Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BTLS Certificate Expiry & Recommendations50 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Submit your domain to hstspreload.org to be added to the Chrome preload list
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 10 ms lookupPASS
| A | 104.18.11.200, 104.18.10.200 |
| AAAA | 2606:4700::6812:bc8, 2606:4700::6812:ac8 |
| CNAME | — |
| NS | major.ns.cloudflare.com, tricia.ns.cloudflare.com |
| MX | 1 aspmx.l.google.com 5 alt2.aspmx.l.google.com 5 alt1.aspmx.l.google.com 10 alt4.aspmx.l.google.com 10 alt3.aspmx.l.google.com |
| TXT | 1password-site-verification=VE25JV5RNNCWZNGYSET2ZAUPRY MS=7F0D26782D11815BCC3761640F2FC97AD5DAFE21 N1yI2XpOd-PuoT_p6CrdblqXoSL_ ZOOM_verify_EzHD2eOmbWRwqVDnEEzYsL anthropic-domain-verification-r0jhgq=SqeMEbCH2MBud92fRRhGsWyLB anthropic-domain-verification-y0y49z=VC5YmAgYDztlJ1kB2M3mACzbt apple-domain-verification=T1Af4fytxGFnvQZF3T8AwRVMEuKTbgGJVCulZEgzVjI apple-domain-verification=oF8jfVOoZRsbDQKq canva-site-verification=obM3ib6DIrVEfYInLSKxnQ cursor-domain-verification-v91c2c=uPNtROnd0uCPPk4QDYQSh7D39 dropbox-domain-verification=i1uj32v4avs0 fireflies-verification=01K2NDH00TQ61MPBFKB6YTX5D2.ffverify.fireflies.ai-request-... gamma-domain-verification-jwhbvx=DZzheYmk3UMS8FQ0CkTiq9zhy google-site-verification=6Vnymm1Mx01tSCdyBYPkiNmnQ95KFBHGQxP8X7RVzIo google-site-verification=GZh7euQ6g6QhC_zo7Fiu0Wfso4Ofal4yDQSrsckcZ5k google-site-verification=LBNgFrTnFUouigf4XXJk_aXB4DzdgjgPfEOr4AC1vhQ google-site-verification=kuSSAUCp82TODsamkFcK2XDXvxImaNb7lztinfCj3Yc hubspot-domain-verification=ODk5NDdkNWUtYTk0My00OTdjLWIxMTYtZjM5Y2I3NGM5ZmYw launchdarkly-domain-verification=2b18ea5b-08ac-452e-8826-541369fd342d notion-domain-verification=XhFfYo8m6vsCDgXxj65KaIB8ZFLFTWvMUxXWH7UtUEg openai-domain-verification=dv-Fx71G4Z0Cn06uYaRJbuM1suo openai-domain-verification=dv-aefNopOPbfv5jZ7sX3M59sOa perplexity-ai-domain-verification-4nse6t=sddhftO2s563WOcwddJAkkAP4 protonmail-verification=4eea9ce91d419e56f2db2bc65a8f9435596090b8 slack-domain-verification=YIX5gR5FCQK2RBNnirmnz81h3ad0GcoRsqMRuX8a stripe-verification=1A75A3576BCD5A1787465510FE482DAF7CA4F5282A117AB0B3E5470809F3... stripe-verification=ddab310b7f365243d243d1d60c068314d00d7527a6990d250f8a85b86636... uber-domain-verification=95ec31d7-7b6c-4f7c-b6ad-c6d3e485b2df SPF v=spf1 include:_spf.google.com include:242590154.spf05.hubspotemail.net ~all yandex-verification: fec35aa3176342a5 zapier-domain-verification-challenge=fb62ec8b-d471-4539-a057-890dcfe789a2 |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
https://gamma.app
148 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://gamma.app | 200 | 148 ms | HTTP/1.1 | cloudflare |
A+IPv6 ReadinessIPv6 reachable (2 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 5 URLsPASS
User-Agent: Applebot
User-Agent: Googlebot
User-Agent: Bingbot
User-Agent: YandexBot
User-Agent: Baiduspider
User-Agent: AhrefsBot
User-Agent: Twitterbot
User-Agent: LinkedInBot
User-Agent: facebookexternalhit
Allow: /docs/
Sitemap: https://gamma.app/sitemap-index.xml
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencegamma.app — via GoDaddy.com, LLC, 5 years, 9 months oldPASS
395 days
August 11, 2027
50 days
Issued by Let's Encrypt
5 years, 9 months
Registered August 11, 2020
Not enabled
Protects against DNS spoofing
Unknown
2606:4700::6812:ac8
GoDaddy.com, LLC
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice