Infrastructure - https://shein.com BeaverCheck Audit

D

CDN & Delivery

Action

No CDN detected

FIX

No CDN detected

A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.

No CDN detected

Consider using a CDN to improve global delivery speed and reduce origin load.

B

Redirect Chain

2 redirect(s), 968 ms total

REVIEW

2 redirect(s), 968 ms total

2 redirects before reaching final URL

Each redirect adds latency. Try to minimize the chain to 1 hop.

WWW normalization redirect

Uses 302 (temporary) redirect

If permanent, use 301 instead.

Got: https://www.shein.com/

Redirect overhead: 968 ms total

Got: 968 ms

Cross-domain redirect detected

https://shein.com

626 ms · HTTP/1.1

301

https://www.shein.com/

21 ms · HTTP/1.1

302

https://br.shein.com/?cdn_rsite=ak&ref=w...

322 ms · HTTP/1.1 FINAL

#	URL	Status	Time	Protocol	Server
1	https://shein.com	301	626 ms	HTTP/1.1	openresty
2	https://www.shein.com/	302	21 ms	HTTP/1.1	AkamaiGHost
3	https://br.shein.com/?cdn_rsite=ak&ref=w...	200	322 ms	HTTP/1.1	cloudflare

See the visual redirect chain in the HTTP Probe tab →

Each redirect adds latency. Try to minimize the chain to 1 hop.

Why this matters

Redirect chain — each hop adds latency; combine into one redirect where possible.

Source: Google Search Central / web.dev

If permanent, use 301 instead.

Why this matters

302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.

Learn more ▾

Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).

Source: Google Search Central

C

IPv6 Readiness

Action

No IPv6 support

REVIEW

No IPv6 support

No IPv6 (AAAA) records found

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

No IPv6 Support

About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B

TLS Certificate Expiry & Recommendations

131 days until leaf cert expires — 3 issues to address

REVIEW

Certificate validity

131

days left

0d 30d 60d 90d+

Recommended actions

Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
Enable DNSSEC on your domain for DNS spoofing protection
Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy

A+

DNS Records

2 A records, 41 ms lookup

PASS

2 A records, 41 ms lookup

Resolves to 2 IPv4 address(es)

Got: 52.39.90.56, 52.39.206.44

No IPv6 (AAAA) records

4 nameserver(s) configured

Got: ns-1253.awsdns-28.org, ns-1991.awsdns-56.co.uk, ns-398.awsdns-49.com, ns-893.awsdns-47.net

2 mail exchanger(s) configured

CAA records not checked

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

SPF record present in TXT

DNS resolution time: 41 ms

Got: 41 ms

A	52.39.90.56, 52.39.206.44
AAAA	—
CNAME	—
NS	ns-1253.awsdns-28.org, ns-1991.awsdns-56.co.uk, ns-398.awsdns-49.com, ns-893.awsdns-47.net
MX	5 mx-shein-com.icoremail.net 10 mx.sheincorp.cn
TXT	11y5zhvp5l0jdp10lqlc8l90lg1rk1j2 13.07.2022 84b339a2488dacf5abbdab1b9d4e2df849df011fd41afca20a3b75af7d42e40b MS=323D6263499D2DA8EE653ACC96AB15F991E6CFD7 MS=ms43134680 MS=ms73569735 _2zehtdruk1pleauz30w3ixp6pnbb9kb apple-domain-verification=P3xcqyr8uaKxNDxZ cursor-domain-verification-jzxjhk=TFsChZ1PBVvUzfC9MHY4cbCu4 google-site-verification=5TESw2i7NQNwfgi-NuDtjH_IogEZD-T6QeEy4OIOgc8 google-site-verification=KdpQinzEpQ7G4WKOoRt6QZOoghgZaJ3Ip6c91mfzwEI google-site-verification=SHfTKYZL19Qp2V15tRMVwKxDFZU1X7S2ZPAJbwNpEiY google-site-verification=WJ-fVXvfq7EE_DLnVdgpQKNdzrlQH0YOw0r9rXqj78I google-site-verification=vvaJFFtH6UXXtk_x2QsyPs-jBsKXRe2yLCoFKuGgsOg knowbe4-site-verification=ce9e35a890d24779c787e06232ef670a SPF v=spf1 include:safe-spf01.shein.com include:trustpilotservice.com include:spf-cm...
CAA	Lookup not available with standard resolver

Resolved in 41 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A

Crawlability

robots.txt present, no sitemap

PASS

robots.txt present, no sitemap

robots.txt is present

Got: 279 bytes

No sitemap.xml found

A sitemap helps search engines discover and index your pages more efficiently.

robots.txt references sitemap

A sitemap helps search engines discover and index your pages more efficiently.

Why this matters

No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.

Learn more ▾

A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.

Source: sitemaps.org / Google Search Central

robots.txt 200 OK

Size 279 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed

User-agent: *

Disallow: /user/
Allow: /user/auth/login
Allow: /user/auth/login/
Disallow: /cart/
Disallow: /geetest/
Disallow: /atomic/
Disallow: /abt/userinfo
Disallow: /aimtell-worker.js
Disallow: /coupon/getCouponListForOrder

Sitemap: https://www.shein.com/sitemap-index.xml

sitemap.xml No sitemap found

No sitemap found

Adding a sitemap helps search engines discover your pages.

A+

URL Variants

www/non-www, trailing slash, HTTP→HTTPS

PASS

www/non-www, trailing slash, HTTP→HTTPS

www/non-www redirect configured correctly (preferred: non-www)

HTTP correctly 301-redirects to HTTPS

www / non-www

302https://www.shein.com/

200https://shein.com/

Preferred variant: non-www

HTTP → HTTPS

301http://shein.com/ → https://shein.com/

Consistent

A+

Domain Intelligence

shein.com — via Alibaba Cloud Computing (Beijing) Co., Ltd., 28 years, 7 months old, hosted on AWS

PASS

shein.com — via Alibaba Cloud Computing (Beijing) Co., Ltd., 28 years, 7 months old, hosted on AWS

Domain registered until Jan 15, 2028 (1 years, 9 months remaining)

DNSSEC is not enabled

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Registrar: Alibaba Cloud Computing (Beijing) Co., Ltd.

Registrar lock is NOT enabled

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Hosting: AWS

Got: AS16509

Domain expiry

578 days

January 15, 2028

SSL certificate

131 days

Issued by DigiCert, Inc.

Domain age

28 years, 7 months

Registered January 16, 1998

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

AWS

ASN AS16509

52.39.90.56

Registrar

Alibaba Cloud Computing (Beijing) Co., Ltd.

Unlocked 4 NS records

Expiry timeline

Today

+1 year

Domain expiry SSL expiry Danger zone (≤30 days)

Recommended actions

Enable DNSSEC to protect visitors from DNS spoofing
Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers

Registrar Alibaba Cloud Computing (Beijing) Co., Ltd.

Created January 16, 1998 (28 years, 7 months ago)

Expires January 15, 2028 (1 years, 9 months)

Last Updated June 2, 2023

Name Servers ns-1253.awsdns-28.org, ns-1991.awsdns-56.co.uk, ns-398.awsdns-49.com, ns-893.awsdns-47.net

DNSSEC Not enabled

Hosting

IP Address 52.39.90.56

ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)

Provider AWS

Data source: rdap (0.6s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more ▾

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more ▾

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A

HTTP Probe Timing

Total 592 ms — DNS, TCP, TLS, TTFB, content transfer breakdown

PASS

DNS Lookup

3 ms

TCP Connect

194 ms

TLS Handshake

196 ms

Time to First Byte

592 ms

Total Time

592 ms

Connection waterfall

DNS Lookup 3 ms TCP Connect 194 ms TLS Handshake 196 ms Server Processing 199 ms Content Transfer 0 ms