Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DRedirect ChainAction2 redirect(s), 2632 ms totalFIX
https://auckland.ac.nz
5 ms · HTTP/1.1
https://www.auckland.ac.nz/
1296 ms · HTTP/1.1
https://www.auckland.ac.nz/en.html
1331 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://auckland.ac.nz | 301 | 5 ms | HTTP/1.1 | |
| 2 | https://www.auckland.ac.nz/ | 301 | 1296 ms | HTTP/1.1 | |
| 3 | https://www.auckland.ac.nz/en.html | 200 | 1331 ms | HTTP/1.1 |
See the visual redirect chain in the HTTP Probe tab →
Each redirect adds latency. Try to minimize the chain to 1 hop.
Redirect chain — each hop adds latency; combine into one redirect where possible.
Source: Google Search Central / web.dev
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
CHTTP Probe TimingActionTotal 1586 ms — DNS, TCP, TLS, TTFB, content transfer breakdownREVIEW
Connection waterfall
BTLS Certificate Expiry & Recommendations153 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Submit your domain to hstspreload.org to be added to the Chrome preload list
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
ADNS Records4 A records, 1884 ms lookupPASS
| A | 151.101.3.10, 151.101.195.10, 151.101.67.10, 151.101.131.10 |
| AAAA | — |
| CNAME | — |
| NS | dns1.auckland.ac.nz, dns2.auckland.ac.nz |
| MX | 0 auckland-ac-nz.mail.protection.outlook.com |
| TXT | QuoVadis=488bbb06-15cb-4dd5-920d-2addb0ce8dfe atlassian-domain-verification=XcdLKb1LJUg0ov7JyR/83WCTYBJvixKtYYQCY5dZkm7bd00qOw... QuoVadis=b9e39938-386b-4593-98f8-5f4606a9e3c3 SPF v=spf1 include:spf.protection.outlook.com include:service-now.com include:rnmk.c... _0gpc6kwcy64y8elsc2k4tpfhogiors9 52cysrqtfdtvc8bf9z4b00nsl4vw2qkl google-site-verification=txk6bKhXkblTHjKCWO_UNEwqb_IRtzEzF5sbP34SpcY fadudspqbcafrlqoqig3ls99v0 jamf-site-verification=AQFEbmp4uYM2QuG7ZIcnCQ fC0a0/QulrMsyaznlj/M9LQZFO/sXMEkBSb1UMaH+aXgAwm5iK7ZuzhnNs0jkf/1atNlawPe+6hWweCW... facebook-domain-verification=l72t2w1cy7nvenpgd5jvswdzk3nwve google-site-verification=R7lbbM9UdBuh5ts2SK2CzxlI0wRL3C_j1qrq4MCtP4s google-site-verification=eIcbnPutWjqMLoT5KNuya1KF_WeJlTmbO0_5sXyqnD0 gmyl112szjqj3r2sdch2dlxc4ck1bsq6 google-site-verification=bkMLIKq9yCntHLqYuiv1JoqMa-ZbKXQE9TZ9NE0 adobe-idp-site-verification=494edb15-28b9-48df-baa9-a26e0a8a316c cloudhealth=9f334fc4-a5b1-498a-b99a-c5126c6510b8 apple-domain-verification=vn90QYKAwTYJujqf dropbox-domain-verification=yg3oqpedtryw |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
Slow DNS adds latency to every page load. Consider a faster DNS provider.
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
A+Crawlabilityrobots.txt present, sitemap with 1 URLsPASS
User-agent: *
Allow: /
Sitemap: https://www.auckland.ac.nz/sitemap-index.xml
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligenceauckland.ac.nz — via Netregistry PTY Ltd/TA Webcentral and Melbourne IT, 29 years, 9 months old, hosted on FastlyPASS
Unknown
153 days
Issued by DigiCert Inc
29 years, 9 months
Registered December 8, 1996
Status unknown
Protects against DNS spoofing
Fastly
ASN AS54113
151.101.67.10
Netregistry PTY Ltd/TA Webcentral and Melbourne IT
Expiry timeline
Recommended actions
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice