Skip to content
https://theathletic.com

Infrastructure

· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.
SCORE
98
GRADE
A+
FIX
0
REVIEW
2
PASS
7
INFO
0
Probed from New York, United Stated
301 Moved Permanently
Checks
9
7 PASS 2 REVIEW
B
TLS Certificate Expiry & Recommendations
54 days until leaf cert expires — 3 issues to address
REVIEW

Certificate validity

54
days left
0d 30d 60d 90d+

Recommended actions

  • Submit your domain to hstspreload.org to be added to the Chrome preload list
  • Enable DNSSEC on your domain for DNS spoofing protection
  • Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
B
CDN & Delivery
Cloudflare
REVIEW
Cloudflare
Info::
Site is served via Cloudflare CDN (edge: EWR)
Got: cf-ray: 9f0811c918f380da-EWR
CDN Detected: Cloudflare
Provider Cloudflare Evidence cf-ray: 9f0811c918f380da-EWR
A+
DNS Records
2 A records, 12 ms lookup
PASS
2 A records, 12 ms lookup
Info::
Resolves to 2 IPv4 address(es)
Got: 104.19.247.29, 104.19.248.29
Info::
Has 2 IPv6 (AAAA) record(s)
Got: 2606:4700::6813:f81d, 2606:4700::6813:f71d
Info::
2 nameserver(s) configured
Got: michelle.ns.cloudflare.com, vern.ns.cloudflare.com
Info::
5 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 12 ms
Got: 12 ms
A104.19.247.29, 104.19.248.29
AAAA2606:4700::6813:f81d, 2606:4700::6813:f71d
CNAME
NSmichelle.ns.cloudflare.com, vern.ns.cloudflare.com
MX
1 aspmx.l.google.com
5 alt2.aspmx.l.google.com
5 alt1.aspmx.l.google.com
10 alt4.aspmx.l.google.com
10 alt3.aspmx.l.google.com
TXT
MS=ms52461135
TAILSCALE-6YqAFgljTdUVJRb8Y2v8
airtable-verification=8ccb51ee1a1d8482a6726b9fdcdd7ff2
airtable-verification=fdae0e7e961f5f846d354928d3a27ff3
apple-domain-verification=lVR8usp5nX68V6RW
facebook-domain-verification=txa159hpqw20mrc41rr8gv82qiwzmr
google-site-verification=9MhKCkcom4v6hWslDk0hO41Ao9u03vco3VBW8TnMkQY
google-site-verification=GSmE3Bb-Zl6dxWyRb5VGjFOtjYqnYArl1jD-TGrwqwQ
google-site-verification=IZfBvK-vDLy9udP4p4mHFaEvN3xEQOZt_TC349bxNvg
google-site-verification=N1fATmChMUfBEhZ-u4onBw8sFJDKmjaGNqDXAzImUbU
google-site-verification=SB65lHLpchgAyhfhIKurc6Vv_aDW5hd9EXgBl1nnglw
google-site-verification=bpB3BeH-vlxN14EldlYJHDr5a69jOdTthHfTqKkAnu4
google-site-verification=mI47NrYH70VAFfocktPH2dgAk6snokMtVtDcs8MmpmM
google-site-verification=u6ho3_OQVqT3F_bTAe8gFtiKDeOHpV1Et0dI6Ex21YE
google-site-verification=wRdYwJHnwLmiv4pUgnsg_Xs-Gc7r0Gv5ogJ34bk0ERw
knowbe4-site-verification=2f1d475b89c0011fae1ce2d649cc9dde
lucidlink-verification=71ZHC6Z4ZYXNNBJWQ6ZHMNN5TR
onetrust-domain-verification=b923d0d4358243429c337582595cd5be
rm_verify=957a3d0682
SPF v=spf1 include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all
CAALookup not available with standard resolver
Resolved in 12 ms

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

A
Redirect Chain
1 redirect(s), 95 ms total
PASS
1 redirect(s), 95 ms total
Info::
Single redirect
Got: https://theathletic.com → https://www.nytimes.com/athletic/ (301)
Info::
WWW normalization redirect
Info::
Cross-domain redirect detected

https://theathletic.com

16 ms · HTTP/1.1

301

https://www.nytimes.com/athletic/

79 ms · HTTP/1.1 FINAL

#URLStatusTimeProtocolServer
1https://theathletic.com30116 msHTTP/1.1cloudflare
2https://www.nytimes.com/athletic/20079 msHTTP/1.1envoy

See the visual redirect chain in the HTTP Probe tab →

A+
IPv6 Readiness
IPv6 reachable (2 ms)
PASS
IPv6 reachable (2 ms)
Info::
IPv6 is configured and reachable at 2606:4700::6813:f81d, 2606:4700::6813:f71d
Got: 2 ms connect
IPv6 Ready
AAAA Records 2606:4700::6813:f81d, 2606:4700::6813:f71d Connection Reachable (2 ms)
A+
Crawlability
robots.txt present, sitemap with 767 URLs
PASS
robots.txt present, sitemap with 767 URLs
Info::
robots.txt is present
Got: 8150 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 767 entries
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 8150 B Sitemaps referenced 24 User-agents YouBot, Claude-Web, MyCentralAIScraperBot, peer39_crawler/1.0, facebookexternalhit, Applebot-Extended, Claude-SearchBot, cohere-ai, news-please, Quora-Bot, Bytespider, Google-Extended, quillbot.com, FriendlyCrawler, Meta-ExternalFetcher, meta-webindexer/1.1, AwarioRssBot, peer39_crawler, ClaudeBot, FacebookBot, meta-externalfetcher, omgili, ViennaTinyBot, AliyunSecBot, AudigentAdBot, ImagesiftBot, BLEXBot, Meta-WebIndexer, RedditBot, Jetslide, meta-externalagent, NewsNow, OAI-SearchBot, omgilibot, TaraGroup Intelligent Bot, AmazonBot, archive.org_bot, Diffbot, TurnitinBot, CCBot, DuckAssistBot, Meta-ExternalAgent, Scrapy, Googlebot, anthropic-ai, ChatGPT-User, PerplexityBot, Perplexity-User, Timpibot, AmazonAdBot, *, DataForSeoBot, EchoboxBot, Poseidon Research Crawler, SeekrBot, SeznamHomepageCrawler, Google-CloudVertexBot, GPTBot, Twitterbot, AwarioSmartBot, Claude-User, magpie-crawler Blocking No — crawling allowed
# New York Times content is made available for your personal, non-commercial
# use subject to our Terms of Service here:
# https://help.nytimes.com/hc/en-us/articles/115014893428-Terms-of-Service.
# Use of any device, tool, or process designed to data mine or scrape the content
# using automated means is prohibited without prior written permission from
# The New York Times Company.  Prohibited uses include but are not limited to:
# (1) text and data mining activities under Art. 4 of the EU Directive on Copyright in
# the Digital Single Market;
# (2) the development of any software, machine learning, artificial intelligence (AI),
# and/or large language models (LLMs);
# (3) creating or providing archived or cached data sets containing our content to others; and/or
# (4) any commercial purposes.
# Contact https://nytlicensing.com/contact/ for assistance.

User-agent: *
User-agent: Googlebot
Disallow: /ads/
Disallow: /adx/bin/
Disallow: /athletic/wp/wp-admin/
Allow: /athletic/wp/wp-admin/admin-ajax.php
Disallow: /athletic/async-*
Disallow: /athletic/search/*
Allow: /athletic/search/$
Disallow: /athletic/checkout/
Disallow: /athletic/checkout?plan_id*
Allow: /athletic/checkout/$
Disallow: /athletic/checkout2*
Disallow: /athletic/login/
Disallow: /athletic/login?login_source*
Disallow: /athletic/login?ref_page*
Allow: /athletic/login/$
Disallow: /athletic/login2/
Disallow: /athletic/login2?login_source*
Disallow: /athletic/login2?ref_page*
Allow: /athletic/login2/$
Disallow: /athletic/report/
Disallow: /athletic/*/discuss/*
Disallow: /athletic/register/
Disallow: /athletic/register?welcome_redirect*
Disallow: /athletic/register2/
Disallow: /athletic/register2?welcome_redirect*
Disallow: /athletic/betmgm-redirect*
Disallow: /athletic/cdn-cgi/
Disallow: /athletic/verizon/*
Disallow: /athletic/forgot-password/*
Disallow: /athletic/forgot-password2/*
Disallow: /athletic/amp-social-login*
Disallow: /athletic/track-analytics/
Disallow: /athletic/amp-auth/
Disallow: /athletic/rss-feed/
Disallow: /athletic/*?*rss=1
Disallow: /athletic/global-color-test.php
Disallow: /athletic/global-font-test.php
Disallow: /athletic/graphql*
Disallow: /athletic/api*
Disallow: /athletic/ip*
Disallow: /athletic/call-set-cookie-with-context/*
Disallow: /athletic/get-current-user/
Disallow: /athletic/pv.json
Disallow: /athletic/following-feed-test/*
Disallow: /athletic*/boxscore/*
Disallow: /athletic/feed-test/
Disallow: /athletic*/signed-mp3-redirect-url/*
Disallow: /athletic/embedded-interactive/*
Disallow: /card/panel/
Disallow: /panel/
Disallow: /puzzles/leaderboards/invite/*
Disallow: /svc
Allow: /svc/crosswords
Allow: /svc/games
Allow: /svc/letter-boxed
Allow: /svc/spelling-bee
Allow: /svc/wordle
Allow: /svc/connections
Allow: /svc/sudoku
Allow: /svc/strands
Allow: /svc/pips
Disallow: /video/embedded/*
Disallow: /search
Disallow: /multiproduct/
Disallow: /hd/
Disallow: /inyt/
Disallow: /*?*query=
Disallow: /*.pdf$
Disallow: /*?*login=
Disallow: /*?*campaignId=
Disallow: /*?*mcubz=
Disallow: /*?*smprod=
Disallow: /*?*ProfileID=
Disallow: /*?*ListingID=
Disallow: /*?*campaign_id=
Disallow: /*?*hybrid=
Disallow: /*?*entry=
Disallow: /*?*embed=
Disallow: /*?ls=
Disallow: /*?*&ls=
Disallow: /wirecutter/wp-admin/
Disallow: /wirecutter/*.zip$
Disallow: /wirecutter/*.csv$
Disallow: /wirecutter/deals/beta
Disallow: /wirecutter/data-requests
Disallow: /wirecutter/search
Disallow: /wirecutter/*?s=
Disallow: /wirecutter/*&xid=
Disallow: /wirecutter/*?q=
Disallow: /wirecutter/*?l=
Disallow: /wirecutter/*?merchant=
Disallow: /wirecutter/out/
Disallow: /search
Disallow: /subscription/*?*source=
Disallow: /subscription/*?*onboarded=
Disallow: /*?*smid=
Disallow: /*?*partner=
Disallow: /*?*utm_source=
Allow: /wirecutter/*?*utm_source=
Allow: /ads/public/
Allow: /svc/news/v3/all/pshb.rss
Allow: /wirecutter/reviews/*?*utm_source=
Allow: /wirecutter/blog/*?*utm_source=
Allow: /wirecutter/lists/*?*utm_source=
Allow: /wirecutter/gifts/*?*utm_source=


# Googlebot Specific Rules

User-agent: Googlebot
Disallow: /athletic*adgroupid*
Disallow: /athletic*campaignid*
Disallow: /athletic*ad_id*
Disallow: /athletic*access_token*
Disallow: /athletic*amp_reader_id*
Disallow: /athletic*/?source=*
Disallow: /athletic/*?*embed=1


# Disallow Rules

User-agent: AliyunSecBot
Disallow: /

User-agent: AmazonBot
Disallow: /wirecutter/

User-agent: anthropic-ai
Disallow: /

User-agent: Applebot-Extended
Disallow: /

User-agent: archive.org_bot
Disallow: /

User-agent: AudigentAdBot
Disallow: /

User-agent: AwarioRssBot
User-agent: AwarioSmartBot
Disallow: /

User-agent: BLEXBot
Disallow: /

User-agent: Bytespider
Disallow: /

User-agent: CCBot
Disallow: /

User-agent: ChatGPT-User
Disallow: /

User-agent: ClaudeBot
Disallow: /

User-agent: Claude-SearchBot
Disallow: /

User-agent: Claude-User
Disallow: /

User-agent: Claude-Web
Disallow: /

User-agent: cohere-ai
Disallow: /

User-agent: DataForSeoBot
Disallow: /

User-agent: Diffbot
Disallow: /

User-agent: DuckAssistBot
Disallow: /

User-agent: EchoboxBot
Disallow: /

User-agent: FacebookBot
Disallow: /

User-agent: FriendlyCrawler
Disallow: /

User-agent: Google-CloudVertexBot
Disallow: /
Allow: /wirecutter/
Allow: /athletic/

User-agent: Google-Extended
Disallow: /

User-agent: GPTBot
Disallow: /

User-agent: ImagesiftBot
Disallow: /

User-agent: Jetslide
Disallow: /

User-agent: magpie-crawler
Disallow: /

User-agent: Meta-ExternalAgent
User-agent: meta-externalagent
Disallow: /

User-agent: Meta-ExternalFetcher
User-agent: meta-externalfetcher
Disallow: /

User-agent: Meta-WebIndexer
User-agent: meta-webindexer/1.1
Disallow: /

User-agent: MyCentralAIScraperBot
Disallow: /

User-agent: NewsNow
Disallow: /

User-agent: news-please
Disallow: /

User-agent: OAI-SearchBot
Disallow: /

User-agent: omgili
Disallow: /

User-agent: omgilibot
Disallow: /

User-agent: peer39_crawler
User-agent: peer39_crawler/1.0
Disallow: /

User-agent: PerplexityBot
Disallow: /

User-agent: Perplexity-User
Disallow: /

User-agent: Poseidon Research Crawler
Disallow: /

User-agent: quillbot.com
Disallow: /

User-agent: Quora-Bot
Disallow: /

User-agent: Scrapy
Disallow: /

User-agent: SeekrBot
Disallow: /

User-agent: SeznamHomepageCrawler
Disallow: /

User-agent: TaraGroup Intelligent Bot
Disallow: /

User-agent: Timpibot
Disallow: /

User-agent: TurnitinBot
Disallow: /

User-agent: ViennaTinyBot
Disallow: /

User-agent: YouBot
Disallow: /


# Ad Bot Rules

User-agent: AmazonAdBot
Allow: /


# Social Bot Rules

User-agent: facebookexternalhit
Allow: /*?*smid=

User-agent: Twitterbot
Allow: /*?*smid=

User-agent: RedditBot
Allow: /*?*smid=

# Sitemaps

Sitemap: https://www.nytimes.com/sitemaps/new/news.xml.gz
Sitemap: https://www.nytimes.com/sitemaps/new/sitemap.xml.gz
Sitemap: https://www.nytimes.com/sitemaps/new/collections.xml.gz
Sitemap: https://www.nytimes.com/sitemaps/new/video.xml.gz
Sitemap: https://www.nytimes.com/sitemaps/new/cooking.xml.gz
Sitemap: https://www.nytimes.com/sitemaps/new/recipe-collects.xml.gz
Sitemap: https://www.nytimes.com/sitemaps/new/regions.xml
Sitemap: https://www.nytimes.com/sitemaps/new/best-sellers.xml
Sitemap: https://www.nytimes.com/sitemaps/new/subscription-landing-pages.xml
Sitemap: https://www.nytimes.com/sitemaps/new/weather.xml.gz
Sitemap: https://www.nytimes.com/sitemaps/new/espanol.xml.gz
Sitemap: https://www.nytimes.com/sitemaps/new/espanol-collects.xml.gz
Sitemap: https://www.nytimes.com/wirecutter/sitemapindex.xml
Sitemap: https://www.nytimes.com/athletic/sitemap-videos-index.xml
Sitemap: https://www.nytimes.com/athletic/sitemap-authors.xml
Sitemap: https://www.nytimes.com/athletic/sitemap-verticals.xml
Sitemap: https://www.nytimes.com/athletic/sitemap-teams.xml
Sitemap: https://www.nytimes.com/athletic/sitemap-cities.xml
Sitemap: https://www.nytimes.com/athletic/sitemap-tags.xml
Sitemap: https://www.nytimes.com/athletic/sitemap-stats.xml
Sitemap: https://www.nytimes.com/athletic/sitemap-schedule.xml
Sitemap: https://www.nytimes.com/athletic/sitemap-roster.xml
Sitemap: https://www.nytimes.com/athletic/sitemap.xml
Sitemap: https://www.nytimes.com/games-assets/v2/assets/sitemap/games.xml
sitemap.xml 200 OK
Type URL Set URLs 767 entries Valid XML Yes
Sample URLs:
A+
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
PASS
www/non-www, trailing slash, HTTP→HTTPS
Info::
www/non-www redirect configured correctly (preferred: non-www)
Info::
HTTP correctly 301-redirects to HTTPS

www / non-www

301https://www.theathletic.com/
200https://theathletic.com/

Preferred variant: non-www

HTTP → HTTPS

301http://theathletic.com/ https://theathletic.com/

Consistent

A+
Domain Intelligence
theathletic.com — via MarkMonitor Inc., 25 years, 8 months old
PASS
theathletic.com — via MarkMonitor Inc., 25 years, 8 months old
Info::
Domain registered until Dec 10, 2026 (7 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: MarkMonitor Inc.
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Domain expiry

177 days

December 10, 2026

SSL certificate

54 days

Issued by Google Trust Services

Domain age

25 years, 8 months

Registered December 10, 2000

DNSSEC

Not enabled

Protects against DNS spoofing

Hosting

Unknown

2606:4700::6813:f71d

Registrar

MarkMonitor Inc.

Unlocked 2 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
  • Enable DNSSEC to protect visitors from DNS spoofing
  • Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar MarkMonitor Inc.
Created December 10, 2000 (25 years, 8 months ago)
Expires December 10, 2026 (7 months)
Last Updated November 9, 2024
Name Servers michelle.ns.cloudflare.com, vern.ns.cloudflare.com
DNSSEC Not enabled
Hosting
IP Address 2606:4700::6813:f71d
Data source: rdap (0.0s)

DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.

Why this matters

Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.

Learn more

DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.

Source: ICANN / RFC 4033

The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.

Why this matters

Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.

Learn more

Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.

Source: ICANN / domain-security best practice

A+
HTTP Probe Timing
Total 18 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
PASS
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
3 ms
TCP Connect TCP Connect — time to establish a TCP connection to the server.
1 ms
TLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
7 ms
Time to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
19 ms
Total Time Total request time from DNS lookup through full response.
19 ms

Connection waterfall

DNS Lookup 3 ms TCP Connect 1 ms TLS Handshake 7 ms Server Processing 7 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.

Send Feedback