Infrastructure
· 17 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.FIPv6 ReadinessActionIPv6 records exist but unreachableFIX
Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.
Advertising IPv6 (AAAA records) without a reachable server means IPv6-preferring clients silently fail every connection.
Learn more ▾ ▴
Modern browsers prefer IPv6 if AAAA exists (Happy Eyeballs algorithm). If the IPv6 server isn't reachable, browsers fall back to IPv4 — but with seconds of added latency per request. Either fix IPv6 reachability or remove the AAAA records.
Source: RFC 8305 (Happy Eyeballs)
CReverse DNSAction0/4 IPs match cert SANREVIEW
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations80 days until leaf cert expires — 2 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
BCDN Cache ObservabilityNo CDN cache-status headers in the responseREVIEW
BOperational Status PageNo status page link detectedREVIEW
A+DNS Records2 A records, 19 ms lookupPASS
| A | 104.16.47.225, 104.18.112.152 |
| AAAA | 2606:4700::6810:2fe1, 2606:4700::6812:7098 |
| CNAME | — |
| NS | aria.ns.cloudflare.com, algin.ns.cloudflare.com |
| MX | 10 mxa-00105402.gslb.gpphosted.com 10 mxb-00105402.gslb.gpphosted.com |
| TXT | MS=ms73814707 05e81d0be2054ac7beea849133b77b05 _4zte39pj6k7z83q6o6fhfzakm23558m _7rq3hmedjjrf1t5eazc8r4qomm5s7ki _vxvqd1e4v0djvwx9idtg0nn9laa5tiw apple-domain-verification=gJbPAe3a4N8jOUgu MS=F05A94C360DEC24CC45E8583C8F4E2F167DCC5D3 d9895a85-87c3-4c89-a47f-f62da6172abf.rtx.com prd-utc-sitecore911-cd-tm.trafficmanager.net docusign=23bd3f53-dd64-41d1-addf-8fed6c51b9b1 docusign=324f9ecc-0512-4973-b03b-3e6fd8228e32 docker-verification=2abe0a5b-b8c1-432a-830b-8d697f51749a SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com -all smartsheet-site-validation=4hRh-T0MnsRSDULLsQpR6V9U020JzmtY smartsheet-site-validation=Mz8V9RFQ0ZXLQ92ISTOSvRokvw1_a7CM unity-sso-verification=51470a37-fb1c-4d0b-8cd0-a2da0ec3068a onetrust-domain-verification=05e81d0be2054ac7beea849133b77b05 onetrust-domain-verification=c9055623b0894aacbd5cbbc753067074 spycloud-domain-verification=8f47ed47-7ed6-4414-aaee-743b2593cbcf Of+VYK8ZrAiLdDqbFd6xfQv1m71wf+CsqoNgt+3AedYDC2NKZ9IxDsCCF1PpuRFWYj== google-site-verification=65o7r0qXjhOyUdTSfrGfIeOW5AJ5VTzYFwCJMeR9Fvg google-site-verification=OIf_hSwFJzP6P9b_7VaZbiQVf0N3m7CdfIOki6YXPQg google-site-verification=zLqE2hWL3bgvUFu4rdaQHnL00-Co2RyT7sHyWF5EVY8 pardot888673=9ec07d03dc04e2f4b7b7999a783523b3b133369c8e0980310bb309f8461fd8c8 lV8VJwW4aewignj1d7BNMVEN2z/23mtUac/rcIWZO0VcsbDnbKyky3PGm52oXfDDX2T1rlaqR1JhOY0P... wiz-domain-verification=0e15001f32475978c40d426288e19f1d7862699bf1a5ff045dfca280... Dynatrace-site-verification=9a4b2476-2f57-4a76-8534-a49046c379a4__tc3lgurgsbm5v7... adobe-idp-site-verification=e65c5541d85c3d19f23d8c0efbfe77580896a6d1ff32e6cb54f0... atlassian-domain-verification=aldYgbaIZLBWXPtU2edaoRDCDksMiOXL3x3I66QCmJCMmSI7aU... |
| CAA | Lookup not available with standard resolver |
A+Subdomain TakeoverNo subdomain takeover risk detectedPASS
A+DNSSECSigned and validatingPASS
A+CAA Recordsissue: comodoca.com, digicert.com, letsencrypt.org, pki.goog, sectigo.com, ssl.com | issuewild: comodoca.com, digicert.com, letsencrypt.org, pki.goog, sectigo.com, ssl.com | iodef configuredPASS
A+Multi-Resolver DNS SpeedMean 8ms across 3 resolvers (spread 11ms)PASS
ARedirect Chain1 redirect(s), 265 ms totalPASS
https://rtx.com
36 ms · HTTP/1.1
https://www.rtx.com/
229 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://rtx.com | 301 | 36 ms | HTTP/1.1 | cloudflare |
| 2 | https://www.rtx.com/ | 200 | 229 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 653 URLsPASS
User-agent: *
Allow: /
Sitemap: https://www.rtx.com/sitemap.xml
Sitemap: https://www.rtx.com/raytheon/sitemap.xml
Sitemap: https://www.rtx.com/prattwhitney/sitemap.xml
Sitemap: https://www.rtx.com/collinsaerospace/sitemap.xml
A+Domain Intelligencertx.com — via Corsearch Domains LLC, 30 years, 8 months old, hosted on CloudflarePASS
1738 days
April 17, 2031
80 days
Issued by Google Trust Services
30 years, 8 months
Registered April 16, 1996
Enabled
Protects against DNS spoofing
Cloudflare
ASN AS13335
104.16.47.225
Corsearch Domains LLC
Expiry timeline
Recommended actions
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice