Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
BRedirect Chain1 redirect(s), 1017 ms totalREVIEW
https://unh.edu
424 ms · HTTP/1.1
https://www.unh.edu/
593 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://unh.edu | 301 | 424 ms | HTTP/1.1 | nginx |
| 2 | https://www.unh.edu/ | 200 | 593 ms | HTTP/1.1 | nginx |
See the visual redirect chain in the HTTP Probe tab →
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations121 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
ADNS Records1 A records, 2274 ms lookupPASS
| A | 132.177.132.99 |
| AAAA | — |
| CNAME | — |
| NS | ns.usnh.edu, ns2.unh.edu, unhsst.unh.edu, nic.unh.edu |
| MX | 10 unh-edu.mail.protection.outlook.com |
| TXT | ecostruxure-it-verification=a5d461d6-381e-414f-a841-406d35adc6de sending_domain1079943=ae1f99177527174f6fc6e3d92921ad8385ac4623d83562198ebb214dda... MS=ms83123557 adobe-idp-site-verification=c72276468d8ad7daa06fc05b3fb7d859465513ffc061216675fe... DZCT6MFEfQ Sendinblue-code:160d1089769095a328703e634f5de06f bCPyawUYSK6Mb3g4rkXkG8UamHfRF6oPVSuSN+Prgu9eqkpFCjbTD5/Iriv+oY/oiap0gYLVnvsknUbM... SPF v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email include:sendersrv.com ~a... brevo-code:2234ddef09ed2b8787c6d93f0d819572 brevo-code:59b3a18744d24f960bd78166f34f87c5 kalFjJr0aINP1W3NsIkMJ54W1nbfYaEq+KB2Sv59vuwk+IvYl3B6oS+BZXTUWWmV3sh8gOda8PKaPR06... facebook-domain-verification=365v2rdn8vcv8khorj0t2omd96cjot google-site-verification=EdWChc29r-pivLURIP1-SDQG5x_x7nn52SzSo_WaWUI docusign=48670095-e238-4b1c-a4d8-46985245e60c pardot1079943=a8105d204e2e4dd35693c1f35634df8109aafa853cbf62b4bbfdc6289e9c938c p97pdo41uabdp794oeslgiqm0c google-site-verification=uSIAdU9YfWQ1EKgirykwuhfTBnx8vYdX2saLBBehHkE google-site-verification=RGZA0mMI8yyY4n5P5CCjwKkFispZEjJDQ0ZPM3n0ihs |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
Slow DNS adds latency to every page load. Consider a faster DNS provider.
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
A+Crawlabilityrobots.txt present, sitemap with 289 URLsPASS
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
# Global UNH rules.
Disallow: /sites/default/files/*.pdf$
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html
User-agent: *
# CSS, JS, Images
Allow: /core/*.css$
Allow: /core/*.css?
Allow: /core/*.js$
Allow: /core/*.js?
Allow: /core/*.gif
Allow: /core/*.jpg
Allow: /core/*.jpeg
Allow: /core/*.png
Allow: /core/*.svg
Allow: /profiles/*.css$
Allow: /profiles/*.css?
Allow: /profiles/*.js$
Allow: /profiles/*.js?
Allow: /profiles/*.gif
Allow: /profiles/*.jpg
Allow: /profiles/*.jpeg
Allow: /profiles/*.png
Allow: /profiles/*.svg
# Directories
Disallow: /core/
Disallow: /profiles/
# Files
Disallow: /README.md
Disallow: /composer/Metapackage/README.txt
Disallow: /composer/Plugin/ProjectMessage/README.md
Disallow: /composer/Plugin/Scaffold/README.md
Disallow: /composer/Plugin/VendorHardening/README.txt
Disallow: /composer/Template/README.txt
Disallow: /modules/README.txt
Disallow: /sites/README.txt
Disallow: /themes/README.txt
Disallow: /web.config
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register
Disallow: /user/password
Disallow: /user/login
Disallow: /user/logout
Disallow: /media/oembed
Disallow: /*/media/oembed
# Paths (no clean URLs)
Disallow: /index.php/admin/
Disallow: /index.php/comment/reply/
Disallow: /index.php/filter/tips
Disallow: /index.php/node/add/
Disallow: /index.php/search/
Disallow: /index.php/user/password
Disallow: /index.php/user/register
Disallow: /index.php/user/login
Disallow: /index.php/user/logout
Disallow: /index.php/media/oembed
Disallow: /index.php/*/media/oembed
# Site specific robots.txt settings.
A+Domain Intelligenceunh.edu — 40 years old, hosted on USNH - University System of New Hampshire, USPASS
377 days
July 31, 2027
121 days
Issued by Internet2
40 years
Registered October 27, 1986
Status unknown
Protects against DNS spoofing
USNH - University System of New Hampshire, US
ASN AS11745
132.177.132.99
Registrar unknown