Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.FRedirect ChainAction3 redirect(s), 1092 ms totalFIX
https://www.robinhood.com
202 ms · HTTP/1.1
https://robinhood.com/
240 ms · HTTP/1.1
https://robinhood.com/us/en/
159 ms · HTTP/1.1
https://robinhood.com/eu/fr/
492 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://www.robinhood.com | 301 | 202 ms | HTTP/1.1 | envoy |
| 2 | https://robinhood.com/ | 302 | 240 ms | HTTP/1.1 | envoy |
| 3 | https://robinhood.com/us/en/ | 307 | 159 ms | HTTP/1.1 | envoy |
| 4 | https://robinhood.com/eu/fr/ | 200 | 492 ms | HTTP/1.1 | envoy |
See the visual redirect chain in the HTTP Probe tab →
Each redirect adds latency. Try to minimize the chain to 1 hop.
Redirect chain — each hop adds latency; combine into one redirect where possible.
Source: Google Search Central / web.dev
If permanent, use 301 instead.
302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.
Learn more ▾ ▴
Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).
Source: Google Search Central
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BTLS Certificate Expiry & Recommendations275 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Add includeSubDomains to the HSTS directive
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
ADNS Records4 A records, 113 ms lookupPASS
| A | 3.165.190.48, 3.165.190.15, 3.165.190.13, 3.165.190.62 |
| AAAA | — |
| CNAME | robinhood.com |
| NS | ns-376.awsdns-47.com, ns-1448.awsdns-53.org, ns-1717.awsdns-22.co.uk, ns-566.awsdns-06.net |
| MX | 1 aspmx.l.google.com 5 alt2.aspmx.l.google.com 5 alt1.aspmx.l.google.com 10 aspmx3.googlemail.com 10 aspmx2.googlemail.com |
| TXT | have-i-been-pwned-verification=b9ccca1f8a1a23a4a910774f1e65110e stripe-verification=fcc2904251a14a11eb0f1765ec6f2f909e5f200c34bdb15def4b400c9c34... google-site-verification=f_TAbAM_p9fGgl3c7ssq81SGfbkz11ytgeQaZy6s3ro docusign=a1debf77-faad-442a-a876-caca91dc1524 3121037 apple-domain-verification=NNk0iX2sP06iOm8X google-site-verification=D99vnCS8NaROiaHHSYWAVM-z62rNx2e3nsf4ByCBSys google-site-verification=JrBLPC7WcxAw1i2CmJ08imTMVXa7fXmYxqkUiGYcXMM adobe-idp-site-verification=337b49da39d5e893bd1cfb2ea676c82c0f58829a8328c97ad118... cloudflare_dashboard_sso=80d9c378b773e3e5bd266905f08e3ad9 MS=ms37860350 stripe-verification=eea2d9a26c727d703b3ac9f83baf40c9367e3881625335218d7cacb0c1ec... docker-verification=84a32f24-69e6-4abc-8f1d-c3bd63d84bcb google-site-verification=o7Er0N4wiSC49Fpg0DnJlB5eX6EFgUTkqKtfaS3hZoA warpstream-verification=HJrMnZcumnuTlhjcdbEYZw== loaderio=3b374e0e01eb22cea519ca4cb508509c stripe-verification=7aedd4a55386e529b45b6a42bfae6ea98136481455e48d66c31da1126bc2... parallels-domain-verification=17b8d8294e2a40d1abc4f7ac568054a6f206bd8741b249c785... openai-domain-verification=dv-ot7KP9Cf5PkMgB8x9u19XL87 zapier-domain-verification-challenge=f169105f-bdb3-4c96-a0f0-bd8ea24300b8 shopify-verification-code=yENf3C2TY4jAOlTHeO8EJaiNOz7Q5L piktochart-site-verification=BzQ8UclActSTceUD9KOp2tOrZUrtrGMLkyvY apple-domain-verification=fQoNAnWdU1uR_z9DwzPE2ugCHuzIC4IrmdSnFXM1q9M smartsheet-site-validation=BtII9pDIXfTlL6OB0xo-BZtKkX1oQAY6 google-site-verification=5yUdgL3NScf1Det_yKjAvAZub5XgcJSSHHvougBh_jw google-site-verification=0Fdchx2Vxh-dBKyqS0511gdVcqGALFOAIdx-jzj9gjM postman-domain-verification=c47965ef45e7c791defb69cc6f8012bcb550663cc54f2cfd4758... wrike-verification=NjMzMTU3NzoyNjcwYzcxOWUyYmRmNTllNGVkMzA1NTcwZTZjNDU5MjIyZjJjN... google-site-verification=JEA9gSTIxxUK8YJFYEw52vrOxAWq-ST0O52iav-ZpOQ cloudflare_dashboard_sso=bdda026f7902504cd7cf56ab0431c86c SPF v=spf1 ip4:152.70.150.118 a:outbound.email.robinhood.com include:mail.zendesk.co... sterling-verification= d2b379398f184390a49ff7cc7ecd79fe twilio-domain-verification=503e21f89f84b91b80b7ca14d72ac14f anthropic-domain-verification-1fgmw0=G7VNxcOvvV2ZsgU73gw9QA0pJ infoblox-domain-mastery=23c54b6631fcf04d6f82c9a513cdfa3b828a51febebb3a1c3ddc7035... atlassian-domain-verification=pJXlDoka7BtrtfifCE5D23RKMl2offYcXo9aJwLoWUJvupad7g... facebook-domain-verification=0jxcn748uz6b8drqoohl7zgx7n9v1r docusign=46fcbd24-163b-4096-9c14-94c405f4cff6 google-site-verification=VUuzGLQnd9n9hyAN1YCbPXRo_0A4bWwSyQYdGVO_vW4 stripe-verification=406cc480b56e3009de92277a941ec8c8e657be14ca3d87fd301841ca97da... dropbox-domain-verification=dyrk58kqgdmu stripe-verification=54ab59832e81c89b5536467238a88573ee4d7513f51c270eea5f9de0ddfd... google-site-verification=uvnRH5-xSB7gwALFXBzJBGbFQ-MslFq5KipvjJnaebg verification_token=VU3Tx9WyDdmvWE0o1JygB0p8B h1-domain-verification=y9uaWoUydiViekWLETvSYEDX6U4y1fWc4Huap2hXU3teHaif |
| CAA | Lookup not available with standard resolver |
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.
Learn more ▾ ▴
RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.
Source: RFC 1034
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Crawlabilityrobots.txt present, sitemap with 5 URLsPASS
#
# o O
# __|_____|___
# | -- |
# | ( o ) ( o )
# { | / |
# | [wwww] < *Exterminate all humans.txt* )
# [____________|
# | | /Vvvv/
# _____|___|____ |___/
# /______________\_________/ |
# | | /
# | ( / ) ( + ) |__|__|__|_|_/
# | |
# | [ -vV--vV-] |
# | |
# |______________/
#
User-agent: *
Allow: /applink/.well-known/
Disallow: /referral/
Disallow: /user/
Disallow: /subscriptions/
Disallow: /reset_password/
Disallow: /say-brokers/
Disallow: /nexus/
Disallow: /natedogg/
Sitemap: https://robinhood.com/sitemap.xml
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: www
HTTP → HTTPS
Consistent
A+Domain Intelligencerobinhood.com — via MarkMonitor Inc., 30 years, 9 months old, hosted on AWSPASS
2697 days
November 29, 2033
275 days
Issued by Amazon
30 years, 9 months
Registered November 30, 1995
Not enabled
Protects against DNS spoofing
AWS
ASN AS16509
3.165.190.15
MarkMonitor Inc.
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033