Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BRedirect Chain2 redirect(s), 639 ms totalREVIEW
https://straitstimes.com
186 ms · HTTP/1.1
https://www.straitstimes.com
163 ms · HTTP/1.1
https://www.straitstimes.com/global
289 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://straitstimes.com | 301 | 186 ms | HTTP/1.1 | CloudFront |
| 2 | https://www.straitstimes.com | 302 | 163 ms | HTTP/1.1 | CloudFront |
| 3 | https://www.straitstimes.com/global | 200 | 289 ms | HTTP/1.1 | AmazonS3 |
See the visual redirect chain in the HTTP Probe tab →
Each redirect adds latency. Try to minimize the chain to 1 hop.
Redirect chain — each hop adds latency; combine into one redirect where possible.
Source: Google Search Central / web.dev
If permanent, use 301 instead.
302 (Found) is for genuinely temporary redirects — if this redirect is permanent, switch to 301 to preserve SEO equity.
Learn more ▾ ▴
Search engines treat 302 as temporary, keeping the original URL indexed and not transferring full link equity to the destination. Use 301 (Moved Permanently) for permanent redirects (HTTP→HTTPS, www-vs-non-www, URL restructures).
Source: Google Search Central
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BTLS Certificate Expiry & Recommendations199 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Submit your domain to hstspreload.org to be added to the Chrome preload list
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryAWS CloudFront (LambdaGeneratedResponse from cloudfront)REVIEW
A+DNS Records4 A records, 29 ms lookupPASS
| A | 13.249.228.99, 13.249.228.19, 13.249.228.48, 13.249.228.34 |
| AAAA | — |
| CNAME | — |
| NS | ns-2022.awsdns-60.co.uk, ns-1208.awsdns-23.org, ns-260.awsdns-32.com, ns-627.awsdns-14.net |
| MX | 1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 aspmx3.googlemail.com 10 aspmx2.googlemail.com |
| TXT | sqtj6sq8im6ja91h0m0gpp85m1 google-site-verification=R9H_ZUvdGxCq6xui2-ObLoimT8xfTdpGhkTX_cnUaeA google-site-verification=ytHyeF5MP-JZDzyAPTVu0PuN31Cg5wb1IzLq0Z-TQBE 8w3ygjt8xrrjw6k2zbfj07znm66cwy8m dfqvr60i436bj3vspslon902o8 google-site-verification=LtIKtZ316hSoGYDPc_d7JYV23WdbHrPRwXMXQtHAJ1M m4o86h4j5u3v7lutpieg1kc0c9 spyqh1mfw6nbbmv5263zkmzjxq57hlts 9ugfq23q2vjfhf1r1ufhkh54en w4f3h8p96jxlbp48rj7f354qbw751j67 google-site-verification=GwQiPCZYUfSzNdgHyEYu8h5A4H_yDdWt6RBZkAqUBeg vxll3zgqrljrkqwn96ptdkjtc7c7m8w1 SPF v=spf1 ip4:202.27.16.0/20 ip4:203.117.75.0/28 ip4:203.116.39.80/28 ip4:203.117.6... tn1lwlp3mctk4rr3lz12tytffs5j5h7d d88b3qyyjyml781876qxjyr94wcp95m8 mahh4hk0d93p9jt9cor2c7alul |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ACrawlabilityrobots.txt present, sitemap with 0 URLsPASS
An empty sitemap provides no value. Add <url> entries for your pages.
An empty sitemap signals 'no content to index' to Google — actively harmful versus having no sitemap at all.
Learn more ▾ ▴
Google compares URLs in the sitemap against URLs it has crawled. An empty sitemap on a site with thousands of pages signals abandonment. Either populate it correctly (most CMSes auto-generate) or delete the file and let Google crawl normally.
Source: Google Search Central / sitemaps.org
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html
#
# For syntax checking, see:
# http://www.frobee.com/robots-txt-check
# Affiliate Marketing
# SEO Team suggestion to block a directory from crawler
User-agent: Googlebot-Image
Disallow: /image/am/
User-agent: *
Crawl-delay: 10
# Directories
Disallow: /includes/
Disallow: /misc/
Disallow: /modules/
Disallow: /profiles/
Disallow: /scripts/
Disallow: /themes/
Disallow: /core/
Disallow: /libraries/
Disallow: /sites/
Disallow: /README.txt
Disallow: /web.config
# Paths (clean URLs)
# Files
Disallow: /CHANGELOG.txt
Disallow: /cron.php
Disallow: /INSTALL.mysql.txt
Disallow: /INSTALL.pgsql.txt
Disallow: /INSTALL.sqlite.txt
Disallow: /install.php
Disallow: /INSTALL.txt
Disallow: /LICENSE.txt
Disallow: /MAINTAINERS.txt
Disallow: /update.php
Disallow: /UPGRADE.txt
Disallow: /xmlrpc.php
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips/
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register/
Disallow: /user/password/
Disallow: /user/login/
Disallow: /user/logout/
Disallow: /queue/
Disallow: /flipbook/
Disallow: /advertorials/
Disallow: /strewards/*
# Paths (no clean URLs)
Disallow: /?q=admin/
Disallow: /?q=comment/reply/
Disallow: /?q=filter/tips/
Disallow: /?q=node/add/
Disallow: /?q=search/
Disallow: /?q=user/password/
Disallow: /?q=user/register/
Disallow: /?q=user/login/
Disallow: /?q=user/logout/
Disallow: /*?adbypass=*
Disallow: /index.php/admin/
Disallow: /index.php/comment/reply/
Disallow: /index.php/filter/tips
Disallow: /index.php/node/add/
Disallow: /index.php/search/
Disallow: /index.php/user/password
Disallow: /index.php/user/register
Disallow: /index.php/user/login
Disallow: /index.php/user/logout
Disallow: /content/
Disallow: /login_details.php
Disallow: /multimedia/graphics/test/*
Disallow: /mbo-headlines/*
Disallow: /widget/*
Disallow: /rewards-polyite
Disallow: /rewards-polyite/spin
Disallow: /polyite-tnc
Disallow: /polyite-faq
Disallow: /rewards-mha
Disallow: /rewards-mha/spin
Disallow: /mha-tnc
Disallow: /mha-faq
Disallow: /p/*
Disallow: /mobile-css/*
Disallow: /sphwave-css/*
Disallow: /gs-taxonomy/*
Disallow: /iab-taxonomy/*
Disallow: /print-sections/*
Disallow: /publications/*
Disallow: /story-source/*
Disallow: /story-threads/*
Disallow: /video-keywords/*
Disallow: /404.html
Disallow: /embed/*
Disallow: /newslettersignup
Disallow: /subshare/*
Disallow: /mobile-banner/*
Sitemap: https://www.straitstimes.com/livecoverage.xml
Sitemap: https://www.straitstimes.com/googlenews.xml
Sitemap: https://www.straitstimes.com/sitemap.xml
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: non-www
HTTP → HTTPS
Consistent
A+Domain Intelligencestraitstimes.com — via CSC Corporate Domains, Inc., 29 years old, hosted on AWSPASS
35 days
August 17, 2026
199 days
Issued by Amazon
29 years
Registered August 18, 1997
Not enabled
Protects against DNS spoofing
AWS
ASN AS16509
13.249.228.99
CSC Corporate Domains, Inc.
Expiry timeline
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice