Skip to content
https://opensea.io

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
95
GRADE
A
FIX
0
REVIEW
3
PASS
6
INFO
0
Probed from Madrid, Spain
403 Forbidden
Checks
9
6 PASS 3 REVIEW
B
Crawlability
no robots.txt, no sitemap
REVIEW
no robots.txt, no sitemap
Info::
No robots.txt found
robots.txt is optional but recommended. It tells search engine crawlers which pages to index.
Info::
No sitemap.xml found
A sitemap helps search engines discover and index your pages more efficiently.

robots.txt is optional but recommended. It tells search engine crawlers which pages to index.

Why this matters

No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.

Learn more

A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.

Source: robotstxt.org

A sitemap helps search engines discover and index your pages more efficiently.

Why this matters

No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.

Learn more

A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.

Source: sitemaps.org / Google Search Central

robots.txt No robots.txt found

No robots.txt found

This is fine for most sites — a missing robots.txt allows all crawling by default.

sitemap.xml No sitemap found

No sitemap found

Adding a sitemap helps search engines discover your pages.

B
TLS Certificate Expiry & Recommendations
74 days until leaf cert expires — 3 issues to address
REVIEW

Certificate validity

74
days left
0d 30d 60d 90d+

Recommended actions

  • Extend HSTS max-age to at least 31536000 (1 year) to meet the preload list criteria
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN & Delivery
Cloudflare
REVIEW
Cloudflare
Info::
Site is served via Cloudflare CDN (edge: CDG)
Got: cf-ray: 9eff80d5d95d153e-CDG
CDN Detected: Cloudflare
Provider Cloudflare Evidence cf-ray: 9eff80d5d95d153e-CDG
A+
DNS Records
2 A records, 95 ms lookup
PASS
2 A records, 95 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 172.64.154.159, 104.18.33.97
Info::
Has 2 IPv6 (AAAA) record(s)
Got: 2a06:98c1:3107::ac40:9a9f, 2a06:98c1:3104::6812:2161
Info::
2 nameserver(s) configured
Got: nicole.ns.cloudflare.com, arch.ns.cloudflare.com
Info::
5 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 95 ms
Got: 95 ms
A172.64.154.159, 104.18.33.97
AAAA2a06:98c1:3107::ac40:9a9f, 2a06:98c1:3104::6812:2161
CNAME
NSnicole.ns.cloudflare.com, arch.ns.cloudflare.com
MX
1 aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com
10 aspmx2.googlemail.com
10 aspmx3.googlemail.com
TXT
google-site-verification=braA-lO3YtmBslz87lJyjQmLb3q-83yvP32MH5iNGWI
hubspot-domain-verification=MjQ0ODU3MmQtMDNjNy00NGQ2LWFiMmYtNmZiMmY0YTRjOTEx
miro-verification=80b1c4dd4450a54c6feb9480700b70a39581eb17
google-site-verification=Upmu4anGS7wtjB-FhJHxvdmqwEYrq04s8WUDnqfhjEg
ZOOM_verify_dT6eM5gFyayVNcZLTDpZWt
atlassian-domain-verification=1PfCmQaacw/ECNVuQ1AkodolOd/BVvpjNT4BffsbLWX8hJmZLv...
google-site-verification=soMCXwlfW1npd1y97qtBFY0l15cQbf5lNJeGIxn4LYw
tenderly-domain-verification-6ew91n=kXqE4FD0DGfbaE2SO9QEqX84p
h1-domain-verification=Bsi7zNNMQJMdNUgs5PZWjP7AMYAkPVa9xbRL6wEf2ZLnM2JV
figma-domain-verification=9f3e4bd497d0c0dd6e76edef8dfbb81f4f6b16c12237bc1173c73c...
google-site-verification=sy3dn-WQedJSuSxHajKLzyRSWwCBif7xFCVbc7sxLl0
linear-domain-verification=137782
notion_verify_Rpy2bd1ub9za5gcm89mGXDDK3VZ7DMz7RGcJzUhpWi0AbHqvD3K1pu03mG6Y1LYv3p...
slack-domain-verification=ZEyB9FuIdPL6k7REJmrdEo61PVJOlgoYQXNYIbpO
perplexity-ai-domain-verification-785pgn=XPNsjGdlaWfDh4jdubuqwdU4Q
cursor-domain-verification-4zfcpw=ari86tRXibV7TSmfbvGIq9tYf
MS=ms16319070
google-site-verification=vz7ogOBr92dRknpeC28-TQbbEyVWvko_MF-J7WYMsNY
anthropic-domain-verification-7k27ax=hT2KZAHNMV7a2tSh9cieoCUxK
google-gws-recovery-domain-verification=44295434
google-site-verification=S14smBDLHtomTKysI7Xv4Wshyr1VF7FhrmyIkqrxlWQ
segment-site-verification=LJOzXeBmqaKRNrmKF2GIlt4vJ442n8kn
openai-domain-verification=dv-00wsOyw21EBhIl9i0SPLGghW
google-site-verification=7KM8t2vfhMyCF9nNJie3tZK6FYBgZZ_tHd5me8-XxdQ
4171fc0b-1b5a-48cc-8924-f588ef7c83a6=77bf321a0a9a095aef0f6c457bc73a17da016ce604d...
zapier-domain-verification-challenge=6d6abc15-dd7a-43d6-a1f5-cee105cc12e7
verification_token=OQQp4EWCL3hWigSSrbz2u0f9N
mongodb-site-verification=zMhSNQQRjWhgVYFlPIaz2flrTB4vzqSb
google-site-verification=2rBgjKc0-Qrso9Es_hnYv2deFHfxZePZPioPCgPjuUI
SPF v=spf1 include:_spf.google.com include:mailgun.org include:_spf.atlassian.net in...
atlassian-sending-domain-verification=374c8591-2263-48b1-a0b8-725ff1e8d543
google-site-verification=Lfrspbc4rm7jjOGg43aoYuNiZ6viBX0Q3s94b7-ehMo
mixpanel-domain-verify=ee907c3f-76b4-40b4-8f2f-57c8f8aa58a3
apple-domain-verification=ELyRHhpBTyfufsty
RBqq4TAfEQUBMWQAFRFmVt0
0nnq5lmm3ntn3z631zqdxy8rktd8n5qy
docusign=21d05164-3b53-4865-88f4-fc093c7e84ff
CAALookup not available with standard resolver
Resolved in 95 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+
Redirect Chain
0 redirect(s), 64 ms total
PASS
0 redirect(s), 64 ms total

https://opensea.io

64 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://opensea.io40364 msHTTP/1.1cloudflare
A+
IPv6 Readiness
IPv6 reachable (17 ms)
PASS
IPv6 reachable (17 ms)
Info::
IPv6 is configured and reachable at 2a06:98c1:3107::ac40:9a9f, 2a06:98c1:3104::6812:2161
Got: 17 ms connect
IPv6 Ready
AAAA Records 2a06:98c1:3107::ac40:9a9f, 2a06:98c1:3104::6812:2161 Connection Reachable (17 ms)
A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.opensea.io/
200https://opensea.io/

Preferred variant: non-www

HTTP → HTTPS

301http://opensea.io/ https://opensea.io/

Consistent

A+
Domain Intelligence
opensea.io — via Gandi SAS, 8 years, 5 months old
PASS
opensea.io — via Gandi SAS, 8 years, 5 months old
Info::
Domain registered until Dec 27, 2026 (8 months remaining)
Info::
Registrar: Gandi SAS
Info::
Registrar lock is enabled
Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.
Domain expiry

163 days

December 27, 2026

SSL certificate

74 days

Issued by Google Trust Services

Domain age

8 years, 5 months

Registered December 27, 2017

DNSSEC

Status unknown

Protects against DNS spoofing

Hosting

Unknown

2a06:98c1:3104::6812:2161

Registrar

Gandi SAS

Locked 2 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Registrar Gandi SAS
Created December 27, 2017 (8 years, 5 months ago)
Expires December 27, 2026 (8 months)
Last Updated August 1, 2025
Name Servers arch.ns.cloudflare.com, nicole.ns.cloudflare.com
Registrant Opensea
Hosting
IP Address 2a06:98c1:3104::6812:2161
Data source: whois (1.0s)

Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.

Why this matters

Registrar lock (clientTransferProhibited et al.) prevents unauthorized domain transfers — strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 95 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
32 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
16 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
22 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
95 ms
Total Time Total request time from DNS lookup through full response.
96 ms

Connection waterfall

DNS Lookup 32 ms TCP Connect 16 ms TLS Handshake 22 ms Server Processing 25 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback