Infrastructure - https://liftoff.io BeaverCheck Audit

C

IPv6 Readiness

Action

No IPv6 support

REVIEW

No IPv6 support

No IPv6 (AAAA) records found

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

No IPv6 Support

About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B

TLS Certificate Expiry & Recommendations

31 days until leaf cert expires — 3 issues to address

REVIEW

Certificate validity

31

days left

0d 30d 60d 90d+

Recommended actions

Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
Enable DNSSEC on your domain for DNS spoofing protection
Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy

A+

DNS Records

2 A records, 84 ms lookup

PASS

2 A records, 84 ms lookup

Resolves to 2 IPv4 address(es)

Got: 141.193.213.21, 141.193.213.20

No IPv6 (AAAA) records

4 nameserver(s) configured

Got: ns-1252.awsdns-28.org, ns-1644.awsdns-13.co.uk, ns-472.awsdns-59.com, ns-825.awsdns-39.net

5 mail exchanger(s) configured

CAA records not checked

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

SPF record present in TXT

DNS resolution time: 84 ms

Got: 84 ms

A	141.193.213.21, 141.193.213.20
AAAA	—
CNAME	—
NS	ns-1252.awsdns-28.org, ns-1644.awsdns-13.co.uk, ns-472.awsdns-59.com, ns-825.awsdns-39.net
MX	1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 aspmx3.googlemail.com 10 aspmx2.googlemail.com
TXT	1password-site-verification=AP5MIZKZCRDSTN7EF2UDY6RZPE B6F083F5EF MS=ms60094763 OSSRH-66135 OSSRH-68453 ZOOM_verify_MxgimrzThAgCNBXDv8cB9u adobe-idp-site-verification=d81785899a6d24611bfb0155d2da657859fb3506691ba56b1e13... anthropic-domain-verification-swdb8j=E2Gui5hOHHOW3Bs0ep33Pl6rk apple-domain-verification=zi9sTfsVQMRmKhaC atlassian-domain-verification=1VdEeHNGYUuI7dkmPWZ8duP9LTl+AIdHC7ee7Fx4cPKt34uKnG... box-domain-verification=f9c3971ec1ff0429e36ae47e606185b1d6f831e14432129c6e8ea9c7... cursor-domain-verification-4v3v32=29y6cePqjFMNojiLLkD1x8GXQ docusign=091846d4-3ad9-457b-ab8d-28045636a9b3 figma-domain-verification=9a62bfe5b2eb77f19763bb490e046b93a6bafb8857e09ba70df91a... google-site-verification=2AGpMX0qYetcFTPqEi3JiCLXSPmkWWUAdT4kVDcxdiA google-site-verification=Tbi3U9Z-5hUR53a0ZSQGyIGM2FcqgsU9GcUyj9kG5NY ip4:141.193.213.20 ip4:141.193.213.21 ip4:149.72.147.186 ip4:167.89.101.239 ip4:167.89.99.179 ip4:168.245.40.44 ~all linear-domain-verification=2tt7pmxqke8u openai-domain-verification=dv-1MaLMkNxYzFb3hpFC2x8MmEI SPF v=spf1 include:_spf.google.com include:mail.zendesk.com include:em9009.seismic.c...
CAA	Lookup not available with standard resolver

Resolved in 84 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A

Redirect Chain

1 redirect(s), 262 ms total

PASS

1 redirect(s), 262 ms total

Single redirect

Got: https://liftoff.io → https://liftoff.ai/ (302)

Uses 302 (temporary) redirect

If permanent, use 301 instead.

Got: https://liftoff.io

Cross-domain redirect detected

https://liftoff.io

155 ms · HTTP/1.1

302

https://liftoff.ai/

106 ms · HTTP/1.1 FINAL

#	URL	Status	Time	Protocol	Server
1	https://liftoff.io	302	155 ms	HTTP/1.1	cloudflare
2	https://liftoff.ai/	200	106 ms	HTTP/1.1	cloudflare

See the visual redirect chain in the HTTP Probe tab →

If permanent, use 301 instead.

Why this matters

302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.

Learn more ▾

Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).

Source: Google Search Central

A+

Crawlability

robots.txt present, sitemap with 12 URLs

PASS

robots.txt present, sitemap with 12 URLs

robots.txt is present

Got: 29 bytes

sitemap.xml is present

sitemap.xml is valid XML

sitemap.xml contains 12 entries

Sitemap index with 12 child sitemaps

robots.txt does not reference a sitemap

Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.

Why this matters

robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.

Source: sitemaps.org

robots.txt 200 OK

Size 29 B Sitemaps referenced 0 User-agents * Blocking No — crawling allowed

User-agent: *
Crawl-delay: 30

sitemap.xml 200 OK

Type Sitemap Index URLs 12 entries Valid XML Yes

Child Sitemaps:

A

URL Variants

www/non-www, trailing slash, HTTP→HTTPS

PASS

www/non-www, trailing slash, HTTP→HTTPS

www/non-www redirect configured correctly (preferred: non-www)

HTTP→HTTPS redirect uses 302 instead of 301

Got: 302 temporary redirect Expected: 301 permanent redirect

www / non-www

301https://www.liftoff.io/

200https://liftoff.io/

Preferred variant: non-www

HTTP → HTTPS

302http://liftoff.io/ → https://liftoff.ai/

Use 301 (permanent) instead of 302 (temporary)

A+

Domain Intelligence

liftoff.io — via Gandi SAS, 13 years, 7 months old, hosted on Cloudflare

PASS

liftoff.io — via Gandi SAS, 13 years, 7 months old, hosted on Cloudflare

Domain registered until Oct 30, 2026 (6 months remaining)

Registrar: Gandi SAS

Registrar lock is enabled

Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.

Hosting: Cloudflare

Got: AS209242

Domain expiry

137 days

October 30, 2026

SSL certificate

31 days

Issued by Google Trust Services

Domain age

13 years, 7 months

Registered October 30, 2012

DNSSEC

Status unknown

Protects against DNS spoofing

Hosting

Cloudflare

ASN AS209242

141.193.213.20

Registrar

Gandi SAS

Locked 4 NS records

Expiry timeline

Today

+1 year

Domain expiry SSL expiry Danger zone (≤30 days)

Registrar Gandi SAS

Created October 30, 2012 (13 years, 7 months ago)

Expires October 30, 2026 (6 months)

Last Updated September 30, 2025

Name Servers ns-1252.awsdns-28.org, ns-1644.awsdns-13.co.uk, ns-472.awsdns-59.com, ns-825.awsdns-39.net

Registrant Liftoff

Hosting

IP Address 141.193.213.20

ASN AS209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

Provider Cloudflare

Data source: whois (0.6s)

Domain cannot be transferred without explicit unlock from the registrar. This protects against unauthorized transfers.

Why this matters

Registrar lock (clientTransferProhibited et al.) prevents unauthorized domain transfers — strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+

HTTP Probe Timing

Total 164 ms — DNS, TCP, TLS, TTFB, content transfer breakdown

PASS

DNS Lookup

13 ms

TCP Connect

5 ms

TLS Handshake

11 ms

Time to First Byte

164 ms

Total Time

164 ms

Connection waterfall

DNS Lookup 13 ms TCP Connect 5 ms TLS Handshake 11 ms Server Processing 135 ms Content Transfer 0 ms

A

CDN & Delivery

Cloudflare (DYNAMIC)

PASS

Cloudflare (DYNAMIC)

Site is served via Cloudflare CDN (edge: SJC)

Got: cf-ray: 9ed5218f5b85939b-SJC

CDN cache status: DYNAMIC

CDN Detected: Cloudflare

Provider Cloudflare Cache Status DYNAMIC Evidence cf-ray: 9ed5218f5b85939b-SJC