https://alltrails.com
Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
85
GRADE
B
FIX
0
REVIEW
3
PASS
6
INFO
0
Probed from Santa Clara, United States
301 Moved Permanently
Checks
96 PASS 3 REVIEW
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 Readiness
ActionNo IPv6 support
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
Why this matters
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Critical::
Both www and non-www versions serve content
Got: Both variants return 200 Expected: One variant 301-redirects to the other
Info::
HTTP correctly 301-redirects to HTTPS
www / non-www
200https://www.alltrails.com/
200https://alltrails.com/
Inconsistent — duplicate content risk
HTTP → HTTPS
301http://alltrails.com/ → https://alltrails.com:443/
Consistent
BTLS Certificate Expiry & Recommendations93 days until leaf cert expires — 3 issues to addressREVIEW
TLS Certificate Expiry & Recommendations
93 days until leaf cert expires — 3 issues to address
Certificate validity
93
days left
0d 30d 60d 90d+
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records4 A records, 166 ms lookupPASS
DNS Records
4 A records, 166 ms lookup
4 A records, 166 ms lookup
Info::
Resolves to 4 IPv4 address(es)
Got: 65.8.180.90, 65.8.180.84, 65.8.180.10, 65.8.180.35
Info::
No IPv6 (AAAA) records
Info::
4 nameserver(s) configured
Got: ns-1035.awsdns-01.org, ns-1714.awsdns-22.co.uk, ns-504.awsdns-63.com, ns-893.awsdns-47.net
Info::
7 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 166 ms
Got: 166 ms
| A | 65.8.180.90, 65.8.180.84, 65.8.180.10, 65.8.180.35 |
| AAAA | — |
| CNAME | — |
| NS | ns-1035.awsdns-01.org, ns-1714.awsdns-22.co.uk, ns-504.awsdns-63.com, ns-893.awsdns-47.net |
| MX | 10 aspmx.l.google.com 20 alt2.aspmx.l.google.com 20 alt1.aspmx.l.google.com 30 aspmx4.googlemail.com 30 aspmx3.googlemail.com 30 aspmx2.googlemail.com 30 aspmx5.googlemail.com |
| TXT | 39BEB29850 Lhl0ocKdQtDaRZJBddgQsGzkXg anthropic-domain-verification-ryhmfb=ErtXulONZKCTvhZ7xRfBrbQJn apple-domain-verification=ucObo4P1F4hjzdIH atlassian-domain-verification=XDoDx9M7ns87+dFBQJP1t6NIGup7vuVn7MCsE9Xeggh29HgrvJ... cursor-domain-verification-fsr4vv=c2SLpCtV5rLFXtkHdrYoUoLtm cursor-domain-verification-tsy36c=1YCpLXLoGWPTCNWYdFvPRKb0m datadome-domain-verify=p8rZcpezPRfEMPL7Q7CzjlPOJe5JQqLZ google-site-verification=GKM7yryoSxkkjeHLDjXAbN69GxTjBQYhxS8ulSZ36cc google-site-verification=U4AOJzaEoxfIDY0nR64wwnRBoEz62-DzU9ok-TVWvJI google-site-verification=x9WahWTZoq_oVddNW9DVQekF4sgY4WCP_7oDMzJfV7c google-site-verification=yHXhsHgZxQxFFXDa_6pztRqvdeD4tRG6AJHxJmIHWno hubspot-domain-verification=NGFlYTBkZTgtOTFiMC00MTY0LWIyMGMtZDkxMDhiYjFmNmJi include:shops.shopify.com -all openai-domain-verification=dv-EsahbdYvhIBPfziM8Y3olsOM spf2.0/pra include:spf.recurly.com -all stripe-verification=A1368D317B384F4488ACC84075C9B672245C2221E4D6D54014230199D1C2... SPF v=spf1 include:mail.zendesk.com include:sendgrid.net include:spf.recurly.com inc... |
| CAA | Lookup not available with standard resolver |
Resolved in 166 ms
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Why this matters
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 234 ms totalPASS
Redirect Chain
1 redirect(s), 234 ms total
1 redirect(s), 234 ms total
Info::
Single redirect
Got: https://alltrails.com → https://www.alltrails.com/ (301)
Info::
WWW normalization redirect
https://alltrails.com
39 ms · HTTP/1.1
301
https://www.alltrails.com/
195 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://alltrails.com | 301 | 39 ms | HTTP/1.1 | nginx |
| 2 | https://www.alltrails.com/ | 200 | 195 ms | HTTP/1.1 | nginx |
See the visual redirect chain in the HTTP Probe tab →
ACrawlabilityrobots.txt present, no sitemapPASS
Crawlability
robots.txt present, no sitemap
robots.txt present, no sitemap
Info::
robots.txt is present
Got: 4334 bytes
Info::
No sitemap.xml found
A sitemap helps search engines discover and index your pages more efficiently.
Info::
robots.txt references sitemap
A sitemap helps search engines discover and index your pages more efficiently.
Why this matters
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
robots.txt 200 OK
Size 4334 B Sitemaps referenced 14 User-agents semiocast, Applebot-Extended, BlogPulseLive, NjuiceBot, Postrank, ScoutJet, Feedtrace, OneRiot, ThingFetcher, Twitturls, YouBot, Exabot, Ginxbot, SiteBot, trendictionbot, Twingly Recon, twitmatic, CCBot, Crowsnest, expo9, Google-Extended, knowaboutBot, Moreoverbot, TweetedTimes Bot, *, MJ12bot, my6sense, Purebot, Twiceler, anthropic-ai, Atomic_Email_Hunter, Butterfly, discobot, PerplexityBot, percbotspider, Showyoubot, TANNER, meta-externalagent, MetaURI, Nutch, Typhoeus, facebookexternalhit, Birubot, Summify, Bender, mxbot, proximic, suggybot, Twitturly, DoCoMo, radian6, Tagoobot, YodaoBot, FairShare, MLBot, NHN Corp, Viralheat, gosospider, BOTW Spider, TweetmemeBot, ChatGPT-User, ClaudeBot, dotbot, Ezooms, GPTBot, netseer Blocking No — crawling allowed
# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
User-agent: anthropic-ai
Disallow: /
User-agent: Applebot-Extended
Disallow: /
User-agent: Atomic_Email_Hunter
Disallow: /
User-agent: Bender
Disallow: /
User-agent: Birubot
Disallow: /
User-agent: BlogPulseLive
Disallow: /
User-agent: BOTW Spider
Disallow: /
User-agent: Butterfly
Disallow: /
User-agent: CCBot
Disallow: /
User-agent: ChatGPT-User
Disallow: /
User-agent: ClaudeBot
Disallow: /
User-agent: Crowsnest
Disallow: /
User-agent: discobot
Disallow: /
User-agent: DoCoMo
Disallow: /
User-agent: dotbot
Disallow: /
User-agent: Exabot
Disallow: /
User-agent: expo9
Disallow: /
User-agent: Ezooms
Disallow: /
User-agent: FairShare
Disallow: /
User-agent: Feedtrace
Disallow: /
User-agent: Ginxbot
Disallow: /
User-agent: Google-Extended
Disallow: /
User-agent: gosospider
Disallow: /
User-agent: GPTBot
Disallow: /
User-agent: knowaboutBot
Disallow: /
User-agent: meta-externalagent
Disallow: /
User-agent: MetaURI
Disallow: /
User-agent: MJ12bot
Disallow: /
User-agent: MLBot
Disallow: /
User-agent: Moreoverbot
Disallow: /
User-agent: mxbot
Disallow: /
User-agent: my6sense
Disallow: /
User-agent: netseer
Disallow: /
User-agent: NHN Corp
Disallow: /
User-agent: NjuiceBot
Disallow: /
User-agent: Nutch
Disallow: /
User-agent: OneRiot
Disallow: /
User-agent: percbotspider
Disallow: /
User-agent: PerplexityBot
Disallow: /
User-agent: Postrank
Disallow: /
User-agent: proximic
Disallow: /
User-agent: Purebot
Disallow: /
User-agent: radian6
Disallow: /
User-agent: ScoutJet
Disallow: /
User-agent: semiocast
Disallow: /
User-agent: Showyoubot
Disallow: /
User-agent: SiteBot
Disallow: /
User-agent: suggybot
Disallow: /
User-agent: Summify
Disallow: /
User-agent: Tagoobot
Disallow: /
User-agent: TANNER
Disallow: /
User-agent: ThingFetcher
Disallow: /
User-agent: trendictionbot
Disallow: /
User-agent: TweetedTimes Bot
Disallow: /
User-agent: TweetmemeBot
Disallow: /
User-agent: Twiceler
Disallow: /
User-agent: Twingly Recon
Disallow: /
User-agent: twitmatic
Disallow: /
User-agent: Twitturls
Disallow: /
User-agent: Twitturly
Disallow: /
User-agent: Typhoeus
Disallow: /
User-agent: Viralheat
Disallow: /
User-agent: YodaoBot
Disallow: /
# Allow all LLM crawlers to access /parks/*-national-park and /press
User-agent: anthropic-ai
Allow: /parks/*-national-park
Allow: /press*
User-agent: CCBot
Allow: /parks/*-national-park
Allow: /press*
User-agent: ChatGPT-User
Allow: /parks/*-national-park
Allow: /press*
User-agent: ClaudeBot
Allow: /parks/*-national-park
Allow: /press*
User-agent: facebookexternalhit
Allow: /parks/*-national-park
Allow: /press*
User-agent: Google-Extended
Allow: /parks/*-national-park
Allow: /press*
User-agent: GPTBot
Allow: /parks/*-national-park
Allow: /press*
User-agent: MLBot
Allow: /parks/*-national-park
Allow: /press*
User-agent: PerplexityBot
Allow: /parks/*-national-park
Allow: /press*
User-agent: YouBot
Allow: /parks/*-national-park
Allow: /press*
User-agent: *
Allow: /*/maps/*/share_image
Disallow: //api/
Disallow: /static2/
Disallow: /stob-dab/
Disallow: /register/
Disallow: /users/auth/
Disallow: /api/
Disallow: /api-v4/
Disallow: /api-v5/
Disallow: /*/api/
Disallow: /*/api-v4/
Disallow: /*/api-v5/
Disallow: /*?lat=
Disallow: /members/
Disallow: /explore/map/
Sitemap: https://www.alltrails.com/sitemap/secure/rails/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/en-gb/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/da-dk/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/de/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/es/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/es-mx/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/fr/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/it-it/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/nl-nl/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/nb-no/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/pl-pl/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/pt-br/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/pt-pt/index.xml
Sitemap: https://www.alltrails.com/sitemap/secure/rails/sv-se/index.xml
sitemap.xml No sitemap found
No sitemap found
Adding a sitemap helps search engines discover your pages.
A+Domain Intelligencealltrails.com — via GoDaddy.com, LLC, 22 years old, hosted on AWSPASS
Domain Intelligence
alltrails.com — via GoDaddy.com, LLC, 22 years old, hosted on AWS
alltrails.com — via GoDaddy.com, LLC, 22 years old, hosted on AWS
Info::
Domain registered until Mar 11, 2027 (10 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: GoDaddy.com, LLC
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: AWS
Got: AS16509
Domain expiry
268 days
March 11, 2027
SSL certificate
93 days
Issued by Amazon
Domain age
22 years
Registered August 4, 2004
DNSSEC
Not enabled
Protects against DNS spoofing
Hosting
AWS
ASN AS16509
65.8.180.35
Registrar
GoDaddy.com, LLC
Unlocked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar GoDaddy.com, LLC
Created August 4, 2004 (22 years ago)
Expires March 11, 2027 (10 months)
Last Updated March 11, 2026
Name Servers ns-1035.awsdns-01.org, ns-1714.awsdns-22.co.uk, ns-504.awsdns-63.com, ns-893.awsdns-47.net
DNSSEC Not enabled
Hosting
IP Address 65.8.180.35
ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)
Provider AWS
Data source: rdap (0.2s)
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Why this matters
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Why this matters
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice
AHTTP Probe TimingTotal 677 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
HTTP Probe Timing
Total 677 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
6 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
191 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
194 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
677 msTotal Time Total request time from DNS lookup through full response.
677 msConnection waterfall
DNS Lookup 6 ms TCP Connect 191 ms TLS Handshake 194 ms Server Processing 286 ms Content Transfer 0 ms
ACDN & DeliveryAWS CloudFront (Miss from cloudfront)PASS
CDN & Delivery
AWS CloudFront (Miss from cloudfront)
AWS CloudFront (Miss from cloudfront)
Info::
Site is served via AWS CloudFront CDN (edge: SIN2-P8)
Got: x-amz-cf-id: f7zorDQT-2msnzbbAPnB3canSfKHlIDSzGYRQKDksTW1_M_cTV1-wg==
Info::
CDN cache status: Miss from cloudfront
CDN Detected: AWS CloudFront
Provider AWS CloudFront Cache Status Miss from cloudfront Evidence x-amz-cf-id: f7zorDQT-2msnzbbAPnB3canSfKHlIDSzGYRQKDksTW1_M_cTV1-wg==
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.