https://www.maersk.com
Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
92
GRADE
A
FIX
1
REVIEW
4
PASS
4
INFO
0
Probed from Madrid, Spain
200 OK
Checks
94 PASS 4 REVIEW 1 FIX
DHTTP Probe TimingActionTotal 2058 ms — DNS, TCP, TLS, TTFB, content transfer breakdownFIX
HTTP Probe Timing
ActionTotal 2058 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
32 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
1 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
3 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
2.06 sTotal Time Total request time from DNS lookup through full response.
2.06 sConnection waterfall
DNS Lookup 32 ms TCP Connect 1 ms TLS Handshake 3 ms Server Processing 2.02 s Content Transfer 1 ms
BDNS Records2 A records, 32 ms lookupREVIEW
DNS Records
2 A records, 32 ms lookup
2 A records, 32 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 23.211.135.132, 23.211.135.143
Info::
Has 2 IPv6 (AAAA) record(s)
Got: 2a02:26f0:e0::211:25ba, 2a02:26f0:e0::211:2551
Warning::
CNAME record at zone apex
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
Got: www.maersk.com.edgekey.net
Info::
No NS records found
Info::
No MX records — email not configured via DNS
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
No SPF record found in TXT records
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Info::
DNS resolution time: 32 ms
Got: 32 ms
| A | 23.211.135.132, 23.211.135.143 |
| AAAA | 2a02:26f0:e0::211:25ba, 2a02:26f0:e0::211:2551 |
| CNAME | www.maersk.com.edgekey.net |
| NS | — |
| MX | — |
| TXT | — |
| CAA | Lookup not available with standard resolver |
Resolved in 32 ms
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
Why this matters
CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.
Learn more ▾ ▴
RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.
Source: RFC 1034
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Why this matters
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Why this matters
Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.
Learn more ▾ ▴
SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.
Source: RFC 7208 (SPF)
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: www)
Critical::
HTTP version does not redirect to HTTPS
Got: HTTP 0 Expected: 301 redirect to HTTPS
www / non-www
200https://www.maersk.com/
301https://maersk.com/
Preferred variant: www
HTTP → HTTPS
http://www.maersk.com/
HTTP version does not redirect to HTTPS
BTLS Certificate Expiry & Recommendations76 days until leaf cert expires — 4 issues to addressREVIEW
TLS Certificate Expiry & Recommendations
76 days until leaf cert expires — 4 issues to address
Certificate validity
76
days left
0d 30d 60d 90d+
Recommended actions
- Extend HSTS max-age to at least 31536000 (1 year) to meet the preload list criteria
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryAkamaiREVIEW
CDN & Delivery
Akamai
Akamai
Info::
Site is served via Akamai CDN
Got: x-akamai-transformed: 0 - 0 -
CDN Detected: Akamai
Provider Akamai Evidence x-akamai-transformed: 0 - 0 -
A+Redirect ChainNo redirects — direct accessPASS
Redirect Chain
No redirects — direct access
No redirects — direct access
Info::
No redirects — direct access
Got: https://www.maersk.com
https://www.maersk.com
1027 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://www.maersk.com | 200 | 1027 ms | HTTP/1.1 | ewp-cd |
A+IPv6 ReadinessIPv6 reachable (0 ms)PASS
IPv6 Readiness
IPv6 reachable (0 ms)
IPv6 reachable (0 ms)
Info::
IPv6 is configured and reachable at 2a02:26f0:e0::211:25ba, 2a02:26f0:e0::211:2551
Got: 0 ms connect
IPv6 Ready
AAAA Records 2a02:26f0:e0::211:25ba, 2a02:26f0:e0::211:2551 Connection Reachable (0 ms)
A+Crawlabilityrobots.txt present, sitemap with 9211 URLsPASS
Crawlability
robots.txt present, sitemap with 9211 URLs
robots.txt present, sitemap with 9211 URLs
Info::
robots.txt is present
Got: 3916 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 9211 entries
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 3916 B Sitemaps referenced 3 User-agents *, AhrefsBot, BernardBot, Baiduspider Blocking No — crawling allowed
# Try Maersk GPT
# https://maer.sk/gpt
User-agent: AhrefsBot
Crawl-Delay: 10
User-agent: BernardBot
Allow: /about/executive-leadership-team/bernard-bot
User-agent: Baiduspider
Disallow: /
User-agent: *
Allow: /*-*/careers/technology
Allow: /~/media_sc9/maersk/local-information/files/*/india/export/indemnity-bond-format-*.docx
Allow: /insights/filter$
Allow: /logistics-explained/filter$
Allow: /onlinequote/$
Allow: /onlinequote/assets/
Allow: /portaluser/login$
Allow: /portaluser/register$
Allow: /support/filter$
Allow: /tracking/$
Allow: /tracking/air/$
Allow: /tracking/assets/
Allow: /tracking/lcl/$
Allow: /tracking/parcel$
Allow: /de-de/local-information/europe/contract-logistics/*/bremen
Allow: /de-de/local-information/europe/contract-logistics/*/bremerhaven
Allow: /de-de/local-information/europe/contract-logistics/*/duisburg
Allow: /de-de/local-information/europe/contract-logistics/*/hamburg
Allow: /de-de/local-information/europe/contract-logistics/*/hanover
Allow: /es-mx/local-information/europe/contract-logistics/*/barcelona
Allow: /es-mx/local-information/europe/contract-logistics/*/madrid
Allow: /tr-tr/local-information/europe/contract-logistics/*/eskisehir
Allow: /tr-tr/local-information/europe/contract-logistics/*/istanbul
Disallow: /dashboard
Disallow: /about/cfs
Disallow: /news/category/*?
Disallow: /ibooking
Disallow: /essential/location
Disallow: /lcl
Disallow: /payer
Disallow: /about/do-copy
Disallow: /tasks/
Disallow: /ign/
Disallow: /*-*/about/our-history
Disallow: /*-*/beta
Disallow: /*-*/brexit
Disallow: /*-*/careers
Disallow: /*-*/growth
Disallow: /*-*/insights/tags/
Disallow: /*-*/live-events
Disallow: /*-*/local-information/europe/contract-logistics
Disallow: /*-*/logistics-explained$
Disallow: /*-*/onlinequote
Disallow: /*-*/portaluser
Disallow: /*-*/procurement
Disallow: /*-*/schedules
Disallow: /*-*/search
Disallow: /*-*/share-via
Disallow: /*-*/support/case
Disallow: /*-*/support/chat
Disallow: /*-*/tracking
Disallow: /*-*/undefined
Disallow: /*-*/why-maersk
Disallow: /*.doc
Disallow: /*.ppt
Disallow: /*.xls
Disallow: /*/filter
Disallow: /*/news/tags
Disallow: /*/treatment/
Disallow: /*cHash=
Disallow: /*elqTrackId=
Disallow: /*exit=
Disallow: /*filter=
Disallow: /*link.aspx_id=
Disallow: /*locationId=
Disallow: /*originalUrl=
Disallow: /*tx_
Disallow: /*url=
Disallow: /about/edo
Disallow: /acm/
Disallow: /akam/
Disallow: /allocations
Disallow: /beta
Disallow: /billoflading
Disallow: /book
Disallow: /captcha
Disallow: /careers/vacancies*?
Disallow: /careers/vacancies/sv
Disallow: /cargo-insurance
Disallow: /commodity/
Disallow: /common/
Disallow: /demurrage
Disallow: /doLogin
Disallow: /dqcs
Disallow: /fixedSpotBooking
Disallow: /flow/
Disallow: /forms/
Disallow: /go$
Disallow: /hub
Disallow: /import/
Disallow: /inlandpricelookup
Disallow: /instantPrice
Disallow: /intermodal/
Disallow: /liveEngage
Disallow: /loggedin
Disallow: /logistics-explained/newsletter
Disallow: /logistics-explained/tags/
Disallow: /logoff
Disallow: /Maersk/Home/
Disallow: /multilanguageapp/
Disallow: /my-customs
Disallow: /myfinance
Disallow: /mymaersk
Disallow: /news/category/$
Disallow: /onlinequote/*
Disallow: /pdf/
Disallow: /ping
Disallow: /portallang
Disallow: /portaluser
Disallow: /public
Disallow: /ratelookup/
Disallow: /ru-ru/insights
Disallow: /ru-ru/local-information
Disallow: /ru-ru/logistics-explained
Disallow: /ru-ru/news
Disallow: /rules-lookup/
Disallow: /schedules/*?
Disallow: /scp/
Disallow: /search*=
Disallow: /security/
Disallow: /share-via
Disallow: /shipment
Disallow: /shipping
Disallow: /sitecore
Disallow: /subscriptions/
Disallow: /support/chat/?
Disallow: /tracking/*
Disallow: /undefined
Disallow: /user/
Disallow: /vacancies/
Disallow: /vessels
Disallow: /web/
Disallow: /webuser
Sitemap: https://www.maersk.com/sitemap.xml
Sitemap: https://www.maersk.com/sitemap-cs.xml
Sitemap: https://www.maersk.com/sitemap-is.xml
sitemap.xml 200 OK
Type URL Set URLs 9211 entries Valid XML Yes
A+Domain Intelligencemaersk.com — via CSC Corporate Domains, Inc., 30 years, 11 months old, hosted on AkamaiPASS
Domain Intelligence
maersk.com — via CSC Corporate Domains, Inc., 30 years, 11 months old, hosted on Akamai
maersk.com — via CSC Corporate Domains, Inc., 30 years, 11 months old, hosted on Akamai
Info::
Domain registered until Oct 9, 2026 (6 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: CSC Corporate Domains, Inc.
Info::
Hosting: Akamai
Got: AS20940
Domain expiry
134 days
October 9, 2026
SSL certificate
76 days
Issued by Let's Encrypt
Domain age
30 years, 11 months
Registered October 10, 1995
DNSSEC
Not enabled
Protects against DNS spoofing
Hosting
Akamai
ASN AS20940
23.211.135.134
Registrar
CSC Corporate Domains, Inc.
Lock status unknown 2 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
Registrar CSC Corporate Domains, Inc.
Created October 10, 1995 (30 years, 11 months ago)
Expires October 9, 2026 (6 months)
Last Updated October 5, 2025
Name Servers a1-4.akam.net, a13-67.akam.net
DNSSEC Not enabled
Hosting
IP Address 23.211.135.134
ASN AS20940 (AKAMAI-ASN1, NL)
Provider Akamai
Data source: rdap (0.1s)
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Why this matters
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.