Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DRedirect ChainAction3 redirect(s), 801 ms totalFIX
https://comptia.org
67 ms · HTTP/1.1
https://www.comptia.org/
565 ms · HTTP/1.1
https://www.comptia.org/en-eu
85 ms · HTTP/1.1
https://www.comptia.org/en-eu/
83 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://comptia.org | 301 | 67 ms | HTTP/1.1 | cloudflare |
| 2 | https://www.comptia.org/ | 307 | 565 ms | HTTP/1.1 | cloudflare |
| 3 | https://www.comptia.org/en-eu | 308 | 85 ms | HTTP/1.1 | cloudflare |
| 4 | https://www.comptia.org/en-eu/ | 200 | 83 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
Each redirect adds latency. Try to minimize the chain to 1 hop.
Redirect chain — each hop adds latency; combine into one redirect where possible.
Source: Google Search Central / web.dev
BTLS Certificate Expiry & Recommendations84 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
A+DNS Records2 A records, 111 ms lookupPASS
| A | 104.18.35.29, 172.64.152.227 |
| AAAA | 2606:4700:4406::6812:231d, 2a06:98c1:3102::ac40:98e3 |
| CNAME | — |
| NS | jade.ns.cloudflare.com, armando.ns.cloudflare.com |
| MX | 3600 comptia-org.mail.protection.outlook.com |
| TXT | google-site-verification=3CECmSJGNJcROJfo-1rYJRlxhlGXWKc_r9wkBWYw9ToGoogle Tenan... miro-verification=f4fc4824207740c0fbd561595b153125fc736c58 google-site-verification=wsVzj68HGYA3tUamDEwXUoqrpL9kS2CR-YINEk5xBBc google-site-verification=a1ZXa31HQ4_WoT6pRA0SOJV-LX6U_Ep-HOxI-mEL26o d365mktkey=tLu4fSCN8zGYNJi9NYXiJz3QvtkWMQf1wH17tZvzNpIx brevo-code:af62832f46a8dab3da669fd968624b72 sophos-domain-verification=7d9c175ed36647f746b2024fbf80a8253d97140cec8a6a1161609... d365mktkey=uzh7aZHK2wTQAN5NYqjKZCE6PTi5IxJHWfixZ50ounox google-site-verification=6whfnd04gfRPk1zaOFZGFQ_V19lqbUZZ90pP5GfpdYs d365mktkey=1dk8d31zhcxjvlzcvnk4xpurg anthropic-domain-verification-ch9jve=mqCxGHD12CYRLx1ebSfyNNdTk canva-site-verification=w1cWSdPQHhbJ-z5rOpphAQ zapier-domain-verification-challenge=2d8eae37-4037-422d-8ec1-3b1d486c78df _oqg5hkchjjdhf77z8irk7hzat83dwnz docusign=225cd46b-2a31-4ca4-bd8e-9a412949158f slack-domain-verification=HrIb0Vcqn4MscKfEpaOVQEw7PcOnbxV5lF0K5JxB 202301301641301os60224kud5sojaep7q8wr7igdasl4rfcwta3kytg2otwlxth gc-ai-domain-verification-arz9sc=0DdSPiIdVBQGuvJNh3JxhxYcD lovable_verification=IEEpKWktDcrdKFzPGBeZ cursor-domain-verification-4s3t0r=COmTguHEczjZIcmC9RhkBw5MR duo_sso_verification=uDnNKVdgFxfbY32ipq8wH03FPxYK3cryfLOtnd0ARQ9zCcC7LiexioQNWPM... atlassian-domain-verification=/YeProGwccm1twPngg9XiSxTiXKgeLWBuJ0G5CSB0aVfafDGiE... asv=3fc9d84b440889a254c7ab0c7be2b9a8 google-site-verification=km7XLGuXwAX3yLyEFfsiyxcYZfbAsteX12j_U34kHE8 google-site-verification=9pfBCKJDs1Ku1SAhCoqLLonO2fr_ZLw5dmbcjF9ph1U pendo-domain-verification=R06OdxL6IpiV8r_mxWAJOa-dUBA atlassian-domain-verification=rLU6JTmRJr0Kf8gX1VxFK1JPkzC3iLjJpEjcvqO+alhZdju8DD... google-site-verification=LGlMC_JzZaWsyGXOTQvcCAYoI-8MNK10wZQuFcAHjto 202202071623420mbf7q0wqcmfcvfoh5hq9qgtawb2oielgaaiynmle9e9m1q84s _8508ix3urkcokct0wldtlc5cokwu7vw SPF v=spf1 mx a:mail.certmetrics.com include:spf.protection.outlook.com include:_spf... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+IPv6 ReadinessIPv6 reachable (17 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 1112 URLsPASS
User-agent: *
Disallow: /*.json$
Disallow: /cache/
Disallow: /server/
Disallow: /static/
Disallow: /types/
Disallow: /~/link/
Disallow: /api/form/
Disallow: /cdn-cgi/
Disallow: /*?_rsc=*
Disallow: /blog/listing/
Disallow: /blog/?p=
Disallow: /WebResource.axd
Disallow: /*AspxAutoDetectCookieSupport=
Disallow: /*epslanguage=
Disallow: /*abtestactive=
Disallow: /*AreaStudy=
Disallow: /*Program=
Disallow: /certifications/become-a-subject-matter-expert/workshops/
Sitemap: https://www.comptia.org/en/sitemap.xml
Sitemap: https://www.comptia.org/en-us/sitemap.xml
Sitemap: https://www.comptia.org/en-au/sitemap.xml
Sitemap: https://www.comptia.org/en-gb/sitemap.xml
Sitemap: https://www.comptia.org/en-za/sitemap.xml
Sitemap: https://www.comptia.org/en-em/sitemap.xml
Sitemap: https://www.comptia.org/en-eu/sitemap.xml
Sitemap: https://www.comptia.org/ja-jp/sitemap.xml
- https://www.comptia.org/en/resources/ce/choose/renewing-with-multiple-activities/training-and-higher-education/securityx-educational-units/
- https://www.comptia.org/en/resources/ce/choose/renewing-with-multiple-activities/training-and-higher-education/storage-educational-units/
- https://www.comptia.org/en/resources/ce/choose/renewing-with-multiple-activities/training-and-higher-education/security-educational-units/
- https://www.comptia.org/en/resources/ce/choose/renewing-with-multiple-activities/training-and-higher-education/cloud-educational-units/
- https://www.comptia.org/en/resources/ce/choose/renewing-with-multiple-activities/training-and-higher-education/cysa-educational-units/
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencecomptia.org — via GoDaddy.com, LLC, 31 years, 1 months oldPASS
2225 days
August 14, 2032
84 days
Issued by Google Trust Services
31 years, 1 months
Registered August 15, 1995
Not enabled
Protects against DNS spoofing
Unknown
2606:4700:4406::6812:231d
GoDaddy.com, LLC
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice