Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BCrawlabilityno robots.txt, no sitemapREVIEW
robots.txt is optional but recommended. It tells search engine crawlers which pages to index.
No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.
Learn more ▾ ▴
A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.
Source: robotstxt.org
A sitemap helps search engines discover and index your pages more efficiently.
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
No robots.txt found
This is fine for most sites — a missing robots.txt allows all crawling by default.
No sitemap found
Adding a sitemap helps search engines discover your pages.
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
HTTP → HTTPS
HTTP version does not redirect to HTTPS
BTLS Certificate Expiry & Recommendations46 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records2 A records, 86 ms lookupPASS
| A | 192.230.81.215, 199.83.128.215 |
| AAAA | — |
| CNAME | — |
| NS | edns2.ultradns.com, edns2.ultradns.net, edns2.ultradns.biz, edns2.ultradns.org |
| MX | 10 mx1.hc746-71.c3s2.iphmx.com 10 mx2.hc746-71.c3s2.iphmx.com |
| TXT | _globalsign-domain-verification=HgiRh-sSqZctf4iKJ0YOjt_aX3P9F3qCwOe7ImjZpK zoom-domain-verification = 2abb7160-8c30-4d5d-8bb0-711c4b9f468f globalsign-domain-verification=51D8EA92CB3E682348F7E43AEAA41C29 MS=C0D7CCA9AC44A632EF67F326EFF0D3058F171AA0 google-site-verification=J20p361m9PdaZPJZU2Z_1j_JDKFMJ2uRVmZDd-k4cbc google-site-verification=JNe0twp9YTl8hq_WhWJgTSzXr9Mch2jcNX4-qvK5H5M amazonses:sqDUJcuFTlySTti7fkqrda9Y32JMG3uMCc40wfAwCkU= K0JT5zlfwjsFbH2UoZEhEU9eIRzu9kiyPJp2MB21qkEl5uEQ/VLf4OFlqHZN/tft8B0biiBFTsSINGXc... 8cc7eldmnf0v0kgautt34nt7ki globalsign-domain-verification=KaParXxs1OHDy7o8CMbPpHBN-2m_mzwdPqKMMQ66a6 /lzuttya2pIWXg60WrWQfdK6OwxCjSuKOUwNT0ei2jVftoe3KumoA8+L+mdV9Z/EvyRDNSyagbbktsms... globalsign-domain-verification=cf7b8900cf8796444581e623dd12e308 amazonses:li6YdxecSDtf04hQQDAaVaIcuwMRaIjmknGRgjf14i8= globalsign-domain-verification=1FB25BD11FCE88AF6BCBC4D2526831DF onetrust-domain-verification=b84617af0f4c43109993b312dc163d5d 8cvpuaom7ptc7d939mf8905v85 jamf-site-verification=7B5nMwxUaFvDrO-PzHTLhg amazonses:bPwzChMDWmHvCJTfwu1pN0nHnKzLHI0GqE2wYl6wttY= docusign=2cc56620-9f65-46c2-aae0-8d585597ba36 atlassian-domain-verification=wQHCcBe6jwzPwHfD412p2yfjqSFbH0FnAmkiPRPKOfg3+aUdho... bnn9a0uo9df5fmstai9qsk6n9i 9p491efmnmod2dbmf5uv3n2gff 2s79es742cbnd6i95g8ba2rs65 globalsign-domain-verification=5E2432FC2BCCD8A8C7DDB440364E08D3 _globalsign-domain-verification=K-_PpOMZQjQZKNGOQ4WmPPp1QE9dnJJtmbyigLIvSV remarkable-domain-verification=7cbc03a2-2a08-497f-b297-bbb041221002 globalsign-domain-verification=1b514ce0d6f4754265c0085d6655acdf e88cs4vtbrfl32vvbeo0qf07dg fnifieiccdtdnmihnnpjteg3nd pardot16162=698365af3d7546d0770281700590f76ddd87eddd22703b55a4a40825e5c0e066 atlassian-domain-verification=DqqcVzlm4pkvIgT9y6r5g5Ck2LgbsGfi0YFaLCjUwR0HSv7Upa... globalsign-domain-verification=2E9A170C5A6769267178CB6683200786 globalsign-domain-verification=29645516EC20ADC8D456A7547420F767 hkloe29sh35dr53350ei025s2s google-site-verification=3AvCZC0SaSdanIsSxKlayKQl6cbRXLp-yGU7fgHWx_k _globalsign-domain-verification=HErpcxwjTDLAUQmYDINXZ5RxsVtQYeky6NLbK6k-vP docusign=7ffa3b10-8bb5-45a3-ba85-68bd30dd1c0b globalsign-domain-verification=35858F8EA7D560097284D861C783185B a3b81cac9e7243e6b7ba70ca90ed4bbd _globalsign-domain-verification=0oiaS1_byNsY232oqJbbhFmx_VBpLVxiiqXw-8K-dB smartsheet-site-validation=B-_MTTKcXqdciAu1bLqZzHd-sLY3PzBz monday-com-verification=gxCw4oWWvmkSuO1TtHfmx1-6sQFlx5EDzo3jcxCJSbY apple-domain-verification=w01HCSVp6yVq9WFq drift-domain-verification=39e28111cdca59ddd24d7973bc4e5c7d57858d6ab373475b7262d9... adobe-idp-site-verification=078f1192c3426105243ff258b6984c43e40dada923d6c9d3701c... U4D3975U9PXJUPQZY8ZBTMHHEC5JE5G8 sending_domain141651=b8290663746d95419c24824f82b50a806ea39d8e07f0572273c018a82f3... _globalsign-domain-verification=igoeSPaAT8eP2SBbYbZod7P0duRT-8kQJZMffAO92c i3nui9u1jfjmbq663ive34f0s pendo-domain-verification=aou-YXKSoEugbfeSy_RWy-G851w uqigc5nna777vn7o39uj4aaigm q8kk301rbh0p6dt84fakrvn3tj SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com -all facebook-domain-verification=1ccts0z7cy40zgfqeto01qcbhmqa5v globalsign-domain-verification=08F1B8FBE399BB9292DE623C1EAB8D37 globalsign-domain-verification=04B447E4BD7CCB0FCC8A97745A734F38 onetrust-domain-verification=d4d99df607334b9e8bdefd4a670b16f2 logif8kder40ad5t11utvl0pgt jamf-site-verification=NSK8P0oKJ_v_K4SYfzVoWg globalsign-domain-verification=ed144f23914fdcbd915c2a8bac50459b 475ujqnlh08efj7v9l254gr6sj work-accounts-domain-verification=axMYwlYWIhLon1ZfLARo79zAYG7IPC _globalsign-domain-verification=i3BZwwJ2vSbJwfFZulUuoi3Hm-ly4VWqPZmpYkj_Hu globalsign-domain-verification=97db2d2803f158536a6c28cfe811f86d 9f6sfc33405a06v7j6qe3m29nh dropbox-domain-verification=rfkdxvfg0fch 8h3mk58h1cu7nikj44grh4buoo amazonses:4RCjrih1XXjXrbVG3EebNL2NxBM6cr38YpbXzLz6Z0g= sending_domain16162=df14a9bd0dad24ad8099bf8382063aea3d47b0e2c804fb0e394a890db1df... cot79aicnve0nmeusfkeph5k3c google-site-verification=YxgLjxjqLnakwOvPXKK3UqfyPpFqBfsjKBXLHxTfav0 c8e6bdb9e4314b03942a2c573407f32e adobe-idp-site-verification=98462d46-e333-42ea-8cfc-78f3b2f996f5 _rv6rop8v8ohucfx6yzqfyoueex9o9xj canva-site-verification=8gHtXeCDnw8ERaMXeFiUBg _rv6rop8v8ohucfx6yzqfyoueex9o9x globalsign-domain-verification=7E49580842F13CB4888CCBA38079F039 google-site-verification=ob1pP8Ya9Gf5ComQW9h3Z4Ff9VCrqYR-eZjrpgOyH_U riuup4n36p439874qcp4464f2e google-site-verification=rdXjF9DQ4yCaC6D4O1D5jCBae-cR0qX89L56nw64CzA globalsign-domain-verification=BBC5909DA930BC000D9F308825F58325 globalsign-domain-verification=c61e094541361cb5fbc1c928f32b74fb mixpanel-domain-verify=d2802e22-467d-4591-a4cd-70c611164c12 x5nvk8t7lqzc50ln68bjbx5z1r67h7b0 amazonses:0amUD6Zrd6YHMKhFaOQY6UhbknHiwz1C9QqoqlTb1L8= atlassian-sending-domain-verification=8a9d2a59-62c3-4adc-a713-7de3ce26fcd1 atlassian-domain-verification=pKCDfo3Z8RWV5ocnBqJhjRw5bcq0OgmK1WfFRlvbhAgjy/ee6D... e6d4Kp72pEH24o3MI62JD7PXNGgw+05SmFD89UQ7JYxfgXbQynfs+/4ZSm+yIkcu9ix871rdGR0Ns9eG... status-page-domain-verification=lnhfs4dvcpy9 globalsign-domain-verification=9CE9E11F9C790DC50945F28F4D066187 opu9r0bf1209fhqjm17po434pk atlassian-domain-verification=OeS7ynxaRaiiCGNnWeOlFHAgi9Onh5ta76tkfdYLvT8eoBdK6z... amazonses:ujBo1ftV0rrB5ah7Gf6ATr8pl3xw+91EXJMU/gFYpII= b28jcigg9vfqcbk1cfjn5c69v9 MS=ms37369884 reachdesk-verification=klxsm0WNAHieB6SixlW2jHnUcSgaeNRHM34tOOmrvPkKGcx3JhTtH0PuK... dropbox-domain-verification=ydec1vh2mwsv amazonses:6QqLugtNmWHFaV8YRq/tTQnI008dN/NTrPBbcCJ9zTc= 5FF151A6831BC54182DA5BD4E6FCA8B7E0D66CEC8A27EC1339A0C9A389181A91 A4KK4HNX5WZSU3MMKX6U8QRMZ23YV8KR apple-domain-verification=98HtaA2BYwtUAszv pendo-domain-verification=eb61f3b8-7c53-44e9-a78b-282d9f489305 _29binh9z73uvf18l7hew2z7782x4bmq |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect Chain0 redirect(s), 297 ms totalPASS
https://nasdaq.com
297 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://nasdaq.com | 301 | 297 ms | HTTP/1.1 |
A+Domain Intelligencenasdaq.com — via MarkMonitor Inc., 32 years, 9 months old, hosted on INCAPSULA - Incapsula Inc, USPASS
153 days
December 15, 2026
46 days
Issued by GlobalSign nv-sa
32 years, 9 months
Registered December 16, 1993
Not enabled
Protects against DNS spoofing
INCAPSULA - Incapsula Inc, US
ASN AS19551
199.83.128.215
MarkMonitor Inc.
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice