Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
BRedirect Chain1 redirect(s), 1301 ms totalREVIEW
https://verizon.com
808 ms · HTTP/1.1
https://www.verizon.com
492 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://verizon.com | 301 | 808 ms | HTTP/1.1 | |
| 2 | https://www.verizon.com | 200 | 492 ms | HTTP/1.1 |
See the visual redirect chain in the HTTP Probe tab →
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
CCrawlabilityActionrobots.txt present, sitemap with 0 URLsREVIEW
Search engines may not be able to parse the sitemap. Fix XML validation errors.
An unparseable sitemap is silently ignored by Google — the URLs it advertises are never queued for crawl.
Learn more ▾ ▴
Google's sitemap parser is strict about XML validity. A single unescaped `&` or unclosed tag invalidates the whole file. Run your sitemap through a validator (Search Console's Sitemaps report flags it) and fix the offending entry. Most generators escape correctly; mistakes usually come from manually-written entries.
Source: sitemaps.org / Google Search Central
An empty sitemap provides no value. Add <url> entries for your pages.
An empty sitemap signals 'no content to index' to Google — actively harmful versus having no sitemap at all.
Learn more ▾ ▴
Google compares URLs in the sitemap against URLs it has crawled. An empty sitemap on a site with thousands of pages signals abandonment. Either populate it correctly (most CMSes auto-generate) or delete the file and let Google crawl normally.
Source: Google Search Central / sitemaps.org
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
User-agent: *
Disallow: /eweb/
Disallow: /dayone/
Disallow: /fios
Disallow: /fios/
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
www / non-www
Inconsistent — duplicate content risk
HTTP → HTTPS
Consistent
BTLS Certificate Expiry & Recommendations231 days until leaf cert expires — 3 issues to addressREVIEW
Certificate validity
Recommended actions
- Enable HSTS: Strict-Transport-Security: max-age=31536000; includeSubDomains
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records10 A records, 81 ms lookupPASS
| A | 23.53.5.117, 23.206.61.108, 23.206.57.108, 23.206.58.110, 23.206.56.116, 23.206.59.110, 23.40.244.108, 23.206.60.108, 23.206.62.107, 23.206.63.107 |
| AAAA | — |
| CNAME | — |
| NS | a24-66.akam.net, a9-67.akam.net, a12-65.akam.net, a26-67.akam.net, a1-18.akam.net, a13-67.akam.net |
| MX | 15 mxb-0024a201.gslb.pphosted.com 15 mxa-0024a201.gslb.pphosted.com |
| TXT | Dynatrace-site-verification=9b5e8c85-ffc6-4ee3-80a4-01c14607d287__pdi80imbksqp54... dwpv611b3xgfp7ymnj2yd18kvdfc93lm docker-verification=f22a41ee-7281-4719-a023-ff82e56fd556 b8fwzdt99dt8btdysj12gnnjpkz146y3 _q8n9oay9918jw5gr4o497lxper8vgf9 SPF v=spf1 include:verizonwireless.com ~all mongodb-site-verification=6vBJxn6M8ujjAATlYkC5bRNXjD4sUiRf q5c6fp9dz62p3yxbgjrfsmr9d0wm705p ct55qq4v9hkbzvr613bg3nj4zqs82410 _lva6pf2y06r966zjnmczto8aoqtyhsj zv5q0hfc968n8pzr19b9vzqk5w75dcr2 docker-verification=e63249f1-5c89-419c-8b2a-928c81b87800 5bldj12kt4tpxl03yr7wcq4999ldkl6c EFrYNbG8uzynGvptGZk9HtN4Lm3prlj/zxlKEuFuGuCT614NJoj7M8m3YoFYzfpafIrQATFeKoHKqZOC... anthropic-domain-verification-dh9nvq=MZi3jVJdupvG2ZzJKBbuDIzF8 docusign=4a19cd69-5db5-4663-b70e-6600f177dae2 quickbase-site-verification-922ae18c23918d07de301f714e7747cabad0e6ce facebook-domain-verification=jzt3ysrggr1qi89a0c46h6hnmtu0l4 google-site-verification=KC5CJC5e0rzcxlINJHJcTM5U4b5Pr211cGU8diogsKI Dynatrace-site-verification=6219e2d6-0d4c-42b0-aa3f-bf137c76e0ef__lc47bag6133ot2... VaI7HAA7sB1/Nj9AfhmIpdfZyiwqm7N7pf9UApsrhO0= MS=ms87778762 smartsheet-gov-site-validation=wO9Aq-yUnfO-HMmw3WBsMSiP212HgHB4 atlassian-domain-verification=aj1ES5iXBorxgboMWU4jPaWG8ufdkUqPAZ98L4Z4FxPtlETrOS... zfk8y8l5fh15lrg8dsk27ks1j51869tw Precisely-domain-verification _v5t56ssq25ktk2khlhxdq84ct19wha1 flexera-domain-verification-kqnfpwapzjwcdtjl miro-verification=cb4542e8a7b94284a46cef7263ff93a0a8981ccc docusign=9f9bf7a4-31a7-42bd-989d-b177ae520342 g0s1gq156v9thvrtvmg4smn6fhgcxqnl google-site-verification=Y3Q2T99tU_-XF206jqXW_UugVEHCvpzvPnIk5hYL2Bk 0gydk8ylzblmdk89rrh71z6vq8csbd4j flexera-domain-verification-bpuabamsmujihlzs google-site-verification=tZDve57pSHTO7eOO90j3R3wUIdpqq9pCrPCCauMcfbc 2emAY6c1D+CgmANq0s7xHidy8qnyE6WStN33LPNuG/hd0aBm9xBLt6ZeIl7bfQR1VIMPYtYt3FlRkIcN... _60467rwxiajhlol2lvhpvkdp6849tto flexera-domain-verification-ffgblppxwzuqqveo 70nhs2k6yktgpq4blv65k8416dwfwtds _xbcq1ksf5g26csqvs958k3ig1ovtwtt adobe-sign-verification=5c72a7e0c328f6774716059ec6fb7da6049813116d899e3483577d08... |
| CAA | Lookup not available with standard resolver |
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
A+Domain Intelligenceverizon.com — via CSC Corporate Domains, Inc., 26 years, 6 months old, hosted on AkamaiPASS
263 days
March 6, 2027
231 days
Issued by DigiCert Inc
26 years, 6 months
Registered March 6, 2000
Not enabled
Protects against DNS spoofing
Akamai
ASN AS33905
23.40.244.108
CSC Corporate Domains, Inc.
Expiry timeline
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice