Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BTLS Certificate Expiry & Recommendations33 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 110 ms lookupPASS
| A | 75.2.65.169, 99.83.129.68 |
| AAAA | — |
| CNAME | — |
| NS | amsdns1.nestle.com, ctrdns1.nestle.com, eurdns1.nestle.com, aoadns1.nestle.com |
| MX | 10 nestle-com.mail.protection.outlook.com |
| TXT | klaviyo-site-verification=YrN3bd spf2.0/pra mx ip4:194.55.91.12 ~all mentimeter-a4137301-7f20-4628-9641-eb6827790574 spf2.0/pra mx ip4:194.55.91.9 ~all ms-domain-verification=1121a747-c3ec-41a7-80f8-1643341fc817 atlassian-domain-verification=I2NBYNmuPopNzs1DweeHodDcU8g0QhnCcTQmyDXekkAFAxss1G... _i7qky6yoaadq6lcvpgdy5ei4sb4d8af google-site-verification=9RRS5892Oo-mefiHUd4T2xP4UxOHOMUsFoF_SMMDh0o canva-site-verification=MJPCT8kdVo_OwqOKw9wFcg ms-domain-verification=19afffa2-a941-4f07-8ffc-7b16e8f60b9e nitro-verification-code=1234abcd1234abcd1234abc= successfactors-site-verification=OWZlYmE2Y2NkMTlkNTY3YTBhMDNkYWUwNDk2YjhiMDgyNzY... msfpkey=38xsiqsmpss1ftgu0o4odsgkn a7b983c0e5cc04c0644767c5d4523fb06fa62c3fdc0bd17556 figma-domain-verification=54329dcb310a408a8579158bdb6aae7b57df7c0c10325bf64091ab... klaviyo-site-verification=WAnEAN smartsheet-site-validation=n2amRjBLniYEbUsPPeXZidE_vyMuc9c7 Dynatrace-site-verification=a826ad13-5163-46ce-a13d-68ff7f079bfe__1is1gb3uhk8im4... google-site-verification=4boG_hRaR-o6oCKDLdjL39m_5Cnxif6Y8w0wXNhLoyI amazonses:GUlcEiHxac7PwARDKt2H++F+yHpjnO6TK9MHaKK267Q= google-site-verification=-tkluRaSOSSK6xsUjVc02WxYWuWRLkKyDz7frX5yZQs klaviyo-site-verification=RteiZu spf2.0/pra mx ip4:194.55.91.11 ~all th3md0l8f3wkbxxkpn0cbdgyhkr5jj0l amazonses:u6LF7SlsIaBXd4crRjOCmbusowbHKXPbdHt4fw3vloE= nq008gt47fvw7dx6pjzjd1y7vncs900c 62d206eb-2f97-4141-9ab1-865094ea9d83 00D9X00000ZxAjz=1TB9X00000007Cn successfactors-site-verification=ZmNmODAzYmJjZDlhYzJhMDk3MGQ0NjhiNzdjNGM2MGI0ZTV... ms-domain-verification=2c83f59c-b508-4f9d-ae2b-7f1d48371c49 atlassian-sending-domain-verification=eed85d81-e849-4de0-b10e-be0629f1442d atlassian-domain-verification=OJfjD7o9AavR57yWrPZhSNpmTM53w4GWxPjz6ld6WzP50kRFQX... twilio-domain-verification=305e3ea02d72ea5a4d0f46ed1270788d openai-domain-verification=dv-I0Tx4cKlpKdbEjBFIT6eOlXA SPF v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all shopify-verification-code=L8hvjnG7eWUxUNy4uwteo4ZrtbZlVq 82zlg6170zpnbjlfmbs8jmqtx9srg2y6 klaviyo-site-verification=R6rcwB f3d9dee8-6ca4-41f3-a81a-f4fc1fc134b9 docusign=3774941a-d077-4b5e-ad95-113ab94dff1e sending_domain1121423=e9d9bd20ad17542c1ce1a5207e50de3d0eace279938312a37348a387e4... dell-technologies-domain-verification=nestle.com_e17e04dc-f1a8-4f69-b1a8-6a93968... google-site-verification=8eCCCIm04dG2ZuOcwY8jwWfYzgHdRfiZPlZSF6AQCqI postman-domain-verification=22d93c1ffe6286f4277d60a83dc364973845052cd1f7f9c661f4... shopify-verification-code=nFTfmUunEU8PPm08noR54Q2TU9YF5N twilio-domain-verification=ad154e965c70b4d924f13931f4bda76f pHRJvo+CPJpCIIpot5in9y5WN56wDWZlSK1xuWQrklQZqWrX7cUHKUMpbptdGXLhuOK4G+P4akzUh6zs... _2nwjpt88cpwt5msanxk7food4hqzh4x bettercomp-verify=55d2108f0af2b3f4b30fc9c87fb5b3f67701fd9bad8732b11064e9d293beca... 879cs7x68y1p0q9sstb16hkyflmd2dgy onetrust-domain-verification=81d7646afd154b228aec14e223157955 liveramp-site-verification=2vTfQUeb1OUAbe4C3t5qp9ZD8q8HpSIoC_hJTUmXDXY sitecore-domain-verification=1c67053201c9429db6602c143b303eb4 apple-domain-verification=vn5zYiESUkLzTycq amazonses:WPYGfGlYF9eeXOZoaK2gG9qAB+ISQeY0jg/CaLKgyEs= onetrust-domain-verification=7e2fc0d2157c41589cb04728e36af2ed onetrust-domain-verification=1740228f78674332a0c43b3d62aec917 smartsheet-site-validation=QS-_XJWXO1Qm5P8dszzESIFjUpap4OCk amazonses:W284EZIRlFVymf2zH6KECNHfACZ9HaYwc/U6CJDNwaw= shopify-verification-code=hnRoRDYGfYXNGPfoduCs8NG0PwGsIc shopify-verification-code=WguLwdPvahPu562TPTDztrrgpvE5Ek segment-site-verification=9nuCWrtc2BeU31G7D5GJOWrKe8AldRNZ 62e4b774-2c09-486c-89af-db6587f881fe 33583856-85fc-419a-afcf-8b72bd0322af shopify-verification-code=d95SuvzQuJGkQisrg9LpvDHx4lRPU6 SFMC-rvO6SKOg1DzOxeHl5G1p1lR0Qo37uhkOfId_9HKS fastly-domain-delegation-sUW3fRD5TdMHQjAF-731323-2024-01-12 qXtHnzbC489oKpAgVkpwPsuCkjANY+8Rsah6HrburNbSFgYtRvjwyo1KfUgjhyLHVSUl+MO3PV0LzxCB... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 540 ms totalPASS
https://nestle.com
432 ms · HTTP/1.1
https://www.nestle.com/
108 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://nestle.com | 301 | 432 ms | HTTP/1.1 | |
| 2 | https://www.nestle.com/ | 403 | 108 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 2442 URLsPASS
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html
User-agent: *
# CSS, JS, Images
Allow: /core/*.css$
Allow: /core/*.css?
Allow: /core/*.js$
Allow: /core/*.js?
Allow: /core/*.gif
Allow: /core/*.jpg
Allow: /core/*.jpeg
Allow: /core/*.png
Allow: /core/*.svg
Allow: /profiles/*.css$
Allow: /profiles/*.css?
Allow: /profiles/*.js$
Allow: /profiles/*.js?
Allow: /profiles/*.gif
Allow: /profiles/*.jpg
Allow: /profiles/*.jpeg
Allow: /profiles/*.png
Allow: /profiles/*.svg
# Directories
Disallow: /core/
Disallow: /profiles/
# Files
Disallow: /README.txt
Disallow: /web.config
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips/
Disallow: /node/add/
Disallow: /jobs/search/
Disallow: /user/register/
Disallow: /user/password/
Disallow: /user/login/
Disallow: /user/logout/
# Paths (no clean URLs)
Disallow: /index.php/admin/
Disallow: /index.php/comment/reply/
Disallow: /index.php/filter/tips/
Disallow: /index.php/node/add/
Disallow: /index.php/search/
Disallow: /index.php/user/password/
Disallow: /index.php/user/register/
Disallow: /index.php/user/login/
Disallow: /index.php/user/logout/
Disallow: /node/*
Disallow: /taxonomy/term/*
# Disallow Ajax loaded pages
Disallow: /feedback-form
Disallow: /report-concern
Disallow: /sites/default/files/asset-library/documents/library/documents/annual_reports/2000-management-report-brands-de.pdf
# Disallow brand search page
Disallow: /brands/brandssearchlist
Disallow: /cdn-cgi
Disallow: /node
# Simple sitemap
Sitemap: https://www.nestle.com/sitemap.xml
- https://www.nestle.com/media/news/alimentarium-reopening
- https://www.nestle.com/media/news/alliance-for-youth-facebook
- https://www.nestle.com/media/news/alliance-for-youth-helps-50000-young-europeans-become-employable
- https://www.nestle.com/media/news/alliance-for-youth-vocational-skills-week
- https://www.nestle.com/media/news/alliance-youth-employment-european-challenge-debate
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencenestle.com — via Nom-iq Ltd. dba COM LAUDE, 31 years, 11 months old, hosted on AWSPASS
101 days
October 24, 2026
33 days
Issued by ZeroSSL
31 years, 11 months
Registered October 25, 1994
Not enabled
Protects against DNS spoofing
AWS
ASN AS16509
99.83.129.68
Nom-iq Ltd. dba COM LAUDE
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice