Skip to content
https://shutterfly.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
84
GRADE
B
FIX
1
REVIEW
5
PASS
3
INFO
0
Probed from Singapore, Singapore
301 Moved Permanently
Checks
9
3 PASS 5 REVIEW 1 FIX
D
CDN & Delivery
Action
No CDN detected
FIX
No CDN detected
Warning::
No CDN detected
A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.
No CDN detected

Consider using a CDN to improve global delivery speed and reduce origin load.

B
Redirect Chain
1 redirect(s), 2166 ms total
REVIEW
1 redirect(s), 2166 ms total
Info::
Single redirect
Got: https://shutterfly.com → https://www.shutterfly.com/ (301)
Info::
WWW normalization redirect
Warning::
Redirect overhead: 2166 ms total
Got: 2166 ms

https://shutterfly.com

872 ms · HTTP/1.1

301

https://www.shutterfly.com/

1294 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://shutterfly.com301872 msHTTP/1.1Apache
2https://www.shutterfly.com/2001294 msHTTP/1.1

See the visual redirect chain in the HTTP Probe tab →

C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
REVIEW
www/non-www, trailing slash, HTTP→HTTPS
Critical::
Both www and non-www versions serve content
Got: Both variants return 200 Expected: One variant 301-redirects to the other
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.shutterfly.com/
200https://shutterfly.com/

Inconsistent — duplicate content risk

HTTP → HTTPS

301http://shutterfly.com/ https://shutterfly.com:443/

Consistent

B
HTTP Probe Timing
Total 892 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
REVIEW
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
4 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
1 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
665 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
893 ms
Total Time Total request time from DNS lookup through full response.
893 ms

Connection waterfall

DNS Lookup 4 ms TCP Connect 1 ms TLS Handshake 665 ms Server Processing 223 ms Content Transfer 0 ms
B
TLS Certificate Expiry & Recommendations
296 days until leaf cert expires — 4 issues to address
REVIEW

Certificate validity

296
days left
0d 30d 60d 90d+

Recommended actions

  • Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
  • Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+
DNS Records
2 A records, 11 ms lookup
PASS
2 A records, 11 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 76.223.88.49, 13.248.216.157
Info::
No IPv6 (AAAA) records
Info::
6 nameserver(s) configured
Got: a2-65.akam.net, a1-239.akam.net, a5-65.akam.net, a20-66.akam.net, a10-66.akam.net, a3-67.akam.net
Info::
2 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 11 ms
Got: 11 ms
A76.223.88.49, 13.248.216.157
AAAA
CNAME
NSa2-65.akam.net, a1-239.akam.net, a5-65.akam.net, a20-66.akam.net, a10-66.akam.net, a3-67.akam.net
MX
10 mxa-00204601.gslb.pphosted.com
10 mxb-00204601.gslb.pphosted.com
TXT
miro-verification=96e76065ec97d0446990574fee360e8769bd7832
docker-verification=0ac34eb5-e728-4136-a20f-374c528dbc81
docusign=50c2339b-907f-41e5-a4a5-4183b40b27f0
google-site-verification=FkdmAWsv2Otks4LsHHOL38cNKlKlRl1s72J1wL8kDJU
google-site-verification=quf0mk7xogFQZMNQk6AI-N53DY7-U2xZxGBgm1FvFdg
mongodb-site-verification=hc452NvFHtrlWeGBanVmAYT7WsW7Wvc8
+PbngGdnnFBKCsIQvKgn2BFKrTWmg7Rm8Jx3hwL5yQRBiaMI2GiQyeVTG4wK3JBkThQ5Zs3KL0BS/eEx...
mongodb-site-verification=04yEVPj5jvK4JbAgv391tXdQSMUv88Hu
mongodb-site-verification=bZhzdUNaOgabfu1gbj6xRYr0AG8y5Bl3
anthropic-domain-verification-fj0rf8=BGkQQG2p7cSWxyE2FM9jJhuRB
google-site-verification=xjozBocX2i5-04z8llDaXygqDekBiv05hGeJSW7-lvo
google-site-verification=DgOztH8xjKTMjyeZkctGaOeSdxT6h_ryOqJOxdCI47I
vmware-cloud-verification-04d4351d-18dd-4c92-bf81-ce573a0490e0
Foxit-domain-verification=3986f9947ab218f003c7fcfb1d2eeb78
SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com -all
facebook-domain-verification=a5ormtx5wn49xeqbcd5kzfp7q2d2a1
google-site-verification=Sasfy5f1UkwBAiuoYPx23XIviZc6gYUhMEYBruBXNOc
openai-domain-verification=dv-IQttnpZwDf30XKXAZVU4bdw1
mongodb-site-verification=0U7GkGD40TFWvoBngvN4BGhx8ao1yYuf
google-site-verification=TCjntpYI3Uxpi5hNHXwHUCfKCN2xwemqGmAqCgM0FbE
atlassian-domain-verification=74NzmiSNPkRep+Df7PR4WqAwfxslvg2UMPtMf6NFLrjHcWeMyI...
mongodb-site-verification=UR1eqZSaH0U6U0IiqtCznI9yxGIVtbiX
canva-site-verification=m1h-H4LQhR7XBio48r_eww
ca3-9bedc0a721044a338d1ec4b580ccd984
mixpanel-domain-verify=ed266b3c-1fb1-4ee9-b6a5-6cc9a2931be9
adobe-idp-site-verification=0cdadd63-6d79-4eca-8a95-363d28603959
teamviewer-sso-verification=73db9c92e58b48e7a0ce6a2dac29ba21
google-site-verification=hpwW2Y2sZWh3S6YdEDoV_jfki5JBqOb6_aHjjmgVALg
apple-domain-verification=abGHeYlDQebSjkei
google-site-verification=GoEX8wKuntEUiUb3HQOy9wFUCsY2q90xMNkhSbjGWug
docusign=a1d2768d-abdf-4ef3-934e-414384f1e8fa
MS=ms66033050
google-site-verification=z_X2OLSdVvF4jDVQN82IQ3Q29wGn7hKq9Dhh3D4UesQ
zoho-verification=zb54156507.zmverify.zoho.com
CAALookup not available with standard resolver
Resolved in 11 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+
Crawlability
robots.txt present, sitemap with 3 URLs
PASS
robots.txt present, sitemap with 3 URLs
Info::
robots.txt is present
Got: 1948 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 3 entries
Info::
Sitemap index with 3 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 1948 B Sitemaps referenced 2 User-agents Genieo, genieo, Pinterestbot, deepcrawl, *, GoogleBot, R6_FeedFetcher Blocking No — crawling allowed
# Tells Scanning shutterfly Robots Where They Are And Are Not Welcome
#
# User-agent:   can also specify by name; "*" is for everyone
# Disallow:     disallow if this matches first part of requested path
#

User-agent: *
Crawl-delay: 10
Disallow: /account
Disallow: /error
Disallow: /secure
Disallow: /help
Disallow: /progal/album.jsp
Disallow: /promos
Disallow: /sitesearch
Disallow: /c-s
Disallow: /g/ts
Disallow: /signin/
Disallow: /_internal/
Disallow: /about/emp_sub*
Disallow: /page/
Disallow: /br-cms-spa/
Disallow: /seasonal-stop-emails/
Disallow: /header
Disallow: /footer
Disallow: /ambassador
Disallow: /ambassador-terms
Disallow: /ambassador-signupform
Disallow: /ambassador-success
Disallow: /ambassador-participation


# Disable click for prints
Disallow: /c4p
Disallow: /osc4p

# disable creation path crawling
Disallow: /creationpath
Disallow: /creationPath
Disallow: /ssc

# do not allow shares to be indexed
Disallow: /action/welcome
Disallow: /share/received

User-agent: GoogleBot
Disallow: /account/
Disallow: /error/
Disallow: /secure/
Disallow: /help
Disallow: /progal/album.jsp
Disallow: /promos
Disallow: /sitesearch
Disallow: /c-s
Disallow: /g/ts
Disallow: /signin/
Disallow: /c4p
Disallow: /osc4p
Disallow: /creationpath
Disallow: /creationPath
Disallow: /ssc
Disallow: /action/welcome
Disallow: /share/received
Disallow: /specialOffers
Disallow: /signup/
Disallow: /page/
Disallow: /br-cms-spa/
Disallow: /seasonal-stop-emails/
Disallow: /header
Disallow: /footer
Disallow: /ambassador
Disallow: /ambassador-terms
Disallow: /ambassador-signupform
Disallow: /ambassador-success
Disallow: /ambassador-participation
Disallow: /partner-landing

User-agent: R6_FeedFetcher
Disallow: /

User-agent: Genieo
Disallow: /

User-agent: genieo
Disallow: /

User-agent: Pinterestbot
Crawl-delay: 1.0

User-agent: deepcrawl
Disallow: /

Sitemap: https://www.shutterfly.com/sitemap.xml
Sitemap: https://www.shutterfly.com/a/sitemap.xml
A+
Domain Intelligence
shutterfly.com — via MarkMonitor Inc., 27 years, 2 months old, hosted on AWS
PASS
shutterfly.com — via MarkMonitor Inc., 27 years, 2 months old, hosted on AWS
Info::
Domain registered until Oct 18, 2026 (5 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: MarkMonitor Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: AWS
Got: AS16509
Domain expiry

92 days

October 18, 2026

SSL certificate

296 days

Issued by Amazon

Domain age

27 years, 2 months

Registered July 7, 1999

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

AWS

ASN AS16509

76.223.88.49

Registrar

MarkMonitor Inc.

Unlocked 6 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable DNSSEC to protect visitors from DNS spoofing
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar MarkMonitor Inc.
Created July 7, 1999 (27 years, 2 months ago)
Expires October 18, 2026 (5 months)
Last Updated September 16, 2024
Name Servers a1-239.akam.net, a10-66.akam.net, a2-65.akam.net, a20-66.akam.net, a3-67.akam.net, a5-65.akam.net
DNSSEC Not enabled
Hosting
IP Address 76.223.88.49
ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)
Provider AWS
Data source: rdap (0.8s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback