https://hermes.com
Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
86
GRADE
B
FIX
1
REVIEW
3
PASS
5
INFO
0
Probed from Madrid, Spain
301 Moved Permanently
Checks
95 PASS 3 REVIEW 1 FIX
DCDN & DeliveryActionNo CDN detectedFIX
CDN & Delivery
ActionNo CDN detected
No CDN detected
Warning::
No CDN detected
A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.
No CDN detected
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 Readiness
ActionNo IPv6 support
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
Why this matters
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Critical::
HTTP version does not redirect to HTTPS
Got: HTTP 301 Expected: 301 redirect to HTTPS
www / non-www
403https://www.hermes.com/
200https://hermes.com/
HTTP → HTTPS
301http://hermes.com/ → http://www.hermes.com/
HTTP version does not redirect to HTTPS
BTLS Certificate Expiry & Recommendations37 days until leaf cert expires — 3 issues to addressREVIEW
TLS Certificate Expiry & Recommendations
37 days until leaf cert expires — 3 issues to address
Certificate validity
37
days left
0d 30d 60d 90d+
Recommended actions
- Submit your domain to hstspreload.org to be added to the Chrome preload list
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records1 A records, 77 ms lookupPASS
DNS Records
1 A records, 77 ms lookup
1 A records, 77 ms lookup
Info::
Resolves to 1 IPv4 address(es)
Got: 34.241.52.214
Info::
Single A record — no DNS redundancy
Multiple A records provide failover if one server goes down.
Info::
No IPv6 (AAAA) records
Info::
2 nameserver(s) configured
Got: dns2.cscdns.net, dns1.cscdns.net
Info::
4 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 77 ms
Got: 77 ms
| A | 34.241.52.214 |
| AAAA | — |
| CNAME | — |
| NS | dns2.cscdns.net, dns1.cscdns.net |
| MX | 10 mxb-0018c002.gslb.pphosted.com 10 mxa-0018c002.gslb.pphosted.com 70 mx07-0018c002.pphosted.com 70 mx08-0018c002.pphosted.com |
| TXT | teamviewer-sso-verification=dde2db3840694b8db751329e96d7902a ps1cLE1k+3yaYK48j5G6/AU0VYlZKb0yspsNGVvBBSQ= SPF v=spf1 include:spf-0018c002.pphosted.com include:spf01.hermes.com include:spf03.... cloudflare_dashboard_sso=70ecebed2b3df0164c09b02f5d551fd8 onetrust-domain-verification=2ec9f80968a547579b5dcb21af6995cc _gitlab-pages-verification-code.hermes.com _bwcu3l7vj2wd25swgtr2szpvvydy7a8 apple-domain-verification=E04keIxtnjralkQY MS=ms25172812 onetrust-domain-verification=a18d167d590f4130a89c250637f7cdf6 2pk68v019phtzbfzqg81t6gyhxjmh08s google-site-verification=WdbA4bFn1xnwck6gxzCWRXHAmMKTYjWHLpAgD1JBh8U Dynatrace-site-verification=aabc583c-0a5e-4743-8e81-733ebb306655__ci189mekl0ohm7... globalsign-domain-verification=baSzBSWCyTUyE_kN7AhjIcJnOuXOEZlyRdIKVwriq8 _w00moqo1kpfrnxfkyqt1mzb234uc7on docusign=9cb87fb0-d6c2-4dcf-a92d-067174925201 docusign=816aeac1-f2ca-4877-bba7-53709b903253 onetrust-domain-verification=596fd6f7cc494f2bbe5b6fec0cd2b0a3 _gitlab-pages-verification-code.ext.hermes.com CKO=cli_knaulhfbm3cuxkwunlalgwjrr4 asv=754830abec2df7e1a7577703eae05d23 google-site-verification=uPcyf4AmsJGskEg8OpfRpRdZp0TncPriTUmSNbMapj4 facebook-domain-verification=lrqwg6qroq1fo4lzet119ke4nozuje google-site-verification=S_4GypaNi1M5zAuoXS7ilsYmNRt6k36aua0vodEJ5nU adobe-idp-site-verification=ced5db3d9beafb995396518c228bf21c50ff8c27ee5be57dc336... globalsign-domain-verification=booUusnJjSGJWu0vH_IQK2fSwf57bgCRA-HUpX8TKP _iu4swcbxcoak4946tltgl0eoams8dfd atlassian-domain-verification=ADUjGdzkGZjWJDku2gWFiRCl5ya3kdk3ui0wOI8kjxHU9w03Oj... Da29ntrp/MaMFGKWC8DlJFr4ak4rttI+o7roFvseccs= pf2ptphdq6zt5vs9k5542v59vhz6tf71. vmware-cloud-verification-27b98be4-d28f-4883-87ff-3464046c73d2 mongodb-site-verification=R9F3rGCdAWjLYVA94rTK8XFLFeVWHEBT figma-domain-verification=1b67df12024c7051250423f6dd2053c5977851c52c275b4a0f0765... O7KqxMGT33B2taU0VRv7HxWyK/5mUxG5ll9Zqe/Cgpw= globalsign-domain-verification=LSnQaLRJJqQTaQdQk1YDMmqM1ImQKk3shSngGClNO2 apple-domain-verification=kMZYBRvmBKVNoJbv _jw98jztcqithgioz9x2dc3zmqrpn00i wxlrt3fv6t4ynvz8rb1cd0t1s2lfkrg7 zBi2iVJvU1HwVy8Rr7MKtGvV2rEu8s6q/Ueqp3GNa3w= globalsign-domain-verification=17BXDzP6vVo5WZmWZPB12sWLoV4OJkJg2bFdDHgv4h fastly-domain-delegation-x7mN6s9oSrKoPPsbBBM8-382299-2021-06-24 onetrust-domain-verification=aaa71616447946cebcb191704bad49c8 30sbvkk74p7cp2h38bk4wcph4qvz0zqv configcat-domain-verification=08d9995f-12e5-4f63-8f9a-96aaf1757d17 +1ygOuoNaEN9ZnmHXCf4gPI/Iy1gCcjTYSuMkTYsDug= google-site-verification=MNnRXMIHrthBNykW62G92KGPdvsBIGYYqiFa-tUNKP8 google-site-verification=ZTXatVLqangarMqfb5-inOKiDVV9o6TrUC71tqhcVdo 7tkSOV0kHK2DNhgY1WtXR3xY8wyFvV9pNiAUPN1N0MU= hcp-domain-verification=721db657609eea532f0776b8126a09028a3d839dcee438e26b7ade61... |
| CAA | Lookup not available with standard resolver |
Resolved in 77 ms
Multiple A records provide failover if one server goes down.
Why this matters
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Why this matters
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 229 ms totalPASS
Redirect Chain
1 redirect(s), 229 ms total
1 redirect(s), 229 ms total
Info::
Single redirect
Got: https://hermes.com → https://www.hermes.com/ (301)
Info::
WWW normalization redirect
https://hermes.com
103 ms · HTTP/1.1
301
https://www.hermes.com/
126 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://hermes.com | 301 | 103 ms | HTTP/1.1 | nginx |
| 2 | https://www.hermes.com/ | 403 | 126 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 1 URLsPASS
Crawlability
robots.txt present, sitemap with 1 URLs
robots.txt present, sitemap with 1 URLs
Info::
robots.txt is present
Got: 7216 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 1 entries
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 7216 B Sitemaps referenced 35 User-agents *, 360Spider, HaosouSpider, Baiduspider, Baiduspider-mobile, Sogou+spider2, Sogou+web+spider/4.0, YisouSpider, Sogou+inst+spider Blocking No — crawling allowed
#
# prod_hermes_com_robots.txt
#
# For Drupal folders and files, wildcards used for directories 1) country 2) language
User-agent: *
# Directories
Disallow: /*/config/
Disallow: /*/*/includes/
Disallow: /*/*/misc/
Disallow: /*/*/modules/
Disallow: /*/*/profiles/
Disallow: /*/*/scripts/
Disallow: /*/*/themes/
Allow: /*/*/themes/custom/hermes/img/
# Files
Disallow: /*/*/CHANGELOG.txt
Disallow: /*/*/cron.php
Disallow: /*/*/INSTALL.mysql.txt
Disallow: /*/*/INSTALL.pgsql.txt
Disallow: /*/*/install.php
Disallow: /*/*/INSTALL.txt
Disallow: /*/*/LICENSE.txt
Disallow: /*/*/MAINTAINERS.txt
Disallow: /*/*/update.php
Disallow: /*/*/UPGRADE.txt
Disallow: /*/*/xmlrpc.php
# Paths (clean URLs)
Disallow: /admin/commerce/
Disallow: /*/*/admin/
Disallow: /*/*/comment/reply/
Disallow: /*/*/node/add/
Disallow: /*/*/node/*
Disallow: */node?page=*
# Disallow: /*/*/search/
Disallow: /*/*/editorial/*
Disallow: /*/*/environment/*
Disallow: /*/*/taxonomy/*
Disallow: /*/*/user/register/
Disallow: /*/*/user/password/
Disallow: /*/*/user/login/
Disallow: /*/*/user/logout/
Allow: /*/*/user-guides/$
Disallow: /*/*/user-guides/*
# Paths (no clean URLs)
Disallow: /*/*/?q=admin/
Disallow: /*/*/?q=comment/reply/
Disallow: /*/*/?q=node/add/
Disallow: /*/*/?q=search/
Disallow: /*/*/?q=user/password/
Disallow: /*/*/?q=user/register/
Disallow: /*/*/?q=user/login/
Disallow: /*/*/?q=user/logout/
# added regarding the actual site structure
# disallow search URL to be indexed
# Disallow: /*/*/search?s=*
# Disallow: /*/*/search/?s=*
# For Magento folders and files, wildcards used for directories 1) country 2) language
# Directories
Disallow: /*/*/404/
Disallow: /*/*/app/
Disallow: /*/*/cgi-bin/
Disallow: /*/*/downloader/
Disallow: /*/*/errors/
Disallow: /*/*/includes/
Disallow: /*/*/lib/
Disallow: /*/*/magento/
Disallow: /*/*/pkginfo/
Disallow: /*/*/report/
Disallow: /*/*/scripts/
Disallow: /*/*/shell/
Disallow: /*/*/skin/
Disallow: /*/*/stats/
Disallow: /*/*/var/
# Paths (clean URLs)
Disallow: /*/*/catalogsearch/result/
Disallow: /*/*/catalog/product_compare/
Disallow: /*/*/catalog/category/view/
Disallow: /*/*/catalog/product/view/
Disallow: /*/*/catalogsearch/
Disallow: /*/*/checkout/
Disallow: /*/*/control/
Disallow: /*/*/contacts/
Disallow: /*/*/customer/
Disallow: /*/*/customize/
Disallow: /*/*/newsletter/
Disallow: /*/*/poll/
Disallow: /*/*/review/
Disallow: /*/*/sendfriend/
Disallow: /*/*/tag/
Disallow: /*/*/wishlist/
Disallow: /*/*/index.php/catalogsearch/result/
Disallow: /*/*/index.php/catalog/product_compare/
Disallow: /*/*/index.php/catalog/category/view/
Disallow: /*/*/index.php/catalog/product/view/
Disallow: /*/*/index.php/catalogsearch/
Disallow: /*/*/index.php/checkout/
Disallow: /*/*/index.php/control/
Disallow: /*/*/index.php/contacts/
Disallow: /*/*/index.php/customer/
Disallow: /*/*/index.php/customize/
Disallow: /*/*/index.php/newsletter/
Disallow: /*/*/index.php/poll/
Disallow: /*/*/index.php/review/
Disallow: /*/*/index.php/sendfriend/
Disallow: /*/*/index.php/tag/
Disallow: /*/*/index.php/wishlist/
# Files
Disallow: /*/*/cron.php
Disallow: /*/*/cron.sh
Disallow: /*/*/error_log
Disallow: /*/*/install.php
Disallow: /*/*/LICENSE.html
Disallow: /*/*/LICENSE.txt
Disallow: /*/*/LICENSE_AFL.txt
Disallow: /*/*/STATUS.txt
# Paths (no clean URLs)
Disallow: /*/*/*.php$
Disallow: /*/*/*?p=*&
Disallow: /*/*/*?SID=
Disallow: /*/*/*?sid=
Disallow: /*/*/*?limit=all
# Waiting bugfix
Disallow: /*/story/test*
Disallow: /*/story/*-test*
Disallow: /apps/
Disallow: /geoloc/
Disallow: /cookie/
Disallow: /autodiscover/
Disallow: /ACQUIA_MONITOR
Disallow: /modules/user/
Disallow: /do_not_delete/
Disallow: /extension/
Disallow: /*/*/get/ajax/notifications/
Disallow: /*/*/validatewechatpay/
Disallow: */back-in-stock/*
Disallow: /gr/en/*
#Params
Disallow: *?cachebuster=*
Disallow: *?nuance=*
Disallow: *?color_hermes__nuance=*
Disallow: *?size_leather=*
Disallow: *?xtor=*
Disallow: *?sortby=*
Disallow: *?site=*
Disallow: *?engineid=*
Disallow: *?&engineid=*
Disallow: *?a=*
Disallow: *?c=*
Disallow: *?e=*
Disallow: *?p=*
Disallow: *?q=*
Disallow: *?v=*
Disallow: *?x=*
Disallow: *?cid=*
Disallow: *?mid=*
Disallow: *?ladh=*
Disallow: *?fbclid=*
Disallow: *?storeId=*
DIsallow: *langId=*
Disallow: *catalogId=*
Disallow: *sketch-id=*
Disallow: *_gac=*
Disallow: *callback=*
Disallow: *CFID=*
Disallow: *CHKeyword=*
Disallow: *city=*
Disallow: *combination=*
Disallow: *country=*
Disallow: *embedded=*
Disallow: *event=*
Disallow: *fit=*
Disallow: *from=*
Disallow: *gamme=*
Disallow: *generic_color_*
Disallow: *hc_location=*
Disallow: *insvid=*
Disallow: *keyfrom=*
Disallow: *lang=*
Disallow: *locale=*
Disallow: *mod=*
Disallow: *MRK_CMPG_SOURCE=*
Disallow: *NBVCCX=*
Disallow: *openExternalBrowser=*
Disallow: *orderby=*
Disallow: *phint=*
Disallow: *productId=*
Disallow: *ref=*
Disallow: *selected=*
Disallow: *snowdome_id=*
Disallow: *tc=*
Disallow: *theme=*
Disallow: *tkb=*
Disallow: *url_from=*
Disallow: *wid=*
Disallow: *xtcr=*
Disallow: *xtmc=*
Disallow: *yclid=*
Disallow: *zoneId=*
#Disallow: *aggregate
Disallow: *hash=*
# For China only
User-agent: *
Disallow: /cn/
User-agent: 360Spider
Disallow: /
User-agent: HaosouSpider
Disallow: /
User-agent: Baiduspider
Disallow: /
User-agent: Baiduspider-mobile
Disallow: /
User-agent: Sogou+inst+spider
Disallow: /
User-agent: Sogou+spider2
Disallow: /
User-agent: Sogou+web+spider/4.0
Disallow: /
User-agent: YisouSpider
Disallow: /
# All sitemaps listed below :
Sitemap: https://www.hermes.com/ca/en/sitemap.xml
Sitemap: https://www.hermes.com/ca/fr/sitemap.xml
Sitemap: https://www.hermes.com/us/en/sitemap.xml
Sitemap: https://www.hermes.com/at/de/sitemap.xml
Sitemap: https://www.hermes.com/be/en/sitemap.xml
Sitemap: https://www.hermes.com/be/fr/sitemap.xml
Sitemap: https://www.hermes.com/ch/de/sitemap.xml
Sitemap: https://www.hermes.com/ch/fr/sitemap.xml
Sitemap: https://www.hermes.com/cz/en/sitemap.xml
Sitemap: https://www.hermes.com/de/de/sitemap.xml
Sitemap: https://www.hermes.com/dk/en/sitemap.xml
Sitemap: https://www.hermes.com/es/es/sitemap.xml
Sitemap: https://www.hermes.com/fi/en/sitemap.xml
Sitemap: https://www.hermes.com/fr/fr/sitemap.xml
Sitemap: https://www.hermes.com/ie/en/sitemap.xml
Sitemap: https://www.hermes.com/it/it/sitemap.xml
Sitemap: https://www.hermes.com/jp/ja/sitemap.xml
Sitemap: https://www.hermes.com/hk/en/sitemap.xml
Sitemap: https://www.hermes.com/lu/fr/sitemap.xml
Sitemap: https://www.hermes.com/nl/en/sitemap.xml
Sitemap: https://www.hermes.com/no/en/sitemap.xml
Sitemap: https://www.hermes.com/pl/en/sitemap.xml
Sitemap: https://www.hermes.com/pt/en/sitemap.xml
Sitemap: https://www.hermes.com/se/en/sitemap.xml
Sitemap: https://www.hermes.com/uk/en/sitemap.xml
Sitemap: https://www.hermes.com/au/en/sitemap.xml
Sitemap: https://www.hermes.com/sg/en/sitemap.xml
Sitemap: https://www.hermes.com/my/en/sitemap.xml
Sitemap: https://www.hermes.com/kr/ko/sitemap.xml
Sitemap: https://www.hermes.com/ri/en/sitemap.xml
Sitemap: https://www.hermes.com/dh/en/sitemap.xml
Sitemap: https://www.hermes.com/th/en/sitemap.xml
Sitemap: https://www.hermes.com/tw/zh/sitemap.xml
Sitemap: https://www.hermes.com/br/pt/sitemap.xml
Sitemap: https://www.hermes.com/mx/es/sitemap.xml
sitemap.xml 200 OK
Type URL Set URLs 1 entries Valid XML Yes
Sample URLs:
A+Domain Intelligencehermes.com — via CSC Corporate Domains, Inc., 28 years, 9 months old, hosted on AWSPASS
Domain Intelligence
hermes.com — via CSC Corporate Domains, Inc., 28 years, 9 months old, hosted on AWS
hermes.com — via CSC Corporate Domains, Inc., 28 years, 9 months old, hosted on AWS
Info::
Domain registered until Nov 23, 2026 (7 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: CSC Corporate Domains, Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: AWS
Got: AS16509
Domain expiry
160 days
November 23, 2026
SSL certificate
37 days
Issued by Let's Encrypt
Domain age
28 years, 9 months
Registered November 24, 1997
DNSSEC
Not enabled
Protects against DNS spoofing
Hosting
AWS
ASN AS16509
34.241.52.214
Registrar
CSC Corporate Domains, Inc.
Unlocked 2 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar CSC Corporate Domains, Inc.
Created November 24, 1997 (28 years, 9 months ago)
Expires November 23, 2026 (7 months)
Last Updated November 19, 2025
Name Servers dns1.cscdns.net, dns2.cscdns.net
DNSSEC Not enabled
Hosting
IP Address 34.241.52.214
ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)
Provider AWS
Data source: rdap (0.3s)
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Why this matters
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Why this matters
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice
A+HTTP Probe TimingTotal 151 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
HTTP Probe Timing
Total 151 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
43 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
35 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
38 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
151 msTotal Time Total request time from DNS lookup through full response.
152 msConnection waterfall
DNS Lookup 43 ms TCP Connect 35 ms TLS Handshake 38 ms Server Processing 35 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.