Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BRedirect Chain1 redirect(s), 1127 ms totalREVIEW
https://gatesfoundation.org
59 ms · HTTP/1.1
https://www.gatesfoundation.org/
1068 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://gatesfoundation.org | 301 | 59 ms | HTTP/1.1 | cloudflare |
| 2 | https://www.gatesfoundation.org/ | 200 | 1068 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations80 days until leaf cert expires — 2 issues to addressREVIEW
Certificate validity
Recommended actions
- Submit your domain to hstspreload.org to be added to the Chrome preload list
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
A+DNS Records2 A records, 107 ms lookupPASS
| A | 172.64.151.29, 104.18.36.227 |
| AAAA | 2606:4700:4402::6812:24e3, 2a06:98c1:3107::ac40:971d |
| CNAME | — |
| NS | ivy.ns.cloudflare.com, donald.ns.cloudflare.com |
| MX | 1 gatesfoundation-org.mail.protection.outlook.com |
| TXT | docusign=0c46760c-b515-48d3-a4d9-5ef1c7feb87a smartsheet-site-validation=JA1j796CLsmbFF-2_vDML0Qe-ulxI1OM onetrust-domain-verification=bce44663581e4a4cb4707b408cd826a4 facebook-domain-verification=njlcqityz1wrvc1qtirs6hx789xm3a vmware-cloud-verification-502482b0-cdfb-4c9a-9acc-dfea66472948 MS=ms88012354 _ilss2x3z98o3ata6a5tj1p3gv9tujr6 docusign=54c0fc9a-f3de-4b6b-a3a8-b701dcbe4326\010 airtable-verification=50d8cd88810f5c1b3230e1fef57a997c pardot701613=49d0f27266ab5cbb09c661dabddf941a29a341913ff2cbb0c42b86a2c1fa1fdd atlassian-domain-verification=t8-OX2rjKWcZ6Bo5LQ8p/bgwUAM2D4qiUtTJmtL1x+qVWzNRZg... openai-domain-verification=dv-axVNXEQb4ezmE5kdi4ZYONW9 intersight=fabb532cb4247c5283d131025088113131880d2a149508c38a2269415d04a397 google-site-verification=hmtJ0mQEK6oz2zLA3H1ZTRag130_PH4dgr1Cruly-fo apple-domain-verification=d3iwwOmKjA1TFauC 99cVNauBbF+2CGapaJm/Fbig+vWhxja715hltmzXnwGYaWOnEk7qVFPzAuOagHUVQwbAAPYJT1qT34VK... SPF v=spf1 exists:%{i}._i.%{d}._d.espf.agari.com include:%{d}.7c.spf-protect.agari.c... Z28Iu29VnZMAHXCn38fr0bxoPJqendROsQ38Ml7Be7p/9k+C3jq0pKBD3Ygh2rh/kCsAzT8LX+SRLh9T... onetrust-domain-verification=045c186d6d1b4e9781c367c06a44a1c6 openai-domain-verification=dv-HXIcMSxHGQWqlWEmN2AlWSoV pardot844003=502bade679d3e084edb8557347287e218e0bed83f5fd6f7e169ecd271ecaf00c |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+IPv6 ReadinessIPv6 reachable (17 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 4 URLsPASS
User-agent: *
Allow: /
Sitemap: https://www.gatesfoundation.org/sitemap_index.xml
A+Domain Intelligencegatesfoundation.org — via MarkMonitor Inc., 27 years, 10 months oldPASS
840 days
November 5, 2028
80 days
Issued by Google Trust Services
27 years, 10 months
Registered November 6, 1998
Enabled
Protects against DNS spoofing
Unknown
2606:4700:4402::6812:24e3
MarkMonitor Inc.
Expiry timeline
Recommended actions
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice