Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BTLS Certificate Expiry & Recommendations36 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Add includeSubDomains to the HSTS directive
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryNetlifyREVIEW
ADNS Records2 A records, 278 ms lookupPASS
| A | 35.157.26.135, 63.176.8.218 |
| AAAA | 2a05:d014:58f:6200::259, 2a05:d014:58f:6200::258 |
| CNAME | — |
| NS | ruth.ns.cloudflare.com, andy.ns.cloudflare.com |
| MX | 1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 aspmx2.googlemail.com 10 aspmx3.googlemail.com |
| TXT | google-site-verification=uutFIZ2clJ49_5HaqR_dodh8jNMecnjW4MYNYmVdLSQ SPF v=spf1 include:mailgun.org ~all |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
Slow DNS adds latency to every page load. Consider a faster DNS provider.
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
A+Redirect ChainNo redirects — direct accessPASS
https://gohugo.io
107 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://gohugo.io | 200 | 107 ms | HTTP/1.1 | Netlify |
A+IPv6 ReadinessIPv6 reachable (35 ms)PASS
ACrawlabilityno robots.txt, sitemap with 785 URLsPASS
robots.txt is optional but recommended. It tells search engine crawlers which pages to index.
No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.
Learn more ▾ ▴
A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.
Source: robotstxt.org
No robots.txt found
This is fine for most sites — a missing robots.txt allows all crawling by default.
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencegohugo.io — via Cloudflare, Inc, 11 years, 9 months oldPASS
95 days
September 17, 2026
36 days
Issued by Let's Encrypt
11 years, 9 months
Registered September 17, 2014
Status unknown
Protects against DNS spoofing
Unknown
2a05:d014:58f:6200::258
Cloudflare, Inc
Expiry timeline
Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.
Registrar lock (clientTransferProhibited et al.) prevents unauthorized domain transfers — strongest defense against domain hijacking.
Source: ICANN / domain-security best practice