Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.

SCORE

GRADE

FIX

REVIEW

PASS

INFO

Probed from Santa Clara, United Stated

200 OK

Checks

6 PASS 1 REVIEW 2 FIX

IPv6 Readiness

Action

IPv6 records exist but unreachable

FIX

IPv6 records exist but unreachable

IPv6 DNS records exist but server is not reachable

Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.

Got: 2a04:fa87:fffd::c000:42dc

IPv6 connection error

Got: dial tcp6 [2a04:fa87:fffd::c000:42dc]:443: connect: network is unreachable

IPv6 Misconfigured

AAAA Records 2a04:fa87:fffd::c000:42dc Connection UNREACHABLE

Having AAAA records but an unreachable server is worse than no AAAA — clients may experience delays before falling back to IPv4.

Why this matters

Advertising IPv6 (AAAA records) without a reachable server means IPv6-preferring clients silently fail every connection.

Learn more ▾

Modern browsers prefer IPv6 if AAAA exists (Happy Eyeballs algorithm). If the IPv6 server isn't reachable, browsers fall back to IPv4 — but with seconds of added latency per request. Either fix IPv6 reachability or remove the AAAA records.

Source: RFC 8305 (Happy Eyeballs)

CDN & Delivery

Action

No CDN detected

FIX

No CDN detected

A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.

No CDN detected

Consider using a CDN to improve global delivery speed and reduce origin load.

TLS Certificate Expiry & Recommendations

75 days until leaf cert expires — 4 issues to address

REVIEW

Certificate validity

days left

0d 30d 60d 90d+

Recommended actions

Extend HSTS max-age to at least 31536000 (1 year) to meet the preload list criteria
Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
Enable DNSSEC on your domain for DNS spoofing protection
Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy

A+

DNS Records

1 A records, 19 ms lookup

PASS

1 A records, 19 ms lookup

Resolves to 1 IPv4 address(es)

Got: 192.0.66.220

Single A record — no DNS redundancy

Multiple A records provide failover if one server goes down.

Has 1 IPv6 (AAAA) record(s)

Got: 2a04:fa87:fffd::c000:42dc

2 nameserver(s) configured

Got: elly.ns.cloudflare.com, gordon.ns.cloudflare.com

2 mail exchanger(s) configured

CAA records not checked

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

SPF record present in TXT

DNS resolution time: 19 ms

Got: 19 ms

A	192.0.66.220
AAAA	2a04:fa87:fffd::c000:42dc
CNAME	—
NS	elly.ns.cloudflare.com, gordon.ns.cloudflare.com
MX	0 usb-smtp-inbound-1.mimecast.com 0 usb-smtp-inbound-2.mimecast.com
TXT	0ed1fe018a18c01fd51bff49e5bd633fade441856b 134052hpsyz5k73sv39m0sgxljsqyls7 MS=ms36891426 MS=ms48927658 _globalsign-domain-verification=esDvs5Msz39F5o97VaHcZxyKR4A6NPHRpuo9du1Tro airtable-verification=e989fdaedddc09c0e5c782dd036dd08a anthropic-domain-verification-bqkhj4=U4gt2pxQQDf0aqgfPI3Q8Uvtp atlassian-domain-verification=h9MZSj2L681ZNGD+UGF5Z6/GB87QahuAI5yZdDee7puwzZVg57... b42c6b9e-33ca-44c0-a919-3152d6b3ddfa docusign=1ad1e6cd-4dfe-4b34-8689-5797102f132e dropbox-domain-verification=sh3f8kienale google-site-verification=8tVHhkiXUNoPjI09EcLgjl9V7TwSXxLV0bnIjcEmpFw google-site-verification=DhlHJ_81bZLsrh5TLvK7ac04EG4QvEAa8hjtsiMpUTQ google-site-verification=HgtRMjw2Jm4kQso_oGLMcQ7ndEv8wNcGa0Kquhm9KK0 google-site-verification=JJNsJJsmpgH6VoKlFj7qG9V223pIrsduvb7qQ31GNC0 google-site-verification=KsXJcvhk00hppwpZ3oNMk0GzB9M2GFUxA7XjdRVpc1U google-site-verification=NgMXk6BZ-jqt9XTrgnGt_O7hY4xD-NEAWsfSSD2VuZQ google-site-verification=VZcuQE1gCO7Zg1W2g_uzOzDXXICzPt74_eE-w0SRpt4 knowbe4-site-verification=bc3830115833f4f956e30f506f1da8c8 openai-domain-verification=dv-NrFR5wvpHqoGtf07m6oIH3J1 slido-domain-verification=87b6e1fe-2406-444f-90df-2cd87a594a34 SPF v=spf1 a mx include:usb._netblocks.mimecast.com include:spf.protection.outlook.c... yahoo-verification-key=nBRGLDZQzTUnUA7c6taNupK6RrG3ZGZs0PjHJmWAkqM= zeplin
CAA	Lookup not available with standard resolver

Resolved in 19 ms

Multiple A records provide failover if one server goes down.

Why this matters

Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.

Learn more ▾

Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.

Source: SRE practice / DNS architecture

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A+

Redirect Chain

No redirects — direct access

PASS

No redirects — direct access

Got: https://techcrunch.com

https://techcrunch.com

16 ms · HTTP/1.1 FINAL

#	URL	Status	Time	Protocol	Server
1	https://techcrunch.com	200	16 ms	HTTP/1.1	nginx

A+

Crawlability

robots.txt present, sitemap with 2044 URLs

PASS

robots.txt present, sitemap with 2044 URLs

robots.txt is present

Got: 710 bytes

sitemap.xml is present

sitemap.xml is valid XML

sitemap.xml contains 2044 entries

Sitemap index with 2044 child sitemaps

robots.txt references sitemap

robots.txt 200 OK

Size 710 B Sitemaps referenced 2 User-agents Claude-Web, FacebookBot, GPTBot, omgili, *, Bytespider, CCBot, ChatGPT-User, ClaudeBot, cohere-ai, Diffbot, Google-Extended, anthropic-ai, Applebot-Extended Blocking No — crawling allowed

User-agent: *
Disallow: /wp-admin/
Disallow: /wp-json/
Allow: /wp-admin/admin-ajax.php
Disallow: /search/
Disallow: /?s=
Disallow: /*?customize_changeset_uuid=*

User-agent: anthropic-ai
Disallow: /

User-agent: Applebot-Extended
Disallow: /

User-agent: Bytespider
Disallow: /

User-agent: CCBot
Disallow: /

User-agent: ChatGPT-User
Disallow: /

User-agent: Claude-Web
User-agent: ClaudeBot
Disallow: /

User-agent: cohere-ai
Disallow: /

User-agent: Diffbot
Disallow: /

User-agent: FacebookBot
Disallow: /

User-agent: Google-Extended
Disallow: /

User-agent: GPTBot
Disallow: /

User-agent: omgili
Disallow: /

Sitemap: https://techcrunch.com/sitemap.xml
Sitemap: https://techcrunch.com/news-sitemap.xml

sitemap.xml 200 OK

Type Sitemap Index URLs 2044 entries Valid XML Yes

Child Sitemaps:

A+

URL Variants

www/non-www, trailing slash, HTTP→HTTPS

PASS

www/non-www, trailing slash, HTTP→HTTPS

www/non-www redirect configured correctly (preferred: non-www)

HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.techcrunch.com/

200https://techcrunch.com/

Preferred variant: non-www

HTTP → HTTPS

301http://techcrunch.com/ → https://techcrunch.com/

Consistent

Domain Intelligence

techcrunch.com — via MarkMonitor Inc., 21 years, 1 months old, hosted on WordPress.com (Automattic)

PASS

techcrunch.com — via MarkMonitor Inc., 21 years, 1 months old, hosted on WordPress.com (Automattic)

Domain expires in 67 days

Consider enabling auto-renewal to prevent accidental expiration.

Got: Expires Jun 10, 2026

DNSSEC is not enabled

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Registrar: MarkMonitor Inc.

Hosting: WordPress.com (Automattic)

Got: AS2635

Domain expiry

EXPIRED

June 10, 2026

SSL certificate

75 days

Issued by Let's Encrypt

Domain age

21 years, 1 months

Registered June 10, 2005

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

WordPress.com (Automattic)

ASN AS2635

192.0.66.220

Registrar

MarkMonitor Inc.

Lock status unknown 2 NS records

Expiry timeline

Today

+1 year

Domain expiry SSL expiry Danger zone (≤30 days)

Recommended actions

Domain has EXPIRED — renew immediately to avoid total site outage
Enable DNSSEC to protect visitors from DNS spoofing

Registrar MarkMonitor Inc.

Created June 10, 2005 (21 years, 1 months ago)

Expires June 10, 2026 (2 months)

Last Updated August 26, 2025

Name Servers elly.ns.cloudflare.com, gordon.ns.cloudflare.com

DNSSEC Not enabled

Hosting

IP Address 192.0.66.220

ASN AS2635 (AUTOMATTIC - Automattic, Inc, US)

Provider WordPress.com (Automattic)

Data source: rdap (0.1s)

Consider enabling auto-renewal to prevent accidental expiration.

Why this matters

Domain expiry approaching — renew immediately and ensure auto-renew + alerting are configured.

Source: ICANN renewal policy

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more ▾

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

A+

HTTP Probe Timing

Total 17 ms — DNS, TCP, TLS, TTFB, content transfer breakdown

PASS

DNS Lookup

5 ms

TCP Connect

2 ms

TLS Handshake

5 ms

Time to First Byte

14 ms

Total Time

18 ms

Connection waterfall

DNS Lookup 5 ms TCP Connect 2 ms TLS Handshake 5 ms Server Processing 3 ms Content Transfer 3 ms

All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.