Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.

SCORE

GRADE

FIX

REVIEW

PASS

INFO

Probed from Madrid, Spain

301 Moved Permanently

Checks

7 PASS 2 REVIEW

IPv6 Readiness

Action

No IPv6 support

REVIEW

No IPv6 support

No IPv6 (AAAA) records found

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

No IPv6 Support

About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

TLS Certificate Expiry & Recommendations

49 days until leaf cert expires — 3 issues to address

REVIEW

Certificate validity

days left

0d 30d 60d 90d+

Recommended actions

Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
Enable DNSSEC on your domain for DNS spoofing protection
Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy

A+

DNS Records

4 A records, 78 ms lookup

PASS

4 A records, 78 ms lookup

Resolves to 4 IPv4 address(es)

Got: 151.101.1.252, 151.101.193.252, 151.101.65.252, 151.101.129.252

No IPv6 (AAAA) records

8 nameserver(s) configured

Got: dns1.p02.nsone.net, dns4.p02.nsone.net, ns02.wfrdns.com, dns2.p02.nsone.net, ns04.wfrdns.com, ns01.wfrdns.com, dns3.p02.nsone.net, ns03.wfrdns.com

2 mail exchanger(s) configured

CAA records not checked

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

SPF record present in TXT

DNS resolution time: 78 ms

Got: 78 ms

A	151.101.1.252, 151.101.193.252, 151.101.65.252, 151.101.129.252
AAAA	—
CNAME	—
NS	dns1.p02.nsone.net, dns4.p02.nsone.net, ns02.wfrdns.com, dns2.p02.nsone.net, ns04.wfrdns.com, ns01.wfrdns.com, dns3.p02.nsone.net, ns03.wfrdns.com
MX	10 mxa-00180701.gslb.pphosted.com 10 mxb-00180701.gslb.pphosted.com
TXT	MS=ms99551924 stripe-verification=ee9434859c37405c006b60e8de4a04b50b8ad4082759cb9ac32f7c1eb49a... wiz-domain-verification=c9dc16992aacd23bc24f3aee1afb6a843f5e3719fd979b129e0196b7... google-site-verification=PYHDKIwS411Nq4tmcg15m-InrbkGMyV_24_9cFYaEFY _globalsign-domain-verification=yk6oxxVuImTG8g44_QTy4zz-_QZL980DmDz4KNSlex ddhbphkof8ftrt22309hk7o600 anthropic-domain-verification-fnc22j=4JJkYBaJ8duCrYbw6ez6NLfKq grd7qo8p5vhi2iafrbkpkl30sm google-site-verification=UrJdl3OFi8WPUeXPVfS_PFePSohrUHRBbdd9wnX5rt0 stripe-verification=4b679d16dbb91e6950dca3fb5f08d76f885af4f3550f6d979e5f45ef9779... stripe-verification=576ec1510ffa8aa0f662b225e6461a7f7a1ea01e76dd0fc07e5b6806180d... j6li7f6059vmiim86johigreve cursor-domain-verification-kd0fqs=lMhJwHVwtP5LmScuDvAGY8Vvj teamviewer-sso-verification=c96b866f9bf24e46b3dbe3c946581a60 ca3-ed98c2bbe7af489bb234ea80469ee280 slack-domain-verification=MvZ9EA1nKin5sAIo0omMmcsjXOFzwsNOzQ1pZf6l google-site-verification=1tJwXC5uqjACP_Z6uOvrg-yrA3psFhLVvr6Mzr8uEwM 9ZhZjWlEVWahZbZ2H0ExtiRRmSlwI0Ts7iLEIIQ+C9PnlBatP7l+gBSgey0umzCo6gKLvKG6M7B7G68X... onetrust-domain-verification=44cb6d81f7a54654bc42ea03bfae315e docu-950e3591-fe7b-42b9-b232-c9f4a05f717f stripe-verification=5793a71d4e2dec83ab5d0d64d124eafc3540d07933e83010bbb7906f7386... stripe-verification=75e10788d71a8f71552b27f5f152e2d72a18944e36003c226b0ade6056ef... 1dpg7hpp74ru70jnk0aq2fh774 ca3-8cd286a98f624d9f906fa8ce5817c0ca apple-domain-verification=TDdYEZ4oQ8a3LGwAZqbSS5w692kTxfnHBMFpjesjKB0 google-site-verification=kyr0bx37hPj9E-cBghP0eKz3BqVaKqsA64A06Ke5zbQ adobe-idp-site-verification=fe0914c025b4236b5f8a45e0cd68ad3e92d89380bd60a9ed0b3a... smartsheet-site-validation=wgiw44APH3qSkMOMHltB6r9SQj8iTsRy google-site-verification=xuIxY4amemGxmKWj9ecdllb-O9vRRL42RPH4nlwgSm4 apple-domain-verification=KB9eCmnY6tsSNpkt kqrnak5cpdpva3mbakodcfrr5a google-site-verification=nKZlMXZd3Cw6XWnke_5AuHIgNGkT23PSGeA-HiQo2SE docusign=b5433a4f-d63a-4f54-aa9b-a8744690197b SPF v=spf1 include:spf.wayfair.com include:spf.protection.outlook.com include:et._sp... google-site-verification=5XCy0CFKp8muk70p2ftKR1I8QPhh3gfUJM-g03IwBsg stripe-verification=f374cebcabf7dda34e0e2b781ff837b5ec841682a27c5650d15f8da5f1af... stripe-verification=f77e588ccdee19d4b248486eff5e7194221db98196d6f0ed0e226734c724... _globalsign-domain-verification=h7SAEP0W14qp6-tzMbP2Kv7ohuILz1RAiUpucmeAi0 stripe-verification=0a0dc79b309f8197388f287431fae67945cbd668b8a42032999d575d0f08... miro-verification=bfbbee597147081fd1a169d4bee64603b4d72be7 stripe-verification=3fd80d54b043a6229f651079653690feb403280b013b01ae3dd1461762d0... stripe-verification=7c9a77f1845e8b93e4d18da1eb6416029f8e87bd6be01b62bea941d82ecf... twilio-domain-verification=2dd0d01b5fd2ece6bf951da92248ca1b workplace-domain-verification=Nkn7kR5euPO6pXbCcZzvMlNHvQGlM2 smartsheet-site-validation=LVb6B6GG01JH3lYa6bnGa6fxVX97I2kS _globalsign-domain-verification=Ak7DVnwGWFgbLMDP9veofBLZlC-lsWR1G0_vyJ9xqL jamf-site-verification=nQ7rNSkV_cTyCkTEMpuPSA OSSRH-85049 google-site-verification=fmo_1c0hc3gy1qk7sl1bp9z4m2qj60tj3taczq1seau
CAA	Lookup not available with standard resolver

Resolved in 78 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

Redirect Chain

1 redirect(s), 331 ms total

PASS

1 redirect(s), 331 ms total

Single redirect

Got: https://wayfair.com → https://www.wayfair.com/ (301)

WWW normalization redirect

https://wayfair.com

4 ms · HTTP/1.1

301

https://www.wayfair.com/

327 ms · HTTP/1.1 FINAL

#	URL	Status	Time	Protocol	Server
1	https://wayfair.com	301	4 ms	HTTP/1.1	fastly
2	https://www.wayfair.com/	429	327 ms	HTTP/1.1	cloudflare

See the visual redirect chain in the HTTP Probe tab →

A+

Crawlability

robots.txt present, sitemap with 1 URLs

PASS

robots.txt present, sitemap with 1 URLs

robots.txt is present

Got: 3224 bytes

sitemap.xml is present

sitemap.xml is valid XML

sitemap.xml contains 1 entries

Sitemap index with 1 child sitemaps

robots.txt references sitemap

robots.txt 200 OK

Size 3224 B Sitemaps referenced 6 User-agents * Blocking No — crawling allowed

User-agent: *

Allow: /*/sb0/

Allow: /*/sb1/

Allow: /*/sb2/

Disallow: /*/sb*/

Allow: /v/business_account/trade_program/home

Disallow: /ajax/

Disallow: /filter/

Disallow: /filters/

Disallow: */filters/

Noindex: /filters/
Noindex: */filters/
Noindex: /*quick_view
Disallow: /hl_landing.php

Disallow: /imgview/

Disallow: /logodownload.php

Disallow: /popups/

Disallow: /shop/

Disallow: /v/account/

Disallow: /vmlt.php

Allow: /shop-the-look/$

Allow: /shop-the-look/slp/

Allow: /shop-the-look/dsp/

Allow: /shop-the-look/sl0

Allow: /shop-the-look/sl1/

Allow: /shop-the-look/sl2/

Disallow: /shop-the-look/

Disallow: /v/get_the_look/

Disallow: /v/product_review_page/

Disallow: /product_review_page/

Disallow: /session/secure/

Disallow: /asp/

Disallow: /ib/

Disallow: /param.xml

Disallow: /return_sales_items.php

Disallow: /session/public/board

Disallow: /Staples/

Disallow: /v/category/show

Disallow: /a/favorites/list/is_favorited

Disallow: /a/performance_timing/log

Disallow: /b/batch

Disallow: /gateway.php

Disallow: /pixel/!crd_prm!.gif

Disallow: /set_location.php

Disallow: /v/category/get_top_level_categories

Disallow: /v/inventory/load

Disallow: /v/product_image_group/get_images

Disallow: /session/public/submit_review.php

Disallow: /session/public/basket.php

Disallow: /v/checkout/

Disallow: /registry/browse/

Disallow: /registry/checklist/

Disallow: /v/ideaboards/

Disallow: /v/favorites/

Disallow: /compare.php

Disallow: /visual_search/

Disallow: /finds

Disallow: /flashdeals

Noindex : /roomplanner/*
Disallow: /roomplanner/

Noindex : /decorator/*
Disallow: /decorator/

Disallow: /service_worker.js

Disallow: /registry/*/pdp/

Allow: /roomplanner3d/$

Noindex: /roomplanner3d/*
Disallow: /roomplanner3d/

Disallow: /a/category/category_page/lazy_load_category_tree

Disallow: /*?*curpage=*

Allow: /shop/o/


Sitemap: https://www.wayfair.com/seo-category-index.xml

Sitemap: https://www.wayfair.com/seo-keyword-index.xml

Sitemap: https://www.wayfair.com/seo-sb0-index.xml

Sitemap: https://www.wayfair.com/seo-sb1-index.xml

Sitemap: https://www.wayfair.com/seo-sb2-index.xml

Sitemap: https://www.wayfair.com/seo-pdp-index.xml

#

#   ______     __                 __           ____

#  / ____/__  / /_   ____  __  __/ /_   ____  / __/

# / / __/ _ / __/  / __ / / / / __/  / __ / /_

#/ /_/ /  __/ /_   / /_/ / /_/ / /_   / /_/ / __/

#\_____\___/\__/   \____/\__,_/\__/   \____/_/

#   / /_  ___  ________     __  ______  __  __

#  / __ / _ / ___/ _ \   / / / / __ / / / /

# / / / /  __/ /  /  __/  / /_/ / /_/ / /_/ /

#/_/ /_/\___/_/   \___/   \__, /\____/\__,_/

#                       _/____/____                __   _     __

#   ____ ___  ___  ____/ /___/ / (_)___  ____ _   / /__(_)___/ /____

#  / __ `__ / _ / __  / __  / / / __ / __ `/  / //_/ / __  / ___/

# / / / / / /  __/ /_/ / /_/ / / / / / / /_/ /  / , / / /_/ (__  ) _ _

#/_/ /_/ /_/\___/\__,_/\__,_/_/_/_/ /_/\__, /  /_/|_/_/\__,_/____(_|_|_)

#                                     /____/

# If you're here because you're a curious programmer, engineer, or SEO,

# make sure to check out our job board for open positions on our team!

# https://www.aboutwayfair.com/careers

#

#

sitemap.xml 200 OK

Type Sitemap Index URLs 1 entries Valid XML Yes

Child Sitemaps:

https://www.wayfair.com/seo-category-sit...

A+

URL Variants

www/non-www, trailing slash, HTTP→HTTPS

PASS

www/non-www, trailing slash, HTTP→HTTPS

HTTP correctly 301-redirects to HTTPS

www / non-www

429https://www.wayfair.com/

200https://wayfair.com/

HTTP → HTTPS

301http://wayfair.com/ → https://wayfair.com/

Consistent

A+

Domain Intelligence

wayfair.com — via MarkMonitor Inc., 22 years, 1 months old, hosted on Fastly

PASS

wayfair.com — via MarkMonitor Inc., 22 years, 1 months old, hosted on Fastly

Domain registered until Jun 16, 2027 (1 years, 2 months remaining)

DNSSEC is not enabled

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Registrar: MarkMonitor Inc.

Registrar lock is NOT enabled

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Hosting: Fastly

Got: AS54113

Domain expiry

368 days

June 16, 2027

SSL certificate

49 days

Issued by Let's Encrypt

Domain age

22 years, 1 months

Registered June 16, 2004

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

Fastly

ASN AS54113

151.101.193.252

Registrar

MarkMonitor Inc.

Unlocked 8 NS records

Expiry timeline

Today

+1 year

Domain expiry SSL expiry Danger zone (≤30 days)

Recommended actions

Enable DNSSEC to protect visitors from DNS spoofing
Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers

Registrar MarkMonitor Inc.

Created June 16, 2004 (22 years, 1 months ago)

Expires June 16, 2027 (1 years, 2 months)

Last Updated May 15, 2025

Name Servers dns1.p02.nsone.net, dns2.p02.nsone.net, dns3.p02.nsone.net, dns4.p02.nsone.net, ns01.wfrdns.com, ns02.wfrdns.com, ns03.wfrdns.com, ns04.wfrdns.com

DNSSEC Not enabled

Hosting

IP Address 151.101.193.252

ASN AS54113 (FASTLY - Fastly, Inc., US)

Provider Fastly

Data source: rdap (0.3s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more ▾

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more ▾

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+

HTTP Probe Timing

Total 31 ms — DNS, TCP, TLS, TTFB, content transfer breakdown

PASS

DNS Lookup

27 ms

TCP Connect

0 ms

TLS Handshake

2 ms

Time to First Byte

31 ms

Total Time

31 ms

Connection waterfall

DNS Lookup 27 ms TCP Connect 0 ms TLS Handshake 2 ms Server Processing 1 ms Content Transfer 0 ms

A+

CDN & Delivery

Fastly (HIT)

PASS

Fastly (HIT)

Site is served via Fastly CDN

Got: x-served-by: cache-toj-leto2350066-TOJ

CDN cache status: HIT

CDN Detected: Fastly

Provider Fastly Cache Status HIT Evidence x-served-by: cache-toj-leto2350066-TOJ

All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.