Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DTLS Certificate Expiry & RecommendationsAction10 days until leaf cert expires — 5 issues to addressFIX
Certificate validity
Recommended actions
- Renew certificate — 10 days remaining
- Add includeSubDomains to the HSTS directive
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCrawlabilityrobots.txt present, no sitemapREVIEW
A sitemap helps search engines discover and index your pages more efficiently.
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
User-agent: *
Disallow: /user/confirm_premium_navi
Disallow: /*?_pxhc=*
Disallow: /*/recipes/*/reactions
Disallow: /*/recipes/*/similar_recipes
Disallow: /*/recipes/*/reactions
Disallow: /*/recipes/*/cooksnaps_section
Disallow: /*/recipes/*/print
Disallow: /*/activity_logs
Disallow: /*/service_feedbacks
Allow: /
User-agent: Baiduspider
Allow: /cn
Disallow: /cn/users
Disallow: /
User-agent: Yandex
Allow: /
Disallow: /*/accounts/new
Clean-param: epik&hl&noredir&find_method&hcb /ru/*
# See below for how Clean-param works for Yandex crawler
# https://yandex.ru/support/webmaster/robot-workings/clean-param.html?lang=en
# OpenAI Crawler
User-agent: GPTBot
Disallow: /
# OpenAI Plugin Bot
User-agent: ChatGPT-User
Disallow: /
# Block CCBot (used to create training datasets)
User-agent: CCBot
Disallow: /
# Anthropic AI bots
User-agent: anthropic-ai
Disallow: /
User-agent: Claude-Web
Disallow: /
User-agent: ClaudeBot
Disallow: /
# Enterprise LLM
User-agent: cohere-ai
Disallow: /
# Generates LLM datasets
User-agent: Omgilibot
Disallow: /
User-agent: Omgili
Disallow: /
# Default UA for a data scraping tool
User-agent: Diffbot
Disallow: /
# https://developers.facebook.com/docs/sharing/bot/
User-agent: FacebookBot
Disallow: /
# https://developers.facebook.com/docs/sharing/webmasters/web-crawlers
User-agent: Meta-ExternalAgent
Disallow: /
# Claims to be reverse image search, but is part of
# training dataset generator for https://hivemoderation.com
User-agent: ImagesiftBot
Disallow: /
# LLM Search
User-agent: PerplexityBot
Disallow: /
# TikTok generative LLM scraper
User-agent: Bytespider
Disallow: /
# Advertising tool / LLM
User-agent: Peer39_crawler
Disallow: /
User-agent: Peer39_crawler/1.0
Disallow: /
# AI Data Scraper
# https://darkvisitors.com/agents/timpibot
User-agent: Timpibot
Disallow: /
# Not related to Google Search etc
User-agent: GoogleOther
Disallow: /
# https://darkvisitors.com/agents/ai2bot
User-agent: AI2Bot
Disallow: /
###
# The following do not impact search results or functionality,
# but do tell the companies and bots in question
# not to add crawled content to LLM datasets.
######
# https://developers.google.com/search/docs/crawling-indexing/overview-google-crawlers#google-extended
User-agent: Google-Extended
Disallow: /
# https://support.apple.com/en-us/119829
User-agent: Applebot-Extended
Disallow: /
No sitemap found
Adding a sitemap helps search engines discover your pages.
A+DNS Records4 A records, 142 ms lookupPASS
| A | 151.101.193.55, 151.101.1.55, 151.101.65.55, 151.101.129.55 |
| AAAA | 2a04:4e42:600::311, 2a04:4e42::311, 2a04:4e42:200::311, 2a04:4e42:400::311 |
| CNAME | — |
| NS | ns-1805.awsdns-33.co.uk, ns-134.awsdns-16.com, ns-582.awsdns-08.net, ns-1526.awsdns-62.org |
| MX | 10 aspmx.l.google.com 20 alt2.aspmx.l.google.com 20 alt1.aspmx.l.google.com 30 aspmx4.googlemail.com 30 aspmx5.googlemail.com 30 aspmx3.googlemail.com 30 aspmx2.googlemail.com |
| TXT | zapier-domain-verification-challenge=dd43c012-47e4-4d2a-bc2a-391b4e1c9fcc facebook-domain-verification=ef8meu04yfkfpjri8bj4kkaaz0mcvo docusign=97eb64ec-b3e3-4406-afa7-c55febaf89ad google-site-verification=i1egF4TpFhWXX59S9njVn6Q1FHo0NhzibcSL_P-_KNQ atlassian-domain-verification=QX2Lu9tptFEwXsSNfKL3p7oSIazgseY6XOLyFzKldyvFE4m65I... _globalsign-domain-verification=rMzRmeoTKuY0aUkoQHHYV51XAmgXOv_4PqdRQ3a2AG bill-one-domain-verification=128f8b17-6f0a-4e05-8295-818e20e6a788 pinterest-site-verification=600e3f9fd73486e001a8af1429cca6f0 jamf-site-verification=5BssqnQgjtfW3YPAAogEog klaviyo-site-verification=W7BAnZ docusign=05e8812d-22a2-4ed2-858c-fbf283d6ba33 ZOOM_verify_PJBrznrkl23C7pzFNLIAIS google-site-verification=D1q8arJQYHaAz72JenFzPV-dJjfWpHgXzHVJYO9jxFw anthropic-domain-verification-k6jvka=yjwJnlt1pQK8UKWZ4P47OsOjV 1password-site-verification=DV7C2SRZ7RFILITVF3ASFPZUK4 SPF v=spf1 include:fc1907.cuenote.jp include:_spf.google.com include:mail.zendesk.co... apple-domain-verification=J13eN29gRx2ZgMwH canva-site-verification=c9qI6oXpzdU-XzfCK2MTsg google-site-verification=Br_vT7HTrFjXkPgotz8KNqUyitDpwoWck2FOgpBlUMw asv=8b5615de832f55ca59d9632722fbeb05 cursor-domain-verification-cpn195=Wgx4UXCq78DSGM6pf5likSIBO |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 244 ms totalPASS
https://cookpad.com
4 ms · HTTP/1.1
https://cookpad.com/jp
240 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://cookpad.com | 302 | 4 ms | HTTP/1.1 | Varnish |
| 2 | https://cookpad.com/jp | 200 | 240 ms | HTTP/1.1 | nginx |
See the visual redirect chain in the HTTP Probe tab →
If permanent, use 301 instead.
302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.
Learn more ▾ ▴
Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).
Source: Google Search Central
A+IPv6 ReadinessIPv6 reachable (0 ms)PASS
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencecookpad.com — via Network Solutions, LLC, 27 years, 5 months oldPASS
666 days
April 12, 2028
10 days
Issued by Certainly
27 years, 5 months
Registered April 12, 1999
Not enabled
Protects against DNS spoofing
Unknown
2a04:4e42::311
Network Solutions, LLC
Expiry timeline
Recommended actions
- Renew the TLS certificate or verify auto-renewal is working
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice