Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BCrawlabilityrobots.txt present, no sitemapREVIEW
A sitemap helps search engines discover and index your pages more efficiently.
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
User-agent: *
Allow: /api/v*/store
Allow: /api/v*/applications
Allow: /api/v*/application-directory-static
Allow: /api/v*/invite
Allow: /api/v*/discovery
Allow: /api/discovery
Allow: /invite
Allow: /invite/
Allow: /terms
Allow: /privacy
Disallow: /channels
Disallow: /channels/
Disallow: /verify
Disallow: /verify/
Disallow: /reset
Disallow: /reset/
Disallow: /authorize-ip
Disallow: /authorize-ip/
Disallow: /reject-ip
Disallow: /reject-ip/
Disallow: /reject-mfa
Disallow: /reject-mfa/
Disallow: /oauth2
Disallow: /oauth2/
Disallow: /api
Disallow: /api/
Disallow: /widget
Disallow: /widget/
Disallow: /profile/
Disallow: /report-review
Disallow: /report-review/
Disallow: /store/skus/
Disallow: /wasntme
Disallow: /wasntme/
User-agent: Twitterbot
Disallow: /channels
Disallow: /channels/
Disallow: /verify
Disallow: /verify/
Disallow: /reset
Disallow: /reset/
Disallow: /authorize-ip
Disallow: /authorize-ip/
Disallow: /reject-ip
Disallow: /reject-ip/
Disallow: /reject-mfa
Disallow: /reject-mfa/
Disallow: /report-review
Disallow: /report-review/
Disallow: /oauth2
Disallow: /oauth2/
Disallow: /api
Disallow: /api/
Disallow: /widget
Disallow: /widget/
Disallow: /profile/
Allow: /api/v*/application-directory-static
Allow: /invite
Allow: /invite/
Allow: /terms
Allow: /privacy
User-agent: nsa
Disallow: /
No sitemap found
Adding a sitemap helps search engines discover your pages.
BTLS Certificate Expiry & Recommendations46 days until leaf cert expires — 2 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
A+DNS Records5 A records, 96 ms lookupPASS
| A | 162.159.129.233, 162.159.134.233, 162.159.135.233, 162.159.133.233, 162.159.130.233 |
| AAAA | — |
| CNAME | — |
| NS | gabe.ns.cloudflare.com, sima.ns.cloudflare.com |
| MX | 1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 aspmx2.googlemail.com 10 aspmx3.googlemail.com |
| TXT | 5508A8F48F dust-domain-verification-kz9236=gJamMWiktWPTDezEQ9uvTDzyS hubspot-domain-verification=YmIxMDNhZDEtMzI3Mi00ZWNjLTk4MTYtNmViZGU5NzYyZDM5 loom-site-verification=3b8db7a74102494ba9569c862bbc5587 HjRfQW6OV2YOkDOgNju3gYI0_cx9H1iF atlassian-domain-verification=JNe2Ze7P8p623k8f7xRaHDyQWb6VzLxjFga1tu8M7lmVXC0bo1... autodesk-domain-verification=2sh4O6xiIc4ReP9Aee8h google-site-verification=jtVaxAcfspCN94ECrH12n9XJhdqO6Y2j2u3eh1XsApE gc-ai-domain-verification-h4p9zv=mTSLyVQqkAlNuctKXdWWZ7MLC adobe-idp-site-verification=954e966634e7f12b8a9a2876a989bf5e7f5050a5192c3f529b99... google-site-verification=27NMadvvj0pSQl1hkMaX3X5bwpjdFmE_FvX-MAgdLBE logmein-verification-code=2d4b306a-e291-4dc9-a09f-2cc3277288cc SPF v=spf1 include:_spf.google.com include:mail.zendesk.com include:sendgrid.net inc... stripe-verification=1d56fec5a0f745dabfbe48592806853324fe50a8d4448c10e524136d1fac... slack-domain-verification=wmXS8pleSDJ3LgREcHasvMfdkHmBbUvNI6nHNnJl logmein-verification-code=e675be17-2988-4b0b-9e19-d6793fc28655 notion_verify_A}38XvVG2tiA3b6w4kU89}p~hasV-%G^E8U0.Evvp?^a==pC1]12+eXq]BgW+%hmod... MS=CD44642CAC1658ABE588B1F34173984181355D4E docker-verification=f765b7ff-5ce5-4f27-b00a-28091eddacce zapier-domain-verification-challenge=d87a2680-bf27-4b61-8174-5ceed32bb8c7 google-site-verification=PmQRNDYVKwgF3tM6HulK5Fmmna3DSKklkjl-epmhplA google-site-verification=ihjYpERVTt6QLWL2IBBLsEZroHPjP3vVQHQG97oXZlI adobe-sign-verification=d19200aacd69c1b8e10cd1a5b47c91c3 apple-domain-verification=xPWro2NHlvCQs7LI dropbox-domain-verification=66jnk5y945ew google-site-verification=DGERr7gTRtGPVmghE_qE_w3X2kyTXdqiDVR2pBDpndQ onetrust-domain-verification=3e11024ff11441678e3d59aa6b3a87bc stripe-verification=b449d3730bb78d03e0744aa61ae3fa2f35f80572bff9e48ad9a192750829... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 182 ms totalPASS
https://discordapp.com
59 ms · HTTP/1.1
https://discord.com/
123 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://discordapp.com | 301 | 59 ms | HTTP/1.1 | cloudflare |
| 2 | https://discord.com/ | 200 | 123 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencediscordapp.com — via Cloudflare, Inc., 11 years, 3 months old, hosted on CloudflarePASS
228 days
February 26, 2027
46 days
Issued by Google Trust Services
11 years, 3 months
Registered February 26, 2015
Enabled
Protects against DNS spoofing
Cloudflare
ASN AS13335
162.159.129.233
Cloudflare, Inc.
Expiry timeline
Recommended actions
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice