Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BCrawlabilityno robots.txt, no sitemapREVIEW
robots.txt is optional but recommended. It tells search engine crawlers which pages to index.
No robots.txt — crawlers fetch /robots.txt and get 404; not breaking but means default crawl behavior with no directives or sitemap reference.
Learn more ▾ ▴
A minimal robots.txt with `User-agent: * / Allow: / / Sitemap: https://example.com/sitemap.xml` covers the basics. Without it, crawlers behave fine but lose the sitemap signal and can't be selectively blocked from crawl-traps.
Source: robotstxt.org
A sitemap helps search engines discover and index your pages more efficiently.
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
No robots.txt found
This is fine for most sites — a missing robots.txt allows all crawling by default.
No sitemap found
Adding a sitemap helps search engines discover your pages.
BTLS Certificate Expiry & Recommendations89 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Add includeSubDomains to the HSTS directive
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records1 A records, 177 ms lookupPASS
| A | 194.150.245.142 |
| AAAA | — |
| CNAME | — |
| NS | ns-73.awsdns-09.com, ns-1739.awsdns-25.co.uk, ns-1254.awsdns-28.org, ns.sbb.ch, ns-967.awsdns-56.net |
| MX | 10 sbb-ch.mail.protection.outlook.com |
| TXT | apple-domain-verification=SCevAjT9ULPdpBd6 onetrust-domain-verification=42359ab1e53844569d3be24b5bdb6e26 onetrust-domain-verification=de841a4e9aa7475db07070abd7f150e0 google-site-verification=LhD8D1NbAAJeTe6OCIdbRsCVjzvX7_aHWA4dZu-wG8Q MS=ms34590370 teamviewer-sso-verification=f90e9b40e6294735b0859dd9d92c2f21 SPF v=spf1 include:spf2.sbb.ch a:c.spf.service-now.com include:spf.protection.outloo... swisssign-check=y_pFDmj2KTQJEMNfjE0OoEduQac QuoVadis=50b3a2e3-237b-4998-b8a6-768d3727d629 VGdGi+G18rN9Uk0dsu65WCcK93yj1ikWw29cR6OkIZr81rt3Jfp3V/XngBczobZVA2qE5267qqJ9ot1N... google-site-verification=KbfSC6HVZgVJSHudRBtIYhU2kQOKfyQLOQ4YfnKioLg 2D1536FF-63A4-4053-A747-EE28FD7E0233 unity-sso-verification=1922f040-a3d0-4531-b647-28dc61f1c50d successfactors-site-verification=ZjkwMjNjZGIwMGM3NzZhNmYyYmI3ZGIyMzQ3YmNmMzE4OGI... google-site-verification=O0wirgako3GN7C49TXaPBhsa7S5Sf7Y584GPGDB7Q2U onetrust-domain-verification=9b90e2207ce444aaa6dbb0546c834206 QuoVadis=437d307c-34b6-4fb4-9228-8c4688b797bb google-site-verification=UspM2v7ffR7H82oWLaAhVDeOLA-2jZmEsVcpZhofQ-Y atlassian-domain-verification=eJF8QwwPrfZaX1DvzttHQjbR2vzNuRY9XWPRB4jAKfI0efc4hD... asuid.qr.sbb.ch=373EB956F7203F05FA34B27B23539812AA5DAE1F6407C503EC3738BCD0C96172 apple-domain-verification=Mce6UhzoK1KY3hkUUz0DcGotILkVJOWTmE5ZPYVBxUc facebook-domain-verification=b9o1v6a9ydhcnnw2rutndevdkw7viw mongodb-site-verification=aw4d1AMA1nqRkc5guT3QNeVgVuzue5DG paloaltonetworks-site-verification=de960013288dc91a90f4fdc713da6614ba3f2261dfad1... miro-verification=8ea5e249de3b096034c8b76496024947d8c29918 |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 205 ms totalPASS
https://sbb.ch
92 ms · HTTP/1.1
https://www.sbb.ch/de/
113 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://sbb.ch | 301 | 92 ms | HTTP/1.1 | Apache |
| 2 | https://www.sbb.ch/de/ | 202 | 113 ms | HTTP/1.1 | CloudFront |
See the visual redirect chain in the HTTP Probe tab →
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
HTTP → HTTPS
Consistent
A+HTTP Probe TimingTotal 149 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
Connection waterfall
Domain IntelligenceDomain intelligence data not availableINFO
RDAP and WHOIS lookup both failed