Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BTLS Certificate Expiry & Recommendations32 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Add includeSubDomains to the HSTS directive
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryVercelREVIEW
A+DNS Records1 A records, 36 ms lookupPASS
| A | 76.76.21.21 |
| AAAA | — |
| CNAME | — |
| NS | ns-1554.awsdns-02.co.uk, ns-896.awsdns-48.net, ns-1143.awsdns-14.org, ns-70.awsdns-08.com |
| MX | 1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 alt3.aspmx.l.google.com 10 alt4.aspmx.l.google.com |
| TXT | SPF v=spf1 include:_spf.google.com ~all google-site-verification=C1TncBZ0C00dMCHHosS_vTyRPM02dJCJsKN2zkcfFZ0 |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 196 ms totalPASS
https://cursor.sh
87 ms · HTTP/1.1
https://cursor.com/
109 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://cursor.sh | 308 | 87 ms | HTTP/1.1 | Vercel |
| 2 | https://cursor.com/ | 200 | 109 ms | HTTP/1.1 | Vercel |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 3 URLsPASS
# *
User-agent: *
Allow: /
Allow: /marketplace
Allow: /*/marketplace
Disallow: /api/
Disallow: /dashboard
Disallow: /*/dashboard
Disallow: /agents
Disallow: /*/agents
Disallow: /settings/
Disallow: /*/settings/
Disallow: /marketplace/publish$
Disallow: /*/marketplace/publish$
Disallow: /team/accept-invite
Disallow: /*/team/accept-invite
Disallow: /team/free-trial
Disallow: /team/new-team
Disallow: /*/team/new-team
Disallow: /verifyEmail
Disallow: /*/verifyEmail
Disallow: /failure
Disallow: /*/failure
Disallow: /loginDeepControl
Disallow: /*/loginDeepControl
Disallow: /loginDeepPage
Disallow: /*/loginDeepPage
Disallow: /pricing-history
Disallow: /*/pricing-history
Disallow: /artifacts/c/
Disallow: /artifacts/v/
Disallow: /marketing-static/
Disallow: /docs-static/
Disallow: /link/prompt
Disallow: /*/link/prompt
Disallow: /*/docs
Disallow: /*/docs/
Disallow: /*/learn
Disallow: /*/learn/
Disallow: /*/help
Disallow: /*/help/
Disallow: /*/for
Disallow: /*/for/
# Host
Host: https://cursor.com
# Sitemaps
Sitemap: https://cursor.com/sitemap_index.xml
Sitemap: https://forum.cursor.com/sitemap.xml
AURL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Use 301 (permanent) instead of 302 (temporary)
A+Domain Intelligencecursor.sh — via NameCheap, Inc., 3 years old, hosted on AWSPASS
265 days
April 5, 2027
32 days
Issued by Let's Encrypt
3 years
Registered April 5, 2023
Status unknown
Protects against DNS spoofing
AWS
ASN AS16509
76.76.21.21
NameCheap, Inc.
Expiry timeline
Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.
Registrar lock (clientTransferProhibited et al.) prevents unauthorized domain transfers — strongest defense against domain hijacking.
Source: ICANN / domain-security best practice