Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
BCrawlabilityrobots.txt present, no sitemapREVIEW
A sitemap helps search engines discover and index your pages more efficiently.
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
User-agent: Twitterbot
Disallow: /content/demo/
User-agent: facebot
Disallow: /content/demo/
User-agent: facebookexternalhit
Disallow: /content/demo/
User-agent: bingbot
Disallow: /studentlife/get-involved/search.html
User-agent: *
Disallow: /content/demo/
Disallow: /content/demo.html
Disallow: /content/demo-m/
Disallow: /content/demo-m.html
Disallow: /content/shared/
Disallow: /content/www/accessibility-test/
Disallow: /content/dental/faculty/home.html
Disallow: *CFC__target=*
Disallow: *tag=*
Disallow: /search/*query=*
Disallow: /people/
Disallow: *start=*start=*
Disallow: /ubnow/stories/2024/10/nsf-engines.html
Disallow: /news.host.html/content/shared/university/news/ub-reporter-articles/stories/2024/10/nsf-engines.detail.html
No sitemap found
Adding a sitemap helps search engines discover your pages.
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
HTTP → HTTPS
HTTP version does not redirect to HTTPS
BTLS Certificate Expiry & Recommendations111 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records1 A records, 121 ms lookupPASS
| A | 128.205.201.56 |
| AAAA | 2620:cc:8000:1840::80cd:c938 |
| CNAME | — |
| NS | dns04.buffalo.edu, dns03.buffalo.edu, dns02.buffalo.edu, dns01.buffalo.edu |
| MX | 10 buffalo-edu.mail.protection.outlook.com |
| TXT | atlassian-domain-verification=MkZYhebwVjRbwdq2KXekiaTx1hAqsomvh4g/2aDxhezl7VUjyn... google-site-verification=BS4cHgAJV3XRyM7iinI3qPa8rbYyMNnApEZTGJ47-eg d365mktkey=pud2cggqleyks9j9lz57oykr k3LtAgef9iK2Q4KKRwExay7WEVqZz4lm14/nAr2FNvrMrOlCypRII7OKqJ98gMyDxfh+RgkahVplzKUf... MS=ms65968459 SPF v=spf1 include:spf.protection.outlook.com include:%{i}._ip.%{h}._ehlo.%{d}._spf.... work-accounts-domain-verification=TnMO9IZCN1iPkkalyNXrDARwDf54Bn d365mktkey=2tzb4mzhil5p8yeft349rv4qh MS=3F73ADE6CF91072185F2C66AE19C67B48DB8D80E MUn/Y+E1lSEShSKdivy23KYHKi9oMnghK/h69K5eF+yOLsSzfnqVlRBdToJS2aF/SJ88O+lQQFgh1YCP... intacct-esk=2D080F859996F2C1E06390068D0A5A40 adobe-idp-site-verification=37e8e578b1f9fbc29e8dd03208463057c9f7a6cf9069b2efb50b... intacct-esk=FCFEF24B2E6AC7DDE0533A06690A0BC1 ciscocidomainverification=26cdc902cb9e8dea443538d1c7277fead9d421625323a80ba6f462... |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 596 ms totalPASS
https://buffalo.edu
440 ms · HTTP/1.1
https://www.buffalo.edu/
156 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://buffalo.edu | 302 | 440 ms | HTTP/1.1 | Apache/2.4.37 (Oracle Linux Server) Communique/4.3.3 OpenSSL/1.1.1k |
| 2 | https://www.buffalo.edu/ | 200 | 156 ms | HTTP/1.1 | Apache/2.4.37 (Oracle Linux Server) Communique/4.3.3 OpenSSL/1.1.1k |
See the visual redirect chain in the HTTP Probe tab →
If permanent, use 301 instead.
302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.
Learn more ▾ ▴
Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).
Source: Google Search Central
A+IPv6 ReadinessIPv6 reachable (104 ms)PASS
A+Domain Intelligencebuffalo.edu — 31 years, 3 months oldPASS
410 days
July 31, 2027
111 days
Issued by Internet2
31 years, 3 months
Registered June 15, 1995
Status unknown
Protects against DNS spoofing
Unknown
2620:cc:8000:1840::80cd:c938
Registrar unknown