Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations85 days until leaf cert expires — 5 issues to addressREVIEW
Certificate validity
Recommended actions
- Extend HSTS max-age to at least 31536000 (1 year) to meet the preload list criteria
- Add includeSubDomains to the HSTS directive
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records1 A records, 12 ms lookupPASS
| A | 23.185.0.3 |
| AAAA | 2620:12a:8001::3, 2620:12a:8000::3 |
| CNAME | — |
| NS | ns0163.secondary.cloudflare.com, ns0037.secondary.cloudflare.com |
| MX | 50 mx0a-00164701.pphosted.com 50 mx0b-00164701.pphosted.com |
| TXT | 3b3ivpda2f10se3nn7olfrfucj 71MB6F28FTH9N79MPH1TN49H6E MS=ms20859340 SFMC-amtHrwXeF3C5rm2Ha9E3H_dpDHSLFtemkbvrt-wI amazonses:pdFwTbWzxT9aEG1QWjQIN1JQ2Nde7PSWZbDNYgLiJII= apple-domain-verification=f8jvjXpxkZuZImoG apple-domain-verification=r8UAnaLgMQbbCPYH asv=1147b35e22e2230f3e7ed7ef96d0b3cb atlassian-domain-verification=kSvetIKe/diM5FGbD37dFnvsdAGwPgNFtgM/1L2RoLFZeXaHp8... atlassian-domain-verification=oLsWbvIwAA0zKHIxnOG4nKuc6JJRY91TD/04xw1nbNohMNkiiB... b121225d-7ecf-4ab1-9a6c-0498793bc091 box-domain-verification=3430746f12c99e884185c424a68a8074130e28056a6c457bbe05730d... brevo-code:c8ebd56e46efa8226729d35478a57103 cisco-ci-domain-verification=4c96d65a1a9921efe23d594af51d2534c089b7ac61d461b7a98... docusign=0e8d546c-c2fe-412d-be88-b3c7fc36e4e9 docusign=b64b37c7-7a9d-4b6d-9093-07e862bada10 dropbox-domain-verification=q9fk5cnf7e8z e2ma-verification=31b e2ma-verification=5gfgb e2ma-verification=f2fgb e2ma-verification=jafgb e2ma-verification=t5egb e2ma-verification=vffgb ecee88b3-e854-43c4-936d-f88a3eabc95a google-site-verification=2Z-mrJy4KQmEzVpdrZOonGhzDjNR6vC44p-NG6ks0Bw google-site-verification=7jISKLgSY6Xj9zt1ZjvoVsHZvOMpGjgzih8xn6sDoXA google-site-verification=nojeOyc6lI8uv7PtvYD47Elxa4EAw8unfUWjovYIfOQ hpe-greenlake-domain-verification=4d42657379582d505849316c4355583579776d49765864... openai-domain-verification=dv-jiiDIH1uxImkWv50c2smvCIs pardot_137301_*=10c850f0ce73fd1f680c3edc78532b93f96e586561ff743a37eec44f63731125 pardot_137301_*=65e54b29681de123cb44a1079735eb760ede531320b27768f921b2fe7a59efa0 teamviewer-sso-verification=65d375c2d6374c5a991d77de3d1949a0 SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Redirect ChainNo redirects — direct accessPASS
https://usc.edu
20 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://usc.edu | 200 | 20 ms | HTTP/1.1 | nginx |
A+IPv6 ReadinessIPv6 reachable (1 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 6 URLsPASS
# START YOAST BLOCK
# ---------------------------
User-agent: *
Disallow: /wp-includes/
Disallow: /wp-login.php
Disallow: /wp-admin/*
Disallow: /wp-register.php
Disallow: /*/page/
Disallow: *.pdf$
Sitemap: https://usc.edu/sitemap_index.xml
# ---------------------------
# END YOAST BLOCK
A+Domain Intelligenceusc.edu — 41 years, 3 months oldPASS
16 days
July 31, 2026
85 days
Issued by Let's Encrypt
41 years, 3 months
Registered August 20, 1985
Status unknown
Protects against DNS spoofing
Unknown
2620:12a:8000::3
Registrar unknown
Expiry timeline
Recommended actions
- Renew the domain or enable auto-renewal to prevent accidental expiry