Skip to content
https://akj.io

Infrastructure

· 17 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
89
GRADE
B
FIX
1
REVIEW
6
PASS
10
INFO
0
Probed from Madrid, Spain
200 OK
Checks
17
10 PASS 6 REVIEW 1 FIX
F
HTTP Probe Timing
Action
Total 3687 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
FIX
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
31 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
1 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
38 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
3.68 s
Total Time Total request time from DNS lookup through full response.
3.69 s

Connection waterfall

DNS Lookup 31 ms TCP Connect 1 ms TLS Handshake 38 ms Server Processing 3.61 s Content Transfer 5 ms
B
CAA Records
No CAA records (any CA may issue certificates)
REVIEW
No CAA records (any CA may issue certificates)
Info::
No CAA records published
Without CAA records, any publicly-trusted CA can issue certificates for this domain. Adding a CAA record (`yourdomain. IN CAA 0 issue "letsencrypt.org"`) restricts issuance to CAs you authorize. Required by CAB Forum baseline since 2017; the default of 'any CA' is widely supported but is the broader attack surface for issuance fraud.
C
Reverse DNS
Action
0/1 IPs match cert SAN
REVIEW
0/1 IPs match cert SAN
Info::
PTR lookup failed for 76.76.21.21: lookup 76.76.21.21: no such host
No reverse DNS record set for this IP. Common on bare cloud-VM IPs without provider-side PTR; not a security issue.
C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
TLS Certificate Expiry & Recommendations
80 days until leaf cert expires — 3 issues to address
REVIEW

Certificate validity

80
days left
0d 30d 60d 90d+

Recommended actions

  • Submit your domain to hstspreload.org to be added to the Chrome preload list
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
Operational Status Page
No status page link detected
REVIEW
No status page link detected
Info::
No operational status page link detected
Status pages communicate planned maintenance and incidents to users -- a hallmark of operationally-mature services. Most SaaS teams publish one via Atlassian Statuspage, Instatus, BetterUptime, or a self-hosted Cachet. Smaller sites legitimately don't need one; flagged as Info, not a failure.
B
Health Check Endpoint
No conventional health endpoint found
REVIEW
No conventional health endpoint found
Info::
No conventional health endpoint found
Health endpoints (/health, /healthz, /status, /ping, /api/health) let uptime monitors, load balancers, and orchestration systems (Kubernetes, ECS, Fly.io) verify the service is alive. Marketing sites and small services often skip them legitimately; flagged as Info, not a failure. Probe results: /api/health: 404, /health: 404, /healthz: 404, /ping: 404, /status: 404.
A+
DNS Records
1 A records, 31 ms lookup
PASS
1 A records, 31 ms lookup
Info::
Resolves to 1 IPv4 address(es)
Got: 76.76.21.21
Info::
Single A record — no DNS redundancy
Multiple A records provide failover if one server goes down.
Info::
No IPv6 (AAAA) records
Info::
2 nameserver(s) configured
Got: hugh.ns.cloudflare.com, lily.ns.cloudflare.com
Info::
2 mail exchanger(s) configured
Info::
SPF record present in TXT
Info::
DNS resolution time: 31 ms
Got: 31 ms
A76.76.21.21
AAAA
CNAME
NShugh.ns.cloudflare.com, lily.ns.cloudflare.com
MX
10 in1-smtp.messagingengine.com
20 in2-smtp.messagingengine.com
TXT
google-site-verification=XYmtFep4gnaHlmYiZjz78BcFbYdi-72ZNckAqHW0WCI
have-i-been-pwned-verification=ee892164660d33de8789aa79ea7e31d6
keybase-site-verification=dgHya9LcjI39b2A27AG16GP__K-OGQc19bTapn9EwjE
brave-ledger-verification=fd4c1a12756560ca02dfa1f739d4cc73347e99ea123b5ee178db4c...
SPF v=spf1 include:spf.messagingengine.com ?all
CAALookup not available with standard resolver
Resolved in 31 ms

Multiple A records provide failover if one server goes down.

Why this matters

Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.

Learn more

Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.

Source: SRE practice / DNS architecture

A+
Subdomain Takeover
No subdomain takeover risk detected
PASS
No subdomain takeover risk detected
Info::
No CNAME record present
A+
DNSSEC
Signed and validating
PASS
Signed and validating
Info::
DNSSEC fully signed and chain validates (ECDSAP256SHA256)
A+
Multi-Resolver DNS Speed
Mean 14ms across 3 resolvers (spread 19ms)
PASS
Mean 14ms across 3 resolvers (spread 19ms)
Info::
Quad9: 5ms
Got: 5ms via 9.9.9.9:53
Info::
Google: 15ms
Got: 15ms via 8.8.8.8:53
Info::
Cloudflare: 24ms
Got: 24ms via 1.1.1.1:53
A+
Redirect Chain
No redirects — direct access
PASS
No redirects — direct access
Info::
No redirects — direct access
Got: https://akj.io

https://akj.io

663 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://akj.io200663 msHTTP/1.1Vercel
A+
Crawlability
robots.txt present, sitemap with 15 URLs
PASS
robots.txt present, sitemap with 15 URLs
Info::
robots.txt is present
Got: 1516 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 15 entries
Info::
robots.txt does not reference a sitemap
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.

Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.

Why this matters

robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.

Source: sitemaps.org

robots.txt 200 OK
Size 1516 B Sitemaps referenced 0 User-agents Ai2Bot-Dolma, Meta-ExternalAgent, Diffbot, Scrapy, ISSCyberRiskCrawler, Meta-ExternalFetcher, *, cohere-training-data-crawler, FirecrawlAgent, GoogleOther-Image, Operator, CCBot, GoogleOther, Kangaroo Bot, aiHitBot, GPTBot, omgilibot, Webzio-Extended, YouBot, Bytespider, Crawlspace, FacebookBot, Google-Extended, iaskspider/2.0, meta-externalfetcher, Perplexity-User, cohere-ai, ImagesiftBot, img2dataset, meta-externalagent, VelenPublicWebCrawler, Factset_spyderbot, omgili, SemrushBot-SWA, TikTokSpider, GoogleOther-Video, AI2Bot, Brightbot 1.0, Claude-Web, NovaAct, Applebot, PerplexityBot, Applebot-Extended, ChatGPT-User, PanguBot, Amazonbot, ClaudeBot, FriendlyCrawler, SemrushBot-OCOB, Timpibot, anthropic-ai, Cotoyogi, DuckAssistBot, ICC-Crawler, OAI-SearchBot, imgproxy, PetalBot, Sidetrade indexer bot Blocking No — crawling allowed
# robotstxt.org/
User-agent: *
Allow: /

# Block a lot of AI Bots
User-agent: AI2Bot
User-agent: Ai2Bot-Dolma
User-agent: aiHitBot
User-agent: Amazonbot
User-agent: anthropic-ai
User-agent: Applebot
User-agent: Applebot-Extended
User-agent: Brightbot 1.0
User-agent: Bytespider
User-agent: CCBot
User-agent: ChatGPT-User
User-agent: Claude-Web
User-agent: ClaudeBot
User-agent: cohere-ai
User-agent: cohere-training-data-crawler
User-agent: Cotoyogi
User-agent: Crawlspace
User-agent: Diffbot
User-agent: DuckAssistBot
User-agent: FacebookBot
User-agent: Factset_spyderbot
User-agent: FirecrawlAgent
User-agent: FriendlyCrawler
User-agent: Google-Extended
User-agent: GoogleOther
User-agent: GoogleOther-Image
User-agent: GoogleOther-Video
User-agent: GPTBot
User-agent: iaskspider/2.0
User-agent: ICC-Crawler
User-agent: ImagesiftBot
User-agent: img2dataset
User-agent: imgproxy
User-agent: ISSCyberRiskCrawler
User-agent: Kangaroo Bot
User-agent: meta-externalagent
User-agent: Meta-ExternalAgent
User-agent: meta-externalfetcher
User-agent: Meta-ExternalFetcher
User-agent: NovaAct
User-agent: OAI-SearchBot
User-agent: omgili
User-agent: omgilibot
User-agent: Operator
User-agent: PanguBot
User-agent: Perplexity-User
User-agent: PerplexityBot
User-agent: PetalBot
User-agent: Scrapy
User-agent: SemrushBot-OCOB
User-agent: SemrushBot-SWA
User-agent: Sidetrade indexer bot
User-agent: TikTokSpider
User-agent: Timpibot
User-agent: VelenPublicWebCrawler
User-agent: Webzio-Extended
User-agent: YouBot
Disallow: /
sitemap.xml 200 OK
Type URL Set URLs 15 entries Valid XML Yes
Sample URLs:
A
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Warning::
HTTP→HTTPS redirect uses 302 instead of 301
Got: 302 temporary redirect Expected: 301 permanent redirect

www / non-www

https://www.akj.io/
200https://akj.io/

HTTP → HTTPS

308http://akj.io/ https://akj.io/

Use 301 (permanent) instead of 302 (temporary)

A+
Domain Intelligence
akj.io — via 101domain GRS Limited, 11 years, 5 months old, hosted on AWS
PASS
akj.io — via 101domain GRS Limited, 11 years, 5 months old, hosted on AWS
Info::
Domain registered until Jan 15, 2028 (1 years, 8 months remaining)
Info::
Registrar: 101domain GRS Limited
Info::
Registrar lock is enabled
Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.
Info::
Hosting: AWS
Got: AS16509
Domain expiry

610 days

January 15, 2028

SSL certificate

80 days

Issued by Let's Encrypt

Domain age

11 years, 5 months

Registered January 15, 2015

DNSSEC

Status unknown

Protects against DNS spoofing

Hosting

AWS

ASN AS16509

76.76.21.21

Registrar

101domain GRS Limited

Locked 2 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Registrar 101domain GRS Limited
Created January 15, 2015 (11 years, 5 months ago)
Expires January 15, 2028 (1 years, 8 months)
Last Updated December 5, 2025
Name Servers hugh.ns.cloudflare.com, lily.ns.cloudflare.com
Registrant Digital Privacy Corporation
Hosting
IP Address 76.76.21.21
ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)
Provider AWS
Data source: whois (1.1s)

Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.

Why this matters

Registrar lock (clientTransferProhibited et al.) prevents unauthorized domain transfers — strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A
CDN & Delivery
Vercel (MISS)
PASS
Vercel (MISS)
Info::
Site is served via Vercel CDN
Got: x-vercel-id: cdg1::iad1::nvvv2-1778615456665-64b91af503e1
Info::
CDN cache status: MISS
CDN Detected: Vercel
Provider Vercel Cache Status MISS Evidence x-vercel-id: cdg1::iad1::nvvv2-1778615456665-64b91af503e1
A+
CDN Cache Observability
Cache state: MISS
PASS
Cache state: MISS
Info::
CDN cache state observable via 2 header(s)
Got: age=0, x-vercel-cache=MISS
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback