Skip to content
https://squareup.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
91
GRADE
A
FIX
0
REVIEW
3
PASS
6
INFO
0
Probed from Madrid, Spain
301 Moved Permanently
Checks
9
6 PASS 3 REVIEW
C
IPv6 Readiness
Action
No IPv6 support
REVIEW
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

B
TLS Certificate Expiry & Recommendations
74 days until leaf cert expires — 3 issues to address
REVIEW

Certificate validity

74
days left
0d 30d 60d 90d+

Recommended actions

  • Submit your domain to hstspreload.org to be added to the Chrome preload list
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN & Delivery
Cloudflare (UPDATING)
REVIEW
Cloudflare (UPDATING)
Info::
Site is served via Cloudflare CDN (edge: CDG)
Got: cf-ray: 9efefa2e2d916ffa-CDG
Info::
CDN cache status: UPDATING
CDN Detected: Cloudflare
Provider Cloudflare Cache Status UPDATING Evidence cf-ray: 9efefa2e2d916ffa-CDG
A+
DNS Records
2 A records, 98 ms lookup
PASS
2 A records, 98 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 162.159.136.66, 162.159.137.66
Info::
No IPv6 (AAAA) records
Info::
4 nameserver(s) configured
Got: ns-1816.awsdns-35.co.uk, ns-810.awsdns-37.net, ns-1248.awsdns-28.org, ns-311.awsdns-38.com
Info::
7 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 98 ms
Got: 98 ms
A162.159.136.66, 162.159.137.66
AAAA
CNAME
NSns-1816.awsdns-35.co.uk, ns-810.awsdns-37.net, ns-1248.awsdns-28.org, ns-311.awsdns-38.com
MX
10 aspmx.l.google.com
20 alt1.aspmx.l.google.com
20 alt2.aspmx.l.google.com
30 aspmx3.googlemail.com
30 aspmx2.googlemail.com
30 aspmx4.googlemail.com
30 aspmx5.googlemail.com
TXT
gitkraken-domain-verification=8e6bcedb6a5ded444186409140245b606ca0417109d394ee4e...
elevenlabs=SBg1u4pIdlsVtIaiXt8QeVV3yNEzeNtNs51br5upR4g
wiz-domain-verification=e401377ed0542bf72e67d32b62781795a75cfc1a84c18520e6263bfd...
docker-verification=4ed46600-9205-400a-b12d-d0135704e9e9
cursor-domain-verification-zvsqws=WAenirNPzeew2GcY4MKkAk41T
stripe-verification=65D5F85D03979AEEF3452A27D1EFACD75E9D04DCC44E1BC99F4EBBCFCB7F...
stripe-verification=5a8a00371398aa2466b713faf14e6edc9140160c32f51d02067af5dcd859...
bugcrowd-verification=2aa613d4e374f9460060422314f1098d
lucidlink-verification=9W8003J10X2KM6X9SS663MSG08
ca3-37fc58abdd5a4cf8ab5e8893db8298be
onetrust-domain-verification=c01f4d184d3c4f2ba9503a4583e88101
google-site-verification=xoi3YhHkHmKwoyDO259v-DxMgY38xT08RNKMLTtTJ3A
anthropic-domain-verification-7xmqab=NeSCp0Pj0sOrdc5jJgJiOsHFb
logmein-verification-code=d29bfe7e-a479-4ca9-862a-c87f1072f273
docusign=60c2f7db-b230-4b3d-91be-06a59569d253
google-site-verification=Pqbi42Git5I6oJ6ShnRd4aUd2umxUHL5JAKHf_kSQwQ
stripe-verification=cfd5f1b3267861ed07fba1b121f0161da96c9fb30c97f590fc88db51506b...
ca3-bd8eae9a6ea245b68811b976990fc57d
_github-challenge-squareup.squareup.com.=7725774663
ca3-c491f3300b6641e1b8a3104b693d7bb3
ca3-8bbc566c4b4c4974950a83527517492d
1password-site-verification=DREX2J7TXBEY5FGM2RYXBK366U
ca3-2cc3579a5da949a0bd2bc349e2b82c52
docusign=35ce9b6e-d74a-48ad-b437-690ad0602f81
VISA=2D3280EA528BCBDA893DA573CEFA72CE
google-site-verification=DsJnK_h3aiHyf-DRKaVdc_iNooeRxSGu8PqkY2KTd74
google-site-verification=OuiYXiYuWdfPSus7uBL6EhJawkg5BOERlvclE-QXVcs
DirectFedAuthUrl=https://login.block.xyz/app/block_pwcpayrollnew_1/exkxnyhjk7UKl...
NRZYY
facebook-domain-verification=cx3tov4g02lrdyzawmw6zfl8zgrc5c
postman-domain-verification=a3440d0a55ffe5831bf45b9bb5136601ebf884dd1cb5a755daaa...
ca3-4725c4c959644520b1df50805f72dca7
status-page-domain-verification=75bhj6n7cwrd
parsec-domain-verification=td_2c0ZaSdVBfxDHQsb5HjmvQCHaKF
atlassian-sending-domain-verification=e540d827-02ac-4946-acee-a77c1df352f6
drift-domain-verification=71b345a7ff662bf9535a86f2ddbb50016872b37a56c6988edd6c39...
google-site-verification=mlc7S_Dm5aPcPQjEe_Pj3GuiF9_svNtafsWw_kPeN48
apple-domain-verification=sRlD9NsdK27SFZHX
traction-guest=2bfeba2a-05af-4152-a3ab-93d855c8746f
zapier-domain-verification-challenge=9b5ca019-06d3-40bb-a52b-915e42e1d884
miro-verification=eb2231722e9ee6e925e69e31c221403361bbc1cb
reachdesk-verification=IjVgh43q7kQHr9cSU6FYVjktOt6FNW6I1VKqC7cLSPXDW0hqMpa5pPjEJ...
atlassian-domain-verification=9iYUpJGNkg1t97CI3rPIi2JSZhPPPq2vqa29bn1XafOtu0579n...
ca3-52a6dd26ecd1423ca816dac4d4b00678
MS=ms66034408
ca3-e9926e04f8c148e89e7c600213cb986a
smartsheet-site-validation=W_x3SnUQHna2UrcNnqg-4GMu73nsWryz
pinterest-site-verification=49699bc2c694be95ffea5692960d72b4
_ek1nrewwbsrikaiet5cox7909jno0th
amp-by-sourcegraph-domain-verification-w953qg=xBRagiAevq79uusplKZZPSBsg
SPF v=spf1 include:squareup.com._nspf.vali.email include:%{i}._ip.%{h}._ehlo.%{d}._s...
ca3-6a7c53b6aded4260a698de411a9640b8
notion_verify_3U}dr=+.N}vm0w.DoqiC%JJ}N0W5^}hnd1Wus9zb^EVJDw9pD%jG)hQ}V__qkd3U)4...
asv=2196a8f94eda64bc9d0abd83d4b93284
ca3-61da443be93c4975accb29e3bbf89560
ca3-a19f55866123448fb9e26ff3ed0d6d86
_github-challenge-squareup.squareup.com=7725774663
google-site-verification=UVRQgeyjSjLUSa6l8xBu1fNQBxxKOL85Pg4457B-oms
google-site-verification=lIzmfEdVTz2PAEu4n8NckVPZhd-mQiGTlc0xBXlOhtU
ca3-a3666da4d1ec4264a8d59cb8616cf0ed
loom-site-verification=0036b963640944f580e4c1fec45c8d9d
ca3-60ed3ea4c1e141c79e4715175c4342f3
facebook-domain-verification=ddco927gzciui72ra27s2aq1301vjo
pinterest-site-verification=0fef3763fa30d8b29fca02b8d1e77626
onetrust-domain-verification=0c79435fab8d45ac85eb4ac5041ab282
wrike-verification=MzIwNzgwMDo2MGE1NjUwYThkMmExMjkzZDg3MGVmMDE3MzkzMDJlOTE4YTY5Y...
CAALookup not available with standard resolver
Resolved in 98 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A
Redirect Chain
1 redirect(s), 453 ms total
PASS
1 redirect(s), 453 ms total
Info::
Single redirect
Got: https://squareup.com → https://squareup.com/es/es (301)

https://squareup.com

87 ms · HTTP/1.1

301

https://squareup.com/es/es

366 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://squareup.com30187 msHTTP/1.1cloudflare
2https://squareup.com/es/es200366 msHTTP/1.1cloudflare

See the visual redirect chain in the HTTP Probe tab →

A+
Crawlability
robots.txt present, sitemap with 1726 URLs
PASS
robots.txt present, sitemap with 1726 URLs
Info::
robots.txt is present
Got: 2199 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 1726 entries
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 2199 B Sitemaps referenced 16 User-agents * Blocking No — crawling allowed
# https://squareup.com robots.txt
# updated 11/03/2025

User-agent: *
Allow: */invoices/invoice-templates/
Allow: */invoices/recurring-payments/
Allow: */subtopic/230
Allow: */subtopic/338
Allow: */subtopic/320
Allow: */subtopic/email
Allow: */subtopic/281
Allow: */subtopic/fulfillment

Disallow: */detect_country.json
Disallow: */tracking.json
Disallow: */test/
Disallow: */appointments/mapbox/
Disallow: */appointments/book/profile/
Disallow: */capital/consumer/invoice/merchants/
Disallow: */form/
Disallow: */gift/
Disallow: */i/
Disallow: */pay-invoice/
Disallow: */password/
Disallow: */r/
Disallow: */signup?signup_token=*
Disallow: */subscriptions/
Disallow: */email/subscriptions/
Disallow: */app-marketplace/search?*
Disallow: */signup*/search?*
Disallow: */login*/search?*
Disallow: */return/requests/
Disallow: */logout/
Disallow: */help/*/article/search?*
Disallow: */help/article/search?*
Disallow: *api/v1/
Disallow: */buyer/widget/
Disallow: */appointments/api/
Disallow: */js/
Disallow: /*.html
Disallow: */hardware/*/cart/
Disallow: */sell-now
Disallow: */academy*
Disallow: */bill-pay/bank-link/
Disallow: */bill-pay/receive-payment/
Disallow: */receipt/
Disallow: *v=verify-your-identity
Disallow: /*?return_to=*
Disallow: /*?app=*
Disallow: /*?referal_id=*
Disallow: /*?page=/*
Disallow: */oauth2/

Sitemap: https://squareup.com/us/en/sitemap.xml
Sitemap: https://squareup.com/us/es/sitemap.xml
Sitemap: https://squareup.com/ca/en/sitemap.xml
Sitemap: https://squareup.com/ca/fr/sitemap.xml
Sitemap: https://squareup.com/au/en/sitemap.xml
Sitemap: https://squareup.com/gb/en/sitemap.xml
Sitemap: https://squareup.com/jp/ja/sitemap.xml
Sitemap: https://squareup.com/ie/en/sitemap.xml
Sitemap: https://squareup.com/fr/fr/sitemap.xml
Sitemap: https://squareup.com/es/es/sitemap.xml
Sitemap: https://squareup.com/es/ca/sitemap.xml
Sitemap: https://squareup.com/us/en/the-bottom-line/sitemap_index.xml
Sitemap: https://squareup.com/au/en/the-bottom-line/sitemap_index.xml
Sitemap: https://squareup.com/gb/en/the-bottom-line/sitemap_index.xml
Sitemap: https://squareup.com/ca/en/the-bottom-line/sitemap_index.xml
Sitemap: https://squareup.com/ca/fr/the-bottom-line/sitemap_index.xml
sitemap.xml 200 OK
Type URL Set URLs 1726 entries Valid XML Yes
Sample URLs:
A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.squareup.com/
200https://squareup.com/

Preferred variant: non-www

HTTP → HTTPS

301http://squareup.com/ https://squareup.com/

Consistent

A+
Domain Intelligence
squareup.com — via CSC Corporate Domains, Inc., 19 years, 2 months old, hosted on Cloudflare
PASS
squareup.com — via CSC Corporate Domains, Inc., 19 years, 2 months old, hosted on Cloudflare
Info::
Domain registered until May 26, 2030 (4 years, 1 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: CSC Corporate Domains, Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: Cloudflare
Got: AS13335
Domain expiry

1440 days

May 26, 2030

SSL certificate

74 days

Issued by Google Trust Services

Domain age

19 years, 2 months

Registered May 26, 2007

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

Cloudflare

ASN AS13335

162.159.137.66

Registrar

CSC Corporate Domains, Inc.

Unlocked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable DNSSEC to protect visitors from DNS spoofing
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar CSC Corporate Domains, Inc.
Created May 26, 2007 (19 years, 2 months ago)
Expires May 26, 2030 (4 years, 1 months)
Last Updated May 27, 2025
Name Servers ns-1248.awsdns-28.org, ns-1816.awsdns-35.co.uk, ns-311.awsdns-38.com, ns-810.awsdns-37.net
DNSSEC Not enabled
Hosting
IP Address 162.159.137.66
ASN AS13335 (CLOUDFLARENET - Cloudflare, Inc., US)
Provider Cloudflare
Data source: rdap (0.3s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 192 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
22 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
17 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
24 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
192 ms
Total Time Total request time from DNS lookup through full response.
192 ms

Connection waterfall

DNS Lookup 22 ms TCP Connect 17 ms TLS Handshake 24 ms Server Processing 129 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback