https://huggingface.co
Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
88
GRADE
B
FIX
1
REVIEW
1
PASS
7
INFO
0
Probed from Santa Clara, United Stated
200 OK
Checks
97 PASS 1 REVIEW 1 FIX
FIPv6 ReadinessActionIPv6 records exist but unreachableFIX
IPv6 Readiness
ActionIPv6 records exist but unreachable
IPv6 records exist but unreachable
Warning::
IPv6 DNS records exist but server is not reachable
Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.
Got: 2600:9000:234c:9a00:17:b174:6d00:93a1, 2600:9000:234c:fc00:17:b174:6d00:93a1, 2600:9000:234c:5e00:17:b174:6d00:93a1, 2600:9000:234c:400:17:b174:6d00:93a1, 2600:9000:234c:3200:17:b174:6d00:93a1, 2600:9000:234c:f400:17:b174:6d00:93a1, 2600:9000:234c:b800:17:b174:6d00:93a1, 2600:9000:234c:f600:17:b174:6d00:93a1
Info::
IPv6 connection error
Got: dial tcp6 [2600:9000:234c:9a00:17:b174:6d00:93a1]:443: connect: network is unreachable
IPv6 Misconfigured
AAAA Records 2600:9000:234c:9a00:17:b174:6d00:93a1, 2600:9000:234c:fc00:17:b174:6d00:93a1, 2600:9000:234c:5e00:17:b174:6d00:93a1, 2600:9000:234c:400:17:b174:6d00:93a1, 2600:9000:234c:3200:17:b174:6d00:93a1, 2600:9000:234c:f400:17:b174:6d00:93a1, 2600:9000:234c:b800:17:b174:6d00:93a1, 2600:9000:234c:f600:17:b174:6d00:93a1 Connection UNREACHABLE
Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.
Why this matters
Advertising IPv6 (AAAA records) without a reachable server means IPv6-preferring clients silently fail every connection.
Learn more ▾ ▴
Modern browsers prefer IPv6 if AAAA exists (Happy Eyeballs algorithm). If the IPv6 server isn't reachable, browsers fall back to IPv4 — but with seconds of added latency per request. Either fix IPv6 reachability or remove the AAAA records.
Source: RFC 8305 (Happy Eyeballs)
BTLS Certificate Expiry & Recommendations173 days until leaf cert expires — 3 issues to addressREVIEW
TLS Certificate Expiry & Recommendations
173 days until leaf cert expires — 3 issues to address
Certificate validity
173
days left
0d 30d 60d 90d+
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records4 A records, 56 ms lookupPASS
DNS Records
4 A records, 56 ms lookup
4 A records, 56 ms lookup
Info::
Resolves to 4 IPv4 address(es)
Got: 108.138.246.79, 108.138.246.85, 108.138.246.67, 108.138.246.71
Info::
Has 8 IPv6 (AAAA) record(s)
Got: 2600:9000:234c:9a00:17:b174:6d00:93a1, 2600:9000:234c:fc00:17:b174:6d00:93a1, 2600:9000:234c:5e00:17:b174:6d00:93a1, 2600:9000:234c:400:17:b174:6d00:93a1, 2600:9000:234c:3200:17:b174:6d00:93a1, 2600:9000:234c:f400:17:b174:6d00:93a1, 2600:9000:234c:b800:17:b174:6d00:93a1, 2600:9000:234c:f600:17:b174:6d00:93a1
Info::
4 nameserver(s) configured
Got: ns-137.awsdns-17.com, ns-919.awsdns-50.net, ns-1452.awsdns-53.org, ns-1955.awsdns-52.co.uk
Info::
5 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 56 ms
Got: 56 ms
| A | 108.138.246.79, 108.138.246.85, 108.138.246.67, 108.138.246.71 |
| AAAA | 2600:9000:234c:9a00:17:b174:6d00:93a1, 2600:9000:234c:fc00:17:b174:6d00:93a1, 2600:9000:234c:5e00:17:b174:6d00:93a1, 2600:9000:234c:400:17:b174:6d00:93a1, 2600:9000:234c:3200:17:b174:6d00:93a1, 2600:9000:234c:f400:17:b174:6d00:93a1, 2600:9000:234c:b800:17:b174:6d00:93a1, 2600:9000:234c:f600:17:b174:6d00:93a1 |
| CNAME | — |
| NS | ns-137.awsdns-17.com, ns-919.awsdns-50.net, ns-1452.awsdns-53.org, ns-1955.awsdns-52.co.uk |
| MX | 1 aspmx.l.google.com 5 alt2.aspmx.l.google.com 5 alt1.aspmx.l.google.com 10 alt3.aspmx.l.google.com 10 alt4.aspmx.l.google.com |
| TXT | MS=ms73710064 1|www.huggingface.co apple-domain-verification=ZDO4wVjVjWMGBFP3 amazonses:haWTX74o8Xzj4/OOGCiZvCKU2CreCZ9D+2OemeBCWW0= openai-domain-verification=dv-e4Lrj3WKW6Ij50099jy0UDHH miro-verification=ffff67f600b7fa1bc0e2cfeb85506a9854d04b3f mongodb-site-verification=pJyVDE1qFtWfLWussktn17TxGmMiOSrO cursor-domain-verification-e2jjpz=VS6jJT0Yi3HOWOAjVnPRBRn4R seatsurfing-verification=c972dd30-8319-4f60-b684-089c02e1e7bd uber-domain-verification=a96220f2-0f5b-4858-b6ce-1525a1e5b3a5 anthropic-domain-verification-be2qx2=5duhSVDfBdfL9zp9HMwMo5DeF plausible-sso-verification=71baae3e-8875-4d97-b492-3d0bcc09ab35 v=MCPv1; k=ed25519; p=EWH4AejXSbTWok3hjfTSRcFXFG/Qe+oQffs4nM/Hl7k= google-site-verification=0xPvU1qdox33LAduAR6WZBcojgN2dTHbmD6V7xH86ao google-site-verification=ZlzPJH9K6WW65-qtY2MAVZedKyBrjS2hX6B6Y6mlvxQ google-site-verification=lyRnnTlQ38GAC7D92RqswXMuRY6G0pRaPMyfKtNK5zw zapier-domain-verification-challenge=83bd16a2-804b-4046-8607-d0aed15cc172 stripe-verification=EB5A6D7C5DB936DB61416A17258106A0BE35C774B2E9532B040C5D5F6859... hcp-domain-verification=b90e13b0828283c307c52de32fe6661bcd4da664d5486f0b552f4593... amazon-business-verification=edce90d350ae97c05d07c252817db08ffe470096ef197b689ab... SPF v=spf1 include:spf.mailjet.com include:_spf.google.com include:amazonses.com inc... |
| CAA | Lookup not available with standard resolver |
Resolved in 56 ms
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Why this matters
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
Redirect Chain
No redirects — direct access
No redirects — direct access
Info::
No redirects — direct access
Got: https://huggingface.co
https://huggingface.co
19 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://huggingface.co | 200 | 19 ms | HTTP/1.1 |
A+Crawlabilityrobots.txt present, sitemap with 7 URLsPASS
Crawlability
robots.txt present, sitemap with 7 URLs
robots.txt present, sitemap with 7 URLs
Info::
robots.txt is present
Got: 68 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 7 entries
Info::
Sitemap index with 7 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 68 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed
User-agent: *
Allow: /
Sitemap: https://huggingface.co/sitemap.xml
sitemap.xml 200 OK
Type Sitemap Index URLs 7 entries Valid XML Yes
Child Sitemaps:
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS
www / non-www
302https://www.huggingface.co/
200https://huggingface.co/
Preferred variant: non-www
HTTP → HTTPS
301http://huggingface.co/ → https://huggingface.co/
Consistent
A+Domain Intelligencehuggingface.co — via OVH sas, 9 years, 10 months old, hosted on AWSPASS
Domain Intelligence
huggingface.co — via OVH sas, 9 years, 10 months old, hosted on AWS
huggingface.co — via OVH sas, 9 years, 10 months old, hosted on AWS
Info::
Domain registered until Jul 17, 2026 (3 months remaining)
Info::
Registrar: OVH sas
Info::
Hosting: AWS
Got: AS16509
Domain expiry
32 days
July 17, 2026
SSL certificate
173 days
Issued by Amazon
Domain age
9 years, 10 months
Registered July 18, 2016
DNSSEC
Status unknown
Protects against DNS spoofing
Hosting
AWS
ASN AS16509
108.138.246.71
Registrar
OVH sas
Lock status unknown 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry
Registrar OVH sas
Created July 18, 2016 (9 years, 10 months ago)
Expires July 17, 2026 (3 months)
Last Updated July 6, 2025
Name Servers ns-919.awsdns-50.net, ns-1452.awsdns-53.org, ns-137.awsdns-17.com, ns-1955.awsdns-52.co.uk
Hosting
IP Address 108.138.246.71
ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)
Provider AWS
Data source: whois (0.8s)
A+HTTP Probe TimingTotal 18 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
HTTP Probe Timing
Total 18 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
5 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
2 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
5 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
17 msTotal Time Total request time from DNS lookup through full response.
18 msConnection waterfall
DNS Lookup 5 ms TCP Connect 2 ms TLS Handshake 5 ms Server Processing 5 ms Content Transfer 1 ms
A+CDN & DeliveryAWS CloudFront (Hit from cloudfront)PASS
CDN & Delivery
AWS CloudFront (Hit from cloudfront)
AWS CloudFront (Hit from cloudfront)
Info::
Site is served via AWS CloudFront CDN (edge: SFO53-P4)
Got: x-amz-cf-id: G2cu4vmvdeqVXh4sQLH8iPPH5ivOq3BCq6k9HHyS85vUUdjZqWMGbw==
Info::
CDN cache status: Hit from cloudfront
CDN Detected: AWS CloudFront
Provider AWS CloudFront Cache Status Hit from cloudfront Evidence x-amz-cf-id: G2cu4vmvdeqVXh4sQLH8iPPH5ivOq3BCq6k9HHyS85vUUdjZqWMGbw==
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.