Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
BRedirect Chain1 redirect(s), 1543 ms totalREVIEW
https://bayer.com
487 ms · HTTP/1.1
https://www.bayer.com/
1056 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://bayer.com | 301 | 487 ms | HTTP/1.1 | |
| 2 | https://www.bayer.com/ | 403 | 1056 ms | HTTP/1.1 | AkamaiGHost |
See the visual redirect chain in the HTTP Probe tab →
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BCrawlabilityno robots.txt, no sitemapREVIEW
robots.txt is optional but recommended. It tells search engine crawlers which pages to index.
No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.
Learn more ▾ ▴
A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.
Source: robotstxt.org
A sitemap helps search engines discover and index your pages more efficiently.
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
No robots.txt found
This is fine for most sites — a missing robots.txt allows all crawling by default.
No sitemap found
Adding a sitemap helps search engines discover your pages.
BTLS Certificate Expiry & Recommendations34 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records1 A records, 17 ms lookupPASS
| A | 75.2.28.136 |
| AAAA | — |
| CNAME | — |
| NS | pdns1.cscdns.net, pdns2.cscdns.net |
| MX | 10 bayer-com.mail.protection.outlook.com |
| TXT | MS=ms11237447 MS=ms23358813 MS=ms26289049 MS=ms38518037 2i5pvp9le9qj4eb0md95r3kjqh 64ei5e7glsieeu64vg7d4b1hsi 6bn311u8pi9i1ko6r794no6aqn 7jb203fedajm8o9gtnuvvurd13 9p0a975ih153fb8edcjpmonlrd avqfbpkmr2k17argucmdv4ilme d0fl64vifokma57inat5i81nid g3i6bg9qi4qukvkhrn6g62kju1 ic9i7t2lf5qva2jjhfuscs6sjr ieie853il7a88s5fn00tha518b kgmmnavj7969qbv0dfhnr09hkk mjk8e1sof6a7kd4sk38pde0amc qp0rtvjs4hqf3oqch3q45ufma8 rjbgcn15grmrckucv6g665hnb5 00D0900000CwnA7=1TBVi00000008wr 00D0k0000009ipl=1TB9h00000000JN 00D10000000Y6Yq=1TBfu00000000rH 00D1e0000000pDk=1TBA800000007sj 00D2D0000008acZ=1TBVG00000003Ir 00D2o000000kyKU=1TBVK00000002TF 00D30000001JCsV=1TBPZ00000006a6 00D3J0000000noE=1TBU700000003Ir 00D5D00000095kO=1TB9I00000001x2 00D90000000knko=1TBOb000000060b 00D9Q00000MQjeL=1TB9Q0000000Ue1 00DA80000068ETl=1TBA800000007xZ 00DAD000008K1DK=1TBAD00000006rp 00DAD000008K5dG=1TBAD00000003Ir 00DAD000008KJbO=1TBAD000000071V 00DBW000001AMuk=1TBBW00000001CG 00DBW000003uza9=1TBBW0000000673 00DC4000002gq7V=1TBC4000000040P 00DD0000000ppBX=1TBSe0000000319 00DE0000000L8lq=1TBUr00000007Ks 00DF70000009w8s=1TB9I00000003qj 00DFg00000A8JFq=1TBFg0000001Yin 00DO800000C3ASB=1TBO80000000f9d 00DTH000004RTmn=1TBTH0000000Ak9 00DTL000001ES0h=1TBTL0000000LCX 00DU8000004oRu3=1TBU8000000076N 00DVB000003t0Tt=1TBVB00000006Td 00DVF00000PVABB=1TBVF0000000CKX 00DVF00000PVkqF=1TBVF0000000Bt7 bb326f0daef5819504467d6250c0ed33 klaviyo-site-verification=Trbztw klaviyo-site-verification=WYQrUG cd238e82-c878-4810-941c-8940a68dc788 apple-domain-verification=RDG9gkSdIlljBqcq MS=1B54B417AFA12F8757AB4784956F97EB51E7E0C1 MS=F86CFEF58629E2CAC2E5A63CAE7048D5172437AB flexera-domain-verification-tginkgawpwpqaawn docusign=dfd72e7f-07e0-48c0-879f-d1d20cf34b09 docusign=ec37696c-688e-487e-99a3-763b0435540b canva-site-verification=m8xLDqaXVw5sA0r0xJJT7Q bw=LzIGYWPG6LEp861iE1ZiI9S9gP0KYa9lAFJnOKrEhbNf cloudhealth=0e935c9e-5328-4227-b4b8-903d4181664e cloudhealth=fc8c02ea-2ac2-4b61-9dfa-525665aa2980 airtable-verification=a9c5793441f3ac8237d6410b2cdd64d2 amazonses:+/bf+l8e4TM0+oVEDK9b4QuOYpmHG6ydDxiR6VPOa/A= docker-verification=feb2d437-ee2d-40c7-8e58-d4b5735bfea7 miro-verification=2a2a409c0674c8a0a4e60bc42afbbf1deb1faa3a mongodb-site-verification=C88QbWKSYNHMJ1Av4gToDuRihSjXKLke smartsheet-site-validation=9Z6xeuj-s78lSWn4ilDeyXGFKtGH-vVE sitecore-domain-verification=ea21b16be9484cc5b688981a5fa09f59 webexdomainverification.=1966971f-3389-4e32-bef5-9d5e486d686a anthropic-domain-verification-w1cj68=EFkPhw2cMTT5khu9DbPSAwMxy webexdomainverification.CSNE=1de3257e-7a2a-4c26-974e-f8803d94ca16 perplexity-ai-domain-verification-021es1=XAOsOv8tN9VTNscDUUWP7YsaX webexdomainverification.5A8VI=1ad87a42-19f3-45b4-a6ff-77e7400b421a google-site-verification=-INOKep17fJLoC_oIJJkqHUIUcnmq06pq0Zs-cYF7Xw google-site-verification=7XiG3x00Xbjl95ES4QbTz8Egug_ufy6MGQ9WtX8YV94 google-site-verification=9C-gKp0Pbqlt1VJfb1EpVCzocfiC6yD-nqKnF5vnYsc google-site-verification=9G_sTM521-ECwn4zhnrvNiH5LCo-cS2pauqMlnMBmJw google-site-verification=ThgLd41yfxOKPhqqGPmNcMRRVeBaeDyBvd31hXwexbI google-site-verification=l1Wyk8ZKM9T5ycAIN0IPDUQpYAlNEbd1BctqQvjlVhw google-site-verification=q0bJ9DheOdD2wWh-cXATAwegCtse4Awcd9TWGcsF2fA globalsign-domain-verification=2QrlXXqyXXI_ApEpYDsMEVu9Np8WWtBkG3EoZUS9en globalsign-domain-verification=8Hc_jMTqHgUmMuIarmRvVeAq7iULrriu-xdH0PVUHw globalsign-domain-verification=FIVZ-nLstawJ1YWKqvfAq_3xzAwrn55B53y39ivbwx globalsign-domain-verification=SGrnqhZCZWArq6aL8XHEs0BeXlJJLG2lImJwGItvqm globalsign-domain-verification=o-DiosQnPk3SYz0M8A5loZDssS0EzBrv3tnXlLdf7o sending_domain465562=e36d79b211cbbded8d9d7427f8443c38e954a557c7355b555c228027f08... 1xHE47EKeta3a/dcZ7BFJ+wnSUjiJE2Tm8kOFKSjzTYIsgZabtksnEyzxsVWJt3olNGWQTSQnlZcl7Y+... n40EFaZWonkmpkGN8cQCVIS4vG0EiJB8rSyewIJ8h62XbILeiE6j4TT2MtNk4hO5sOZMjmt0jOpwgA0F... cisco-ci-domain-verification=68909ac1348803c7966c4aae58085158f174143f51f677e64ef... webexdomainverification.4C675B8B5978B136E053AB06FC0A3F65=bca34460-64c5-4265-9776... atlassian-domain-verification=QI5vYSVxXRTJSAWeUKXwZtEL+dFK5YFzM6cvSUpXz2fqx+Ii3G... atlassian-domain-verification=gsL1oEUHCm8KcMGH0XdPdpVlOTb1Y/Nuc1PtlZVnrMUCeTvGXe... atlassian-domain-verification=i2lRNGsTyIBDf/YBjXD3JmKzfUkbXRDNkOlGoa6WZTokNwaSeX... atlassian-domain-verification=mdTg1ASPIg2gImkSPTdcU1QhJRQvtk+2MCVvbkRVpXUZBUFI93... 00D1a000000aWe4=1TBPa0000000Ax3;00DOy00000LW2k9=1TBOy0000000SkH;00DO300000GgyMN=... 00D9b00000RIRtu=1TB9b0000000JPF;00D7E000000AiG5=1TB9b0000000B1t;00D7Q000000JD3... B3FC082CB302EC242E47B99009AAC082.55508D2026310BBBADC3C82F1DCCC805.82dd8b66b6c544... wrike-verification=NTYzNjAyOTphYTAwMjZjN2Q1MmVjNmM4NjU5MWQ0NjVmZThmNmQxYzhmYTZiO... SPF v=spf1 a mx ip4:192.237.159.170 ip4:166.78.71.146 ip4:192.237.159.44 ip4:23.253.... |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencebayer.com — via CSC Corporate Domains, Inc., 30 years, 8 months old, hosted on AWSPASS
192 days
January 26, 2027
34 days
Issued by Let's Encrypt
30 years, 8 months
Registered January 25, 1996
Not enabled
Protects against DNS spoofing
AWS
ASN AS16509
75.2.28.136
CSC Corporate Domains, Inc.
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice