Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DTLS Certificate Expiry & RecommendationsAction12 days until leaf cert expires — 4 issues to addressFIX
Certificate validity
Recommended actions
- Renew certificate — 12 days remaining
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BCDN & DeliveryCloudflareREVIEW
A+DNS Records2 A records, 18 ms lookupPASS
| A | 104.18.69.40, 104.18.68.40 |
| AAAA | 2606:4700::6812:4428, 2606:4700::6812:4528 |
| CNAME | — |
| NS | erin.ns.cloudflare.com, oswald.ns.cloudflare.com |
| MX | 1 aspmx.l.google.com 5 alt2.aspmx.l.google.com 5 alt1.aspmx.l.google.com 10 alt4.aspmx.l.google.com 10 alt3.aspmx.l.google.com 15 lnj56jp4ra3o7d6hsl7olg7nqlgjjzemg3eufw25ct6c27x3g42q.mx-verification.google.com |
| TXT | _3udj2lv12qarc8rnlou4ta02unzt5m0 anthropic-domain-verification-jvpzvk=ChZIvRXeV87cHHmKbDXPyqPMP apple-domain-verification=HNy-LMXQF57YmcSeIPw0yYozje5XQlNSmT2F5Fvo8Bo apple-domain-verification=YyMZDZhINYznG700 apple-domain-verification=nXN8auJw70ujnX0JjYYeF3lV72RQ_f6VRFiTFEyhB68 elevenlabs=TvaRL52QSIPGTIp1pyXF8JyTXAmyhgaU6L7Wtuz6DW8 facebook-domain-verification=jkyhpq44sio0ij3e4uqk1yw5t1m9kx google-site-verification=hXf8rQUZbl6PX5k87KIxY5spv1r1nm2O-wWG6ZEug3A google-site-verification=l24HMbw5pQIL2mMiNwBn3zdhy_hAq_H2VSNXCXfXctI google-site-verification=nvVtuDVWcL3QXYzMDNsl7OXU6ben9XWZiGFu9hCdRBA google-site-verification=oFFGw5E3BZDvxsHX8xNgUmKnfKaurRUypOOSDHLlA-Q google-site-verification=uq5i-I63xDjg4B6e6c_Tm2F_SQ_hFN9GDSn_fQdhNJg linkedin-site-verification=76e194bd-321d-4b3b-903c-142423838f95 loaderio=9f584d484ae54ae424b5cb3f387d83ce make-domain-verification=223409a5-7dde-4f58-87d0-93e659af869e twilio-domain-verification=9190707e80181daab06ca69ba1279b94 SPF v=spf1 include:_spf.google.com include:mail.zendesk.com -all |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 208 ms totalPASS
https://beehiiv.com
26 ms · HTTP/1.1
https://www.beehiiv.com/
182 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://beehiiv.com | 301 | 26 ms | HTTP/1.1 | cloudflare |
| 2 | https://www.beehiiv.com/ | 200 | 182 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+IPv6 ReadinessIPv6 reachable (1 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 3 URLsPASS
# *
User-agent: *
Allow: /
Disallow: /ads-exclusion
Disallow: /linkedinpremium
Disallow: /amazoncreatorstars
# Block literal bracket patterns (invalid URLs)
Disallow: /application/%5Bapplication_name%5D
Disallow: /application/%5Bapplication_name%5D/
Disallow: /buyers-guide/%5Bslug%5D
Disallow: /buyers-guide/%5Bslug%5D/
Disallow: /case-studies/%5Bslug%5D
Disallow: /case-studies/%5Bslug%5D/
Disallow: /experts/%5Bslug%5D
Disallow: /experts/%5Bslug%5D/
Disallow: /virtual-events/%5Bwebinar_name%5D
Disallow: /virtual-events/%5Bwebinar_name%5D/
Disallow: /features/%5Bslug%5D
Disallow: /features/%5Bslug%5D/
Disallow: /connect-with/%5Bslug%5D
Disallow: /connect-with/%5Bslug%5D/
Disallow: /partners/%5Bpartner_name%5D
Disallow: /partners/%5Bpartner_name%5D/
Disallow: /overview/%5Bslug%5D
Disallow: /splash-newsletter/%5Bslug%5D
Disallow: /splash-short/%5Bslug%5D
Disallow: /splash/%5Bslug%5D
Disallow: /report_abuse/%5B%5B...token%5D%5D
Disallow: /templates/%5Bslug%5D
Disallow: /templates/%5Bslug%5D/
Disallow: /resources/%5Blead_magnet%5D
Disallow: /i-am-a/%5Bslug%5D
Disallow: /i-am-a/%5Bslug%5D/
Disallow: /i-want-to/%5Bslug%5D
Disallow: /i-want-to/%5Bslug%5D/
# Block internal/registration routes
Disallow: /application/*/mfm
Disallow: /virtual-events/*/attendx
Disallow: /virtual-events/*/studio/
# Block Prismic dev tools
Disallow: /slice-simulator
Disallow: /slice-library
# Block internal support editor
Disallow: /kb-editor
Disallow: /kb-editor/
# OpenAI OAI-SearchBot — ChatGPT / AI-powered search (explicit allow; same path rules as *)
# https://developers.openai.com/api/docs/bots
User-agent: OAI-SearchBot
Allow: /
Disallow: /ads-exclusion
Disallow: /linkedinpremium
Disallow: /amazoncreatorstars
# Block literal bracket patterns (invalid URLs)
Disallow: /application/%5Bapplication_name%5D
Disallow: /application/%5Bapplication_name%5D/
Disallow: /buyers-guide/%5Bslug%5D
Disallow: /buyers-guide/%5Bslug%5D/
Disallow: /case-studies/%5Bslug%5D
Disallow: /case-studies/%5Bslug%5D/
Disallow: /experts/%5Bslug%5D
Disallow: /experts/%5Bslug%5D/
Disallow: /virtual-events/%5Bwebinar_name%5D
Disallow: /virtual-events/%5Bwebinar_name%5D/
Disallow: /features/%5Bslug%5D
Disallow: /features/%5Bslug%5D/
Disallow: /connect-with/%5Bslug%5D
Disallow: /connect-with/%5Bslug%5D/
Disallow: /partners/%5Bpartner_name%5D
Disallow: /partners/%5Bpartner_name%5D/
Disallow: /overview/%5Bslug%5D
Disallow: /splash-newsletter/%5Bslug%5D
Disallow: /splash-short/%5Bslug%5D
Disallow: /splash/%5Bslug%5D
Disallow: /report_abuse/%5B%5B...token%5D%5D
Disallow: /templates/%5Bslug%5D
Disallow: /templates/%5Bslug%5D/
Disallow: /resources/%5Blead_magnet%5D
Disallow: /i-am-a/%5Bslug%5D
Disallow: /i-am-a/%5Bslug%5D/
Disallow: /i-want-to/%5Bslug%5D
Disallow: /i-want-to/%5Bslug%5D/
# Block internal/registration routes
Disallow: /application/*/mfm
Disallow: /virtual-events/*/attendx
Disallow: /virtual-events/*/studio/
# Block Prismic dev tools
Disallow: /slice-simulator
Disallow: /slice-library
# Block internal support editor
Disallow: /kb-editor
Disallow: /kb-editor/
# Host
Host: https://www.beehiiv.com
# Sitemaps
Sitemap: https://www.beehiiv.com/sitemap-index.xml
A+Domain Intelligencebeehiiv.com — via Cloudflare, Inc., 5 years, 7 months oldPASS
88 days
October 8, 2026
12 days
Issued by Google Trust Services
5 years, 7 months
Registered October 8, 2020
Not enabled
Protects against DNS spoofing
Unknown
2606:4700::6812:4528
Cloudflare, Inc.
Expiry timeline
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry
- Renew the TLS certificate or verify auto-renewal is working
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice