https://canonical.com
Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
100
GRADE
A+
FIX
1
REVIEW
2
PASS
6
INFO
0
Probed from Sao Paulo, Brazil
200 OK
Checks
96 PASS 2 REVIEW 1 FIX
DCDN & DeliveryActionNo CDN detectedFIX
CDN & Delivery
ActionNo CDN detected
No CDN detected
Warning::
No CDN detected
A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.
No CDN detected
Consider using a CDN to improve global delivery speed and reduce origin load.
BHTTP Probe TimingTotal 993 ms — DNS, TCP, TLS, TTFB, content transfer breakdownREVIEW
HTTP Probe Timing
Total 993 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
184 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
178 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
182 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
761 msTotal Time Total request time from DNS lookup through full response.
994 msConnection waterfall
DNS Lookup 184 ms TCP Connect 178 ms TLS Handshake 182 ms Server Processing 217 ms Content Transfer 232 ms
BTLS Certificate Expiry & Recommendations84 days until leaf cert expires — 3 issues to addressREVIEW
TLS Certificate Expiry & Recommendations
84 days until leaf cert expires — 3 issues to address
Certificate validity
84
days left
0d 30d 60d 90d+
Recommended actions
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records3 A records, 195 ms lookupPASS
DNS Records
3 A records, 195 ms lookup
3 A records, 195 ms lookup
Info::
Resolves to 3 IPv4 address(es)
Got: 185.125.190.29, 185.125.190.20, 185.125.190.21
Info::
Has 3 IPv6 (AAAA) record(s)
Got: 2620:2d:4000:1::26, 2620:2d:4000:1::27, 2620:2d:4000:1::28
Info::
3 nameserver(s) configured
Got: ns1.canonical.com, ns2.canonical.com, ns3.canonical.com
Info::
1 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 195 ms
Got: 195 ms
| A | 185.125.190.29, 185.125.190.20, 185.125.190.21 |
| AAAA | 2620:2d:4000:1::26, 2620:2d:4000:1::27, 2620:2d:4000:1::28 |
| CNAME | — |
| NS | ns1.canonical.com, ns2.canonical.com, ns3.canonical.com |
| MX | 10 mx.canonical.com |
| TXT | stripe-verification=98BE42870B792CFFB903D0F2C986A63D047CAF3801CE7667CEEC65F4EB8F... site24x7-signals-domain-verification=b658d86f83932f4ad589595687cf5f20 site24x7-signals-domain-verification=b053701422ea32428dc87e6d694abea7 SPF v=spf1 include:_spf.canonical.com -all google-site-verification=987aj5PIoVpH3ybA_tMmNcCZ7sY64IUEGaeafo_hrFk miro-verification=2a474c203a12d0d3bdedb1dbfd7df2350d60c43d bw=FUPOteh4WFoKj2FJCprEWcFcZYwSQOSwgn2njwUTAlAn apple-domain-verification=p5U0KoYntPjPy6ah google-site-verification=RFZCSssfnIjPnBo0k6W72VsUfYqbknSNqIgy2TrcMms atlassian-domain-verification=EfMI3zSzpIoFk2/QhOqWVwC3swzqP9UryHYJFB0SyITHLVntyX... |
| CAA | Lookup not available with standard resolver |
Resolved in 195 ms
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Why this matters
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
Redirect Chain
No redirects — direct access
No redirects — direct access
Info::
No redirects — direct access
Got: https://canonical.com
https://canonical.com
724 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://canonical.com | 200 | 724 ms | HTTP/1.1 | nginx/1.14.0 (Ubuntu) |
A+IPv6 ReadinessIPv6 reachable (179 ms)PASS
IPv6 Readiness
IPv6 reachable (179 ms)
IPv6 reachable (179 ms)
Info::
IPv6 is configured and reachable at 2620:2d:4000:1::26, 2620:2d:4000:1::27, 2620:2d:4000:1::28
Got: 179 ms connect
IPv6 Ready
AAAA Records 2620:2d:4000:1::26, 2620:2d:4000:1::27, 2620:2d:4000:1::28 Connection Reachable (179 ms)
A+Crawlabilityrobots.txt present, sitemap with 9 URLsPASS
Crawlability
robots.txt present, sitemap with 9 URLs
robots.txt present, sitemap with 9 URLs
Info::
robots.txt is present
Got: 3134 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 9 entries
Info::
Sitemap index with 9 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 3134 B Sitemaps referenced 7 User-agents meta-externalagent, PerplexityBot, cohere-ai, ChatGPT-User, ClaudeBot, Bytespider, *, GPTBot, Claude-Web, anthropic-ai, Google-Extended Blocking No — crawling allowed
# ============================================================================
# robots.txt for canonical.com
# Optimized for maximum AI visibility and LLM Context Efficiency
# Last updated: 2026-04-16
# ============================================================================
# ============================================================================
# DEFAULT RULES — all crawlers
# ============================================================================
User-Agent: *
# Authentication, API & JSON endpoints
Disallow: /legal/contributors/agreement/api
Disallow: /asset/
Disallow: /careers/roles.json
Disallow: /juju/latest.json
Disallow: /user-country-tz.json
Disallow: /solutions/infrastructure/private-cloud-pricing.json
Disallow: /sitemap_parser
Disallow: /navigation
Disallow: /tests/
# Search and Form flows
Disallow: /search
Disallow: /juju/docs/search
Disallow: /dqlite/docs/search
Disallow: /maas/docs/search
Disallow: /mir/docs/search
Disallow: /microk8s/docs/search
Disallow: /contact-us
Disallow: /careers/application/
Disallow: /careers/results
Disallow: /*/thank-you
Disallow: /partners/thank-you
# Binary redirects & feeds
Disallow: /multipass/download/
Disallow: /blog/feed
Disallow: /maas/blog/feed
Disallow: /careers/feed
# Error pages
Disallow: /401
Disallow: /404
Disallow: /500
Disallow: /502
Crawl-delay: 1
# ============================================================================
# AI OPTIMIZED RULES
# Includes: OpenAI, Perplexity, and Anthropic
# ============================================================================
User-agent: GPTBot
User-agent: ChatGPT-User
User-agent: ClaudeBot
User-agent: Claude-Web
User-agent: anthropic-ai
User-agent: Google-Extended
User-agent: meta-externalagent
User-agent: PerplexityBot
User-agent: cohere-ai
User-agent: Bytespider
# Nudge toward Markdown endpoints
Allow: /*?format=md
# High-Value Content Priority (Verified product & doc routes)
Allow: /blog/
Allow: /documentation/
Allow: /knowledge/
Allow: /juju/docs/
Allow: /maas/docs/
Allow: /microk8s/docs/
Allow: /openstack/
Allow: /kubernetes/
Allow: /lxd/
Allow: /multipass/
Allow: /solutions/
Allow: /case-study
Allow: /academy/
# Block Noise (Preserve context window for technical content)
Disallow: /blog/author/
Disallow: /blog/tag/
Disallow: /blog/archive
Disallow: /maas/blog/author/
Disallow: /maas/blog/tag/
Disallow: /maas/blog/archive
Disallow: /contact-us
Disallow: /*/contact-us
Disallow: /*/thank-you
Disallow: /asset/
Disallow: /navigation
Disallow: /search
Disallow: /tests/
# Performance
Crawl-delay: 2
# ============================================================================
# SITEMAPS
# ============================================================================
Sitemap: https://canonical.com/sitemap.xml
# Prioritized Trees for AI Crawlers
Sitemap: https://canonical.com/sitemap_tree.xml
Sitemap: https://canonical.com/blog/sitemap.xml
Sitemap: https://canonical.com/microk8s/docs/sitemap.xml
Sitemap: https://canonical.com/maas/docs/sitemap.xml
Sitemap: https://canonical.com/data/docs/sitemap.xml
Sitemap: https://canonical.com/partners/sitemap.xml
sitemap.xml 200 OK
Type Sitemap Index URLs 9 entries Valid XML Yes
Child Sitemaps:
- https://canonical.com/sitemap_tree.xml
- https://canonical.com/careers/sitemap.xm...
- https://canonical.com/partners/sitemap.x...
- https://canonical.com/blog/sitemap.xml
- https://canonical.com/microk8s/docs/site...
- https://canonical.com/data/docs/sitemap....
- https://canonical.com/dqlite/docs/sitema...
- https://canonical.com/mir/docs/sitemap.x...
- https://canonical.com/maas/docs/sitemap....
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS
www / non-www
301https://www.canonical.com/
200https://canonical.com/
Preferred variant: non-www
HTTP → HTTPS
301http://canonical.com/ → https://canonical.com/
Consistent
A+Domain Intelligencecanonical.com — via MarkMonitor Inc., 30 years, 2 months oldPASS
Domain Intelligence
canonical.com — via MarkMonitor Inc., 30 years, 2 months old
canonical.com — via MarkMonitor Inc., 30 years, 2 months old
Info::
Domain registered until Jul 4, 2027 (1 years, 2 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: MarkMonitor Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Domain expiry
383 days
July 4, 2027
SSL certificate
84 days
Issued by Let's Encrypt
Domain age
30 years, 2 months
Registered July 5, 1996
DNSSEC
Not enabled
Protects against DNS spoofing
Hosting
Unknown
2620:2d:4000:1::28
Registrar
MarkMonitor Inc.
Unlocked 3 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar MarkMonitor Inc.
Created July 5, 1996 (30 years, 2 months ago)
Expires July 4, 2027 (1 years, 2 months)
Last Updated January 7, 2026
Name Servers ns1.canonical.com, ns2.canonical.com, ns3.canonical.com
DNSSEC Not enabled
Hosting
IP Address 2620:2d:4000:1::28
Data source: rdap (0.4s)
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Why this matters
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Why this matters
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.