain-verification=a5ormtx5wn49xeqbcd5kzfp7q2d2a1 google-site-verification=Sasfy5f1UkwBAiuoYPx23XIviZc6gYUhMEYBruBXNOc openai-domain-verification=dv-IQttnpZwDf30XKXAZVU4bdw1 mongodb-site-verification=0U7GkGD40TFWvoBngvN4BGhx8ao1yYuf google-site-verification=TCjntpYI3Uxpi5hNHXwHUCfKCN2xwemqGmAqCgM0FbE atlassian-domain-verification=74NzmiSNPkRep+Df7PR4WqAwfxslvg2UMPtMf6NFLrjHcWeMyI... mongodb-site-verification=UR1eqZSaH0U6U0IiqtCznI9yxGIVtbiX canva-site-verification=m1h-H4LQhR7XBio48r_eww ca3-9bedc0a721044a338d1ec4b580ccd984 mixpanel-domain-verify=ed266b3c-1fb1-4ee9-b6a5-6cc9a2931be9 adobe-idp-site-verification=0cdadd63-6d79-4eca-8a95-363d28603959 teamviewer-sso-verification=73db9c92e58b48e7a0ce6a2dac29ba21 google-site-verification=hpwW2Y2sZWh3S6YdEDoV_jfki5JBqOb6_aHjjmgVALg apple-domain-verification=abGHeYlDQebSjkei google-site-verification=GoEX8wKuntEUiUb3HQOy9wFUCsY2q90xMNkhSbjGWug docusign=a1d2768d-abdf-4ef3-934e-414384f1e8fa MS=ms66033050 google-site-verification=z_X2OLSdVvF4jDVQN82IQ3Q29wGn7hKq9Dhh3D4UesQ zoho-verification=zb54156507.zmverify.zoho.com |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Crawlabilityrobots.txt present, sitemap with 3 URLsPASS
# Tells Scanning shutterfly Robots Where They Are And Are Not Welcome
#
# User-agent: can also specify by name; "*" is for everyone
# Disallow: disallow if this matches first part of requested path
#
User-agent: *
Crawl-delay: 10
Disallow: /account
Disallow: /error
Disallow: /secure
Disallow: /help
Disallow: /progal/album.jsp
Disallow: /promos
Disallow: /sitesearch
Disallow: /c-s
Disallow: /g/ts
Disallow: /signin/
Disallow: /_internal/
Disallow: /about/emp_sub*
Disallow: /page/
Disallow: /br-cms-spa/
Disallow: /seasonal-stop-emails/
Disallow: /header
Disallow: /footer
Disallow: /ambassador
Disallow: /ambassador-terms
Disallow: /ambassador-signupform
Disallow: /ambassador-success
Disallow: /ambassador-participation
# Disable click for prints
Disallow: /c4p
Disallow: /osc4p
# disable creation path crawling
Disallow: /creationpath
Disallow: /creationPath
Disallow: /ssc
# do not allow shares to be indexed
Disallow: /action/welcome
Disallow: /share/received
User-agent: GoogleBot
Disallow: /account/
Disallow: /error/
Disallow: /secure/
Disallow: /help
Disallow: /progal/album.jsp
Disallow: /promos
Disallow: /sitesearch
Disallow: /c-s
Disallow: /g/ts
Disallow: /signin/
Disallow: /c4p
Disallow: /osc4p
Disallow: /creationpath
Disallow: /creationPath
Disallow: /ssc
Disallow: /action/welcome
Disallow: /share/received
Disallow: /specialOffers
Disallow: /signup/
Disallow: /page/
Disallow: /br-cms-spa/
Disallow: /seasonal-stop-emails/
Disallow: /header
Disallow: /footer
Disallow: /ambassador
Disallow: /ambassador-terms
Disallow: /ambassador-signupform
Disallow: /ambassador-success
Disallow: /ambassador-participation
Disallow: /partner-landing
User-agent: R6_FeedFetcher
Disallow: /
User-agent: Genieo
Disallow: /
User-agent: genieo
Disallow: /
User-agent: Pinterestbot
Crawl-delay: 1.0
User-agent: deepcrawl
Disallow: /
Sitemap: https://www.shutterfly.com/sitemap.xml
Sitemap: https://www.shutterfly.com/a/sitemap.xml
A+Domain Intelligenceshutterfly.com — via MarkMonitor Inc., 27 years, 2 months old, hosted on AWSPASS
92 days
October 18, 2026
296 days
Issued by Amazon
27 years, 2 months
Registered July 7, 1999
Not enabled
Protects against DNS spoofing
AWS
ASN AS16509
76.223.88.49
MarkMonitor Inc.
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice