Infrastructure
· 17 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.FIPv6 ReadinessActionIPv6 records exist but unreachableFIX
Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.
Advertising IPv6 (AAAA records) without a reachable server means IPv6-preferring clients silently fail every connection.
Learn more ▾ ▴
Modern browsers prefer IPv6 if AAAA exists (Happy Eyeballs algorithm). If the IPv6 server isn't reachable, browsers fall back to IPv4 — but with seconds of added latency per request. Either fix IPv6 reachability or remove the AAAA records.
Source: RFC 8305 (Happy Eyeballs)
BDNSSECUnsigned (DNSSEC not deployed)REVIEW
BCAA RecordsNo CAA records (any CA may issue certificates)REVIEW
BReverse DNS0/12 IPs match cert SANREVIEW
BHTTP Probe TimingTotal 877 ms — DNS, TCP, TLS, TTFB, content transfer breakdownREVIEW
Connection waterfall
BTLS Certificate Expiry & Recommendations58 days until leaf cert expires — 2 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
BOperational Status PageNo status page link detectedREVIEW
BHealth Check EndpointNo conventional health endpoint foundREVIEW
A+DNS Records4 A records, 30 ms lookupPASS
| A | 65.8.44.218, 65.8.44.51, 65.8.44.176, 65.8.44.46 |
| AAAA | 2600:9000:204d:a000:8:34a3:5140:21, 2600:9000:204d:c600:8:34a3:5140:21, 2600:9000:204d:3800:8:34a3:5140:21, 2600:9000:204d:4a00:8:34a3:5140:21, 2600:9000:204d:7c00:8:34a3:5140:21, 2600:9000:204d:ee00:8:34a3:5140:21, 2600:9000:204d:9200:8:34a3:5140:21, 2600:9000:204d:6800:8:34a3:5140:21 |
| CNAME | — |
| NS | ns-1316.awsdns-36.org, ns-1805.awsdns-33.co.uk, ns-472.awsdns-59.com, ns-570.awsdns-07.net |
| MX | — |
| TXT | — |
| CAA | Lookup not available with standard resolver |
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.
Learn more ▾ ▴
SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.
Source: RFC 7208 (SPF)
A+Subdomain TakeoverNo subdomain takeover risk detectedPASS
A+Multi-Resolver DNS SpeedMean 12ms across 3 resolvers (spread 22ms)PASS
A+Redirect ChainNo redirects — direct accessPASS
https://d3g3kq4d6y6c79.cloudfront.net
562 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://d3g3kq4d6y6c79.cloudfront.net | 200 | 562 ms | HTTP/1.1 | AmazonS3 |
A+Crawlabilityrobots.txt present, sitemap with 14 URLsPASS
User-Agent: *
Allow: /
Sitemap: https://everhavencare.com.au/sitemap.xml
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Consistent
ACDN & DeliveryAWS CloudFront (Miss from cloudfront)PASS
A+CDN Cache ObservabilityCache state: MISSPASS
Domain IntelligenceDomain intelligence data not availableINFO
RDAP and WHOIS lookup both failed