Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.FIPv6 ReadinessActionIPv6 records exist but unreachableFIX
Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.
Advertising IPv6 (AAAA records) without a reachable server means IPv6-preferring clients silently fail every connection.
Learn more ▾ ▴
Modern browsers prefer IPv6 if AAAA exists (Happy Eyeballs algorithm). If the IPv6 server isn't reachable, browsers fall back to IPv4 — but with seconds of added latency per request. Either fix IPv6 reachability or remove the AAAA records.
Source: RFC 8305 (Happy Eyeballs)
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations334 days until leaf cert expires — 2 issues to addressREVIEW
Certificate validity
Recommended actions
- Submit your domain to hstspreload.org to be added to the Chrome preload list
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 19 ms lookupPASS
| A | 172.64.151.42, 104.18.36.214 |
| AAAA | 2606:4700:440a::6812:24d6, 2a06:98c1:3106::ac40:972a |
| CNAME | — |
| NS | a.ns.hackerone.com, b.ns.hackerone.com |
| MX | 10 aspmx.l.google.com 20 alt2.aspmx.l.google.com 20 alt1.aspmx.l.google.com 30 aspmx2.googlemail.com 30 aspmx3.googlemail.com |
| TXT | MS=ms75772789 0q8zpfvc64swgyy9wwwrjl7vgwrfffbf 4b7570f2564f4074b42872e1d78668ad 70gn9hp69jzpn3nkp42r8n9jwwtd1d70 _56ra2mupvxu61g49yhns1uxv031fxcy _muuhv6zkwwnyy8b6x1ei4m8hrtsm17g c06l6z7hp4vk6bzpqb1j6b8w1m64nf84 ZOOM_verify_pzZpSwKqRx6pAD9lLkSl5g wayback=verification for request #673161 wework-site-verification=e0czKzmn7ul5Cr9A apple-domain-verification=YOO9EuQfVRiqtbWi docusign=848c7864-3a91-42aa-8e30-2671086f7516 canva-site-verification=RY1pq8pQpGqV1RdvvgatQA openai-domain-verification=dv-8UsaxQU6vJQfWNS8d3FBK4et jetbrains-domain-verification=69ifho5wgkblhail93kc83elv cloudpiercer-verification=32e7eea9d2f153b176b182626588bc77 facebook-domain-verification=niq4ke9m7djq4jt36f02t093aig8a5 citrix-verification-code=9c920630-2d05-4154-b72a-1021665d3b58 onetrust-domain-verification=0be23834ba1d435eb1748ba6b36d8b0c protonmail-verification=f3b0af7c5614dbdf82c5bdebc6014593c05b92f6 slack-domain-verification=cQndsOjWj4XDM9icHSNlvtrh3r1jfQMQTfhDNxiz monday-com-verification=uj2Ko666o6C_Gc_vbCiQ6n7ruARZpX0U3I0bocalW60 google-site-verification=3LAOq3Z_u6zVOJHlZW0I7tuQpCPvZHC9JBZMk3e20mk google-site-verification=iKe1wvhRzxTmexGrBcrDplrCvBL-PL2Mgf4VZQAfYNs google-site-verification=kOO_QjqFZ7fbwXaF0PiMcK2OMQL5nTVBiM21SsO9Olk google-site-verification=mKdqQzjtY7X20BzUFnhAmFU2pmtFJ_Zie_S22FiwubA clayton-domain-verification=d21920d13f0a60c931f46d440f6c87526f656b0377 h1-domain-verification=LDEQA8SYNEMgdUN1kfMtjFNptDJcnjKN8LxNHCN3JNvT5Fxo zapier-domain-verification-challenge=d1be5c1b-f415-418f-9542-abc14d8321af stripe-verification=20c821f6e4dfc5ee358ea9b8e4635cf062a2acac5751f8004d23b122f1cb... stripe-verification=74802599834dfbfc093c8352686c992d22e7b20a6fdcfceac2e6a846074d... box-domain-verification=8b89b955ef91d29f746acc1a7147aa9490922028fcf458e98b62aa76... drift-domain-verification=18fef5450d713c159ad9f6309fa338d298c11edd56fb22e343d758... adobe-idp-site-verification=5d77b0274800290cf193145126595b14308358f46dfe90eba5e2... atlassian-domain-verification=JpJ4g3munTo9KsuR3Elcdpn97c+KQV7KDjj2YmE+ULiWhGlcfA... ethiack-verification=efd57ccd9a94d6363d89e0a992e872c6ff651a41d1091228978021da750... SPF v=spf1 include:_spf.google.com include:amazonses.com include:mail.zendesk.com in... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 131 ms totalPASS
https://hackerone.com
82 ms · HTTP/1.1
https://www.hackerone.com/
49 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://hackerone.com | 302 | 82 ms | HTTP/1.1 | cloudflare |
| 2 | https://www.hackerone.com/ | 200 | 49 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
If permanent, use 301 instead.
302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.
Learn more ▾ ▴
Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).
Source: Google Search Central
A+Crawlabilityrobots.txt present, sitemap with 38 URLsPASS
Sitemap: https://hackerone.com/sitemap.xml
- https://hackerone.com/sitemap/base.xml
- https://www.hackerone.com/sitemap.xml
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
- https://hackerone.com/sitemap.xml?first=...
A+Domain Intelligencehackerone.com — via Cloudflare, Inc., 18 years, 8 months old, hosted on CloudflarePASS
133 days
November 26, 2026
334 days
Issued by DigiCert Inc
18 years, 8 months
Registered November 26, 2007
Enabled
Protects against DNS spoofing
Cloudflare
ASN AS13335
104.18.36.214
Cloudflare, Inc.
Expiry timeline
Recommended actions
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice