Skip to content
https://aaa.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
77
GRADE
C
FIX
2
REVIEW
2
PASS
5
INFO
0
Probed from Madrid, Spain
301 Moved Permanently
Checks
9
5 PASS 2 REVIEW 2 FIX
F
Redirect Chain
Action
4 redirect(s), 1753 ms total
FIX
4 redirect(s), 1753 ms total
Warning::
4 redirects before reaching final URL
Each redirect adds latency. Try to minimize the chain to 1 hop.
Info::
WWW normalization redirect
Info::
Uses 302 (temporary) redirect
If permanent, use 301 instead.
Got: https://www.aaa.com/
Warning::
Redirect overhead: 1753 ms total
Got: 1753 ms
Info::
Cross-domain redirect detected

https://aaa.com

286 ms · HTTP/1.1

301

https://www.aaa.com/

504 ms · HTTP/1.1

302

https://zipgate.aaa.com/

390 ms · HTTP/1.1

302

https://www.aaa.com/stop

442 ms · HTTP/1.1

301

https://www.aaa.com/stop/

132 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://aaa.com301286 msHTTP/1.1
2https://www.aaa.com/302504 msHTTP/1.1WebServer
3https://zipgate.aaa.com/302390 msHTTP/1.1
4https://www.aaa.com/stop301442 msHTTP/1.1WebServer
5https://www.aaa.com/stop/200132 msHTTP/1.1WebServer

See the visual redirect chain in the HTTP Probe tab →

Each redirect adds latency. Try to minimize the chain to 1 hop.

Why this matters

Redirect chain — each hop adds latency; combine into one redirect where possible.

Source: Google Search Central / web.dev

If permanent, use 301 instead.

Why this matters

302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.

Learn more

Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).

Source: Google Search Central

D
CDN & Delivery
Action
No CDN detected
FIX
No CDN detected
Warning::
No CDN detected
A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.
No CDN detected

Consider using a CDN to improve global delivery speed and reduce origin load.

C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
TLS Certificate Expiry & Recommendations
50 days until leaf cert expires — 3 issues to address
REVIEW

Certificate validity

50
days left
0d 30d 60d 90d+

Recommended actions

  • Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+
DNS Records
2 A records, 96 ms lookup
PASS
2 A records, 96 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 45.60.62.121, 45.60.107.121
Info::
No IPv6 (AAAA) records
Info::
4 nameserver(s) configured
Got: ns-101.awsdns-12.com, ns-1804.awsdns-33.co.uk, ns-1419.awsdns-49.org, ns-869.awsdns-44.net
Info::
No MX records — email not configured via DNS
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
No SPF record found in TXT records
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Info::
DNS resolution time: 96 ms
Got: 96 ms
A45.60.62.121, 45.60.107.121
AAAA
CNAME
NSns-101.awsdns-12.com, ns-1804.awsdns-33.co.uk, ns-1419.awsdns-49.org, ns-869.awsdns-44.net
MX
TXT
_lw7kb3cizh27m29ycon3f9bvfu136ia
v8hr8l054k3cqzqck40cr0ljm37zkst3
_7991b7sklpb1xxhbmceqcigvpbgmhtj
khj670qif50j8omlecjbbgdv1d
_vj4mrlppcbgu25uopwy8la6smnwctae
_7s6txocg34ar7mn77crguq3z1yi9tzm
_2anvbln3dm65rhswca0u9j2sjablzvl
eqf9c3ovro1sldh3cm6urvfbqt
_vsbg4qprw1qy50breoqbs6b9g7mp07m
globalsign-domain-verification=f1074ed7a09f78f15fcca26f83c3f9fc
nibameu803d8nvsfi0e8rt1kb2
FA38-6E17-227C-1BC1-5A14-B8D7-B0EB-3AE5
vc-domain-verify=test.southjersey.aaa.com,8c6c51f0b9aecff2091e
vnsvEx6eHqPU8yeJYitByKHKwGHxjifIHBZEDTWp1DY
D39B-6EDE-D147-F843-551C-3F44-3579-8D1F
gh2mosm9fi3b9f96eltjuvf622
ekcv6rc9d44ttqocfehvr3m8vr
8p7amcv4i9ksacqnmpn89desv4
4me2mkom8pdsuu32ln7qk1uld
google-site-verification=bkLaSD15dzk-m2Mu3hbs76P1s9_LkLG_Hf9hPUJi1kQ
_cvtc4y65c07l0ocw0m3k1fb451a6wox
vc-domain-verify=dev.southjersey.aaa.com,500e7e9dee3c778d3d33
6p8sc7wr41wbbw73d3ljqry0x5pph1hs
wz1rkpvpvvfzh1f9f4z8rg4sztwdywfj
google-site-verification=nxm7rcXKT1VfSxCnCFVQ9j-CrM-huAQCJJhJf5-Jc7g
p5scwcz5tw0ctsr01n2yt22yxc2jb2fh
2AD6-6EAE-E938-0DDC-09B5-1B13-7270-65FE
apple-domain-verification=eTs6_6qi7-ojZijObIhbxo8ISMz4ELuwAEELFO_ynF4
4q666jpvpvqzzzcc6nzd4fsx67hlyqlj
zscaler-verification-134272523-11062025-K#7B310NR
globalsign-domain-verification=C28CC827BEED534A45F396CCB8D89FF7
150728
_fd2w4ldtj9qp9sf7yx0po5ehvcwctsd
google-site-verification=nid6eJqErYGyq5YSiKuVUSWGaDXUdVmAaaDLKLxrzTc
_6uxkxuo7y5pg5tkdekey69cwarjllhs
globalsign-domain-verification=48973C890E7BD907458E4E0592AC20C9
xpzkvf98mkw4mtsbjm188cs76fdlvwrq
_9iigm039ajwgnm8nufkvsgcw833njoy
_5p9bawuh1canl3wilv6jq2ws0diadmx
_rt90shaltf93icykr0tl0bbif7lk634.dcv.digicert.com
gn2s6dcc7n4nm3089p8s3hbjlq401nnf
google-site-verification=vnsvEx6eHqPU8yeJYitByKHKwGHxjifIHBZEDTWp1DY
google-site-verification=dY3jMjQv0p6B_62uSI8kwXUHZ4YOGlqVB4kwzeCpHZw
fdveja64jlfcs0hv13i9pd34kq
_1zzk2uuiyxhlehwepmqjv1aded69msa
google-site-verification=4Xoi8EfC8puTbWE5GnOLIvt4wux4vSXv5sNYtm13i8k
l01ra88of48f21tbbq65s1ubvc
_4zi1d16h05wgvuj1iy6zfwcwhnbj0ir
iqju6lv9evd473jgftem71anvb
apq4t1i0612g9pc69b4pkj2s2r
_694xgi88d7hjll4nfhcssko7oj21kqk
lmvin4nlenn01arknb6brnajun
_uhflfmq9p24lh4g8ny4s3nrh95eiq4g
44D1-08A4-B4FB-B689-D5DC-E966-CBC2-30FE
mag53fiu406847ffp1cev373bq
_2j871yc4531neszv94e0vibgou94xui
66lv5gxvd8xmk6rw81lwgb9kfxf9j7nl
globalsign-domain-verification=AB9215594777E3E32FCA222DDBDD081E
_refx100r9e8dfv2jwhqni8pwyulel72
btqoob4ppn4g5rqapic2hlkhfv
_yzin11c5ohiq57qfp3f80sc1lcupgl6
9o54qj4fm74ig2jdntiqabqbg6
l8g4g54j6m65d8ffnn6jvacnk7
247j5tj5v903f1x20v89rggfdhwpgv75
_dy8qlhkk1x8k9eike8jj0hapef3m2ps
1hnl1iu1l42qeatttltda7ss9p
_ijy4yoqjzzbxkiwitbcbsizx8rm29jm
_bm1xp2bkquetsbl6t32iamqo4s3rsan
google-site-verification=OXZwE8L4XGZTwueJC7sz2D23npDVx3QhlUxS0DY7QRs
vovhb3qkr9kmbjq4o82ulpghkh
d9b6pe36c6lnudlcaijo6s7nqk
_vtesmahxs5x1ho5ba1uf80nchnmp2ud
_y2xw1wbr4ed0uw9wpp03w5jwzrvdtka
globalsign-domain-verification=0E35B95A68BF8FCC953DF6B8F1A059DC
3i37j35k04dlke4189evt2nird
google-gws-recovery-domain-verification=62088695
rbf8wq0dhvpb2mchwdqcgs6x9g4626z1
t1ypxdg8bg3r7r71mqfn2g5p968sy1fm
vc-domain-verify=membership.southjersey.aaa.com,e2d1f31eea92601ec57c
glc9ujvhvs94hr6oj2id094qu3
i6tfto0br3dphasqcb0p2hpqau
Probely=d29279f1-ac8b-415f-a6e1-f10422f3f104
9xj7k916bqtwy74zjs2q4bz2dnt94wrl
_wxbqm8bxlci7wldoynia4pl3u6r0dsp
mlnt15nn383ntijc460iqim97a
cfeq5hfk1por6ljt48705ei6lm
6urjouvfrdi6ph2fjftr8ek67e
CAALookup not available with standard resolver
Resolved in 96 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.

Why this matters

Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.

Learn more

SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.

Source: RFC 7208 (SPF)

A+
Crawlability
robots.txt present, sitemap with 19 URLs
PASS
robots.txt present, sitemap with 19 URLs
Info::
robots.txt is present
Got: 311 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 19 entries
Info::
Sitemap index with 19 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 311 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed
# For domain: http://www.aaa.com

 
User-agent: *


Allow: /aaa/common/travel/car/*

Disallow: /aaa/*

Disallow: /travel2/tourbook/*

Disallow: /travel2/destination/*

Disallow: /travel2/sycs/*

Disallow: /scripts/WebObjects.dll/*

Disallow: /tripcanvas/search

 
Sitemap: http://www.aaa.com/sitemapindex.xml
A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

302https://www.aaa.com/
200https://aaa.com/

Preferred variant: non-www

HTTP → HTTPS

301http://aaa.com/ https://www.aaa.com/

Consistent

A+
Domain Intelligence
aaa.com — via MarkMonitor Inc., 36 years, 2 months old, hosted on INCAPSULA - Incapsula Inc, US
PASS
aaa.com — via MarkMonitor Inc., 36 years, 2 months old, hosted on INCAPSULA - Incapsula Inc, US
Info::
Domain registered until Aug 2, 2030 (4 years, 4 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: MarkMonitor Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: INCAPSULA - Incapsula Inc, US
Got: AS19551
Domain expiry

1477 days

August 2, 2030

SSL certificate

50 days

Issued by GlobalSign nv-sa

Domain age

36 years, 2 months

Registered August 3, 1990

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

INCAPSULA - Incapsula Inc, US

ASN AS19551

45.60.107.121

Registrar

MarkMonitor Inc.

Unlocked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable DNSSEC to protect visitors from DNS spoofing
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar MarkMonitor Inc.
Created August 3, 1990 (36 years, 2 months ago)
Expires August 2, 2030 (4 years, 4 months)
Last Updated January 13, 2023
Name Servers ns-101.awsdns-12.com, ns-1419.awsdns-49.org, ns-1804.awsdns-33.co.uk, ns-869.awsdns-44.net
DNSSEC Not enabled
Hosting
IP Address 45.60.107.121
ASN AS19551 (INCAPSULA - Incapsula Inc, US)
Provider INCAPSULA - Incapsula Inc, US
Data source: rdap (0.3s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 323 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
36 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
94 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
96 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
323 ms
Total Time Total request time from DNS lookup through full response.
323 ms

Connection waterfall

DNS Lookup 36 ms TCP Connect 94 ms TLS Handshake 96 ms Server Processing 97 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback