Skip to content
https://www.snowflake.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
88
GRADE
B
FIX
0
REVIEW
4
PASS
5
INFO
0
Probed from Singapore, Singapore
301 Moved Permanently
Checks
9
5 PASS 4 REVIEW
B
DNS Records
2 A records, 1204 ms lookup
REVIEW
2 A records, 1204 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 162.159.141.191, 172.66.1.187
Info::
No IPv6 (AAAA) records
Warning::
CNAME record at zone apex
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
Got: snowflake.com
Info::
4 nameserver(s) configured
Got: ns-1416.awsdns-49.org, ns-1608.awsdns-09.co.uk, ns-429.awsdns-53.com, ns-826.awsdns-39.net
Info::
5 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Warning::
DNS resolution is slow (1204 ms)
Slow DNS adds latency to every page load. Consider a faster DNS provider.
Got: 1204 ms
A162.159.141.191, 172.66.1.187
AAAA
CNAMEsnowflake.com
NSns-1416.awsdns-49.org, ns-1608.awsdns-09.co.uk, ns-429.awsdns-53.com, ns-826.awsdns-39.net
MX
1 aspmx.l.google.com
5 alt2.aspmx.l.google.com
5 alt1.aspmx.l.google.com
10 aspmx3.googlemail.com
10 aspmx2.googlemail.com
TXT
9114ab5b03d844a0a4fdff7f1d72baed
HupXEQiLjlaXqp58eB80hfXTC3UiYw0h4nRnERE+wWE=
_6ae83f5fi2jfo6jxad3rwu5jxywvj2z
_uq6u8pt0fw11usqdp2g3ol43cmwymad
adobe-idp-site-verification=4c309451879d960ae26f8728b0e960b9fc55f21668dd7174a858...
amazonses:GdaOA4Viy3KMq85MYvsFIsXYfLf9vhqruELdYW1NaZE=
amazonses:dK4WC3QF6AWsrLsDyDg4XE9Jam5nZXWQr/HeqgsYTj0=
amazonses:xXi3hIIbTRoY9gsCyC3T7zvb0FxB6sVEkx173ADIEGw=
atlassian-domain-verification=NwgzE+tmHQ7MBuFrR4NDQoKjTo2LfCzN8/pVDH+MCPhZlk+3kD...
autodesk-domain-verification=KczUjLrDq3dGEjeFM9yX
c25vd2ZsYWtl
canva-site-verification=vYfRxcXk_iQcM8l8YfrMgA
cloudflare-verify.snowflake.com=666295925-245390659
docker-verification=05e11f8d-d401-45e3-a095-daa889b90bc5
docusign=2522c4cd-d7f8-4a82-bed0-133da45af644
docusign=a4072258-4636-4c33-a520-f8b5ead8c9c6
dtm-domain-verification=89biHljpeeNOc30NWx6VVNLVx_CxsyIGRgYL1VP9Y6A
google-site-verification=-39oHu7hEa0ZvN5klZTkCwvvwy2unKE0NDd_NYUo4g0
google-site-verification=X8PCkacJg5mO_z7MCRO8NNavuEKx22b7N7CRKGU9WgE
google-site-verification=r0IcOJLU3Y5Nt3Sn1sl8w9_Be-W7_f0H3gmrjGmfUCc
google-site-verification=t6Db9EJ6LNFI1MLgoZYBFA3pH9f-XuMoWG231GR_zoY
google-site-verification=wKp_7znvsBM8SnAtqR7g9YzZfKCPdqOft7DzrzGxmCU
google-site-verification=wSXptz0CSQ2wmnTlHfjiTc4os82FEvlGwtG8RD4RDvE
jamf-site-verification=97YHiyv1lgEIwuZQCQX5Ig
jamf-site-verification=VYeXZVXUpC2QZszl-hbVVw
mandrill_verify.dCMIszfLNCGJjeuJlpuS-Q
notion-domain-verification=4EL230BBXjEPsduiGDGuXX5ofhPLJpnZ08VuVOMur0i
openai-domain-verification=dv-4E6hygK00EH3tQU9RooR5iK2
openai-domain-verification=dv-AuJPMHaGhcObHgFq6h2R3zPm
paloaltonetworks-site-verification=3b855f131c3e32a1be7a1c9cb1e8f9b6a18a92c3f3528...
parallels-domain-verification=cbd5858ad72a42fbbd93175adceeae5d3e78863f800440b9ad...
postman-domain-verification=e2df20c10a70a04d37cb55d68524d055ac13b337716ce295f7f0...
sinch-domain-verification=082db01f-e0f4-466a-be6f-30b4c357a6b9
smartsheet-site-validation=zrfKqfuefJezWqvanE92G_vAxVBT7aUv
status-page-domain-verification=55fcxbdng7tp
stripe-verification=2ac6aa6906a2fceb63242f8d6af6410fdd0a34a06bb633c2c29bbae650f1...
stripe-verification=54e6275bfe0f1471d3f3a0ccdf592715c299b36b638a03e43ad96429d468...
stripe-verification=a492b3578c4a5c1adee028fd7e7b6702112ed0a0de002a31cc0fca9e470a...
SPF v=spf1 include:%{d}.6f.spf-protect.agari.com exists:%{i}._i.%{d}._d.espf.agari.c...
CAALookup not available with standard resolver
Resolved in 1204 ms

A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.

Why this matters

CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.

Learn more

RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.

Source: RFC 1034

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

Slow DNS adds latency to every page load. Consider a faster DNS provider.

Why this matters

DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.

Source: DNS performance benchmarks

C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

C
TLS Certificate Expiry & Recommendations
Action
28 days until leaf cert expires — 4 issues to address
REVIEW

Certificate validity

28
days left
0d 30d 60d 90d+
Renew soon — under 30 days remaining

Recommended actions

  • Renew certificate — 28 days remaining
  • Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN & Delivery
Cloudflare
REVIEW
Cloudflare
Info::
Site is served via Cloudflare CDN (edge: SIN)
Got: cf-ray: 9e8bcf35e91bce5e-SIN
CDN Detected: Cloudflare
Provider Cloudflare Evidence cf-ray: 9e8bcf35e91bce5e-SIN
A
Redirect Chain
1 redirect(s), 295 ms total
PASS
1 redirect(s), 295 ms total
Info::
Single redirect
Got: https://www.snowflake.com → https://www.snowflake.com/en/ (301)

https://www.snowflake.com

245 ms · HTTP/1.1

301

https://www.snowflake.com/en/

50 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://www.snowflake.com301245 msHTTP/1.1cloudflare
2https://www.snowflake.com/en/20050 msHTTP/1.1cloudflare

See the visual redirect chain in the HTTP Probe tab →

A+
Crawlability
robots.txt present, sitemap with 55 URLs
PASS
robots.txt present, sitemap with 55 URLs
Info::
robots.txt is present
Got: 2805 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 55 entries
Info::
Sitemap index with 55 child sitemaps
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 2805 B Sitemaps referenced 2 User-agents * Blocking No — crawling allowed
# ----------------------------------------------------------------------
# Global default for all other crawlers (Applicable to both WordPress & AEM if paths match)
# ----------------------------------------------------------------------

User-agent: *
Allow: /
# Disallow WordPress admin area
Disallow: /wp-admin/
# Disallow common search query parameters to prevent duplicate content
Disallow: *?s=
Disallow: *&s=

# ----------------------------------------------------------------------
# AEM (Adobe Experience Manager) specific rules
# ----------------------------------------------------------------------

# Standard AEM authoring, system, and temporary paths
Disallow: /apps/
Disallow: /bin/
Disallow: /crx/
Disallow: /etc/
Disallow: /etc/clientlibs/
Disallow: /libs/
Disallow: /system/
Disallow: /tmp/
Disallow: /var/
# Disallow JCR content exposure
Disallow: /jcr:content/
# Disallow JCR content exposure in subpages
Disallow: /*/_jcr_content/
# Common AEM dispatcher cache invalidation path
Disallow: /_/
# Disallow AEM's infinity.json selectors
Disallow: /*.infinity.json$
Disallow: /*.tidy.json$
Disallow: /*.sysview.xml$
# If you have specific feeds to allow, add Allow rules before this
Disallow: /*.feed.xml$
#RITM0480998
Disallow: /content/experience-fragments/

# AEM DAM rules
# Allow specific legal PDFs in English
Allow: /content/dam/snowflake-site/en/legal/*.pdf

# Disallow other PDFs within the main snowflake-site DAM path
Disallow: /content/dam/snowflake-site/*.pdf

# Allow crawling of the general DAM path (if it contains browsable content or other allowed assets)
Allow: /content/dam/snowflake-site/

# ----------------------------------------------------------------------
# WordPress specific rules
# ----------------------------------------------------------------------

# Disallow theme directory
Disallow: /wp-content/themes/snowflake/

# Allow WordPress AJAX handler (important for some plugin/theme functionality)
Allow: /wp-admin/admin-ajax.php

# Disallow other common WordPress paths that don't need indexing
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
# WordPress REST API, usually not for direct crawling unless specific endpoints are public
Disallow: /wp-json/
Disallow: /xmlrpc.php
Disallow: /readme.html
Disallow: /license.txt
Disallow: /trackback/
# If you want specific feeds crawled, use Allow rules. Otherwise, sitemap is preferred.
Disallow: /feed/
Disallow: */feed/$
Disallow: */trackback/$
Disallow: /*?replytocom=

# ----------------------------------------------------------------------
# Sitemap Directives
# ----------------------------------------------------------------------

Sitemap: https://www.snowflake.com/sitemap_index.xml
Sitemap: https://www.snowflake.com/content/snowflake-site/global.sitemap.xml

sitemap.xml 200 OK
Type Sitemap Index URLs 55 entries Valid XML Yes
Child Sitemaps:
A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: www)
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.snowflake.com/
301https://snowflake.com/

Preferred variant: www

HTTP → HTTPS

301http://www.snowflake.com/ https://www.snowflake.com/

Consistent

A+
Domain Intelligence
snowflake.com — via MarkMonitor Inc., 31 years, 2 months old, hosted on Cloudflare
PASS
snowflake.com — via MarkMonitor Inc., 31 years, 2 months old, hosted on Cloudflare
Info::
Domain registered until Jun 15, 2034 (8 years, 3 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: MarkMonitor Inc.
Info::
Hosting: Cloudflare
Got: AS13335
Domain expiry

2895 days

June 15, 2034

SSL certificate

28 days

Issued by DigiCert Inc

Domain age

31 years, 2 months

Registered July 8, 1995

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

Cloudflare

ASN AS13335

172.66.1.187

Registrar

MarkMonitor Inc.

Lock status unknown 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Renew the TLS certificate or verify auto-renewal is working
  • Enable DNSSEC to protect visitors from DNS spoofing
Registrar MarkMonitor Inc.
Created July 8, 1995 (31 years, 2 months ago)
Expires June 15, 2034 (8 years, 3 months)
Last Updated April 11, 2025
Name Servers ns-1416.awsdns-49.org, ns-1608.awsdns-09.co.uk, ns-429.awsdns-53.com, ns-826.awsdns-39.net
DNSSEC Not enabled
Hosting
IP Address 172.66.1.187
ASN AS13335 (CLOUDFLARENET - Cloudflare, Inc., US)
Provider Cloudflare
Data source: rdap (0.4s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

A+
HTTP Probe Timing
Total 28 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
3 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
1 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
6 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
28 ms
Total Time Total request time from DNS lookup through full response.
28 ms

Connection waterfall

DNS Lookup 3 ms TCP Connect 1 ms TLS Handshake 6 ms Server Processing 18 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback