Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BDNS Records2 A records, 31 ms lookupREVIEW
| A | 199.60.103.29, 199.60.103.227 |
| AAAA | 2606:2c40::c73c:671d, 2606:2c40::c73c:67e3 |
| CNAME | 6893032.group32.sites.hubspot.net |
| NS | — |
| MX | — |
| TXT | — |
| CAA | Lookup not available with standard resolver |
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.
Learn more ▾ ▴
RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.
Source: RFC 1034
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.
Learn more ▾ ▴
SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.
Source: RFC 7208 (SPF)
BRedirect Chain1 redirect(s), 1230 ms totalREVIEW
https://www.strapi.io
67 ms · HTTP/1.1
https://strapi.io/
1163 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://www.strapi.io | 301 | 67 ms | HTTP/1.1 | cloudflare |
| 2 | https://strapi.io/ | 200 | 1163 ms | HTTP/1.1 | envoy |
See the visual redirect chain in the HTTP Probe tab →
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations42 days until leaf cert expires — 4 issues to addressREVIEW
Certificate validity
Recommended actions
- Add includeSubDomains to the HSTS directive
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
BCDN & DeliveryCloudflareREVIEW
A+IPv6 ReadinessIPv6 reachable (1 ms)PASS
ACrawlabilityrobots.txt present, sitemap with 0 URLsPASS
An empty sitemap provides no value. Add <url> entries for your pages.
An empty sitemap signals 'no content to index' to Google — actively harmful versus having no sitemap at all.
Learn more ▾ ▴
Google compares URLs in the sitemap against URLs it has crawled. An empty sitemap on a site with thousands of pages signals abandonment. Either populate it correctly (most CMSes auto-generate) or delete the file and let Google crawl normally.
Source: Google Search Central / sitemaps.org
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
User-agent: *
Disallow: /_hcms/preview/
Disallow: /hs/manage-preferences/
Disallow: /hs/preferences-center/
Disallow: /*?*hs_preview=*
Disallow: /*?*hsCacheBuster=*
A+Domain Intelligencestrapi.io — via Gandi SAS, 10 years, 8 months old, hosted on AWSPASS
71 days
September 21, 2026
42 days
Issued by Google Trust Services
10 years, 8 months
Registered September 21, 2015
Status unknown
Protects against DNS spoofing
AWS
ASN AS16509
3.165.190.33
Gandi SAS
Expiry timeline
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry