Skip to content
https://la-croix.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
84
GRADE
B
FIX
0
REVIEW
4
PASS
5
INFO
0
Probed from Sao Paulo, Brazil
301 Moved Permanently
Checks
9
5 PASS 4 REVIEW
B
Redirect Chain
1 redirect(s), 1485 ms total
REVIEW
1 redirect(s), 1485 ms total
Info::
Single redirect
Got: https://la-croix.com → https://www.la-croix.com/ (301)
Info::
WWW normalization redirect
Warning::
Redirect overhead: 1485 ms total
Got: 1485 ms

https://la-croix.com

799 ms · HTTP/1.1

301

https://www.la-croix.com/

686 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://la-croix.com301799 msHTTP/1.1nginx
2https://www.la-croix.com/200686 msHTTP/1.1nginx

See the visual redirect chain in the HTTP Probe tab →

C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
REVIEW
www/non-www, trailing slash, HTTP→HTTPS
Critical::
Both www and non-www versions serve content
Got: Both variants return 200 Expected: One variant 301-redirects to the other
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.la-croix.com/
200https://la-croix.com/

Inconsistent — duplicate content risk

HTTP → HTTPS

301http://la-croix.com/ https://la-croix.com/

Consistent

B
TLS Certificate Expiry & Recommendations
87 days until leaf cert expires — 4 issues to address
REVIEW

Certificate validity

87
days left
0d 30d 60d 90d+

Recommended actions

  • Add includeSubDomains to the HSTS directive
  • Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+
DNS Records
4 A records, 81 ms lookup
PASS
4 A records, 81 ms lookup
Info::
Resolves to 4 IPv4 address(es)
Got: 18.64.174.126, 18.64.174.47, 18.64.174.60, 18.64.174.32
Info::
No IPv6 (AAAA) records
Info::
4 nameserver(s) configured
Got: ns-1075.awsdns-06.org, ns-1674.awsdns-17.co.uk, ns-364.awsdns-45.com, ns-822.awsdns-38.net
Info::
2 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 81 ms
Got: 81 ms
A18.64.174.126, 18.64.174.47, 18.64.174.60, 18.64.174.32
AAAA
CNAME
NSns-1075.awsdns-06.org, ns-1674.awsdns-17.co.uk, ns-364.awsdns-45.com, ns-822.awsdns-38.net
MX
10 spool.mail.gandi.net
50 fb.mail.gandi.net
TXT
facebook-domain-verification=qdlv9hyggrx0nyolc2vmmnkd8qaw99
google-site-verification=0kEQqm7WdZ3mZTR12uVR4ksy30FurOwFQqqkgBr5QRw
google-site-verification=3BRVawcotcoT9QVy3cShpbuvBcc-Hc0tE_rwX3J3orE
google-site-verification=3S_u3t73pjg4kcI6r2R2NA9TQs_tIyw8HR6Oh3wSGfA
google-site-verification=64yOb8-kh8FZ1ozFnw9wh5WCEOmnI-Grx5MU3phxV7s
google-site-verification=94Yz71Kiks4Iei4yR4jzO7bHuPiZXj8ARhRIU51zEB0
google-site-verification=EjDV_vKZAGWNDkJDSjaWYzJikZPW_aItVE5i1fJtTw0
google-site-verification=HwqsnsgVq1VzbhFjEL_5hMWtRquUNoG-k5Vbr6xs3k0
google-site-verification=Q0BOjQ0EL0cB778x1Qi40q7WkWa8gM1P5q1ERlor1s8
google-site-verification=T9n9waRBZH0PuvgCdj5vKrlrs87YKqYg1t8bvN3wNk4
google-site-verification=UZmsqbrE06mgVsmFsKyNv9wSKenBzOWiHdTC4UVMQgw
google-site-verification=_FywuNFVf-JwdiR5FIzRJ57s-jPlj3LLJjjuIcnMuLk
google-site-verification=bmV4h4wjzw23BEqGh4kPZGvw9VZZWrXJifBrF2UuVMU
google-site-verification=fs7f0k0JzcVohaQtPWAmK_Yo8piXszbUkyp7U_n9nks
google-site-verification=j6rRQY6AoonsM3vVMXm7UCTHYx_PWfjlzS7r-eO29v0
google-site-verification=nGYTRkvTo4U9pNTpzhI8kwd1KbV6ku0wnlshqfAIwhU
google-site-verification=qWesvSd_qtCplyh5oTVZ6mhRAFA_rs9_vPWWrfqA0oI
google-site-verification=sFoF5-u2hFP0h-Dix2nWSS7HLw0FkaeQFlGtbM0YVdA
google-site-verification=u6Dkat58iINhuvYN61LiaAXgU1wjo9S-4in-kgivNT0
SPF v=spf1 include:spf.mailjet.com include:_mailcust.gandi.net include:amazonses.com...
CAALookup not available with standard resolver
Resolved in 81 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+
Crawlability
robots.txt present, sitemap with 340 URLs
PASS
robots.txt present, sitemap with 340 URLs
Info::
robots.txt is present
Got: 1444 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 340 entries
Info::
Sitemap index with 340 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 1444 B Sitemaps referenced 10 User-agents * Blocking No — crawling allowed
User-agent: *

Disallow: /recherche/
Disallow: /Archives/
Disallow: /assets/build/
Disallow: /Sitemap/
Disallow: /Recherche/

Sitemap: https://www.la-croix.com/feeds/sitemaps/sitemaps_articles.xml
Sitemap: https://www.la-croix.com/feeds/sitemaps/sitemap_sections.xml
Sitemap: https://www.la-croix.com/feeds/sitemaps/sitemap_tags.xml
Sitemap: https://www.la-croix.com/feeds/sitemaps/sitemap_news.xml
Sitemap: https://www.la-croix.com/elections/Sitemap_municipal.xml
Sitemap: https://www.la-croix.com/elections/Sitemap.xml
Sitemap: https://www.la-croix.com/elections/sitemap_legislatives2022.xml
Sitemap: https://www.la-croix.com/elections/sitemap_presidentielles2022.xml
Sitemap: https://www.la-croix.com/elections/sitemap_departementales.xml
Sitemap: https://www.la-croix.com/elections/Sitemap_reg.xml

############################
# Old URLs, to be removed
############################
Disallow: /layout/
Disallow: /lacroixzone/
Disallow:/?docId*
Disallow:/?cat=*
Disallow:/?%3BrubId=*
Disallow:/fonts/
Disallow:/build/
Disallow: /bundles/
Disallow:/extension/
Disallow:/v1/
Disallow:/content/download/
Disallow:/var/
Disallow: /?%3BrubId=*
Disallow: /dossiers2/
Disallow: */index.jsp?docId=*
Disallow: */article.jsp?docId=*
Disallow: */archive.jsp?article=*
Disallow: */documents/
Disallow: /preview/
Disallow: /amp/
Disallow: /Journal/
Disallow: /JournalV2/
Disallow: /login/
Disallow: /login*
Disallow: /print/
############################
sitemap.xml 200 OK
Type Sitemap Index URLs 340 entries Valid XML Yes
Child Sitemaps:
A+
Domain Intelligence
la-croix.com — via Gandi SAS, 26 years, 4 months old, hosted on AWS
PASS
la-croix.com — via Gandi SAS, 26 years, 4 months old, hosted on AWS
Info::
Domain registered until Apr 13, 2027 (11 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: Gandi SAS
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: AWS
Got: AS16509
Domain expiry

301 days

April 13, 2027

SSL certificate

87 days

Issued by Amazon

Domain age

26 years, 4 months

Registered April 13, 2000

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

AWS

ASN AS16509

18.64.174.126

Registrar

Gandi SAS

Unlocked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable DNSSEC to protect visitors from DNS spoofing
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar Gandi SAS
Created April 13, 2000 (26 years, 4 months ago)
Expires April 13, 2027 (11 months)
Last Updated March 13, 2026
Name Servers ns-1075.awsdns-06.org, ns-1674.awsdns-17.co.uk, ns-364.awsdns-45.com, ns-822.awsdns-38.net
DNSSEC Not enabled
Hosting
IP Address 18.64.174.126
ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)
Provider AWS
Data source: rdap (0.6s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A
HTTP Probe Timing
Total 685 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
61 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
107 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
110 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
686 ms
Total Time Total request time from DNS lookup through full response.
686 ms

Connection waterfall

DNS Lookup 61 ms TCP Connect 107 ms TLS Handshake 110 ms Server Processing 407 ms Content Transfer 0 ms
A
CDN & Delivery
AWS CloudFront (Miss from cloudfront)
PASS
AWS CloudFront (Miss from cloudfront)
Info::
Site is served via AWS CloudFront CDN (edge: MIA3-P4)
Got: x-amz-cf-id: eMMGVWx7n9iDmGCUWbV1zDXBvcRbcB9-Z3Gu-zW4D5AXFaUN37kY4g==
Info::
CDN cache status: Miss from cloudfront
CDN Detected: AWS CloudFront
Provider AWS CloudFront Cache Status Miss from cloudfront Evidence x-amz-cf-id: eMMGVWx7n9iDmGCUWbV1zDXBvcRbcB9-Z3Gu-zW4D5AXFaUN37kY4g==
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback