Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations68 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records1 A records, 38 ms lookupPASS
| A | 172.104.26.72 |
| AAAA | — |
| CNAME | — |
| NS | ns3-02.azure-dns.org, ns1-02.azure-dns.com, ns2-02.azure-dns.net, ns4-02.azure-dns.info |
| MX | 10 mxb-0030d801.gslb.pphosted.com 10 mxa-0030d801.gslb.pphosted.com |
| TXT | SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all docusign=64d531ea-6334-42a0-9208-bbf4a8b0bf9a 795981589-23226688 pexip-ms-tenant-domain-verification=dc2c0cca-0666-451f-bbe0-001aa984617d g5/aA3/CpAYFd1PtcJMCh+/M0fex9tqF9UxJv7TMt608PM6c8Y+wTpd58rJxPvN50X4WpYSC7j1pl6uE... google-site-verification=gc_l4pkaXkT_GbFvYvA2z1TQs1LgMFaPFdJP-bqdfrY apple-domain-verification=8MFTcrXRWQIWYOig ciscocidomainverification=616ed4ff71808abf72d6167da65a9e3df85155f6d1101adf7360fe... google-site-verification=zrhr9nQnHuMhostFkDekqBzebjI3L_0x7hcKLpbs0kw |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 779 ms totalPASS
https://nrdc.org
278 ms · HTTP/1.1
https://www.nrdc.org/
501 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://nrdc.org | 301 | 278 ms | HTTP/1.1 | Apache |
| 2 | https://www.nrdc.org/ | 200 | 501 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 12 URLsPASS
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html
User-agent: *
# CSS, JS, Images
Allow: /core/*.css$
Allow: /core/*.css?
Allow: /core/*.js$
Allow: /core/*.js?
Allow: /core/*.gif
Allow: /core/*.jpg
Allow: /core/*.jpeg
Allow: /core/*.png
Allow: /core/*.svg
Allow: /profiles/*.css$
Allow: /profiles/*.css?
Allow: /profiles/*.js$
Allow: /profiles/*.js?
Allow: /profiles/*.gif
Allow: /profiles/*.jpg
Allow: /profiles/*.jpeg
Allow: /profiles/*.png
Allow: /profiles/*.svg
# Directories
Disallow: /core/
Disallow: /profiles/
# Files
Disallow: /README.md
Disallow: /composer/Metapackage/README.txt
Disallow: /composer/Plugin/ProjectMessage/README.md
Disallow: /composer/Plugin/Scaffold/README.md
Disallow: /composer/Plugin/VendorHardening/README.txt
Disallow: /composer/Template/README.txt
Disallow: /modules/README.txt
Disallow: /sites/README.txt
Disallow: /themes/README.txt
Disallow: /web.config
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register
Disallow: /user/password
Disallow: /user/login
Disallow: /user/logout
Disallow: /media/oembed
Disallow: /*/media/oembed
# Paths (no clean URLs)
Disallow: /index.php/admin/
Disallow: /index.php/comment/reply/
Disallow: /index.php/filter/tips
Disallow: /index.php/node/add/
Disallow: /index.php/search/
Disallow: /index.php/user/password
Disallow: /index.php/user/register
Disallow: /index.php/user/login
Disallow: /index.php/user/logout
Disallow: /index.php/media/oembed
Disallow: /index.php/*/media/oembed
# Crawl delay (seconds between requests for compliant crawlers)
Crawl-delay: 10
# Disallow Rules
Disallow: /*?f[*
Disallow: /*&f[*
Disallow: /*?f%5B*
Disallow: /*&f%5B*
Disallow: /*?sort_by*
Disallow: /*&sort_by*
Disallow: /*?search_api_fulltext*
Disallow: /*&search_api_fulltext*
Disallow: *?*=*
User-agent: Amazonbot
Disallow: /
User-agent: anthropic-ai
Disallow: /
User-agent: AwarioRssBot
User-agent: AwarioSmartBot
Disallow: /
User-agent: Bytespider
Disallow: /
User-agent: CCBot
Disallow: /
User-agent: Claude-Web
Disallow: /
User-agent: cohere-ai
Disallow: /
User-agent: DataForSeoBot
Disallow: /
User-agent: Diffbot
Disallow: /
User-agent: FacebookBot
Disallow: /
User-agent: Googlebot-News
Disallow: /press-releases/
User-agent: magpie-crawler
Disallow: /
User-agent: NewsNow
Disallow: /
User-agent: news-please
Disallow: /
User-agent: omgili
Disallow: /
User-agent: omgilibot
Disallow: /
User-agent: peer39_crawler
User-agent: peer39_crawler/1.0
Disallow: /
User-agent: SiteAuditBot
Disallow: /
User-agent: SemrushBot-BA
Disallow: /
User-agent: SemrushBot-SI
Disallow: /
User-agent: SemrushBot-SWA
Disallow: /
User-agent: SplitSignalBot
Disallow: /
User-agent: SemrushBot-OCOB
Disallow: /
User-agent: SemrushBot-FT
Disallow: /
User-agent: Scrapy
Disallow: /
User-agent: TurnitinBot
Disallow: /
# Theme Files:
Allow: /themes/*.css$
Allow: /themes/*.css?
Allow: /themes/*.js$
Allow: /themes/*.js?
Allow: /themes/*.gif
Allow: /themes/*.jpg
Allow: /themes/*.jpeg
Allow: /themes/*.png
Allow: /themes/*.svg
Disallow: /themes/*.html
# Sitemap
Sitemap: https://www.nrdc.org/sitemap.xml
# Kitchen Sink page
Disallow: /kitchen-sink
# CDN and edge services
Disallow: /cdn-cgi/
- https://www.nrdc.org/sitemap.xml?page=1
- https://www.nrdc.org/sitemap.xml?page=2
- https://www.nrdc.org/sitemap.xml?page=3
- https://www.nrdc.org/sitemap.xml?page=4
- https://www.nrdc.org/sitemap.xml?page=5
- https://www.nrdc.org/sitemap.xml?page=6
- https://www.nrdc.org/sitemap.xml?page=7
- https://www.nrdc.org/sitemap.xml?page=8
- https://www.nrdc.org/sitemap.xml?page=9
- https://www.nrdc.org/sitemap.xml?page=10
- https://www.nrdc.org/sitemap.xml?page=11
- https://www.nrdc.org/sitemap.xml?page=12
A+HTTP Probe TimingTotal 321 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
Connection waterfall
Domain IntelligenceDomain intelligence data not availableINFO
RDAP and WHOIS lookup both failed