Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
CTLS Certificate Expiry & RecommendationsAction24 days until leaf cert expires — 6 issues to addressREVIEW
Certificate validity
Recommended actions
- Renew certificate — 24 days remaining
- Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
- Extend HSTS max-age to at least 31536000 (1 year) to meet the preload list criteria
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records4 A records, 43 ms lookupPASS
| A | 151.101.2.133, 151.101.194.133, 151.101.130.133, 151.101.66.133 |
| AAAA | 2a04:4e42:600::645, 2a04:4e42:200::645, 2a04:4e42:400::645, 2a04:4e42::645 |
| CNAME | — |
| NS | a3-66.akam.net, a2-67.akam.net, a11-66.akam.net, a20-65.akam.net, a1-153.akam.net, a22-67.akam.net |
| MX | 10 colorado-edu.mail.protection.outlook.com |
| TXT | brevo-code:ac843dd83e2d2a3d8becd980f7193d9b jamf-site-verification=V7i5P5-QM02gTP25eIhZIA atlassian-sending-domain-verification=0b36ce8f-b8ec-42ae-8513-2264ea6d72e7 _3x6w07ujdy2wk71two4k8r4mwmtw6tq openai-domain-verification=dv-5hwuyXiWaOnaq12vb3n73azV yahoo-verification-key=LBMWN06qx3V2Edw1euv/698yUrWMNip2Dx3Y4yyVmYE= docusign=7412fd08-3676-471a-8b65-8cc2b13c8137 d365mktkey=CgcAzx2nkxamTBkNT7jagrT8Nadf6LPzlI0MLQHdKA0x docusign=dcb8d5d8-71e8-4884-8604-02297bea8072 google-site-verification=iaVX54MaxYscXlrL-DxuE9qtvLhAXkXKhG8sjiH5q-0 atlassian-domain-verification=QAg9aEn1gpS7HapLhSZbdUei9wTKTCl8EKYsTFg5su7bO2Pu30... brevo-code:5f9e8714a4a7c561eb4cdf0848811c11 SPF v=spf1 ip4:128.138.1.0/24 ip4:128.138.48.0/20 ip4:128.138.64.0/18 ip4:128.138.12... brevo-code:814ad43e9f25b1a52d6a2b213fcfae73 d365mktkey=gzYMp5Xcnapx0VINCqRrvMtsD0TBSpLsrFjihN9HWQAx bMFGPNmrr7aoZsBWqexbujPiPjVzJe4wrZfl/t81eGptVxvkprdRSqKfj3paVrFcRhsrQHBlMGIR86eX... brevo-code:d6b523305300718643a7da77b3feeccb MS=ms27269994 bw=E1ibKK7mvTTWmq1SV+b/usJyVdN63EU+WFJh+SCp+abE |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 44 ms totalPASS
https://colorado.edu
9 ms · HTTP/1.1
https://www.colorado.edu/
36 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://colorado.edu | 301 | 9 ms | HTTP/1.1 | Varnish |
| 2 | https://www.colorado.edu/ | 200 | 36 ms | HTTP/1.1 | nginx |
See the visual redirect chain in the HTTP Probe tab →
A+IPv6 ReadinessIPv6 reachable (1 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 1406 URLsPASS
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html
User-agent: *
# CSS, JS, Images
Allow: /core/*.css$
Allow: /core/*.css?
Allow: /core/*.js$
Allow: /core/*.js?
Allow: /core/*.gif
Allow: /core/*.jpg
Allow: /core/*.jpeg
Allow: /core/*.png
Allow: /core/*.svg
Allow: /profiles/*.css$
Allow: /profiles/*.css?
Allow: /profiles/*.js$
Allow: /profiles/*.js?
Allow: /profiles/*.gif
Allow: /profiles/*.jpg
Allow: /profiles/*.jpeg
Allow: /profiles/*.png
Allow: /profiles/*.svg
# Directories
Disallow: /core/
Disallow: /profiles/
# Files
Disallow: /README.md
Disallow: /composer/Metapackage/README.txt
Disallow: /composer/Plugin/ProjectMessage/README.md
Disallow: /composer/Plugin/Scaffold/README.md
Disallow: /composer/Plugin/VendorHardening/README.txt
Disallow: /composer/Template/README.txt
Disallow: /modules/README.txt
Disallow: /sites/README.txt
Disallow: /themes/README.txt
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register
Disallow: /user/password
Disallow: /user/login
Disallow: /user/logout
Disallow: /media/oembed
Disallow: /*/media/oembed
# Paths (no clean URLs)
Disallow: /index.php/admin/
Disallow: /index.php/comment/reply/
Disallow: /index.php/filter/tips
Disallow: /index.php/node/add/
Disallow: /index.php/search/
Disallow: /index.php/user/password
Disallow: /index.php/user/register
Disallow: /index.php/user/login
Disallow: /index.php/user/logout
Disallow: /index.php/media/oembed
Disallow: /index.php/*/media/oembed
A+Domain Intelligencecolorado.edu — 40 years, 5 months oldPASS
16 days
July 31, 2026
24 days
Issued by Certainly
40 years, 5 months
Registered June 2, 1986
Status unknown
Protects against DNS spoofing
Unknown
2a04:4e42:200::645
Registrar unknown
Expiry timeline
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry
- Renew the TLS certificate or verify auto-renewal is working