Skip to content
https://cdc.gov

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
95
GRADE
A
FIX
0
REVIEW
3
PASS
6
INFO
0
Probed from Madrid, Spain
200 OK
Checks
9
6 PASS 3 REVIEW
B
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
REVIEW
www/non-www, trailing slash, HTTP→HTTPS
Critical::
Both www and non-www versions serve content
Got: Both variants return 200 Expected: One variant 301-redirects to the other
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.cdc.gov/
200https://cdc.gov/

Inconsistent — duplicate content risk

HTTP → HTTPS

301http://cdc.gov/ https://cdc.gov/

Consistent

B
TLS Certificate Expiry & Recommendations
33 days until leaf cert expires — 2 issues to address
REVIEW

Certificate validity

33
days left
0d 30d 60d 90d+

Recommended actions

  • Submit your domain to hstspreload.org to be added to the Chrome preload list
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN & Delivery
Azure CDN
REVIEW
Azure CDN
Info::
Site is served via Azure CDN CDN
Got: x-azure-ref: 20260416T163734Z-1564475565frphq5hC1PHL41g40000000190000000004nz6
CDN Detected: Azure CDN
Provider Azure CDN Evidence x-azure-ref: 20260416T163734Z-1564475565frphq5hC1PHL41g40000000190000000004nz6
A+
DNS Records
2 A records, 80 ms lookup
PASS
2 A records, 80 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 23.211.15.150, 23.211.15.141
Info::
Has 2 IPv6 (AAAA) record(s)
Got: 2a02:26f0:e0::211:25b8, 2a02:26f0:e0::211:25a2
Info::
6 nameserver(s) configured
Got: a9-64.akam.net, a5-66.akam.net, a28-65.akam.net, a8-67.akam.net, a2-64.akam.net, a1-43.akam.net
Info::
4 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 80 ms
Got: 80 ms
A23.211.15.150, 23.211.15.141
AAAA2a02:26f0:e0::211:25b8, 2a02:26f0:e0::211:25a2
CNAME
NSa9-64.akam.net, a5-66.akam.net, a28-65.akam.net, a8-67.akam.net, a2-64.akam.net, a1-43.akam.net
MX
10 primary.us.etp.fireeyegov.com
20 alt1.us.etp.fireeyegov.com
30 alt2.us.etp.fireeyegov.com
40 alt3.us.etp.fireeyegov.com
TXT
_mhpeli9n9zj3rasw6wfiuch30t2sjlw
adobe-idp-site-verification=4089552e88740d878b0400d184ab01c0b7391e6dc85796732000...
google-site-verification=nZIK8Rc0sw4MxlgnsYseSBTdcyDXeLFR6P5FIAbgSEM
google-site-verification=qZbBdujV5kZQv_pCqV2wpfSU25odH35HQukm5ACyLNs
atlassian-sending-domain-verification=f2ef9649-6a78-47f6-9990-44a295ae5b5a
geneious.com:domain-verification=DP8tae0qCr-FH6KGRvMwWA
_ddb344bjip99et71u5cidtx1t53ezdl
_v0e31vq52ru6qgumyh95pylxoe5kmby
SPF v=spf1 ip4:51.5.72.0/24 ip4:172.81.81.38 ip4:51.4.72.0/24 ip4:51.5.80.0/27 ip4:5...
_bthbaxy8p6mr5c0o5r7pit3d25lgztb
4FF7-1931-E8C2-912B-94CF-BCB0-806A-7442
google-site-verification=GkbnFA_aF3RXaZOC3deEsrGqs0fmTXyys2hbIn1nVcM
ZOOM_verify_yEK5MgTwT72nP5URz-eoaA
v4ixju/hXVFXszYswwinkbStpHoDb361lQekI6rkjQ2DV4HHKdN/FJPvMAO88x1rTaRwf29UYwPAq6Lq...
dtm-domain-verification=KQ1rIgUP8GpiV9mSmysS40YKtHjVrI0VF938cuCAWXQ
atlassian-sending-domain-verification=977cbfcd-c314-42dc-9d86-32e2abca00ac
atlassian-domain-verification=qjHCJ33pyZHmggxdcFDtGiegrc/iLSyVUIG0LAu1g7XW1JnMda...
apple-domain-verification=VOKePKhT9MhX9zmq
google-gws-recovery-domain-verification=42225222
amazonses:OhxI8Nxovqf1xBmhK5S9kNk7vo9XV4GmGe6LVc+ji80=
openai-domain-verification=dv-hbgCCuVm9CpZSVXjvFPfivD5
identrust_validate=B/Pm/IvNx8tLDDFRsJXBs+oweQGmx08QZ6xK0IvBQn3R
268BC041572123F15C5566E5F3D88675FABCC028427B501AE228CA9BB31630D5
MS=ms84056562
CAALookup not available with standard resolver
Resolved in 80 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+
Redirect Chain
No redirects — direct access
PASS
No redirects — direct access
Info::
No redirects — direct access
Got: https://cdc.gov

https://cdc.gov

64 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://cdc.gov20064 msHTTP/1.1
A+
IPv6 Readiness
IPv6 reachable (0 ms)
PASS
IPv6 reachable (0 ms)
Info::
IPv6 is configured and reachable at 2a02:26f0:e0::211:25b8, 2a02:26f0:e0::211:25a2
Got: 0 ms connect
IPv6 Ready
AAAA Records 2a02:26f0:e0::211:25b8, 2a02:26f0:e0::211:25a2 Connection Reachable (0 ms)
A+
Crawlability
robots.txt present, sitemap with 911 URLs
PASS
robots.txt present, sitemap with 911 URLs
Info::
robots.txt is present
Got: 1699 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 911 entries
Info::
Sitemap index with 911 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 1699 B Sitemaps referenced 1 User-agents *, Roverbot, EmailSiphon, MindSpider Blocking No — crawling allowed
# Ignore FrontPage files

User-agent: *

Disallow: /_borders

Disallow: /_derived

Disallow: /_fpclass

Disallow: /_overlay

Disallow: /_private

Disallow: /_themes

Disallow: /_vti_bin

Disallow: /_vti_cnf

Disallow: /_vti_log

Disallow: /_vti_map

Disallow: /_vti_pvt

Disallow: /_vti_txt


# Do not index the following URLs

Disallow: /travel/

Disallow: /flu/espanol/

Disallow: /migration/

Disallow: /Features/SpinaBifidaProgram/

Disallow: /concussion/HeadsUp/training/

Disallow: /niosh/archive/

Disallow: /TemplatePackage/examples

Disallow: /TemplatePackage/gadgets

Disallow: /TemplatePackage/modules

Disallow: /TemplatePackage/subtopic

Disallow: /TemplatePackage/Templates

Disallow: /TemplatePackage/3.0/examples

Disallow: /TemplatePackage/3.0/Templates

Disallow: /TemplatePackage/4.0/docs

Disallow: /TemplatePackage/4.0/gallery-internal

Disallow: /templatepackage/examples

Disallow: /templatepackage/gadgets

Disallow: /templatepackage/modules

Disallow: /templatepackage/subtopic

Disallow: /templatepackage/Templates

Disallow: /templatepackage/templates

Disallow: /templatepackage/3.0/examples

Disallow: /templatepackage/3.0/Templates

Disallow: /templatepackage/3.0/templates

Disallow: /templatepackage/4.0/docs

Disallow: /templatepackage/4.0/gallery-internal

Disallow: /templatepackage/dmat


# Rover is a bad dog

User-agent: Roverbot

Disallow: /


# EmailSiphon is a hunter/gatherer which extracts email addresses for spam-mailers to use

User-agent: EmailSiphon

Disallow: /


# Exclude MindSpider since it appears to be ill-behaved

User-agent: MindSpider

Disallow: /


# Sitemap link per CR14586

Sitemap: https://www.cdc.gov/wcms-auto-sitemap-index.xml
sitemap.xml 200 OK
Type Sitemap Index URLs 911 entries Valid XML Yes
Child Sitemaps:
A+
Domain Intelligence
cdc.gov — via get.gov, 28 years, 11 months old
PASS
cdc.gov — via get.gov, 28 years, 11 months old
Info::
Domain registered until Aug 21, 2026 (4 months remaining)
Info::
DNSSEC is enabled
Info::
Registrar: get.gov
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Domain expiry

67 days

August 21, 2026

SSL certificate

33 days

Issued by DigiCert Inc

Domain age

28 years, 11 months

Registered October 2, 1997

DNSSEC

Enabled

Protects against DNS spoofing

Hosting

Unknown

2a02:26f0:e0::211:25b8

Registrar

get.gov

Unlocked 6 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Renew the domain or enable auto-renewal to prevent accidental expiry
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar get.gov
Created October 2, 1997 (28 years, 11 months ago)
Expires August 21, 2026 (4 months)
Last Updated September 26, 2025
Name Servers a1-43.akam.net, a2-64.akam.net, a28-65.akam.net, a5-66.akam.net, a8-67.akam.net, a9-64.akam.net
DNSSEC Enabled
Registrant REDACTED FOR PRIVACY
Hosting
IP Address 2a02:26f0:e0::211:25b8
Data source: rdap (0.5s)

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 69 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
30 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
1 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
33 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
69 ms
Total Time Total request time from DNS lookup through full response.
69 ms

Connection waterfall

DNS Lookup 30 ms TCP Connect 1 ms TLS Handshake 33 ms Server Processing 4 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback