Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations34 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records1 A records, 13 ms lookupPASS
| A | 23.185.0.3 |
| AAAA | 2620:12a:8000::3, 2620:12a:8001::3 |
| CNAME | — |
| NS | ns1-ext.ucsb.edu, ns2-ext.ucsb.edu, ns3-ext.ucsb.edu |
| MX | 1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 aspmx3.googlemail.com 10 aspmx2.googlemail.com |
| TXT | nintex.5eab2f5c65e22e0cb4175fa8 docusign=2db76460-ed70-4304-ac67-b0c4c3dbd8a0 docusign=d6165297-785e-475b-af29-230656dc9b6b google-site-verification=HvW8p2akv29b_3SxKwREgQW3sWcdM4W_tBkFOBYUnCc google-site-verification=1WJ9YafLWZub7TeqsJsmgkjWBmi78PeMfX9X8nAsBCo google-site-verification=f1VE4Bh7TPu8csbCDpSdss9eNiDHm8nFz_WpwvFpFMc google-site-verification=eEMgnykr-j3h3QqEc1Y3rY_IYJ61sLo30TicTXyEoRw adobe-idp-site-verification=89eae806e1d6d933ad1bbc1dae756a88bbf2bd0b29a325541c9d... SPF v=spf1 include:_spf.ucsb.edu ~all e2ma-verification=6rtgb e2ma-verification=qptgb hcp-domain-verification=b83443062ec1a87d668a27b333cd650da55f407313cb6cc88c1f327a... dtm-domain-verification=KzMugmmXJb3wvAHQSoQ2_KaATqj1YtscPtGVPyA7V5c atlassian-domain-verification=qCi2CsOO2pP3njZFSIP5D0ydoujdKY1UDvOfLfk1PitUfyjhkt... apple-domain-verification=Eod6qXeOKdrSMbsj |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 165 ms totalPASS
https://ucsb.edu
20 ms · HTTP/1.1
https://www.ucsb.edu/
146 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://ucsb.edu | 301 | 20 ms | HTTP/1.1 | Pantheon |
| 2 | https://www.ucsb.edu/ | 200 | 146 ms | HTTP/1.1 | nginx |
See the visual redirect chain in the HTTP Probe tab →
A+IPv6 ReadinessIPv6 reachable (1 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 141 URLsPASS
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html
User-agent: *
# CSS, JS, Images
Allow: /core/*.css$
Allow: /core/*.css?
Allow: /core/*.js$
Allow: /core/*.js?
Allow: /core/*.gif
Allow: /core/*.jpg
Allow: /core/*.jpeg
Allow: /core/*.png
Allow: /core/*.svg
Allow: /profiles/*.css$
Allow: /profiles/*.css?
Allow: /profiles/*.js$
Allow: /profiles/*.js?
Allow: /profiles/*.gif
Allow: /profiles/*.jpg
Allow: /profiles/*.jpeg
Allow: /profiles/*.png
Allow: /profiles/*.svg
# Directories
Disallow: /core/
Disallow: /profiles/
# Files
Disallow: /README.md
Disallow: /composer/Metapackage/README.txt
Disallow: /composer/Plugin/ProjectMessage/README.md
Disallow: /composer/Plugin/Scaffold/README.md
Disallow: /composer/Plugin/VendorHardening/README.txt
Disallow: /composer/Template/README.txt
Disallow: /modules/README.txt
Disallow: /sites/README.txt
Disallow: /themes/README.txt
Disallow: /web.config
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register
Disallow: /user/password
Disallow: /user/login
Disallow: /user/logout
Disallow: /media/oembed
Disallow: /*/media/oembed
# Paths (no clean URLs)
Disallow: /index.php/admin/
Disallow: /index.php/comment/reply/
Disallow: /index.php/filter/tips
Disallow: /index.php/node/add/
Disallow: /index.php/search/
Disallow: /index.php/user/password
Disallow: /index.php/user/register
Disallow: /index.php/user/login
Disallow: /index.php/user/logout
Disallow: /index.php/media/oembed
Disallow: /index.php/*/media/oembed
A+Domain Intelligenceucsb.edu — 39 years, 6 months oldPASS
381 days
July 31, 2027
34 days
Issued by Let's Encrypt
39 years, 6 months
Registered April 27, 1987
Status unknown
Protects against DNS spoofing
Unknown
2620:12a:8001::3
Registrar unknown