Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DURL VariantsActionwww/non-www, trailing slash, HTTP→HTTPSFIX
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
HTTP version does not redirect to HTTPS
DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BCrawlabilityrobots.txt present, no sitemapREVIEW
A sitemap helps search engines discover and index your pages more efficiently.
No sitemap.xml — Google relies on crawl-graph discovery alone, slowing indexing of deep or fresh URLs.
Learn more ▾ ▴
A sitemap accelerates Google's discovery of new and updated content. Most CMSes auto-generate one; static-site frameworks need a build-step plugin. Reference it from robots.txt and submit in Search Console to confirm Google can fetch it.
Source: sitemaps.org / Google Search Central
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
User-agent: *
Allow: *
Crawl-delay: 2
No sitemap found
Adding a sitemap helps search engines discover your pages.
BHTTP Probe TimingTotal 870 ms — DNS, TCP, TLS, TTFB, content transfer breakdownREVIEW
Connection waterfall
BTLS Certificate Expiry & Recommendations169 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Extend HSTS max-age to at least 31536000 (1 year) to meet the preload list criteria
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
ADNS Records1 A records, 215 ms lookupPASS
| A | 185.152.70.106 |
| AAAA | — |
| CNAME | — |
| NS | a.nic.va, c.nic.va, seth.namex.it, osiris.namex.it, b.nic.va |
| MX | 10 mx11-new.vatican.va 10 mx12-new.vatican.va 30 mx20.vatican.va 30 mx21.vatican.va |
| TXT | google-site-verification=xJIGtooD1R7HCcYnGpEnQJbesRSBdJmzNZX0WLDIMII SPF v=spf1 ip4:212.77.4.23 ip4:212.77.4.24 ip4:212.77.4.25 ip4:212.77.4.26 ~all qZudITCslr0iehQZGvmCMAudIoMx0B6R5qAN4D3hPKw= knowbe4-site-verification=f882cc0348b28c65c426d5e17921e866 globalsign-domain-verification=-gCC2DQXHa6oHAH2EjWC1H9VSKsrE2Gi4P5ejspYmK |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
Slow DNS adds latency to every page load. Consider a faster DNS provider.
DNS resolution is slow — anycast DNS providers (Cloudflare, Route 53) typically resolve <50ms globally.
Source: DNS performance benchmarks
A+Redirect ChainNo redirects — direct accessPASS
https://vatican.va
862 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://vatican.va | 200 | 862 ms | HTTP/1.1 | Apache |
Domain IntelligenceDomain intelligence data not availableINFO
RDAP and WHOIS lookup both failed