Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BRedirect Chain2 redirect(s), 322 ms totalREVIEW
https://acast.com
52 ms · HTTP/1.1
https://www.acast.com/
236 ms · HTTP/1.1
https://www.acast.com/en
34 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://acast.com | 302 | 52 ms | HTTP/1.1 | CloudFront |
| 2 | https://www.acast.com/ | 302 | 236 ms | HTTP/1.1 | cloudflare |
| 3 | https://www.acast.com/en | 200 | 34 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
Each redirect adds latency. Try to minimize the chain to 1 hop.
Redirect chain — each hop adds latency; combine into one redirect where possible.
Source: Google Search Central / web.dev
If permanent, use 301 instead.
302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.
Learn more ▾ ▴
Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).
Source: Google Search Central
BTLS Certificate Expiry & Recommendations87 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryAWS CloudFront (LambdaGeneratedResponse from cloudfront)REVIEW
A+DNS Records4 A records, 85 ms lookupPASS
| A | 13.224.83.97, 13.224.83.53, 13.224.83.93, 13.224.83.47 |
| AAAA | 2600:9000:2131:7600:e:9542:1c40:93a1, 2600:9000:2131:5000:e:9542:1c40:93a1, 2600:9000:2131:be00:e:9542:1c40:93a1, 2600:9000:2131:3800:e:9542:1c40:93a1, 2600:9000:2131:6800:e:9542:1c40:93a1, 2600:9000:2131:d800:e:9542:1c40:93a1, 2600:9000:2131:9c00:e:9542:1c40:93a1, 2600:9000:2131:2e00:e:9542:1c40:93a1 |
| CNAME | — |
| NS | ns-1333.awsdns-38.org, ns-126.awsdns-15.com, ns-1973.awsdns-54.co.uk, ns-757.awsdns-30.net |
| MX | 1 aspmx.l.google.com 5 alt2.aspmx.l.google.com 5 alt1.aspmx.l.google.com 10 alt3.aspmx.l.google.com 10 alt4.aspmx.l.google.com |
| TXT | onetrust-domain-verification=0e398bfcd8be404992e6bf4f45658c78 loom-verification=7715089449 google-site-verification=byc7B462D9nyaBrXkN_bCFWMe5t2UqG7TNPqoN_SkeA lovable_verification=wqPEWMJB8J3Ftq1iPWhx pardot1070883=b6c77ba76f26ccefa29d48db9199df1d6daf08a64f97a87da4ef5f9cc7bc1f80 pardot1070883=c76bff181849da4ac8c328b2c80f7ef69e2fc52ecb39ffc0f072f0bf99201b19 sending_domain1070883=494c35896000c0671138c2d1f2ba7491d6f03455802127401cb94b74ed... google-site-verification=xTffT0kY1yAQJYpP-pILDIaXGBNCRwL3rtZPm20rkE0 miro-verification=b2d94481793681d5b13c82235e18c07459e6f34c slack-domain-verification=wzZ3JDL5HGrjRcDK8RiG3Ty4zHJUURQb3nEjOf1o postman-domain-verification=3be4f2d2cdf58805b2ab470954c0cdcc225237f19a260f5b32ae... mongodb-site-verification=kAx77hCM8e57Fyi24lyXGoLHu5ebqTMI gitkraken-domain-verification=7d761edf041982b29a815704751ceb4a080e9c456451eda305... google-site-verification=nrXrFhVO3HYnqHnpym6ylt4HGp_DdjODM6lFS9bq_lg jetbrains-domain-verification=5c0spr3icpm6ll83n99svg3 MS=ms94013143 notion-domain-verification=hkV3LWiEOklZWHf3gd1ooKQnZ3mCpjLg9XNzLFI8Ngm anthropic-domain-verification-szvk40=6FcSUpsYNuVBsHHyRHDWjVeaG stripe-verification=442B17F086B8BF39753196CC97526BF8916DAB3C013A00303A539DCDAC3E... vmware-cloud-verification-350348ad-ad13-470a-a9c0-a35d8be95725 es-domain-verification=81bd2f3c-38cf-4b43-92c2-6a55a76f8737 openai-domain-verification=dv-IY8IgNoSu1qjpNCzRfmWPY53 e5634c00bf7fe2d97942561ddd9da1eb mgverify=96100cf4af76581bb6db049a0fe6299f835bc95c086220eb755233df9b97273e google-site-verification=MgE_kT0lD9DRt1Ca6nnV2njFByYBW1R5NXXyb_UfNpM google-site-verification=Ci3X4kLwS6nbYxPFG3YYgdr3XuCEZX5jCrv1-68hAEM amazon-business-verification=87a16501b4b6a89345e23227592fd80b939798f7f98eb77c7ca... parallels-domain-verification=741769950ce44dda8af5d4d8d44555ce842f11731c22472687... pardot1070883=046dce014b63e1ca35ebf08197807b8d0ee4d92714912132e123a9c62057bfd3 figma-domain-verification=7bfc11abfad174e9365023f4e008f7ebb1eb1d0c6a968af588db5d... amazon-business-verification=7646bacc7cffda053332c5c0ac1aa13357cc94c47813e1060c9... ZOOM_verify_jJ6v191JbOKc1X4lcyXmUI docusign=483b7036-2630-40dc-bdd4-6be0a94b086f mixpanel-domain-verify=7bc5e406-fed4-462a-86e3-ad6182394e7b adobe-idp-site-verification=9aa478c5a8b6fd026031a48d44173d4c5c2d5455de76145b64b6... status-page-domain-verification=b5fscfbtpt32 apple-domain-verification=QPRqOAmImL3s8U9w onetrust-domain-verification=b78f1a8997e24b458e304a8964296fe5 google-site-verification=k5zvJgX4jLFFExCRmcVsKqbAGaCeUlexunPhWYxaQiQ SPF v=spf1 include:spf.mandrillapp.com include:_spf.google.com include:_spf.salesfor... google-site-verification=3xOvF8yQxvZVTEInZpH9cRm2Q5fwcj4ih-ZvbhO0RtE lw=67b4b4ae9b89f3d32d3bf4c3 d3g1jo8p52eppt.cloudfront.net monday-com-verification=uUrxO50SrFwFdzo3w-gBiTA2zqTQA4Je3rKu9k0wnkI perplexity-ai-domain-verification-4a8j5z=p10I4LBXw6pk12rK4P88jaYNO |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+IPv6 ReadinessIPv6 reachable (1 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 1024 URLsPASS
Sitemap: https://www.acast.com/sitemap.xml
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligenceacast.com — via Amazon Registrar, Inc., 23 years, 3 months oldPASS
339 days
May 20, 2027
87 days
Issued by Amazon
23 years, 3 months
Registered May 20, 2003
Not enabled
Protects against DNS spoofing
Unknown
2600:9000:2131:9c00:e:9542:1c40:93a1
Amazon Registrar, Inc.
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice