Skip to content
https://ghost.org

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
100
GRADE
A+
FIX
0
REVIEW
2
PASS
7
INFO
0
Probed from New York, United Stated
200 OK
Checks
9
7 PASS 2 REVIEW
B
TLS Certificate Expiry & Recommendations
52 days until leaf cert expires — 4 issues to address
REVIEW

Certificate validity

52
days left
0d 30d 60d 90d+

Recommended actions

  • Add includeSubDomains to the HSTS directive
  • Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN & Delivery
Netlify
REVIEW
Netlify
Info::
Site is served via Netlify CDN
Got: x-nf-request-id: 01KNCNMJ4CQK6349PJ5XX44AAY
CDN Detected: Netlify
Provider Netlify Evidence x-nf-request-id: 01KNCNMJ4CQK6349PJ5XX44AAY
A+
DNS Records
2 A records, 73 ms lookup
PASS
2 A records, 73 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 98.84.224.111, 18.208.88.157
Info::
Has 2 IPv6 (AAAA) record(s)
Got: 2600:1f18:16e:df01::259, 2600:1f18:16e:df01::258
Info::
2 nameserver(s) configured
Got: woz.ns.cloudflare.com, sara.ns.cloudflare.com
Info::
5 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 73 ms
Got: 73 ms
A98.84.224.111, 18.208.88.157
AAAA2600:1f18:16e:df01::259, 2600:1f18:16e:df01::258
CNAME
NSwoz.ns.cloudflare.com, sara.ns.cloudflare.com
MX
1 aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com
10 aspmx2.googlemail.com
10 aspmx3.googlemail.com
TXT
apple-domain-verification=jiNntnl7jd5HxJ2W
cursor-domain-verification-zhnept=Si0arsYVCTEZDCkpV1cMy0Aom
SPF v=spf1 include:_spf.google.com include:cmail1.com include:spf.mandrillapp.com in...
ahrefs-site-verification_d51316db926b7f8ab3f81f2080d57be72c9d635e9a8888dcbefcb4d...
cloudflare_dashboard_sso=01514b4f7cf8ccfb2c6731aba449193c
google-site-verification=5Ate8bq8VfHBYziHQlc1d2tkv_SFwQJseqXkX6hg2D4
1password-site-verification=5346HQKPM5HZBGBGWUZ5ZKFUOI
status-page-domain-verification=vvyvvt0yn5z4
adn_verification=ghost
google-site-verification=CZRMn6O1gf0kzHSuR90yLccVJCc7oTAMWISpNKt9zEg
google-site-verification=GIBr_OFEplZnFkkvpsy8qck5wbC3EKnCjpsjcbn72SA
CAALookup not available with standard resolver
Resolved in 73 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+
Redirect Chain
No redirects — direct access
PASS
No redirects — direct access
Info::
No redirects — direct access
Got: https://ghost.org

https://ghost.org

99 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://ghost.org20099 msHTTP/1.1Netlify
A+
IPv6 Readiness
IPv6 reachable (7 ms)
PASS
IPv6 reachable (7 ms)
Info::
IPv6 is configured and reachable at 2600:1f18:16e:df01::259, 2600:1f18:16e:df01::258
Got: 7 ms connect
IPv6 Ready
AAAA Records 2600:1f18:16e:df01::259, 2600:1f18:16e:df01::258 Connection Reachable (7 ms)
A+
Crawlability
robots.txt present, sitemap with 21 URLs
PASS
robots.txt present, sitemap with 21 URLs
Info::
robots.txt is present
Got: 224 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 21 entries
Info::
Sitemap index with 21 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 224 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed
Sitemap: https://ghost.org/sitemap.xml

User-agent: *

Allow: /
Disallow: /explore/?*sortBy
Disallow: /explore/?*lang
Disallow: /explore/?*query
Disallow: /explore?*sortBy
Disallow: /explore?*lang
Disallow: /explore?*query


A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.ghost.org/
200https://ghost.org/

Preferred variant: non-www

HTTP → HTTPS

301http://ghost.org/ https://ghost.org/

Consistent

A+
Domain Intelligence
ghost.org — via 1API GmbH, 21 years old
PASS
ghost.org — via 1API GmbH, 21 years old
Info::
Domain registered until Jun 25, 2029 (3 years, 3 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: 1API GmbH
Domain expiry

1079 days

June 25, 2029

SSL certificate

52 days

Issued by Let's Encrypt

Domain age

21 years

Registered June 25, 2005

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

Unknown

2600:1f18:16e:df01::258

Registrar

1API GmbH

Lock status unknown 2 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable DNSSEC to protect visitors from DNS spoofing
Registrar 1API GmbH
Created June 25, 2005 (21 years ago)
Expires June 25, 2029 (3 years, 3 months)
Last Updated November 20, 2025
Name Servers sara.ns.cloudflare.com, woz.ns.cloudflare.com
DNSSEC Not enabled
Hosting
IP Address 2600:1f18:16e:df01::258
Data source: rdap (0.5s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

A+
HTTP Probe Timing
Total 53 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
20 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
8 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
10 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
47 ms
Total Time Total request time from DNS lookup through full response.
54 ms

Connection waterfall

DNS Lookup 20 ms TCP Connect 8 ms TLS Handshake 10 ms Server Processing 10 ms Content Transfer 7 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback