Infrastructure - https://preply.com BeaverCheck Audit

B

TLS Certificate Expiry & Recommendations

67 days until leaf cert expires — 3 issues to address

REVIEW

Certificate validity

67

days left

0d 30d 60d 90d+

Recommended actions

Submit your domain to hstspreload.org to be added to the Chrome preload list
Enable DNSSEC on your domain for DNS spoofing protection
Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy

A+

DNS Records

2 A records, 11 ms lookup

PASS

2 A records, 11 ms lookup

Resolves to 2 IPv4 address(es)

Got: 104.18.20.180, 104.18.21.180

Has 2 IPv6 (AAAA) record(s)

Got: 2606:4700::6812:15b4, 2606:4700::6812:14b4

2 nameserver(s) configured

Got: elmo.ns.cloudflare.com, josephine.ns.cloudflare.com

5 mail exchanger(s) configured

CAA records not checked

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

SPF record present in TXT

DNS resolution time: 11 ms

Got: 11 ms

A	104.18.20.180, 104.18.21.180
AAAA	2606:4700::6812:15b4, 2606:4700::6812:14b4
CNAME	—
NS	elmo.ns.cloudflare.com, josephine.ns.cloudflare.com
MX	1 aspmx.l.google.com 2 alt1.aspmx.l.google.com 3 alt2.aspmx.l.google.com 4 aspmx2.googlemail.com 5 aspmx3.googlemail.com
TXT	3IVRaMIZUcy1CmiRsPzOuUt2rdaviLE CKO=cli_fzzfxff5mazexpu7cletpbbcai MS=9D26CC7C009C0249F66AF3299806EEA9F1830421 Preply Inc. ZOOM_verify_TyuyWqL9dp7HyuYc5Au6dl ahrefs-site-verification_f2a57e8c2efcc0b6f604a621191c791a9e4de85fe63c5f110e4c7fd... anthropic-domain-verification-997a99=wHsPNhizQSJBpxFa53SXAdWND apple-domain-verification=WCX65VHUnUnXE_WR4aAjLZcow1-tuVFI7EUjSGo5MuQ apple-domain-verification=pnQeFwKBFtDW6fIC atlassian-domain-verification=WhWkVUKB9UHofjpUqccqnk3HFwjwAc+Qh4mr/CuLvRlgyFSOVF... cursor-domain-verification-pm3h89=bT23Wp5kpSUHOa0DIYLnCWZwk facebook-domain-verification=0qmuo056oot5smnzsrjnmvvp7u7d69 google-site-verification=2O4yEIHljd3FTE565Q_jCszjU437qA2XodeOC5VeG-8 google-site-verification=7mmbmYtJ2mxmwMraTIVyLVVa2tSRgl4w8oGYQwSLDlc google-site-verification=BPunH4ploc42hIR0wzdP8XaE2_wF9dIdcZt_oY4v4u0 google-site-verification=DSnZWuJWa-jOCFhEfDaTkjnCxLljFQViyUolhR67lDE google-site-verification=Jz8jyhCzi7k2fkjaLyXu46c9U9f7moXGrwtd7T06aRM google-site-verification=PcRz6ANOXrg27IS84Ij1xipGa6Zy6UL89mjPOkcPSxs google-site-verification=SpW08gSJ1cnMmkgO8B1uMGlnXffngb82Kn22CB1QZ84 google-site-verification=hNmEMRbxvTnqFkol_Q0BOE1iRUV8jg92cbdJma91hWw google-site-verification=jqYmc_d_0CZnRE5mJZ8_d7KtUyNRr9anYijfEa82HGo google-site-verification=lGoVrgaAZY0FoYcjDQdxXyUGXxoqDzscz6ohWPcls40 google-site-verification=od7L2hFO1sx4Zz8ajHfQJKXhOlA8akjtzlEdqfjVNK4 h1-domain-verification=UGPLTNabTGUzYJoMvGZrp364xKW6LmWXKrcyVXKA241Ec1xm logmein-verification-code=9aea428b-efcd-423a-a2be-e402e0cc2e86 loom-site-verification=687a1bece469499499e48340e8b3e52e miro-verification=16382e2f4176ca9a7009be20bae98f94a2e00644 openai-domain-verification=dv-3xWkKamRO5MZ8S4E9So8F0ia openai-domain-verification=dv-CYinrT2psIz8w3ta80mT9AEi openai-domain-verification=dv-Qs9wt7JfACyRDhmvb3vXF4Fo openai-domain-verification=dv-T6yLnERh1T2QsTidISS048al stripe-verification=2BCBC2BDE4B95A39CDC81343C7A946CF462D749710292CC298DAB0A7F7EB... SPF v=spf1 include:_spf.google.com include:sendgrid.net include:spf.mail.intercom.io... wmail-verification: e79db3306c95247b99a89d5b72d610cd
CAA	Lookup not available with standard resolver

Resolved in 11 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+

Redirect Chain

No redirects — direct access

PASS

No redirects — direct access

Got: https://preply.com

https://preply.com

48 ms · HTTP/1.1 FINAL

#	URL	Status	Time	Protocol	Server
1	https://preply.com	200	48 ms	HTTP/1.1	cloudflare

A+

IPv6 Readiness

IPv6 reachable (1 ms)

PASS

IPv6 reachable (1 ms)

IPv6 is configured and reachable at 2606:4700::6812:15b4, 2606:4700::6812:14b4

Got: 1 ms connect

IPv6 Ready

AAAA Records 2606:4700::6812:15b4, 2606:4700::6812:14b4 Connection Reachable (1 ms)

A+

Crawlability

robots.txt present, sitemap with 19 URLs

PASS

robots.txt present, sitemap with 19 URLs

robots.txt is present

Got: 3546 bytes

sitemap.xml is present

sitemap.xml is valid XML

sitemap.xml contains 19 entries

robots.txt references sitemap

robots.txt 200 OK

Size 3546 B Sitemaps referenced 33 User-agents Yandex, Slurp, bingbot, SemrushBot, MozBot, PerplexityBot, msnbot, Sogou, GPTBot, Google-Extended, meta-externalagent, * Blocking No — crawling allowed


User-agent: *
Host: https://preply.com



Disallow: /language/
Disallow: /*/calendar$
Allow: */help/calendar
Disallow: /*/chat/
Disallow: /*/lessons$
Disallow: /currency/
Disallow: /api/
Disallow: /graphql/
Disallow: /dwh/
Disallow: /wp-admin/
Disallow: /edu/
Disallow: */rlogin*
Disallow: /current
Disallow: /signup
Disallow: /*/settings$
Disallow: /*/settings/
Disallow: /redirect_dispatcher
Disallow: /*/wizard-portrait
Disallow: *?next=
Disallow: /messages
Disallow: /dashboard
Disallow: /tutor
Disallow: /ua/tutor
Disallow: /pl/tutor
Disallow: /pack/*/checkout$
Disallow: /pack/*/edit$
Disallow: /pack/create
Disallow: /*bid_history
Disallow: */checkout
Disallow: */vakancii-dlya-trenerov-angliyskogo-yazyka
Disallow: /monolith
Disallow: /sp
Disallow: /question
Disallow: /%7BUS_CENSUS_NAME%7D
Disallow: /manage-lessons
Disallow: /manage-single-lessons
Disallow: /*/new-home-page
Disallow: /*/invite/
Disallow: /*/internal/
Sitemap: https://preply.com/special-cases-sitemap.xml


Sitemap: https://preply.com/ru-sitemap-index.xml



Sitemap: https://preply.com/en-sitemap-index.xml



Sitemap: https://preply.com/pl-sitemap-index.xml



Sitemap: https://preply.com/de-sitemap-index.xml



Sitemap: https://preply.com/ua-sitemap-index.xml



Sitemap: https://preply.com/pt-sitemap-index.xml



Sitemap: https://preply.com/tr-sitemap-index.xml



Sitemap: https://preply.com/id-sitemap-index.xml



Sitemap: https://preply.com/fr-sitemap-index.xml



Sitemap: https://preply.com/it-sitemap-index.xml



Sitemap: https://preply.com/es-sitemap-index.xml



Sitemap: https://preply.com/zh-sitemap-index.xml



Sitemap: https://preply.com/ja-sitemap-index.xml



Sitemap: https://preply.com/ko-sitemap-index.xml



Sitemap: https://preply.com/ar-sitemap-index.xml



Sitemap: https://preply.com/nl-sitemap-index.xml



Sitemap: https://preply.com/ro-sitemap-index.xml



Sitemap: https://preply.com/sv-sitemap-index.xml



Sitemap: https://preply.com/th-sitemap-index.xml


Sitemap: https://preply.com/ru/blog/sitemap.xml/
Sitemap: https://preply.com/pl/blog/sitemap.xml/
Sitemap: https://preply.com/de/blog/sitemap.xml/
Sitemap: https://preply.com/pt/blog/sitemap.xml/
Sitemap: https://preply.com/tr/blog/sitemap.xml/
Sitemap: https://preply.com/fr/blog/sitemap.xml/
Sitemap: https://preply.com/it/blog/sitemap.xml/
Sitemap: https://preply.com/es/blog/sitemap.xml/
Sitemap: https://preply.com/ja/blog/sitemap.xml/
Sitemap: https://preply.com/en/blog/sitemap.xml/
Sitemap: https://preply.com/ko/blog/sitemap.xml/
Sitemap: https://preply.com/sv/blog/sitemap.xml/
Sitemap: https://preply.com/ua/blog/sitemap.xml/

User-agent: Yandex


Disallow: /en/*
Allow: /en/$
Disallow: /es/*
Allow: /es/$
Disallow: /ja/*
Allow: /ja/$
Disallow: /pl/*
Allow: /pl/$
Disallow: /it/*
Allow: /it/$
Disallow: /fr/*
Allow: /fr/$
Disallow: /pt/*
Allow: /pt/$
Disallow: /id/*
Allow: /id/$
Disallow: /zh/*
Allow: /zh/$
Disallow: /ko/*
Allow: /ko/$
Disallow: /de/*
Allow: /de/$

Crawl-delay: 2
Clean-param: intercom&click_id&p&campaignid&network&adgroupid&keyword&matchtype&creative&adposition&targetid&loc_physical_ms&device&AU /

User-agent: Slurp

Host: https://preply.com

Crawl-delay: 20

User-agent: msnbot

Crawl-delay: 10

User-agent: bingbot
Allow: /

User-agent: SemrushBot
Disallow: /

User-agent: MozBot
Disallow: /

User-agent: Sogou
Crawl-delay: 10

User-agent: GPTBot
Allow: /

User-agent: PerplexityBot
Allow: /

User-agent: Google-Extended
Allow: /

# https://www.facebook.com/externalhit_uatext.php
User-agent: meta-externalagent
Allow: /
Crawl-delay: 10

sitemap.xml 200 OK

Type URL Set URLs 19 entries Valid XML Yes

Sample URLs:

A+

URL Variants

www/non-www, trailing slash, HTTP→HTTPS

PASS

www/non-www, trailing slash, HTTP→HTTPS

www/non-www redirect configured correctly (preferred: non-www)

HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.preply.com/

200https://preply.com/

Preferred variant: non-www

HTTP → HTTPS

301http://preply.com/ → https://preply.com/

Consistent

A+

Domain Intelligence

preply.com — via GoDaddy.com, LLC, 15 years, 5 months old

PASS

preply.com — via GoDaddy.com, LLC, 15 years, 5 months old

Domain registered until Jan 23, 2028 (1 years, 9 months remaining)

DNSSEC is not enabled

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Registrar: GoDaddy.com, LLC

Registrar lock is NOT enabled

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Domain expiry

587 days

January 23, 2028

SSL certificate

67 days

Issued by Google Trust Services

Domain age

15 years, 5 months

Registered January 23, 2011

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

Unknown

2606:4700::6812:14b4

Registrar

GoDaddy.com, LLC

Unlocked 2 NS records

Expiry timeline

Today

+1 year

Domain expiry SSL expiry Danger zone (≤30 days)

Recommended actions

Enable DNSSEC to protect visitors from DNS spoofing
Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers

Registrar GoDaddy.com, LLC

Created January 23, 2011 (15 years, 5 months ago)

Expires January 23, 2028 (1 years, 9 months)

Last Updated January 14, 2025

Name Servers elmo.ns.cloudflare.com, josephine.ns.cloudflare.com

DNSSEC Not enabled

Hosting

IP Address 2606:4700::6812:14b4

Data source: rdap (0.1s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more ▾

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more ▾

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+

HTTP Probe Timing

Total 152 ms — DNS, TCP, TLS, TTFB, content transfer breakdown

PASS

DNS Lookup

2 ms

TCP Connect

1 ms

TLS Handshake

20 ms

Time to First Byte

113 ms

Total Time

153 ms

Connection waterfall

DNS Lookup 2 ms TCP Connect 1 ms TLS Handshake 20 ms Server Processing 91 ms Content Transfer 39 ms

A+

CDN & Delivery

Cloudflare (HIT)

PASS

Cloudflare (HIT)

Site is served via Cloudflare CDN (edge: AMS)

Got: cf-ray: 9f07c09759111c14-AMS

CDN cache status: HIT

CDN Detected: Cloudflare

Provider Cloudflare Cache Status HIT Evidence cf-ray: 9f07c09759111c14-AMS