Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BTLS Certificate Expiry & Recommendations198 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records4 A records, 175 ms lookupPASS
| A | 3.162.247.49, 3.162.247.6, 3.162.247.82, 3.162.247.56 |
| AAAA | 2600:9000:2618:1e00:8:4496:4180:93a1, 2600:9000:2618:1400:8:4496:4180:93a1, 2600:9000:2618:9000:8:4496:4180:93a1, 2600:9000:2618:4200:8:4496:4180:93a1, 2600:9000:2618:2400:8:4496:4180:93a1, 2600:9000:2618:7800:8:4496:4180:93a1, 2600:9000:2618:8000:8:4496:4180:93a1, 2600:9000:2618:1200:8:4496:4180:93a1 |
| CNAME | — |
| NS | ns-1480.awsdns-57.org, ns-1962.awsdns-53.co.uk, ns-298.awsdns-37.com, ns-769.awsdns-32.net |
| MX | 1 aspmx.l.google.com 5 alt2.aspmx.l.google.com 5 alt1.aspmx.l.google.com 10 alt3.aspmx.l.google.com 10 alt4.aspmx.l.google.com |
| TXT | 1password-site-verification=5WC3TEJLRREGRKR2ISSIWBLOL4 MS=880F4748C24452A4F1DDBDFDCD356CA0B3B1D5E0 MS=ms76961327 _kqsuuach6tbagrc87quujr5b78tx784 adobe-idp-site-verification=a45ecfcb5974389d24c0bcb2aa8ab2a359b2aa4a69838a350635... anthropic-domain-verification-pvke6p=koDbECmDaEfRYnDbDehGpKZI6 ca3-1c005c5a80ee4c30a0290c7eb53e0ab5 cursor-domain-verification-7e5z3g=EDly4k1AfSUKxtsDJVK4ulzt4 docusign=c21075d5-698a-4531-86ec-d17e9eea4155 eppo-data-domain-verification-zz339t=QOWOyDZXKvUl1yQQCUdvWla0n facebook-domain-verification=43fulpvnj58vh7vqj1cdq7ibky5shn google-site-verification=6yXTl_GBV48WZQx1bPweEvC19oULtfxojPoNylrEz1E google-site-verification=7iLCwqddBc3lpvssnnz30WxrKPNeuf9GsYY5Tu0nRWc google-site-verification=GXz6h33cQ166RXYz8OmuY5ValPFVnrWXBrZB2fsmRcY google-site-verification=IjMWJ-9aZcHqivGqB40_W7fc2iooVvY8lwJbQvAKDIw google-site-verification=RA3ngRWOgEL05ABw0V3Q3nFGv61vNFwURw5rg0xOxdE google-site-verification=SzL6t_4mAWu8TBUt9OBhHnbLMiVmGALza4ux3YDuLgE google-site-verification=YXCVxSjCpEftf3AxQMU8q-6Xj3k5l3JD_2ew33ne5i8 google-site-verification=iOtCbvqPP8mxG0PMuoPgVTe1CUYjNeDMPgC8pGNCPW8 google-site-verification=mA9LytKzaYEzebtWUcPbs-MBhi_v6x9QxG_uAavGcYg google-site-verification=mXwYhuwXoRdlfmQ0kIELMvcG2Ffi19YCyNfNwbnHtUw google-site-verification=s1DkH7V2Ofnk4MFWAhovBKaskp-vqnNw8r9ZZbW7rw0 h1-domain-verification=b76ZvjtDtWgwkxyQ6nWs7imaATV4UuFNC24KF2451Ms2SxLy hubspot-developer-verification=MzYwNWZhMzctMDlkMi00YjFhLTgxMjMtMmU4MTBkOWQwYjRl loom-site-verification=549fcc52c4fc4d0db1f8ba3cf5f3a235 openai-domain-verification=dv-YVsTq2IXkkyb8UAEnq8vMRoW openai-domain-verification=dv-rmUt4rb5oPunKGWpUDm5fVcx parallels-domain-verification=c617bfa7b6ad499a992d6fd9bfa890ba222afe20b67646efb5... pendo-domain-verification=9dcd1017-80ab-4397-9dee-1751a578522c postman-domain-verification=d67e8c10a203660ad91f0a219252951e1beb6cd3e38e12933b80... ps-cd-verification=592544b9-ac5c-45ad-8e61-d7496e20ea90 segment-site-verification=KoguFnloPsYpTSy0OEpRmptCDUhZZnih stripe-verification=59cd619e7b056e0bb4264f5dae7f293120c6ff79699a2e7052df17de89b6... stripe-verification=d8cb8993e0f3b1f4ab3b30216e1799717d8f74236283e54109c7252b4400... twilio-domain-verification=30469a41349e661576ee1b7a943736b7 SPF v=spf1 include:_spf.google.com include:amazonses.com include:mail.zendesk.com in... w1xczd2rhx8lt48k4mbl7z97rx67x1mq zQqh6VDaII38TcL52OdvmIFvk5jJfQ zapier-domain-verification-challenge=f3572a60-e411-450c-a7d8-69fcfaa22ab3 |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
https://clickup.com
275 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://clickup.com | 200 | 275 ms | HTTP/1.1 | AmazonS3 |
A+IPv6 ReadinessIPv6 reachable (2 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 26 URLsPASS
User-agent: *
Allow: /
# General Exclusions
Disallow: /cdn-cgi/
Disallow: /jira-switch
Disallow: /lp/
Disallow: /partners/aws-activate
Disallow: /pdf/Take_These_3_Actions_751984_ndx.pdf
Disallow: /preview/
Disallow: /remove*
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-json/
# Blog Pagination and Taxonomy
Disallow: /blog/tag/
Disallow: /*/blog/tag/
Disallow: /*/blog/author/
# Query Parameters (General)
Disallow: /*?attachment_id=
Disallow: /*?cat=
Disallow: /*?q=
Disallow: /*?s=
Disallow: /*replytocom=
# Tracking and Marketing Parameters
Disallow: /*_bhiiv=
Disallow: /*_ga=
Disallow: /*_gl=
Disallow: /*bhcl_id=
Disallow: /*dclid=
Disallow: /*fbclid=
Disallow: /*gclid=
Disallow: /*gclsrc=
Disallow: /*icid=
Disallow: /*irclickid=
Disallow: /*mc_cid=
Disallow: /*mc_eid=
Disallow: /*msclkid=
Disallow: /*ref=
Disallow: /*reg=
Disallow: /*spc-source=
Disallow: /*utm_*
Disallow: /*yclid=
User-agent: AdsBot-Google
Allow: /
User-agent: AdsBot-Google-Mobile
Allow: /
Sitemap: https://clickup.com/sitemap.xml
- https://clickup.com/sitemap-landing.xml
- https://clickup.com/blog/sitemap.xml
- https://clickup.com/sitemap-next.xml
- https://clickup.com/sitemap-programmatic...
- https://cdn.web.clickup.com/sitemap-temp...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-blog...
- https://cdn.web.clickup.com/sitemap-agen...
- https://clickup.com/api/sitemap.xml
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
ADomain Intelligenceclickup.com — via Amazon Registrar, Inc., 25 years, 1 months oldPASS
EXPIRED
July 5, 2026
198 days
Issued by Amazon
25 years, 1 months
Registered July 5, 2001
Not enabled
Protects against DNS spoofing
Unknown
2600:9000:2618:ca00:8:4496:4180:93a1
Amazon Registrar, Inc.
Expiry timeline
Recommended actions
- Domain has EXPIRED — renew immediately to avoid total site outage
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Consider enabling auto-renewal to prevent accidental expiration.
Domain expiry approaching — renew immediately and ensure auto-renew + alerting are configured.
Source: ICANN renewal policy
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice