Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
CCrawlabilityActionrobots.txt present, sitemap with 0 URLsREVIEW
Search engines may not be able to parse the sitemap. Fix XML validation errors.
An unparseable sitemap is silently ignored by Google — the URLs it advertises are never queued for crawl.
Learn more ▾ ▴
Google's sitemap parser is strict about XML validity. A single unescaped `&` or unclosed tag invalidates the whole file. Run your sitemap through a validator (Search Console's Sitemaps report flags it) and fix the offending entry. Most generators escape correctly; mistakes usually come from manually-written entries.
Source: sitemaps.org / Google Search Central
An empty sitemap provides no value. Add <url> entries for your pages.
An empty sitemap signals 'no content to index' to Google — actively harmful versus having no sitemap at all.
Learn more ▾ ▴
Google compares URLs in the sitemap against URLs it has crawled. An empty sitemap on a site with thousands of pages signals abandonment. Either populate it correctly (most CMSes auto-generate) or delete the file and let Google crawl normally.
Source: Google Search Central / sitemaps.org
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
<html>
<head>
<META NAME="robots" CONTENT="noindex,nofollow">
<script src="/_Incapsula_Resource?SWJIYLWA=5074a744e2e3d891814e9a2dace20bd4,719d34d31c8e3a6e6fffd425f7e032f3">
</script>
<body>
</body></html>
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations93 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 91 ms lookupPASS
| A | 45.60.77.135, 45.60.136.135 |
| AAAA | — |
| CNAME | — |
| NS | dns1.g01.ns1global.org, dns2.g01.ns1global.org, dns4.g01.ns1global.org, dns3.g01.ns1global.org |
| MX | 15 mx2.acs.iphmx.com 15 mx1.acs.iphmx.com |
| TXT | _globalsign-domain-verification=nU8mdAanRZ7kA72JWqcYNlj7_KybQDS4qy3ybB1eBY apple-domain-verification=EuDVPj1CGGpch1th globalsign-domain-verification=810f8e76b50f3e3b83f920e8ddf39c86 atlassian-domain-verification=N5XajoaSFLGE28SB/uZZ5PhUhZRvB4UgRdLUosNLfGilbAmWG5... MS=ms12728884 google-site-verification=RllKeG4KF2ePPuDCELBtJk50bNST4MA-8jGxljeIvwY globalsign-domain-verification=F129BC6DBD80D8319572CECBD7EE0B4F _globalsign-domain-verification=2N0ZbAILZzMySieTI2kEUTzuw2jbGpUDAIDrlHCcR0 _globalsign-domain-verification=-MWcQVEJvoAX0kxcqKKsARUrnfv61bos4G6qxI8not appspace-domain-verification=b8621b285e1e2c6d7b201b4e8e8fd0446d6a1b0bc325dc32f2d... apple-domain-verification=0iCqCtkFuhlvih1S adobe-idp-site-verification=53f3e2728df839208cd0be7df7d31525f3c8f0e5dd9d9a7aa979... globalsign-domain-verification=B58C7F54B56D0B03467D7CF143CD0D00 lv1odn73d0o2cah2umsd9vrcl2 doj70qoq0dem52fc8cbnan5tjo. google-site-verification=QZh06fOIDVbtBTYnu4qLZFb7oB3qthLxiPOEuvxlKxo google-site-verification=AHAG3OwFbphkZjf3tDbCTK0HG633lIEeyoi9LL0yerw cisco-ci-domain-verification=4365e0596d7687c7913abe8832c452479ea265ecb2d382405a3... 8869tut80236fdpv7ifq58pns4 globalsign-domain-verification=BD498E70A6BF5AE72EEB7BDAC6EFC645 google-site-verification=w47nrsATl2XG69dEiBkAM5h0XVyelcSxpATvvka5dGw smartsheet-site-validation=u6elCTafVtP5l3TZScJwk0LoyJv4-OqX atlassian-sending-domain-verification=0cdaa03e-8050-4f9b-b498-e5eb3b54020a dnmnufjr95htel11sno0tj9lhb fastly-domain-delegation-x8LlcWRR706w4mkB-2024-02-29 8cr6ulsbjqsm4pd6tjobtdg1vn nintex.63c1739fadfe2a8d74698c60 docusign=f4af6e9d-b4c1-44a6-8397-677f00cfe37b beam-verification=oZ88JkDj4T85X68Ojv8JRfQFPD7snLV7zlUWZXOMhTDrwwDs doj70qoq0dem52fc8cbnan5tjo ngmefvb0epodlmnfuipobi9gou 206sobsmbal80ppemnshtai3ip idc5vms29100sc8bmjncm49tie globalsign-domain-verification=C79AE4CEA8F7BFECDF9AD3969C125D6A t9b32ggvig33sh5vujdb85ksv6. sdtq73r6879nbubof5565h672u m57ajpud6c3dg59p3aetmrtuhh t9b32ggvig33sh5vujdb85ksv6 nintex.6227c81f7cc0690068186180 google-site-verification=bpPRQOou9h-tYNE5pC7A79P9JKFWFxE59dE7HIeL-GQ asv=21d8db143bf62a2d6c650be9f3f07354 facebook-domain-verification=ugswzii35f7teb69ghrlp53iorxshc google-site-verification=mzqp2zedP8SG3k6xCuUaNMjUBx8_zIJtOx9m4dypbA8 miro-verification=42e0f778e09c4a1c4be7f088bf35a153925e4d87 t8mvs2rbj30n14djno8jqsqb6s google-site-verification=rnV_ef4tGN1l0YGLzBs6sJd1gCD49vi1xq9gdYngEpY SPF v=spf1 exists:%{i}._i.%{d}._d.espf.agari-dns.net include:%{d}.d5.spf-protect.aga... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 395 ms totalPASS
https://acs.org
330 ms · HTTP/1.1
https://www.acs.org/
66 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://acs.org | 301 | 330 ms | HTTP/1.1 | |
| 2 | https://www.acs.org/ | 200 | 66 ms | HTTP/1.1 |
See the visual redirect chain in the HTTP Probe tab →
A+Domain Intelligenceacs.org — via Network Solutions, LLC, 35 years, 5 months old, hosted on INCAPSULA - Incapsula Inc, USPASS
312 days
May 23, 2027
93 days
Issued by GoDaddy.com, Inc.
35 years, 5 months
Registered May 22, 1991
Not enabled
Protects against DNS spoofing
INCAPSULA - Incapsula Inc, US
ASN AS19551
45.60.77.135
Network Solutions, LLC
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice