Skip to content
https://matterport.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
86
GRADE
B
FIX
1
REVIEW
1
PASS
7
INFO
0
Probed from Santa Clara, United States
200 OK
Checks
9
7 PASS 1 REVIEW 1 FIX
F
IPv6 Readiness
Action
IPv6 records exist but unreachable
FIX
IPv6 records exist but unreachable
Warning::
IPv6 DNS records exist but server is not reachable
Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.
Got: 2606:4700:4400::ac40:9261, 2606:4700:4400::6812:299f
Info::
IPv6 connection error
Got: dial tcp6 [2606:4700:4400::ac40:9261]:443: connect: network is unreachable
IPv6 Misconfigured
AAAA Records 2606:4700:4400::ac40:9261, 2606:4700:4400::6812:299f Connection UNREACHABLE

Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.

Why this matters

Advertising IPv6 (AAAA records) without a reachable server means IPv6-preferring clients silently fail every connection.

Learn more

Modern browsers prefer IPv6 if AAAA exists (Happy Eyeballs algorithm). If the IPv6 server isn't reachable, browsers fall back to IPv4 — but with seconds of added latency per request. Either fix IPv6 reachability or remove the AAAA records.

Source: RFC 8305 (Happy Eyeballs)

B
TLS Certificate Expiry & Recommendations
49 days until leaf cert expires — 4 issues to address
REVIEW

Certificate validity

49
days left
0d 30d 60d 90d+

Recommended actions

  • Add includeSubDomains to the HSTS directive
  • Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+
DNS Records
2 A records, 130 ms lookup
PASS
2 A records, 130 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 104.18.41.159, 172.64.146.97
Info::
Has 2 IPv6 (AAAA) record(s)
Got: 2606:4700:4400::ac40:9261, 2606:4700:4400::6812:299f
Info::
4 nameserver(s) configured
Got: ns-1448.awsdns-53.org, ns-1614.awsdns-09.co.uk, ns-310.awsdns-38.com, ns-743.awsdns-28.net
Info::
1 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 130 ms
Got: 130 ms
A104.18.41.159, 172.64.146.97
AAAA2606:4700:4400::ac40:9261, 2606:4700:4400::6812:299f
CNAME
NSns-1448.awsdns-53.org, ns-1614.awsdns-09.co.uk, ns-310.awsdns-38.com, ns-743.awsdns-28.net
MX
1 matterport-com.mail.protection.outlook.com
TXT
6B2B460550
MS=ms17692392
asv=f4975b3108810aaefd92af12e04f4088
atlassian-domain-verification=9xxIAWrS23Ihj1rny90c09ULGrlF5QqIeRDHoM9h/mDK9dQfmC...
atlassian-domain-verification=LAkz2FUxxMo9oBp9qlpKyMPkFQT3p7fXn2F/dz0S07Gt8LASUo...
atlassian-domain-verification=lfeyjhJXIpvCNouH8ejMr6NUntf7kUabbUpXZTzjqWkeKPL58n...
ca3-85a1719435594b5f93c9e318d7485beb
canva-site-verification=Tui_vJHU3e_a4iywkdq8wA
dtm-domain-verification=LPaQJkenRqU_f27zmdlYQK42LWuvXJQoKligBJlzvh4
dtm-domain-verification=_s4A7auBgbYFYdK8-62k6WFWp4VdGOzSS0iWyvREECY
facebook-domain-verification=bc4rjv1ne6lmmpmkm0dq4w8mq6kyqj
globalsign-domain-verification=wvdz6fqNpGYoUxoyCbEUOYrkz-Z8Nh2zXAoS8lsLRh
google-site-verification=2G72f8437RoiCxStrbrcLFkvHHgYvy0JUNqzf6ES4Es
google-site-verification=3ZOIhwSinmrngLCu1nQLMusR5RRUcf-MwS-hu1SN_Hg
google-site-verification=8qjCuwNezcNWRFnLRQj_fDQAJtVWow1iQbGD62NcoNo
google-site-verification=DnYYEkwPRHn8Dg9ZKrnzdzFzTk_TA8V2NTA-AmfDiGY
google-site-verification=QO6VzZEFNQZ08fk4Hit50xOJsCpBvc2AJQmfLbGgHes
google-site-verification=tizVD9Eh7Sse2J2yTT51pSTLRjTYwNfS6siPy6b3_dw
h1-domain-verification=EsJUSsUfzCVBxTxm9dE5a6XQVKzq3cRFULHDPbLRwPY7hgDf
hj-ownership='}.{,fnM8cL"3]Y1#jk=
logmein-verification-code=dbf38ade-d1da-40bb-9306-0f0b0dd9c0d5
lucid-verification=vua-JDB4fzu!gdz0day
miro-verification=abebac7038b5f980a0bd4544366810d9459d428d
pardot142351=3cf0ade33fae2580b0de32ab64393c42c2705841847282c2e7bccd5e4e5558c4
pardot142351=54ebecfb45dc6b5b885c036da118544f3e471dcbc3e09dca37075b4b950f8d81
pardot142351=67c0d37fef5ae2399a2acce99fe85be770a171c4ff0e7865207fe17fb7321ca1
pardot142351=c6c3e6f80337ef032ad926b0f2b3f5405796fcd0d386dbba45be0f9648ab96c9
pardot_142351_*=7cd93fad920495c0a26d20a785e89892cb2de331ed91de0418876a2de5ff32c6
stripe-verification=a3215338f55b346cabc52be7f3d51bc2f0fc2fa1f17fd1f7c1f77d89e9fe...
unbounce=613597
SPF v=spf1 include:costar.com include:spf.protection.outlook.com ip4:168.203.32.239 ...
zendeskverification=509e4ebfdda8bd33
CAALookup not available with standard resolver
Resolved in 130 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+
Redirect Chain
No redirects — direct access
PASS
No redirects — direct access
Info::
No redirects — direct access
Got: https://matterport.com

https://matterport.com

75 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://matterport.com20075 msHTTP/1.1cloudflare
A+
Crawlability
robots.txt present, sitemap with 14504 URLs
PASS
robots.txt present, sitemap with 14504 URLs
Info::
robots.txt is present
Got: 68 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 14504 entries
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 68 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed
User-Agent: *
Allow: /

Sitemap: https://matterport.com/sitemap.xml

A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.matterport.com/
200https://matterport.com/

Preferred variant: non-www

HTTP → HTTPS

301http://matterport.com/ https://matterport.com/

Consistent

A
Domain Intelligence
matterport.com — via NameSilo, LLC, 15 years, 1 months old, hosted on Cloudflare
PASS
matterport.com — via NameSilo, LLC, 15 years, 1 months old, hosted on Cloudflare
Warning::
Domain expires in 48 days
Consider enabling auto-renewal to prevent accidental expiration.
Got: Expires Jun 9, 2026
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: NameSilo, LLC
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: Cloudflare
Got: AS13335
Domain expiry

EXPIRED

June 9, 2026

SSL certificate

49 days

Issued by DigiCert Inc

Domain age

15 years, 1 months

Registered June 9, 2011

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

Cloudflare

ASN AS13335

104.18.41.159

Registrar

NameSilo, LLC

Unlocked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Domain has EXPIRED — renew immediately to avoid total site outage
  • Enable DNSSEC to protect visitors from DNS spoofing
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar NameSilo, LLC
Created June 9, 2011 (15 years, 1 months ago)
Expires June 9, 2026 (1 months)
Last Updated June 9, 2025
Name Servers ns-1448.awsdns-53.org, ns-1614.awsdns-09.co.uk, ns-310.awsdns-38.com, ns-743.awsdns-28.net
DNSSEC Not enabled
Hosting
IP Address 104.18.41.159
ASN AS13335 (CLOUDFLARENET - Cloudflare, Inc., US)
Provider Cloudflare
Data source: rdap (0.1s)

Consider enabling auto-renewal to prevent accidental expiration.

Why this matters

Domain expiry approaching — renew immediately and ensure auto-renew + alerting are configured.

Source: ICANN renewal policy

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 80 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
34 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
3 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
15 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
73 ms
Total Time Total request time from DNS lookup through full response.
80 ms

Connection waterfall

DNS Lookup 34 ms TCP Connect 3 ms TLS Handshake 15 ms Server Processing 21 ms Content Transfer 7 ms
A+
CDN & Delivery
Cloudflare (HIT)
PASS
Cloudflare (HIT)
Info::
Site is served via Cloudflare CDN (edge: SJC)
Got: cf-ray: 9efea4268f1649d2-SJC
Info::
CDN cache status: HIT
CDN Detected: Cloudflare
Provider Cloudflare Cache Status HIT Evidence cf-ray: 9efea4268f1649d2-SJC
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback