Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BDNS Records2 A records, 30 ms lookupREVIEW
| A | 35.157.26.135, 63.176.8.218 |
| AAAA | 2a05:d014:58f:6200::259, 2a05:d014:58f:6200::258 |
| CNAME | gitpod-kumquat.netlify.app |
| NS | — |
| MX | — |
| TXT | — |
| CAA | Lookup not available with standard resolver |
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.
Learn more ▾ ▴
RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.
Source: RFC 1034
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.
Learn more ▾ ▴
SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.
Source: RFC 7208 (SPF)
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations30 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Renew certificate — 30 days remaining
- Submit your domain to hstspreload.org to be added to the Chrome preload list
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryNetlifyREVIEW
ARedirect Chain1 redirect(s), 215 ms totalPASS
https://www.gitpod.io
99 ms · HTTP/1.1
https://ona.com/
116 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://www.gitpod.io | 301 | 99 ms | HTTP/1.1 | Netlify |
| 2 | https://ona.com/ | 200 | 116 ms | HTTP/1.1 | Vercel |
See the visual redirect chain in the HTTP Probe tab →
A+IPv6 ReadinessIPv6 reachable (36 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 563 URLsPASS
# robots.txt for Ona
# https://ona.com
User-agent: *
Allow: /
sitemap: https://ona.com/sitemap.xml
A+Domain Intelligencegitpod.io — via united-domains GmbH, 8 years, 6 months old, hosted on Google CloudPASS
114 days
November 3, 2026
30 days
Issued by Let's Encrypt
8 years, 6 months
Registered November 3, 2017
Status unknown
Protects against DNS spoofing
Google Cloud
ASN AS396982
34.120.231.152
united-domains GmbH
Expiry timeline
Recommended actions
- Renew the TLS certificate or verify auto-renewal is working