Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DRedirect ChainAction2 redirect(s), 1675 ms totalFIX
https://pitt.edu
1196 ms · HTTP/1.0
https://www.pitt.edu//
232 ms · HTTP/1.1
https://www.pitt.edu/
247 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://pitt.edu | 301 | 1196 ms | HTTP/1.0 | BigIP |
| 2 | https://www.pitt.edu// | 302 | 232 ms | HTTP/1.1 | nginx |
| 3 | https://www.pitt.edu/ | 200 | 247 ms | HTTP/1.1 | nginx |
See the visual redirect chain in the HTTP Probe tab →
Each redirect adds latency. Try to minimize the chain to 1 hop.
Redirect chain — each hop adds latency; combine into one redirect where possible.
Source: Google Search Central / web.dev
If permanent, use 301 instead.
302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.
Learn more ▾ ▴
Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).
Source: Google Search Central
DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BHTTP Probe TimingTotal 1146 ms — DNS, TCP, TLS, TTFB, content transfer breakdownREVIEW
Connection waterfall
BTLS Certificate Expiry & Recommendations85 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
ADNS Records1 A records, 1367 ms lookupPASS
| A | 136.142.34.30 |
| AAAA | — |
| CNAME | — |
| NS | ns4.pitt.edu, ns5.pitt.edu |
| MX | 50 pitt-edu.mail.protection.outlook.com |
| TXT | MS=ms71489915 UNIV.PITT.EDU e2ma-verification=57wcb e2ma-verification=koffb e2ma-verification=qbgfb e2ma-verification=rbgfb e2ma-verification=rd5fb e2ma-verification=sbgfb e2ma-verification=tbhcb e2ma-verification=wk6fb 3O2V5EAFAAH5EMATSCSAA652T v4p5upe3evq3hp65ra6jlgevah 950F0344DCF24756A88BDFBFD8E7EB22 _qvhfnxyw4qs3xeskz88wl4ap27pf7cb asv=01edc9f065cf52ef7eb3f6be90335b44 YCF9QDAIUW1C4Q5FHSG67VANHEWZVAR5EF0G6K7KV hibp-verify=dweb_sf0iy2l6alud2b4xagy55qkz apple-domain-verification=T5OvxPHFi8achdhN brevo-code:12193ad1fd4d98502705f37c73009e00 brevo-code:b1414e0a234265a2faa294058248ae06 status-page-domain-verification=9vqjzbyylnp4 SFMC-5viNEFmlibG5T_6jyaVq02b0C9K5LqU_YoZiCyB8 SFMC-Uosi2JApwvb1KeOkFMiwxuP8bu5ZQ-NCvon3OmLA docusign=34bf12a1-c1fb-4c0a-acc6-1f9de88cbd4d docusign=4a2d22a9-b590-4888-9db2-a28609124a7e canva-site-verification=7KwVWT8nPeld9ncSL1dpSA bw=uAz0iyKPOVtSawYCGzqk1yc91UH5Wz0LcyWMHdQrZ6fj 1password-site-verification=2A6J4YZQBVEAXE7B4J5CUQ4D7I airtable-verification=a25e80720113523a44e8f73a3f2d5f99 SPF v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all anthropic-domain-verification-yw4vyk=ribqWxiX5vEV7XQgkPaMt8c9z vmware-cloud-verification-7677967a-f87d-450b-a8ad-c7123faba939 4Dv0akddTz5E4RVbKwTSkKxcLrxWxV7WyURMNcS8fo7OyoGtRyqW7GuvJ1wzDa8u adobe-idp-site-verification=54010519-6768-48db-9855-b735b7db7d84 google-site-verification=4X0pCoQE6zUFGoaQVqOSoQ74CBYAxo52JoJedmLuB2k mailerlite-domain-verification=38806978a5952a0a1aaabf0cf1bb7689d1ccf2a8 mailerlite-domain-verification=be359b3eadd44164bfd060bca084d0eb1b1e5bdc intersight=9071e410e203b4057b9215878864b3ae1225355f1fd5b0c0c75a29a8661130e5 sending_domain697993=11ccad21140ef98a1a5395947d9549f84ef2bc9a477c66a42eabf3cb52b... +DomOKp/dR8VTR7ftcxj5zfHX18GN7kSJZ+zqNH5DWgJIYBdk30tZm+Ctas9pl6qVuQpIZdALV0J/+BW... xh3AEFC714jLbUAryeKTDxuuJCRyQ/HgifqgTGSzoIW1jgFmD43UvcT6RpjVHn6ZnkJRLNxX1EDnADUR... atlassian-domain-verification=4Dv0akddTz5E4RVbKwTSkKxcLrxWxV7WyURMNcS8fo7OyoGtRy... |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
Slow DNS adds latency to every page load. Consider a faster DNS provider.
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
A+Crawlabilityrobots.txt present, sitemap with 41 URLsPASS
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html
User-agent: *
# CSS, JS, Images
Allow: /core/*.css$
Allow: /core/*.css?
Allow: /core/*.js$
Allow: /core/*.js?
Allow: /core/*.gif
Allow: /core/*.jpg
Allow: /core/*.jpeg
Allow: /core/*.png
Allow: /core/*.svg
Allow: /profiles/*.css$
Allow: /profiles/*.css?
Allow: /profiles/*.js$
Allow: /profiles/*.js?
Allow: /profiles/*.gif
Allow: /profiles/*.jpg
Allow: /profiles/*.jpeg
Allow: /profiles/*.png
Allow: /profiles/*.svg
# Directories
Disallow: /core/
Disallow: /profiles/
# Files
Disallow: /README.md
Disallow: /composer/Metapackage/README.txt
Disallow: /composer/Plugin/ProjectMessage/README.md
Disallow: /composer/Plugin/Scaffold/README.md
Disallow: /composer/Plugin/VendorHardening/README.txt
Disallow: /composer/Template/README.txt
Disallow: /modules/README.txt
Disallow: /sites/README.txt
Disallow: /themes/README.txt
Disallow: /web.config
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register
Disallow: /user/password
Disallow: /user/login
Disallow: /user/logout
Disallow: /media/oembed
Disallow: /*/media/oembed
# Paths (no clean URLs)
Disallow: /index.php/admin/
Disallow: /index.php/comment/reply/
Disallow: /index.php/filter/tips
Disallow: /index.php/node/add/
Disallow: /index.php/search/
Disallow: /index.php/user/password
Disallow: /index.php/user/register
Disallow: /index.php/user/login
Disallow: /index.php/user/logout
Disallow: /index.php/media/oembed
Disallow: /index.php/*/media/oembed
A+Domain Intelligencepitt.edu — 37 years, 4 months old, hosted on UPITT-AS - University of Pittsburgh, USPASS
747 days
July 31, 2028
85 days
Issued by Internet2
37 years, 4 months
Registered June 21, 1989
Status unknown
Protects against DNS spoofing
UPITT-AS - University of Pittsburgh, US
ASN AS4130
136.142.34.30
Registrar unknown