Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations89 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
A+DNS Records2 A records, 111 ms lookupPASS
| A | 104.16.57.101, 104.16.56.101 |
| AAAA | 2606:4700::6810:3865, 2606:4700::6810:3965 |
| CNAME | — |
| NS | brett.ns.cloudflare.com, kristin.ns.cloudflare.com |
| MX | 10 eu-smtp-inbound-1.mimecast.com 10 eu-smtp-inbound-2.mimecast.com |
| TXT | mongodb-site-verification=Wz0F8egzNJsoZK7m0uqEAi9v94G2H577 openai-domain-verification=dv-KUFVFo0hljqsd0IwRTpJ9BgJ miro-verification=6de82812527859f0a679abf2ee4359f324eda403 hubspot-domain-verification=YWI2OGVkMGQtZWI5MC00OWQ2LWE5OTMtNjRlYTFlMDAxNjJh facebook-domain-verification=0naugluc2wps1vk1ehhghfye3ay2bh adobe-idp-site-verification=1e023fcdd70d6246b0c1bae6453746b7518898768bf9a0d29fea... openai-domain-verification=dv-QvAYcmqPtlCKB7vHnha6Aao9 access-domain-verification=88a91e532ba9ce3edff27a9deb2d592ecadac66c828b68c7c5120... google-site-verification=Aa5DyQm2ASdsv3xQ7CUrhljGpyLmZ4bi7V0y3JV57tQ SDt8sE0szC906JEMQUredv9fNVbviN/5OlRXzz5HtGM= atlassian-domain-verification=jjEjMBhc5so0vAILwXsYsFuFzcTLQKWb1OSJtMITj4a3zPSWzF... notion-domain-verification=8EoH48XeZhr9eAd6ARNO3akCh60gNeNFU3TAc01tPZY SPF v=spf1 a include:eu._netblocks.mimecast.com include:email.prnewswire.com include... google-site-verification=J9TblooCP1rM_veU4b_AmgrvxAjit1lZWLWdwk7VJhQ hubspot-domain-verification=YjFjNjVmYTgtOTg3Ny00ODJhLWI4NDgtOWQyYTIzMzQzMjNh MS=ms50528142 onetrust-domain-verification=a577b67387694996aa3357906dfc6aa8 browserstack-domain-verification=7c2ff2b8-912f-450d-b9ab-56503605d659 adobe-sign-verification=4f3cc3fdc5c69955671fb50e9725c742 figma-domain-verification=1f378a127e28c42e54f4c48e8cf5d974f30336c8bb4f98510867a9... google-site-verification=wrDUCXTOdT7G_3_jrQ4Bdt7f1PA7Y5yQiNxdlq-W0wY rovag_verification_token=33D489C0E3BB4807BA88F4DFE8518270 apple-domain-verification=qddUhqMThMsiA6QO google-site-verification=UOReC13NG83w6GrddHv0x11DJAXC16ge-DtlDcYZkHM k89ad3UHyW1cDKkVn+upTT50HlTKz6KZN+FtTdGZAhsarnCpCFL4o4AHAVMY0xYzJxYxK/GZ8j0M3wJs... docker-verification=f1cbea94-02ad-4e19-93fb-f0440787d5d8 |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect Chain0 redirect(s), 66 ms totalPASS
https://moneysavingexpert.com
66 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://moneysavingexpert.com | 403 | 66 ms | HTTP/1.1 | cloudflare |
A+IPv6 ReadinessIPv6 reachable (16 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 25 URLsPASS
Sitemap: https://www.moneysavingexpert.com/sitemap.xml
Sitemap: https://www.moneysavingexpert.com/google-news-sitemap.xml
Sitemap: https://www.moneysavingexpert.com/cheap-mobile-finder/sitemap.xml
Sitemap: https://www.moneysavingexpert.com/compare-broadband-deals/sitemap.xml
# As a condition of accessing this website, you agree to abide by
# the following content signals:
# (a) If a content-signal = yes, you may collect content for the
# corresponding use.
# (b) If a content-signal = no, you may not collect content for
# the corresponding use.
# (c) If the website operator does not include a content signal
# for a corresponding use, the website operator neither grants nor
# restricts permission via content signal with respect to the
# corresponding use.
# The content signals and their meanings are:
# search: building a search index and providing search results
# (e.g., returning hyperlinks and short excerpts from your
# website's contents). Search does not include providing
# AI-generated search summaries.
# ai-input: inputting content into one or more AI models (e.g.,
# retrieval augmented generation, grounding, or other real-time
# taking of content for generative AI search answers).
# ai-train: training or fine-tuning AI models.
# ANY RESTRICTIONS EXPRESSED VIA CONTENT SIGNALS ARE EXPRESS
# RESERVATIONS OF RIGHTS UNDER ARTICLE 4 OF THE EUROPEAN UNION
# DIRECTIVE 2019/790 ON COPYRIGHT AND RELATED RIGHTS IN THE
# DIGITAL SINGLE MARKET.
# Allow agentic-AI users
User-agent: Claude-User
User-agent: ClaudeBot
User-agent: GPTBot
User-agent: ChatGPT-User
User-agent: OAI-SearchBot
User-agent: Perplexity-User
User-agent: PerplexityBot
Content-Signal: ai-train=yes, search=yes, ai-input=yes
Disallow:
User-agent: *
Disallow: /cache/
Disallow: /compare-broadband-deals/goto/
Disallow: /includes/
Disallow: /modules/
Disallow: /redir/
Disallow: /templates/
Disallow: /review/
Disallow: /tips/20*
Disallow: /tips/page/
Disallow: /advanced-search.php?
Disallow: /deals/cheap-iphone/scripts/
Disallow: /content/mse/msecom/en-gb/content/overlay/
Disallow: /poll/
Disallow: /vote/
Disallow: /broadband/goto
Disallow: /compare-plus/sso
Allow: /tips/2026*
Allow: /tips/2025*
# Google News directives
User-agent: Googlebot-News
Allow: /news/
Allow: /deals/deals-hunter/
Allow: /team-blog/
- https://www.moneysavingexpert.com/mse-ge...
- https://www.moneysavingexpert.com/team-b...
- https://www.moneysavingexpert.com/deals-...
- https://www.moneysavingexpert.com/deals-...
- https://www.moneysavingexpert.com/google...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
- https://www.moneysavingexpert.com/news-2...
ADomain Intelligencemoneysavingexpert.com — via CSC Corporate Domains, Inc., 24 years, 2 months oldPASS
EXPIRED
June 10, 2026
89 days
Issued by Let's Encrypt
24 years, 2 months
Registered June 10, 2002
Not enabled
Protects against DNS spoofing
Unknown
2606:4700::6810:3865
CSC Corporate Domains, Inc.
Expiry timeline
Recommended actions
- Domain has EXPIRED — renew immediately to avoid total site outage
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Consider enabling auto-renewal to prevent accidental expiration.
Domain expiry approaching — renew immediately and ensure auto-renew + alerting are configured.
Source: ICANN renewal policy
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice