https://walmart.com
Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
86
GRADE
B
FIX
0
REVIEW
4
PASS
5
INFO
0
Probed from New York, United Stated
301 Moved Permanently
Checks
95 PASS 4 REVIEW
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 Readiness
ActionNo IPv6 support
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
Why this matters
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Critical::
Both www and non-www versions serve content
Got: Both variants return 200 Expected: One variant 301-redirects to the other
Info::
HTTP correctly 301-redirects to HTTPS
www / non-www
200https://www.walmart.com/
200https://walmart.com/
Inconsistent — duplicate content risk
HTTP → HTTPS
301http://walmart.com/ → https://www.walmart.com/
Consistent
BTLS Certificate Expiry & Recommendations341 days until leaf cert expires — 4 issues to addressREVIEW
TLS Certificate Expiry & Recommendations
341 days until leaf cert expires — 4 issues to address
Certificate validity
341
days left
0d 30d 60d 90d+
Recommended actions
- Add includeSubDomains to the HSTS directive
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryAkamaiREVIEW
CDN & Delivery
Akamai
Akamai
Info::
Site is served via Akamai CDN
Got: server header
CDN Detected: Akamai
Provider Akamai Evidence server header
A+DNS Records1 A records, 22 ms lookupPASS
DNS Records
1 A records, 22 ms lookup
1 A records, 22 ms lookup
Info::
Resolves to 1 IPv4 address(es)
Got: 23.62.104.193
Info::
Single A record — no DNS redundancy
Multiple A records provide failover if one server goes down.
Info::
No IPv6 (AAAA) records
Info::
12 nameserver(s) configured
Got: a3-64.akam.net, a5-65.akam.net, a8-66.akam.net, a1-185.akam.net, a10-66.akam.net, a22-67.akam.net, pdnswm1.ultradns.net, pdnswm2.ultradns.net, pdnswm3.ultradns.org, pdnswm4.ultradns.org, pdnswm5.ultradns.info, pdnswm6.ultradns.co.uk
Info::
2 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 22 ms
Got: 22 ms
| A | 23.62.104.193 |
| AAAA | — |
| CNAME | — |
| NS | a3-64.akam.net, a5-65.akam.net, a8-66.akam.net, a1-185.akam.net, a10-66.akam.net, a22-67.akam.net, pdnswm1.ultradns.net, pdnswm2.ultradns.net, pdnswm3.ultradns.org, pdnswm4.ultradns.org, pdnswm5.ultradns.info, pdnswm6.ultradns.co.uk |
| MX | 10 mxa-000c7201.gslb.pphosted.com 10 mxb-000c7201.gslb.pphosted.com |
| TXT | miro-verification=0975c0912a54ef8f4e04509f053a1c2f70ac9da4 infoblox-domain-mastery=cbdbcb7b4ccda409b4d353af156079955dc262a3bd4566aae2a9afba... _globalsign-domain-verification=0UV9-mABi984W6oReb-NIqLZE4wxFn0Z_HZqReFlfx _globalsign-domain-verification=Hd9_kj-VimOTHZtYUpJ4nk3owqg4mj46e1OwAdL3Nu wrike-verification=NTMwODAzMTo0ZDkzNjlhMmI0NDIwM2Q4ZGU1MjAxMjliOGU3MTcyODAyNDc0Y... google-site-verification=xJztS4Z4V0cGZkxeeFjC4Rcg5a4t_ecHagbvLnny29k liveramp-site-verification=YH92_k-Dm6oW7Gl656UKLjSvl0CbYycKFVaNA5h3GUE jamf-site-verification=QjQCnm_eRhoqM_blaaMMDQ 00D40000000MoJP=1TBKY0000010wBV dtOeNuIs42WbSVe3Zf2qizxLw9LSQpFd6bWqCr166oTRIuJ9yKS+etPsGGNOvaiasQk2C6GV0/5PjT9C... _globalsign-domain-verification=3cMbb8HbRlXeg66d5rvUkEUPr85TLbAVmVudPnQl5E _globalsign-domain-verification=NslscvGl_pJ1cRfCq2rFhDi_4YEif-ylgq2psdPU3f 8pPKgRiiLh5Z7Vc+Yv17Ulp3s3N5kqrIWq7vhMFScRO63aM1/F4iurTUjZQgP05PoYqLikOv4PxQ3kgJ... box-domain-verification=a1eec0a382b6a6e32e6f06e51de01adbda648bbdcae18a4b2f149639... google-site-verification=YXLskp3Aou8VMPZyzN4ovKLB9OImvjE0Twct99j1o3c 00D760000008gy9=1TBDi0000004C93 _globalsign-domain-verification=0O5K1RnGYxJ8YID7nDH2Jb-w-6Hi4MfH9kiVC2V4Iy 00DDI0000000SHy=1TBDI0000008OI5 slack-domain-verification=Ic5IE8asOH1Bg6b1To8CGfWytCkVfywFsAJRZvUm anthropic-domain-verification-5vz2bt=GhKF4NMESyKswHJGVanZVBEtB 00DKZ00000Q6PTr=1TBKZ000000oLrB wrike-verification=NTMwNTkxMDphYzQ4NGU2ZDAwOWMyZTE1YmNlOGUzZWY5NmU1NjZlNzMzY2M5N... wiz-domain-verification=98d983077913f33494edc33b148e30f1969e5a60385e4f2699363abb... SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com include:_netblocks.walmart.c... y5rEnLEYKLwIj2mzy/lQAlFlZO9zhs2DWh/1GaMT9c2cWgeJvHiZRZqVGr2aUXOhCy7Zpd/SkXiJSFB0... canva-site-verification=jcrBOlbl254ia6gsPJNFCg bv-domain-verification=7bcafcc19bd8715930c7fa3c94b3dee8fd3abf0c3f90aec28a6396ed0... fbb1f44b0f37df8ca8fef161edf169dca7f1d480abb93e3240 wrike-verification=MjUxOTk3NzpiOWIxMTRiNTNkNGZhMzdjOWNkMDg5OTgzZGNmZmVlYjdlNjhkY... 00D8Z000000t3Rv=1TBKY0000008OIt 00DDD000001fMM0=1TBDD0000008OIG google-site-verification=X6YTeWoA_CdYDdff_rguyOZr8B90IKbPiHYsGTtxY7I openai-domain-verification=dv-IDGFBjh74ycOf2e4vrXwBZtv duo_sso_verification=OEGj0v4lxnMlEkwWZLG8ieSnirQtlFuZT4LWS1puxYKNHvQSOJ0KDJEdj5G... wiz-domain-verification=e79f26535d1ddbb04eb5ef81861bb7c73b36946524cea700c33cf8da... _globalsign-domain-verification=iGZiJVHFAc7fCcAN8WcX06yIGQmV1XIoXTv3EYyvoI fastly-domain-delegation-fdd46849203012022-468492-2022-03-01 workplace-domain-verification=6Si7AGFLNfTavMlaeFcp8UeuufNfvz |
| CAA | Lookup not available with standard resolver |
Resolved in 22 ms
Multiple A records provide failover if one server goes down.
Why this matters
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Why this matters
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 56 ms totalPASS
Redirect Chain
1 redirect(s), 56 ms total
1 redirect(s), 56 ms total
Info::
Single redirect
Got: https://walmart.com → https://www.walmart.com/ (301)
Info::
WWW normalization redirect
https://walmart.com
25 ms · HTTP/1.1
301
https://www.walmart.com/
30 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://walmart.com | 301 | 25 ms | HTTP/1.1 | AkamaiGHost |
| 2 | https://www.walmart.com/ | 200 | 30 ms | HTTP/1.1 |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 12344 URLsPASS
Crawlability
robots.txt present, sitemap with 12344 URLs
robots.txt present, sitemap with 12344 URLs
Info::
robots.txt is present
Got: 3580 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 12344 entries
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 3580 B Sitemaps referenced 34 User-agents Mediapartners-Google, Slurp, *, Adsbot-Google Blocking No — crawling allowed
#Sitemaps-https
Sitemap: https://www.walmart.com/sitemap_category.xml
Sitemap: https://www.walmart.com/sitemap_store_main.xml
Sitemap: https://www.walmart.com/help/sitemap_gm.xml
Sitemap: https://www.walmart.com/sitemap_browse_fst.xml
Sitemap: https://www.walmart.com/sitemap_store_dept.xml
Sitemap: https://www.walmart.com/sitemap_tp_legacy.xml
Sitemap: https://www.walmart.com/sitemap_tp_at.xml
Sitemap: https://www.walmart.com/sitemap_tp_br.xml
Sitemap: https://www.walmart.com/sitemap_tp_kp.xml
Sitemap: https://www.walmart.com/sitemap_brp_02.xml
Sitemap: https://www.walmart.com/sitemap_brp_03.xml
Sitemap: https://www.walmart.com/sitemap_brp_04.xml
Sitemap: https://www.walmart.com/sitemap_brp_05.xml
Sitemap: https://www.walmart.com/sitemap_brp_06.xml
Sitemap: https://www.walmart.com/sitemap_brp_07.xml
Sitemap: https://www.walmart.com/sitemap_brp_08.xml
Sitemap: https://www.walmart.com/sitemap_brp_09.xml
Sitemap: https://www.walmart.com/sitemap_itp_01.xml
Sitemap: https://www.walmart.com/sitemap_itp_02.xml
Sitemap: https://www.walmart.com/sitemap_itp_03.xml
Sitemap: https://www.walmart.com/sitemap_rp_01.xml
Sitemap: https://www.walmart.com/sitemap_rp_02.xml
Sitemap: https://www.walmart.com/sitemap_rp_03.xml
Sitemap: https://www.walmart.com/sitemap_rp_04.xml
Sitemap: https://www.walmart.com/sitemap_rp_05.xml
Sitemap: https://www.walmart.com/sitemap_slp_01.xml
Sitemap: https://www.walmart.com/sitemap_slp_02.xml
Sitemap: https://www.walmart.com/sitemap_auto_dir.xml
Sitemap: https://www.walmart.com/sitemap_brndshp_brand.xml
Sitemap: https://www.walmart.com/sitemap_sp.xml
Sitemap: https://www.walmart.com/sitemap_hi_ip.xml
Sitemap: https://www.walmart.com/sitemap_hi_tp.xml
Sitemap: https://www.walmart.com/sitemap_hi_bp.xml
Sitemap: https://www.walmart.com/sitemap_hi_mp.xml
#Disallow select URLs
User-agent: *
Disallow: /0/
Disallow: /55875582/walmart-us/catalog/
Disallow: /account/
Disallow: /api/
Disallow: /collection/api/logger
Disallow: /cp/-201
Disallow: /cp/-302
Disallow: /cp/-306
Disallow: /cp/-309
Disallow: /cp/-506
Disallow: /cp/-509
Disallow: /cp/api/logger
Disallow: /cp/api/wpa
Disallow: /cservice/
Disallow: /cservice/ya_index.gsp
Disallow: /electrode/api/logger
Disallow: /email_collect/
Disallow: /giftregistry/
Disallow: /msp
Disallow: /nonConfig/api/wpa
Disallow: /popup_security.jsp
Disallow: /product/electrode/api/logger
Disallow: /product/electrode/api/wpa
Allow: /reviews/product/
Allow: /reviews/seller/
Disallow: /search
Disallow: /search/api/wpa
Disallow: */api/wpa
Disallow: */midas/*
Disallow: /search/search-ng.do
Disallow: /solutions/
Disallow: /store/ajax/detail-navigation
Disallow: /store/ajax/local-store
Disallow: /store/ajax/preferred
Disallow: /store/ajax/search
Disallow: /store/ajax/visited-store
Disallow: /store/category/
Disallow: /store/electrode/api/fetch-coupons
Disallow: /store/electrode/api/logger
Disallow: /store/electrode/api/p13n
Disallow: /store/electrode/api/search
Disallow: /store/electrode/api/stores
Allow: /store/finder
Disallow: /store/popular_in_grade/
Disallow: /storeLocator/
Disallow: /storeLocator/ca_storefinder_results.do
Disallow: /tealeaf
Disallow: /topic/electrode/api/logger
Disallow: /topic/electrode/api/wpa
Disallow: /typeahead/
Disallow: /wmflows/
Disallow: */undefined/*
Disallow: /store/*/search
Disallow: /c/kp/*/page/*
Disallow: /feeds/*
Disallow: /orders
Disallow: /es/
Disallow: /swag/*
Disallow: /dad/trk
Disallow: /sp/*
#Crawler specific settings
User-agent: Adsbot-Google
User-agent: Mediapartners-Google
# slow down Yahoo
User-agent: Slurp
Crawl-delay: 5
sitemap.xml 200 OK
Type URL Set URLs 12344 entries Valid XML Yes
A+Domain Intelligencewalmart.com — via CSC Corporate Domains, Inc., 31 years, 7 months old, hosted on AkamaiPASS
Domain Intelligence
walmart.com — via CSC Corporate Domains, Inc., 31 years, 7 months old, hosted on Akamai
walmart.com — via CSC Corporate Domains, Inc., 31 years, 7 months old, hosted on Akamai
Info::
Domain registered until Sep 23, 2026 (5 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: CSC Corporate Domains, Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: Akamai
Got: AS16625
Domain expiry
100 days
September 23, 2026
SSL certificate
341 days
Issued by GlobalSign nv-sa
Domain age
31 years, 7 months
Registered February 23, 1995
DNSSEC
Not enabled
Protects against DNS spoofing
Hosting
Akamai
ASN AS16625
69.192.108.189
Registrar
CSC Corporate Domains, Inc.
Unlocked 12 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar CSC Corporate Domains, Inc.
Created February 23, 1995 (31 years, 7 months ago)
Expires September 23, 2026 (5 months)
Last Updated September 19, 2025
Name Servers a1-185.akam.net, a10-66.akam.net, a22-67.akam.net, a3-64.akam.net, a5-65.akam.net, a8-66.akam.net, pdnswm1.ultradns.net, pdnswm2.ultradns.net, pdnswm3.ultradns.org, pdnswm4.ultradns.org, pdnswm5.ultradns.info, pdnswm6.ultradns.co.uk
DNSSEC Not enabled
Hosting
IP Address 69.192.108.189
ASN AS16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
Provider Akamai
Data source: rdap (0.7s)
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Why this matters
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Why this matters
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice
A+HTTP Probe TimingTotal 25 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
HTTP Probe Timing
Total 25 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
3 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
1 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
6 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
26 msTotal Time Total request time from DNS lookup through full response.
26 msConnection waterfall
DNS Lookup 3 ms TCP Connect 1 ms TLS Handshake 6 ms Server Processing 15 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.