Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations147 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Add includeSubDomains to the HSTS directive
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryAWS CloudFront (FunctionGeneratedResponse from cloudfront)REVIEW
A+DNS Records3 A records, 10 ms lookupPASS
| A | 3.173.21.90, 3.173.22.90, 3.173.23.90 |
| AAAA | — |
| CNAME | — |
| NS | a.ns-bac.com, b.ns-bac.org, c.ns-bac.net, d.ns-bac.info, e.ns-boa.biz, f.ns-boa.us, g.ns-bac.com |
| MX | 10 mxa-0000ec05.gslb.pphosted.com 10 mxb-0000ec05.gslb.pphosted.com |
| TXT | MS=ms26780064 00D0b000000De84=1TBKW000000GmaA 00D2g0000000ZPI=1TBD1000000003M 00D300000000K1b=1TBKZ0000004CFQ 00D300000000Lsb=1TBHp0000008OIF 00D300000005zGi=1TBKe000000oLob 00D3000000071D4=1TBKX0000008OLJ 00D30000000nW2o=1TBKd000000000B 00D30000000nqfl=1TBHt000000CaRH 00D30000001FXpf=1TBHt000000000Q 00D30000001H1Cv=1TBHt000000000B 00D30000001H88T=1TBKX000000Gmb7 00D30000001HRSt=1TBKe000000blLi 00D36000000rZom=1TBHq0000004C9D 00D37000000J5Lh=1TBKb000000TN74 00D400000007EoN=1TBKY000000fxU2 00D46000000aATr=1TBKk0000000007 00D4C0000008x25=1TBD10000004CCb 00D60000000KTAU=1TBKZ000000001T 00D700000009PLP=1TBKe0000004C9D 00D750000000NEs=1TBDh0000004CB9 00D8I0000016LkC=1TBDa000000000a 00DDE0000045mMg=1TBDE000000CaRH 00DDY0000000PuC=1TBDY0000004C9D 00DDn00000122RU=1TBDn0000004C9E 00DDn0000014WHa=1TBDn000000XZAR 00DDn0000014WMF=1TBDn0000000006 00DE0000000ZaqE=1TBHt000000XZEJ 00DHo000007ESQH=1TBHo000000sXtb 00Dd0000000fllf=1TBKh000000Kynr _mue2mr9ttx0pb28iu4vju44fyivlze2 79HRM45BZQL4W6DODHCJ08ICCEPI4ZZ95OPF1PODC N73NW9KHOCFO1J30DG9M0U52P3KJYN458U7T7MOAO apple-domain-verification=8NQqHRIawsPLpi0W apple-domain-verification=d7eRv0GK7kdI6vEs apple-domain-verification=rELhhF8gjKgBEMuH ccisso=4d9729b7-b770-4856-947d-935d1b4dca9c docusign=7d338bac-902f-4792-8cdb-89a34b44ccf6 docusign=7f619a20-e6e1-47ba-88e2-5ffde1224228 facebook-domain-verification=vzgeob2q58bgtl7degzq855tbt3nld onetrust-domain-verification=e788a6ac2ccb43818ec10f692be6c065 webexdomainverification.=28c49c72-742e-4204-a733-18e8a8982a47 webexdomainverification.=9caf3cdf-4b7a-4806-8346-9a9591002ef3 webexdomainverification.AU51=01da9742-a899-4543-b134-6dba5c7669f0 webexdomainverification.BV9Q=6a8ae93e-8405-4430-91c6-1095ff8ab83a webexdomainverification.D04F=58ac4583-65d7-4b3d-89e2-2657f01be854 webexdomainverification.D182=d3bd60b7-b138-488e-9ce4-bb6a965bd46c webexdomainverification.DMQQ=2397072c-14ba-446b-af2b-b7d82b0c3d84 webexdomainverification.DPFR=fc6d9245-b5e5-456d-a469-6332595f0a02 webexdomainverification.EPKA=0bb7fd7a-0b2a-4645-ab25-62a5a06a68f1 webexdomainverification.KK43=938a1277-bf6a-441d-949c-c22f81ce00e0 webexdomainverification.KK48=150225ca-a113-4206-9228-4e3460b52486 webexdomainverification.1TKBV=0b486704-ef66-4735-96f0-8b4af777b303 webexdomainverification.1TKU2=55bfd798-3032-4b19-9e4d-1a3cdc9f83dd webexdomainverification.7VRFC=41f26899-9147-46be-927a-64a4921bce12 webexdomainverification.8BOEU=a4a75bdf-0a9d-419b-bad5-09ed7837a3a4 apple-domain-verification=_tTrLth1tZlC6XJXF7Ot2qt-U0o_cPfdE1qif1tDlDo XP24tQeCoyIoYKFUDBai/TAmSrkfqDi8E276kwIOINKuXcgwMZwhckPM+6x5egH7+IV5OFBRNkdgRIHm... SPF v=spf1 ip4:171.161.41.178 ip4:171.159.227.167 ip4:171.161.147.155 include:spf-00... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 182 ms totalPASS
https://bankofamerica.com
21 ms · HTTP/1.1
https://www.bankofamerica.com/
161 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://bankofamerica.com | 301 | 21 ms | HTTP/1.1 | CloudFront |
| 2 | https://www.bankofamerica.com/ | 200 | 161 ms | HTTP/1.1 |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 27 URLsPASS
User-agent: * # applies to all robots
Disallow: /global # disallow indexing of restricted areas
Disallow: /cfdocs
Disallow: /thirdparty
Disallow: /directbenefits
Disallow: /groupbanking
Disallow: /incubator
Disallow: /signin
Disallow: /associatebanking
Disallow: /cgi-bin
Disallow: /deposits/*.pdf$
Disallow: /deposits/*.swf$
Disallow: /deposits/*.txt$
Disallow: /products/deposits/
Disallow: /banking-information/associatebanking/
Disallow: /banking-information/employeebanking/
Disallow: /products/employeebanking/
Disallow: /employeebanking
Disallow: /employeebankingandinvestments
Disallow: /*slider-module.go
Disallow: */hp-assets/
Disallow: /financial-wellness/
# Disallow URLs with tracking parameters
Disallow: /adtrack/
Disallow: /*adlink
Disallow: /*cm_mmc
Disallow: /weblinking/
Disallow: /mortgage_network/
Disallow: /*cm_sp
Disallow: /*reason=QKN
Disallow: /*msg=OnlineIdEmpty
Disallow: /*SOURCE_URL
# Disallow mobile content
Disallow: /promos/jump/package/iPhone/
Disallow: /promos/jump/package/mobile/
User-agent: gsa-crawler # Special rule just for Google Search Appliance
Disallow: /global
Disallow: /cfdocs
Disallow: /thirdparty
Disallow: /directbenefits
Disallow: /groupbanking
Disallow: /incubator
Disallow: /signin
Disallow: /cgi-bin
Disallow: /deposits/*.pdf$
Disallow: /deposits/*.swf$
Disallow: /deposits/*.txt$
Disallow: /products/deposits/
Disallow: /banking-information/associatebanking/
Disallow: /banking-information/employeebanking/
Disallow: /products/employeebanking/
Disallow: /employeebanking
Disallow: /employeebankingandinvestments
Disallow: /*slider-module.go
Disallow: */hp-assets/
Disallow: /financial-wellness/
# Disallow URLs with tracking parameters
Disallow: /adtrack/
Disallow: /*adlink
Disallow: /*cm_mmc
Disallow: /weblinking/
Disallow: /mortgage_network/
Disallow: /*cm_sp
Disallow: /*reason=QKN
Disallow: /*msg=OnlineIdEmpty
Disallow: /*SOURCE_URL
# Disallow mobile content
Disallow: /promos/jump/package/iPhone/
Disallow: /promos/jump/package/mobile/
User-agent: OmniExplorer_Bot
Disallow: /
# Allow mobile content for primary mobile bots
User-agent: Googlebot-Mobile
User-agent: msnbot-mobile
User-agent: YahooSeeker/M1A1-R2D2
Disallow: /global
Disallow: /cfdocs
Disallow: /thirdparty
Disallow: /directbenefits
Disallow: /groupbanking
Disallow: /incubator
Disallow: /signin
Disallow: /associatebanking
Disallow: /cgi-bin
Disallow: /deposits/*.pdf$
Disallow: /deposits/*.swf$
Disallow: /deposits/*.txt$
Disallow: /products/deposits/
Disallow: /banking-information/associatebanking/
Disallow: /banking-information/employeebanking/
Disallow: /products/employeebanking/
Disallow: /employeebanking
Disallow: /employeebankingandinvestments
Disallow: /*slider-module.go
Disallow: */hp-assets/
Disallow: /financial-wellness/
# Disallow URLs with tracking parameters
Disallow: /adtrack/
Disallow: /*adlink
Disallow: /*cm_mmc
Disallow: /weblinking/
Disallow: /mortgage_network/
Disallow: /*cm_sp
Disallow: /*reason=QKN
Disallow: /*msg=OnlineIdEmpty
Disallow: /*SOURCE_URL
sitemap: https://www.bankofamerica.com/content/sitemap_index.xml
#Deployed from SPARTA
#CAST ID for this deployment #78658
#www robots.txt
- https://www.bankofamerica.com/accessible-banking/spa-assets/sitemap.xml
- https://www.bankofamerica.com/auto-loans/spa-assets/sitemap.xml
- https://www.bankofamerica.com/company/spa-assets/sitemap.xml
- https://www.bankofamerica.com/content/sitemap_desktop_www.xml
- https://www.bankofamerica.com/content/sitemap_video_www.xml
A+Domain Intelligencebankofamerica.com — via CSC Corporate Domains, Inc., 27 years, 8 months old, hosted on AWSPASS
167 days
December 28, 2026
147 days
Issued by DigiCert Inc
27 years, 8 months
Registered December 28, 1998
Enabled
Protects against DNS spoofing
AWS
ASN AS16509
3.173.21.90
CSC Corporate Domains, Inc.
Expiry timeline
Recommended actions
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice