Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BTLS Certificate Expiry & Recommendations60 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 104 ms lookupPASS
| A | 141.193.213.20, 141.193.213.21 |
| AAAA | — |
| CNAME | — |
| NS | meadow.ns.cloudflare.com, leland.ns.cloudflare.com |
| MX | 0 cdbaby-com.mail.protection.outlook.com |
| TXT | 56d120599789514e4e2cb34a5430c8d15abff160cf2f8aa9a4 zz1ylp7vdx7mb88s2twwss080rlnyh2q google-site-verification=--NbYEwEXES_RJAbw3dmdganaeG33w1Cx_2VjL4T0dU vmware-cloud-verification-a15979ab-81d3-4ec4-9600-9c507d3f47b0 adobe-idp-site-verification=c15ec0b6934d274b661a02091ba392233c5a2780e03d153d6078... h1-domain-verification=EGfTK6ZGWWdq3xK9KmR4RJpy7arKiHzm7CiGmuv63WFPBrek FEFDFAEED9 ZOOM_verify_pK4JYZLkSUOaDlfoeFd66g miro-verification=2936141095b2f5df9990ddc843063b9991836410 google-site-verification=Uuv7tKIoPeX7QRTzTGP8lTkNVJ3K4h674i1Zqwwbv0k 5Bc15S4O4i7dAp6RR1ZLeYr98FC8PkmvxmIwIWeTllsr8XqD4XsHV2tD3zPmT1XwrmOIEFPHjShb9PpM... apple-domain-verification=RPeJRjDKrA6NbpUc atlassian-domain-verification=I6JcWBVh81qaQ8HSZqN+srLr2qtl56YVKw5bxIfqrpPRmYMtHk... atlassian-domain-verification=spWekJyH0X8kOfEVTvk/twmq5Ob1VsuVxP8IjBUK7WUPVQ8UBi... BvjwsBvsoQFMKNEa0QKzxbnO_jo xk549l4dbt73l5br3tx4pmxgrsbzp24p google-site-verification=Bf8pAzJ5Q2pledy_5vebTeRKTvO2Jq5ISgjnmHdyhK0 rippling-domain-verification=8165e1790fe4c704 cloudflare_dashboard_sso=da21b3c7b98d459ab43e8dc4516935f3 MS=ms98753351 Mosyle-verification-code=846871375 slack-domain-verification=YQWaQeY1OfEFc3V8NdBAgnoIYcTLCXkuqckqNq9T B1F0265F76 twilio-domain-verification=31f08ff144ff70628c9edec664bbe438 _861xasgfq09s9o7vm5ub9s7bjl14fdk atlassian-sending-domain-verification=841ce19e-3cbb-499b-8428-71460c33a702 DirectFedPassiveSignInUri=https://cdbaby.onelogin.com/trust/wsfed2007-06/passive... h1-domain-verification=6QJR9GV1Ve3EqGFf2h9AMVhYtTzSUnvQQN59Lp6J3rzg7D9F SPF v=spf1 ip4:72.15.238.192/26 ip4:65.155.172.144/29 ip4:208.85.55.207 ip4:208.176.... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
https://cdbaby.com
192 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://cdbaby.com | 200 | 192 ms | HTTP/1.1 | cloudflare |
A+Crawlabilityrobots.txt present, sitemap with 1 URLsPASS
Crawl-delay: 10
# START YOAST BLOCK
# ---------------------------
User-agent: *
Disallow:
User-agent: GPTBot
Allow: /
User-agent: OAI-SearchBot
Allow: /
User-agent: Google-Extended
Allow: /
User-agent: CCBot
Allow: /
User-agent: anthropic-ai
Allow: /
User-agent: PerplexityBot
Allow: /
User-agent: Amazonbot
Allow: /
User-agent: cohere-ai
Allow: /
User-agent: ias-va
Allow: /
User-agent: Applebot
Allow: /
User-agent: Applebot-Extended
Allow: /
User-agent: facebookexternalhit
Allow: /
Sitemap: https://cdbaby.com/sitemap_index.xml
# ---------------------------
# END YOAST BLOCK
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencecdbaby.com — via Tucows Domains Inc., 28 years, 6 months old, hosted on CloudflarePASS
599 days
March 9, 2028
60 days
Issued by Google Trust Services
28 years, 6 months
Registered March 10, 1998
Not enabled
Protects against DNS spoofing
Cloudflare
ASN AS209242
141.193.213.20
Tucows Domains Inc.
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice