Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BDNS Records2 A records, 1204 ms lookupREVIEW
| A | 162.159.141.191, 172.66.1.187 |
| AAAA | — |
| CNAME | snowflake.com |
| NS | ns-1416.awsdns-49.org, ns-1608.awsdns-09.co.uk, ns-429.awsdns-53.com, ns-826.awsdns-39.net |
| MX | 1 aspmx.l.google.com 5 alt2.aspmx.l.google.com 5 alt1.aspmx.l.google.com 10 aspmx3.googlemail.com 10 aspmx2.googlemail.com |
| TXT | 9114ab5b03d844a0a4fdff7f1d72baed HupXEQiLjlaXqp58eB80hfXTC3UiYw0h4nRnERE+wWE= _6ae83f5fi2jfo6jxad3rwu5jxywvj2z _uq6u8pt0fw11usqdp2g3ol43cmwymad adobe-idp-site-verification=4c309451879d960ae26f8728b0e960b9fc55f21668dd7174a858... amazonses:GdaOA4Viy3KMq85MYvsFIsXYfLf9vhqruELdYW1NaZE= amazonses:dK4WC3QF6AWsrLsDyDg4XE9Jam5nZXWQr/HeqgsYTj0= amazonses:xXi3hIIbTRoY9gsCyC3T7zvb0FxB6sVEkx173ADIEGw= atlassian-domain-verification=NwgzE+tmHQ7MBuFrR4NDQoKjTo2LfCzN8/pVDH+MCPhZlk+3kD... autodesk-domain-verification=KczUjLrDq3dGEjeFM9yX c25vd2ZsYWtl canva-site-verification=vYfRxcXk_iQcM8l8YfrMgA cloudflare-verify.snowflake.com=666295925-245390659 docker-verification=05e11f8d-d401-45e3-a095-daa889b90bc5 docusign=2522c4cd-d7f8-4a82-bed0-133da45af644 docusign=a4072258-4636-4c33-a520-f8b5ead8c9c6 dtm-domain-verification=89biHljpeeNOc30NWx6VVNLVx_CxsyIGRgYL1VP9Y6A google-site-verification=-39oHu7hEa0ZvN5klZTkCwvvwy2unKE0NDd_NYUo4g0 google-site-verification=X8PCkacJg5mO_z7MCRO8NNavuEKx22b7N7CRKGU9WgE google-site-verification=r0IcOJLU3Y5Nt3Sn1sl8w9_Be-W7_f0H3gmrjGmfUCc google-site-verification=t6Db9EJ6LNFI1MLgoZYBFA3pH9f-XuMoWG231GR_zoY google-site-verification=wKp_7znvsBM8SnAtqR7g9YzZfKCPdqOft7DzrzGxmCU google-site-verification=wSXptz0CSQ2wmnTlHfjiTc4os82FEvlGwtG8RD4RDvE jamf-site-verification=97YHiyv1lgEIwuZQCQX5Ig jamf-site-verification=VYeXZVXUpC2QZszl-hbVVw mandrill_verify.dCMIszfLNCGJjeuJlpuS-Q notion-domain-verification=4EL230BBXjEPsduiGDGuXX5ofhPLJpnZ08VuVOMur0i openai-domain-verification=dv-4E6hygK00EH3tQU9RooR5iK2 openai-domain-verification=dv-AuJPMHaGhcObHgFq6h2R3zPm paloaltonetworks-site-verification=3b855f131c3e32a1be7a1c9cb1e8f9b6a18a92c3f3528... parallels-domain-verification=cbd5858ad72a42fbbd93175adceeae5d3e78863f800440b9ad... postman-domain-verification=e2df20c10a70a04d37cb55d68524d055ac13b337716ce295f7f0... sinch-domain-verification=082db01f-e0f4-466a-be6f-30b4c357a6b9 smartsheet-site-validation=zrfKqfuefJezWqvanE92G_vAxVBT7aUv status-page-domain-verification=55fcxbdng7tp stripe-verification=2ac6aa6906a2fceb63242f8d6af6410fdd0a34a06bb633c2c29bbae650f1... stripe-verification=54e6275bfe0f1471d3f3a0ccdf592715c299b36b638a03e43ad96429d468... stripe-verification=a492b3578c4a5c1adee028fd7e7b6702112ed0a0de002a31cc0fca9e470a... SPF v=spf1 include:%{d}.6f.spf-protect.agari.com exists:%{i}._i.%{d}._d.espf.agari.c... |
| CAA | Lookup not available with standard resolver |
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.
Learn more ▾ ▴
RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.
Source: RFC 1034
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
Slow DNS adds latency to every page load. Consider a faster DNS provider.
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
CTLS Certificate Expiry & RecommendationsAction28 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Renew certificate — 28 days remaining
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
ARedirect Chain1 redirect(s), 295 ms totalPASS
https://www.snowflake.com
245 ms · HTTP/1.1
https://www.snowflake.com/en/
50 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://www.snowflake.com | 301 | 245 ms | HTTP/1.1 | cloudflare |
| 2 | https://www.snowflake.com/en/ | 200 | 50 ms | HTTP/1.1 | cloudflare |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 55 URLsPASS
# ----------------------------------------------------------------------
# Global default for all other crawlers (Applicable to both WordPress & AEM if paths match)
# ----------------------------------------------------------------------
User-agent: *
Allow: /
# Disallow WordPress admin area
Disallow: /wp-admin/
# Disallow common search query parameters to prevent duplicate content
Disallow: *?s=
Disallow: *&s=
# ----------------------------------------------------------------------
# AEM (Adobe Experience Manager) specific rules
# ----------------------------------------------------------------------
# Standard AEM authoring, system, and temporary paths
Disallow: /apps/
Disallow: /bin/
Disallow: /crx/
Disallow: /etc/
Disallow: /etc/clientlibs/
Disallow: /libs/
Disallow: /system/
Disallow: /tmp/
Disallow: /var/
# Disallow JCR content exposure
Disallow: /jcr:content/
# Disallow JCR content exposure in subpages
Disallow: /*/_jcr_content/
# Common AEM dispatcher cache invalidation path
Disallow: /_/
# Disallow AEM's infinity.json selectors
Disallow: /*.infinity.json$
Disallow: /*.tidy.json$
Disallow: /*.sysview.xml$
# If you have specific feeds to allow, add Allow rules before this
Disallow: /*.feed.xml$
#RITM0480998
Disallow: /content/experience-fragments/
# AEM DAM rules
# Allow specific legal PDFs in English
Allow: /content/dam/snowflake-site/en/legal/*.pdf
# Disallow other PDFs within the main snowflake-site DAM path
Disallow: /content/dam/snowflake-site/*.pdf
# Allow crawling of the general DAM path (if it contains browsable content or other allowed assets)
Allow: /content/dam/snowflake-site/
# ----------------------------------------------------------------------
# WordPress specific rules
# ----------------------------------------------------------------------
# Disallow theme directory
Disallow: /wp-content/themes/snowflake/
# Allow WordPress AJAX handler (important for some plugin/theme functionality)
Allow: /wp-admin/admin-ajax.php
# Disallow other common WordPress paths that don't need indexing
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
# WordPress REST API, usually not for direct crawling unless specific endpoints are public
Disallow: /wp-json/
Disallow: /xmlrpc.php
Disallow: /readme.html
Disallow: /license.txt
Disallow: /trackback/
# If you want specific feeds crawled, use Allow rules. Otherwise, sitemap is preferred.
Disallow: /feed/
Disallow: */feed/$
Disallow: */trackback/$
Disallow: /*?replytocom=
# ----------------------------------------------------------------------
# Sitemap Directives
# ----------------------------------------------------------------------
Sitemap: https://www.snowflake.com/sitemap_index.xml
Sitemap: https://www.snowflake.com/content/snowflake-site/global.sitemap.xml
- https://www.snowflake.com/page-sitemap.x...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/attachment-sit...
- https://www.snowflake.com/webinars_new-s...
- https://www.snowflake.com/podcast-sitema...
- https://www.snowflake.com/dca_thank_you-...
- https://www.snowflake.com/resource-sitem...
- https://www.snowflake.com/single-event-s...
- https://www.snowflake.com/podcast-catego...
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: www
HTTP → HTTPS
Consistent
A+Domain Intelligencesnowflake.com — via MarkMonitor Inc., 31 years, 2 months old, hosted on CloudflarePASS
2895 days
June 15, 2034
28 days
Issued by DigiCert Inc
31 years, 2 months
Registered July 8, 1995
Not enabled
Protects against DNS spoofing
Cloudflare
ASN AS13335
172.66.1.187
MarkMonitor Inc.
Expiry timeline
Recommended actions
- Renew the TLS certificate or verify auto-renewal is working
- Enable DNSSEC to protect visitors from DNS spoofing
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033