Skip to content
https://dr.dk

Infrastructure

· 17 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
92
GRADE
A
FIX
1
REVIEW
6
PASS
10
INFO
0
Probed from New York, United Stated
301 Moved Permanently
Checks
17
10 PASS 6 REVIEW 1 FIX
D
CDN & Delivery
Action
No CDN detected
FIX
No CDN detected
Warning::
No CDN detected
A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.
No CDN detected

Consider using a CDN to improve global delivery speed and reduce origin load.

B
CAA Records
No CAA records (any CA may issue certificates)
REVIEW
No CAA records (any CA may issue certificates)
Info::
No CAA records published
Without CAA records, any publicly-trusted CA can issue certificates for this domain. Adding a CAA record (`yourdomain. IN CAA 0 issue "letsencrypt.org"`) restricts issuance to CAs you authorize. Required by CAB Forum baseline since 2017; the default of 'any CA' is widely supported but is the broader attack surface for issuance fraud.
B
Reverse DNS
0/4 IPs match cert SAN
REVIEW
0/4 IPs match cert SAN
Info::
PTR for 23.33.42.71 does not match any cert SAN: a23-33-42-71.deploy.static.akamaitechnologies.com
Common when behind a CDN or shared hosting (PTR points at the provider's hostname). Mismatch can also affect mail deliverability if this IP sends email -- many MTAs reject mail when forward+reverse DNS disagree.
Info::
PTR for 23.33.42.84 does not match any cert SAN: a23-33-42-84.deploy.static.akamaitechnologies.com
Common when behind a CDN or shared hosting (PTR points at the provider's hostname). Mismatch can also affect mail deliverability if this IP sends email -- many MTAs reject mail when forward+reverse DNS disagree.
Info::
PTR for 2600:141b:1c00:36::17d2:5ca4 does not match any cert SAN: g2600-141b-1c00-0036-0000-0000-17d2-5ca4.deploy.static.akamaitechnologies.com
Common when behind a CDN or shared hosting (PTR points at the provider's hostname). Mismatch can also affect mail deliverability if this IP sends email -- many MTAs reject mail when forward+reverse DNS disagree.
Info::
PTR for 2600:141b:1c00:36::17d2:5ca7 does not match any cert SAN: g2600-141b-1c00-0036-0000-0000-17d2-5ca7.deploy.static.akamaitechnologies.com
Common when behind a CDN or shared hosting (PTR points at the provider's hostname). Mismatch can also affect mail deliverability if this IP sends email -- many MTAs reject mail when forward+reverse DNS disagree.
B
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
REVIEW
www/non-www, trailing slash, HTTP→HTTPS
Critical::
Both www and non-www versions serve content
Got: Both variants return 200 Expected: One variant 301-redirects to the other
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.dr.dk/
200https://dr.dk/

Inconsistent — duplicate content risk

HTTP → HTTPS

301http://dr.dk/ https://dr.dk/

Consistent

B
TLS Certificate Expiry & Recommendations
56 days until leaf cert expires — 3 issues to address
REVIEW

Certificate validity

56
days left
0d 30d 60d 90d+

Recommended actions

  • Add includeSubDomains to the HSTS directive
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN Cache Observability
No CDN cache-status headers in the response
REVIEW
No CDN cache-status headers in the response
Info::
No CDN cache-status headers in the response
Without an X-Cache / CF-Cache-Status / X-Vercel-Cache / Age header, you can't tell from outside whether a request hit the cache or went to origin. Operationally important: enables debugging stale-content reports and verifying cache rules. Most managed CDN platforms emit at least one of these by default; absence often means the platform's diagnostic headers are stripped at an upstream proxy.
B
Operational Status Page
No status page link detected
REVIEW
No status page link detected
Info::
No operational status page link detected
Status pages communicate planned maintenance and incidents to users -- a hallmark of operationally-mature services. Most SaaS teams publish one via Atlassian Statuspage, Instatus, BetterUptime, or a self-hosted Cachet. Smaller sites legitimately don't need one; flagged as Info, not a failure.
A+
DNS Records
2 A records, 19 ms lookup
PASS
2 A records, 19 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 23.33.42.71, 23.33.42.84
Info::
Has 2 IPv6 (AAAA) record(s)
Got: 2600:141b:1c00:36::17d2:5ca4, 2600:141b:1c00:36::17d2:5ca7
Info::
6 nameserver(s) configured
Got: a1-63.akam.net, a3-66.akam.net, a10-66.akam.net, a11-67.akam.net, a24-64.akam.net, a26-65.akam.net
Info::
1 mail exchanger(s) configured
Info::
SPF record present in TXT
Info::
DNS resolution time: 19 ms
Got: 19 ms
A23.33.42.71, 23.33.42.84
AAAA2600:141b:1c00:36::17d2:5ca4, 2600:141b:1c00:36::17d2:5ca7
CNAME
NSa1-63.akam.net, a3-66.akam.net, a10-66.akam.net, a11-67.akam.net, a24-64.akam.net, a26-65.akam.net
MX
10 dr-dk.mail.protection.outlook.com
TXT
MS=ms13518666
5j3r5r4qz56m68tqpr2791w1dzn1j8fq
66856f972vn9ppljm1s4kbk8v68sfj19
6xv24v70jr68ywwfjhbd0lrpnz32dfmj
7xb94tlv6xcqd7tl6wswngqk7815xjw2
_3gp0pfi8dzfn91wt7may7dxfywj92mp
_jtpqow30et1z58y3nmdd3u2x1pyepro
_tnxvfsg87yv1b8h5ovakt73gw9o1fd6
_uhq86kwgk9rv1esrwn7v5cv47vqczxp
_xkd4jht5zhwtyxii1fw8t38k80bdvi9
f72mdk7mbxbv9zqd3r3knffbf6csk0k8
nys7zf0jc9m9n4tdvc6qcbwtjylrq02c
rb9r1d02qpz0vg0lzgr8fbrgq5mmrhlt
sb24x5tzscpnz43dl18ww9yff4yl7wsk
sklpgg9g1zqyhn2nr28ly5hvlf28yc7t
vs8m767qqwyq5s7c93710t40r19nxw35
w59vx836v760xcnpyhm5v40dk35y5s9s
z8dhs315ydpp3jnqnb8dsq6yyf4zt9y3
zk6rl2rplmv14gwmc9hn6dpkyxxz7zzg
dropbox-domain-verification=vfbykpvh1hfe
7MhXFXitgLg9kT1mUZKq/XaBwFSuYbzi/ithxjxNmik=
xDhOdtwBdIMPyEOc/+AO32l/q0D7uv/N6Du4aRJEiGM=
jamf-site-verification=cNKkwaQuXMDHsQg-XCPjaw
bw=hDOdQC0nqFCY9/u1cmCZoF7f06Z2qEpM4a25pXZJeVV1
amazonses:ZYfeeKBs7Rvv7CZzNNRG45m47kTC/AX8PQiJwb2bMLQ=
mongodb-site-verification=yhnAdynSmrN2Pe8OlZNt0W7gwMk9gg1b
segment-site-verification=0KTW3TLgT5fOd41jrtLczJbrYDHGD0JL
mixpanel-domain-verify=499ed8ee-cf8b-4158-89b6-fe536140ca93
teamviewer-sso-verification=f4204d89b9f3461296c2c15789ec6df5
anthropic-domain-verification-jtr46m=6oZ17UOEEASl5vxt26SoHY4Qb
adobe-idp-site-verification=7f32e0b0-b088-4a47-82f4-a61aa2134ab9
google-site-verification=5ZwZRd__Hulm5hw7-8oMeV30ED66vLZcvnSiRemoqRw
google-site-verification=6Ng60nC6s3sFw6wW1Yfd_KNin9C7Phlsh6WMZWGsEeA
google-site-verification=7jYezkQTsdoWUAstoxlYvxnRxDDAqgVnoQT7YWJtGxE
google-site-verification=AQ0fCr9IethCjZL_y72zXFkATbSovBs8OF1iHxbh3qY
google-site-verification=Fxxz_p0Fq_OdYF2z-6_JBH3zfWSR-Q91DoRqkn_llR0
google-site-verification=WdHD_OjNWRViXSvPThSHynaZLQgv-C4lQ32Q-nSXvLo
google-site-verification=WqMImrxRQ4kQx8PF0D-Ch7P2JK2TT6Fd4i_Tjm3O304
google-site-verification=dYs1jtngQb_MXBSUU_sW49oFrtHAUw9ZrSUcdqaKYbQ
google-site-verification=frmI5FkuXAcKe39yVb6s3aZsXt9lkM0A1sDCRWwkgoo
google-site-verification=iGF5KVqi50rehOOgHqeS0kEe8ok6AWGsAA6xfnGggTA
google-site-verification=taQR3GYtNHlEhe2L2yGTUvPCXWzv1QeYKIpgTkCOgag
_globalsign-domain-verification=cKxrPxxbe9GiCDtUSwr2GfctgIkrQIlcRNJyCG2KpR
intersight=721d94ae60c79715b227cbb6da696cb8d416a08a6b9564f5c58ffabacbb4ada4
6cqLXtWJi5+1z7hXz3W4sIPiY/MCdU8eu73HAdqgSxljFN2kT2aBIoxf59pdZbc2vG63NqW/4pg5KsTO...
atlassian-domain-verification=1BPhIxzpqtA+7LxDw2OBD0Yv3XZ99GX8rdNnzfOatdo1QQModq...
figma-domain-verification=3ee8648d228a537cb059d44866821d8b613f144974a7fe41a3300e...
SPF v=spf1 ip4:195.137.194.1/24 ip4:52.28.56.226 ip4:52.28.45.240 ip4:52.16.224.164 ...
CAALookup not available with standard resolver
Resolved in 19 ms
A+
Subdomain Takeover
No subdomain takeover risk detected
PASS
No subdomain takeover risk detected
Info::
No CNAME record present
A+
DNSSEC
Signed and validating
PASS
Signed and validating
Info::
DNSSEC fully signed and chain validates (ECDSAP256SHA256)
A+
Multi-Resolver DNS Speed
Mean 5ms across 3 resolvers (spread 7ms)
PASS
Mean 5ms across 3 resolvers (spread 7ms)
Info::
Quad9: 3ms
Got: 3ms via 9.9.9.9:53
Info::
Cloudflare: 4ms
Got: 4ms via 1.1.1.1:53
Info::
Google: 10ms
Got: 10ms via 8.8.8.8:53
A
Redirect Chain
1 redirect(s), 428 ms total
PASS
1 redirect(s), 428 ms total
Info::
Single redirect
Got: https://dr.dk → https://www.dr.dk/ (301)
Info::
WWW normalization redirect

https://dr.dk

164 ms · HTTP/1.1

301

https://www.dr.dk/

264 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://dr.dk301164 msHTTP/1.1
2https://www.dr.dk/200264 msHTTP/1.1

See the visual redirect chain in the HTTP Probe tab →

A+
IPv6 Readiness
IPv6 reachable (2 ms)
PASS
IPv6 reachable (2 ms)
Info::
IPv6 is configured and reachable at 2600:141b:1c00:36::17d2:5ca4, 2600:141b:1c00:36::17d2:5ca7
Got: 2 ms connect
IPv6 Ready
AAAA Records 2600:141b:1c00:36::17d2:5ca4, 2600:141b:1c00:36::17d2:5ca7 Connection Reachable (2 ms)
A+
Crawlability
robots.txt present, sitemap with 2 URLs
PASS
robots.txt present, sitemap with 2 URLs
Info::
robots.txt is present
Got: 2158 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 2 entries
Info::
Sitemap index with 2 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 2158 B Sitemaps referenced 1 User-agents Google-NotebookLM, OAI-SearchBot, MistralAI-User, VelenPublicWebCrawler, Ai2Bot-Dolma, *, anthropic-ai, omgilibot, DuckAssistBot, cohere-ai, Brightbot 1.0, iAskBot, PanguBot, Claude-Web, DeepSeek, Bytespider, FirecrawlAgent, GPTBot, ChatGPT-user, Google-Extended, ClaudeBot, Claude-User, DeepSeekBot, Amazonbot, Applebot-Extended, Amazonbot-Video, Applebot, Timpibot, YouBot, PetalBot, wpbot, ZanistaBot, Gemini-Deep-Research, meta-externalagent, CCbot, omgili, PerplexityBot, Claude-SearchBot, Perplexity-User Blocking No — crawling allowed
Sitemap: https://www.dr.dk/sitemapindex.xml

User-agent: GPTBot
Disallow: /
User-agent: ChatGPT-user
Disallow: /

User-agent: Google-Extended
Disallow: /

User-agent: Google-NotebookLM
Disallow: /

User-agent: Gemini-Deep-Research
Disallow: /

User-agent: OAI-SearchBot
Disallow: /

User-agent: CCbot
Disallow: /

User-agent: anthropic-ai
Disallow: /

User-agent: Claude-Web
Disallow: /

User-agent: ClaudeBot
Disallow: /

User-agent: Claude-User
Disallow: /

User-agent: Claude-SearchBot
Disallow: /

User-Agent: omgili
Disallow: /

User-Agent: omgilibot
Disallow: /

User-agent: PerplexityBot
User-agent: Perplexity-User
Disallow: /

User-agent: DuckAssistBot
Disallow: /

User-agent: DeepSeekBot
User-agent: DeepSeek
Disallow: /

User-agent: Amazonbot
Disallow: /

User-agent: Amazonbot-Video
Disallow: /

User-agent: Applebot-Extended
Disallow: /

User-agent: Applebot
Disallow: /

User-agent: Bytespider
Disallow: /

User-agent: cohere-ai
Disallow: /

User-agent: Timpibot
Disallow: /

User-agent: YouBot
Disallow: /

User-agent: Brightbot 1.0
Disallow: /

User-agent: FirecrawlAgent
Disallow: /

User-agent: PetalBot
Disallow: /

User-agent: MistralAI-User
Disallow: /

User-agent: VelenPublicWebCrawler
Disallow: /

User-agent: wpbot
Disallow: /

User-agent: iAskBot
Disallow: /

User-agent: PanguBot
Disallow: /

User-agent: meta-externalagent
Disallow: /

User-agent: Ai2Bot-Dolma
Disallow: /

User-agent: ZanistaBot
Disallow: /

User-agent: *
Disallow: /beta/
Disallow: /bonanza20_assets/
Disallow: /kgf
Disallow: /kgf/
Disallow: /tjenester/share/
Disallow: /tjenester/esi
Disallow: /l/
Disallow: /nav/tekstttv/
Disallow: /NR/exeres*
Disallow: /nyheder/webdok/*/zone/*
Disallow: /P3/find/
Disallow: /programoversigttiltryk
Disallow: /staging/
Disallow: /stage/
Disallow: /Templates/
Disallow: /test/
Disallow: /login/
Disallow: /search/*
Disallow: /soeg/*
Disallow: /drtv/soeg*
Disallow: /lyd/programmer?q*
Disallow: /cgi-bin/fttx1.exe/
Disallow: /dr-laer/mediebiblioteket/
Disallow: /download/Forside/2021/
Disallow: /download/Forside/2022/
Disallow: /nyhedsbrev/
Disallow: /undervisning_flash/
Disallow: /auth/
Disallow: /mad/opskrift/soeg?query
sitemap.xml 200 OK
Type Sitemap Index URLs 2 entries Valid XML Yes
Child Sitemaps:
A+
Domain Intelligence
dr.dk — 28 years, 7 months old
PASS
dr.dk — 28 years, 7 months old
Info::
Domain registered until Mar 31, 2027 (10 months remaining)
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Domain expiry

308 days

March 31, 2027

SSL certificate

56 days

Issued by Let's Encrypt

Domain age

28 years, 7 months

Registered March 11, 1998

DNSSEC

Status unknown

Protects against DNS spoofing

Hosting

Unknown

2600:141b:1c00:36::17d2:5ca4

Registrar

Registrar unknown

Unlocked 6 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar
Created March 11, 1998 (28 years, 7 months ago)
Expires March 31, 2027 (10 months)
Name Servers a1-63.akam.net, a10-66.akam.net, a11-67.akam.net, a24-64.akam.net, a26-65.akam.net, a3-66.akam.net
Hosting
IP Address 2600:141b:1c00:36::17d2:5ca4
Data source: whois (0.6s)

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 15 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
5 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
1 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
5 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
16 ms
Total Time Total request time from DNS lookup through full response.
16 ms

Connection waterfall

DNS Lookup 5 ms TCP Connect 1 ms TLS Handshake 5 ms Server Processing 5 ms Content Transfer 0 ms
A+
Health Check Endpoint
Health endpoint at https://dr.dk/healthz (HTTP 200)
PASS
Health endpoint at https://dr.dk/healthz (HTTP 200)
Info::
Public health endpoint at https://dr.dk/healthz
Got: https://dr.dk/healthz
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback