https://swarthmore.edu
Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
84
GRADE
B
FIX
2
REVIEW
2
PASS
5
INFO
0
Probed from Santa Clara, United States
301 Moved Permanently
Checks
95 PASS 2 REVIEW 2 FIX
DTLS Certificate Expiry & RecommendationsAction13 days until leaf cert expires — 5 issues to addressFIX
TLS Certificate Expiry & Recommendations
Action13 days until leaf cert expires — 5 issues to address
Certificate validity
13
days left
0d 30d 60d 90d+
Renew urgently — under 14 days remaining
Recommended actions
- Renew certificate — 13 days remaining
- Prefer TLS 1.3 — TLS 1.2 is acceptable but TLS 1.3 removes RSA key exchange and improves latency
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
DCDN & DeliveryActionNo CDN detectedFIX
CDN & Delivery
ActionNo CDN detected
No CDN detected
Warning::
No CDN detected
A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.
No CDN detected
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 Readiness
ActionNo IPv6 support
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
Why this matters
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
CURL VariantsActionwww/non-www, trailing slash, HTTP→HTTPSREVIEW
URL Variants
Actionwww/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Critical::
Both www and non-www versions serve content
Got: Both variants return 200 Expected: One variant 301-redirects to the other
Warning::
HTTP→HTTPS redirect uses 302 instead of 301
Got: 302 temporary redirect Expected: 301 permanent redirect
www / non-www
200https://www.swarthmore.edu/
200https://swarthmore.edu/
Inconsistent — duplicate content risk
HTTP → HTTPS
302http://swarthmore.edu/ → https://swarthmore.edu/
Use 301 (permanent) instead of 302 (temporary)
A+DNS Records1 A records, 15 ms lookupPASS
DNS Records
1 A records, 15 ms lookup
1 A records, 15 ms lookup
Info::
Resolves to 1 IPv4 address(es)
Got: 130.58.11.29
Info::
Single A record — no DNS redundancy
Multiple A records provide failover if one server goes down.
Info::
No IPv6 (AAAA) records
Info::
2 nameserver(s) configured
Got: ns0213.secondary.cloudflare.com, ns0085.secondary.cloudflare.com
Info::
5 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 15 ms
Got: 15 ms
| A | 130.58.11.29 |
| AAAA | — |
| CNAME | — |
| NS | ns0213.secondary.cloudflare.com, ns0085.secondary.cloudflare.com |
| MX | 1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 alt4.aspmx.l.google.com 10 alt3.aspmx.l.google.com |
| TXT | MS=4039E77CF1E93860BE91861187D652AD1A92E79B RZ2G8R7E2BCBU7MNFT8PEQIMJYVQPSCX SFMC-1hafRngwJRnmyGUgdZHpaf_HSlI5qyHUwpAC3hXC ZOOM_verify_3RCwdICAo4NRoTwZPGKxVe adobe-idp-site-verification=854d2384a35b6ee32209f0c5babc0d8bb46d29e662e2c1c708ae... apple-domain-verification=AuX1EkJPAECXTrBt atlassian-domain-verification=jOT4iuPfoOspQbXrSBQpurWAxRZ1Ay36mrVXmNusabXXVzD8kM... autodesk-domain-verification=6PH5cJC2P03nZXGzYXIL docusign=804f7d01-24bb-48e7-997f-0c85d7a8b17c e2ma-verification=3y0cb e2ma-verification=665fb e2ma-verification=h7wfb e2ma-verification=hua4 e2ma-verification=xkkfb google-site-verification=9wWF7hcbLu_02RRBkaSC1ewYmURkt4PSKCwb85v38KA google-site-verification=EjGJoMNuPf-BbVWBYV_U0PHXBuUad6OlxbVaaEaesfc google-site-verification=UaO9GzCxn26sRjJtWMaUwE0tvaFATrAzIGB_2yX0a1Y google-site-verification=koXoer-EIIufauG-qRkWti4tUAT8noDpWJlu7j25cOU have-i-been-pwned-verification=dweb_a2xxzmuw1kfka226oa5m1mbb openai-domain-verification=dv-36g4g0bCWp8jUBdoqnbbK3mz SPF v=spf1 mx ip4:130.58.64.0/22 include:_spf.swarthmore.edu include:_spf.google.com... wrike-verification=MjMyMzIyNjpmYTE2MzQ1NDNlMTk0ZDUyZTBmMzI4NjNjY2U2YjU4MTNmNTliZ... |
| CAA | Lookup not available with standard resolver |
Resolved in 15 ms
Multiple A records provide failover if one server goes down.
Why this matters
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Why this matters
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 342 ms totalPASS
Redirect Chain
1 redirect(s), 342 ms total
1 redirect(s), 342 ms total
Info::
Single redirect
Got: https://swarthmore.edu → https://www.swarthmore.edu/ (301)
Info::
WWW normalization redirect
https://swarthmore.edu
274 ms · HTTP/1.0
301
https://www.swarthmore.edu/
68 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://swarthmore.edu | 301 | 274 ms | HTTP/1.0 | |
| 2 | https://www.swarthmore.edu/ | 200 | 68 ms | HTTP/1.1 | CloudFront |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 2 URLsPASS
Crawlability
robots.txt present, sitemap with 2 URLs
robots.txt present, sitemap with 2 URLs
Info::
robots.txt is present
Got: 2027 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 2 entries
Info::
Sitemap index with 2 child sitemaps
Info::
robots.txt does not reference a sitemap
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
Why this matters
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
robots.txt 200 OK
Size 2027 B Sitemaps referenced 0 User-agents * Blocking No — crawling allowed
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html
User-agent: *
# CSS, JS, Images
Allow: /core/*.css$
Allow: /core/*.css?
Allow: /core/*.js$
Allow: /core/*.js?
Allow: /core/*.gif
Allow: /core/*.jpg
Allow: /core/*.jpeg
Allow: /core/*.png
Allow: /core/*.svg
Allow: /profiles/*.css$
Allow: /profiles/*.css?
Allow: /profiles/*.js$
Allow: /profiles/*.js?
Allow: /profiles/*.gif
Allow: /profiles/*.jpg
Allow: /profiles/*.jpeg
Allow: /profiles/*.png
Allow: /profiles/*.svg
# Directories
Disallow: /core/
Disallow: /profiles/
# Files
Disallow: /README.md
Disallow: /composer/Metapackage/README.txt
Disallow: /composer/Plugin/ProjectMessage/README.md
Disallow: /composer/Plugin/Scaffold/README.md
Disallow: /composer/Plugin/VendorHardening/README.txt
Disallow: /composer/Template/README.txt
Disallow: /modules/README.txt
Disallow: /sites/README.txt
Disallow: /themes/README.txt
Disallow: /web.config
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register
Disallow: /user/password
Disallow: /user/login
Disallow: /user/logout
Disallow: /media/oembed
Disallow: /*/media/oembed
# Paths (no clean URLs)
Disallow: /index.php/admin/
Disallow: /index.php/comment/reply/
Disallow: /index.php/filter/tips
Disallow: /index.php/node/add/
Disallow: /index.php/search/
Disallow: /index.php/user/password
Disallow: /index.php/user/register
Disallow: /index.php/user/login
Disallow: /index.php/user/logout
Disallow: /index.php/media/oembed
Disallow: /index.php/*/media/oembed
sitemap.xml 200 OK
Type Sitemap Index URLs 2 entries Valid XML Yes
A+Domain Intelligenceswarthmore.edu — 39 years, 4 months old, hosted on SWARTHMORE - Swarthmore College, USPASS
Domain Intelligence
swarthmore.edu — 39 years, 4 months old, hosted on SWARTHMORE - Swarthmore College, US
swarthmore.edu — 39 years, 4 months old, hosted on SWARTHMORE - Swarthmore College, US
Info::
Domain registered until Jul 31, 2028 (2 years, 3 months remaining)
Info::
Hosting: SWARTHMORE - Swarthmore College, US
Got: AS3782
Domain expiry
776 days
July 31, 2028
SSL certificate
13 days
Issued by Internet2
Domain age
39 years, 4 months
Registered June 22, 1987
DNSSEC
Status unknown
Protects against DNS spoofing
Hosting
SWARTHMORE - Swarthmore College, US
ASN AS3782
130.58.11.29
Registrar
Registrar unknown
Lock status unknown 2 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
- Renew the TLS certificate or verify auto-renewal is working
Registrar
Created June 22, 1987 (39 years, 4 months ago)
Expires July 31, 2028 (2 years, 3 months)
Last Updated August 5, 2025
Name Servers ns0085.secondary.cloudflare.com, ns0213.secondary.cloudflare.com
Registrant Swarthmore College
Hosting
IP Address 130.58.11.29
ASN AS3782 (SWARTHMORE - Swarthmore College, US)
Provider SWARTHMORE - Swarthmore College, US
Data source: whois (0.3s)
A+HTTP Probe TimingTotal 270 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
HTTP Probe Timing
Total 270 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
5 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
65 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
135 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
271 msTotal Time Total request time from DNS lookup through full response.
271 msConnection waterfall
DNS Lookup 5 ms TCP Connect 65 ms TLS Handshake 135 ms Server Processing 66 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.