https://wix.com
Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.SCORE
86
GRADE
B
FIX
1
REVIEW
3
PASS
5
INFO
0
Probed from Madrid, Spain
301 Moved Permanently
Checks
95 PASS 3 REVIEW 1 FIX
DCDN & DeliveryActionNo CDN detectedFIX
CDN & Delivery
ActionNo CDN detected
No CDN detected
Warning::
No CDN detected
A CDN can significantly improve load times for users around the world by caching content at edge nodes closer to them.
No CDN detected
Consider using a CDN to improve global delivery speed and reduce origin load.
CIPv6 ReadinessActionNo IPv6 supportREVIEW
IPv6 Readiness
ActionNo IPv6 support
No IPv6 support
Info::
No IPv6 (AAAA) records found
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
No IPv6 Support
About 40% of internet users have IPv6. Consider adding AAAA records.
IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.
Why this matters
No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.
Source: Google IPv6 stats
BURL Variantswww/non-www, trailing slash, HTTP→HTTPSREVIEW
URL Variants
www/non-www, trailing slash, HTTP→HTTPS
www/non-www, trailing slash, HTTP→HTTPS
Critical::
Both www and non-www versions serve content
Got: Both variants return 200 Expected: One variant 301-redirects to the other
Info::
HTTP correctly 301-redirects to HTTPS
www / non-www
200https://www.wix.com/
200https://wix.com/
Inconsistent — duplicate content risk
HTTP → HTTPS
301http://wix.com/ → https://www.wix.com/
Consistent
BTLS Certificate Expiry & Recommendations38 days until leaf cert expires — 4 issues to addressREVIEW
TLS Certificate Expiry & Recommendations
38 days until leaf cert expires — 4 issues to address
Certificate validity
38
days left
0d 30d 60d 90d+
Recommended actions
- Extend HSTS max-age to at least 31536000 (1 year) to meet the preload list criteria
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable DNSSEC on your domain for DNS spoofing protection
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+DNS Records1 A records, 81 ms lookupPASS
DNS Records
1 A records, 81 ms lookup
1 A records, 81 ms lookup
Info::
Resolves to 1 IPv4 address(es)
Got: 199.15.163.133
Info::
Single A record — no DNS redundancy
Multiple A records provide failover if one server goes down.
Info::
No IPv6 (AAAA) records
Info::
4 nameserver(s) configured
Got: dns1.p03.nsone.net, dns4.p03.nsone.net, dns2.p03.nsone.net, dns3.p03.nsone.net
Info::
5 mail exchanger(s) configured
Info::
CAA records not checked
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Info::
SPF record present in TXT
Info::
DNS resolution time: 81 ms
Got: 81 ms
| A | 199.15.163.133 |
| AAAA | — |
| CNAME | — |
| NS | dns1.p03.nsone.net, dns4.p03.nsone.net, dns2.p03.nsone.net, dns3.p03.nsone.net |
| MX | 1 aspmx.l.google.com 5 alt1.aspmx.l.google.com 5 alt2.aspmx.l.google.com 10 alt3.aspmx.l.google.com 10 alt4.aspmx.l.google.com |
| TXT | Dynatrace-site-verification=501eb6b7-ec68-4d6e-9cff-542d23e861a6__2sdtlct1d5od1s... zapier-domain-verification-challenge=b9a64e2d-2ca9-415d-bd69-cfa2d9fa9907 stripe-verification=3d38b8ba77051423fc63beab24fd133e79c48c38c129e6f32a8f31dd1442... docusign=79f63237-be11-4e2d-b4b4-91ab6dce95fc bpdvtdlgubb2u4fibokgbtimqm google-site-verification=bgK_1_cVW1tLXaQirTZFxyCNGwebJrSrtxEnhi8nj34 openai-domain-verification=dv-pLJ3xAPCIeMa3cC4XNtNDJX2 ZOOM_verify_MfQI7nhORG2Puh-3X5ATPg google-site-verification=FXlaz4eC6IRkW2WmIRbIk4CArdmHESk0yNe3AFUDhp0 SPF v=spf1 include:wix.com._nspf.vali.email include:%{i}._ip.%{h}._ehlo.%{d}._spf.va... MS=ms84842189 tiktok-developers-site-verification=gzeUQu5YG50bjEvjyo0ZfbVZ5j0V999U MS=ms67587784 stripe-verification=90fcaa8e136e2e6061f8be2b71a3415891ea8673424e9ff92247249c0199... v=MCPv1; k=ed25519; p=EbQt/aJoTxU91btvOjmJoFgANaxHhXpEw07phT5RZp4= lucidlink-verification=Q6AYQQCN4FGFRCQR0AF47JR318 stripe-verification=acd68941bb2908ddb9252b6af7dfb0bec4c44516bf8ddf6281064d5267d6... google-site-verification=GK0pXfNH9o0j611VmQUTjL4d24lbdaLr4464gb0325s stripe-verification=c332fc1713103584e6975aff689df49f78df9ea5980c7d124640f1256185... google-site-verification=MvlfsFt9kmoBIEA-kfNZGc1DoBWCpDeO2I0BFi2r0Ls apple-domain-verification=q4AHUtVh9qSoTPfP stripe-verification=9a57080fa5c5d67942dead568a7b95d81e0b004381ccfda174b91c5a84b3... anthropic-domain-verification-wj1991=6IRjBpZdVnL6nplaTY4n69b7J _globalsign-domain-verification=Fw09cFhmPL_-Bfg6BV5_NkyDEkXJfmQd4uPViX560A google-site-verification=LlgLpcZTcUwtCuZ6rbFW3qpMhBRXM6TRPLWTaJIz6qo miro-verification=1400621c6beb4ad13c3ab05208a4bcc4446e4ead google-site-verification=tidJNtRp7m6rB1RoNn3WWu94llPGNf69LO5cMRL2aog cursor-domain-verification-1tkm1m=rRuMFC1cXEdKxx2xnJVQHycAq vLXvkpGVsBpywsoGExNq4Y9fpP78GQ openai-domain-verification=dv-FVMlkPb2ttnAtrpY3PbRxymv stripe-verification=96483778492eb4f2255ee7fcb447f01413aa413328443b4ef81edadbcbe5... aO7RBfR stripe-verification=e5d336648c47bc8257c95e6b90f8e72cefe71d491fdb5f05e7e91f7dba43... google-site-verification=VIxXEU16_I7ytV2OZx7MribDyDrrO8qdo3zN_Z4midI mentimeter-26622928-e74c-4bef-bd86-6fb3ef16da73 c5d403d181be4c99af6bfc33a6b174ef google-site-verification=igUuyfBRZoBZQ0BFNepTw5JslX4b4ilhiFYSgT6muOE stripe-verification=c20e469bd7bbf272f6048b664b7f9cc406b912f67ad8fa91647eff8350b6... docusign=5e9b707a-aa10-4cc8-8c18-44ba07c7261d t9Mb1J4w2JVvj8BbxdSv/0Vq6ijiuUn5uWS/LqkvNkE= mongodb-site-verification=gdhANZR3xAzZgoC98tNYliiKI87AerWD canva-site-verification=qnvjScw_870K8yKfi-_rTg anodot-domain-verification=22a37350bc036e536d9fbb047513c15f1d09de30af60f87c20af2... hubspot-developer-verification=OGU2OTcxZmMtOTQ5ZS00MmE4LWEwNGMtZDU5ODVjMjFlNzE3 astro-domain-verification=cmdn44xpt2r0g01n6ltozezn0 atlassian-domain-verification=csQ4SmhA03xwafLVCnb97huNyHYH1UukzPuDqZGNUAxVncR0Fa... 487477444-11657476 google-site-verification=WXWCve5A0fdvZG9JuNcYOlPnkIfD5jCwtx-Hz6ky6wA _globalsign-domain-verification=hJCPfpeQg9VcjdDQFrVs_lkJML8ynoEnfwBUsQJ6zB wq3kgvs1qvcjxqx95561tx37v6hgssjj stripe-verification=87df6886f3e159f187fde2e275ec83dc599278c4d7c88dee2391c5879643... google-site-verification=mlu2CMylrUqQGNZj8kf-TLOgvFtObPuYG8iDyF40-yw amazonses:kmAm6mAq2E1NgyaEam+5i0Mnyf/O2i4kosh3YVJwJZo= google-site-verification=cPL86MHWzrMGIKsTjOEI-oy3ISSoZhhnwuudVWrhvrU google-site-verification=caM2lnCRLah4A1mGepO9qL_hg8cqHdh3UzqMkNMaNAA atlassian-domain-verification=/0xGMpS1a6Y4hkYjG5Rprk0LKayTNxlYBFefwdxm2FhvHJaFr9... have-i-been-pwned-verification=7bc715f972068147270244a4389abc6d stripe-verification=0d2a575bc62dd29de9df29436fb90d8ed6f29050dfae2d211c1ad9aeafbd... google-site-verification=ogdABx45v2ErCVBP-Ms5Wm2fNT-LJq4emfL0AecJZZA h1-domain-verification=PcpK2wxKRm5TX3bUxcufNmYpDJfshghw8GwndcysTzykjNsF google-site-verification=JO8-pIBHBq2rsYKaFQQDYV0LLq8RbBMxJ3sJmGAvop4 globalsign-domain-verification=pyR6ci6IB7uVAxLPZN5Z7_imdnvGJLhXCcmfs8v5RP |
| CAA | Lookup not available with standard resolver |
Resolved in 81 ms
Multiple A records provide failover if one server goes down.
Why this matters
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Why this matters
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
ARedirect Chain1 redirect(s), 234 ms totalPASS
Redirect Chain
1 redirect(s), 234 ms total
1 redirect(s), 234 ms total
Info::
Single redirect
Got: https://wix.com → https://www.wix.com/ (301)
Info::
WWW normalization redirect
https://wix.com
113 ms · HTTP/1.1
301
https://www.wix.com/
121 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://wix.com | 301 | 113 ms | HTTP/1.1 | |
| 2 | https://www.wix.com/ | 200 | 121 ms | HTTP/1.1 | Pepyaka |
See the visual redirect chain in the HTTP Probe tab →
A+Crawlabilityrobots.txt present, sitemap with 10831 URLsPASS
Crawlability
robots.txt present, sitemap with 10831 URLs
robots.txt present, sitemap with 10831 URLs
Info::
robots.txt is present
Got: 2883 bytes
Info::
sitemap.xml is present
Info::
sitemap.xml is valid XML
Info::
sitemap.xml contains 10831 entries
Info::
robots.txt references sitemap
robots.txt 200 OK
Size 2883 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed
User-agent: *
Disallow: /api/
Disallow: /blogtemp
Disallow: /wixblog
Disallow: /bo/
Disallow: /editor.jsp
Disallow: /noflashhtml
Disallow: /siteBackHtml
Disallow: /wix/
Disallow: /wixpress/
Disallow: /wixdemo/
Disallow: /wix-editor/
Disallow: /editor2.jsp
Disallow: /flash/
Disallow: /flash-templates/
Disallow: /website-template/view/flash/
Disallow: /facebook-template/
Disallow: /facebook/templates/
Disallow: /website/templates/flash/
Disallow: /html5/
Disallow: /my-account
Disallow: /blog/*sitemap.xml$
Disallow: /velo/profile
Disallow: /velo/forum/search
Disallow: /velo/forum/main/comment
Disallow: /*velo-pt/profile
Disallow: /*velo-pt/forum/search
Disallow: /*velo-pt/forum/main/comment
Disallow: /app-market/search-result?query=
Disallow: /despiration/testseo
Disallow: /site-react-dropdown*
Disallow: /soundcloud-tpa*
Disallow: /*cacheKiller=
Disallow: /*hubs_content
Disallow: /*hubs_post
Disallow: /*hubs_signup-cta
Disallow: /lp-lang/mobilewebsite
Disallow: /mystunningwebsites/
Disallow: /dashboard
Disallow: /_api/albums-node-server
Disallow: /_partials/wix-vod
Disallow: /designers/events/fullscreen-page
Disallow: /photo-test-editor-x
Disallow: /thunderbolt/
Disallow: /meta-site/
Disallow: /learn/search-results
Disallow: /?criteria=
Disallow: /blog/*/search-results?q
Disallow: /blog/search-results?q
Disallow: /experts-arena/
Disallow: /createawebsite/
Disallow: /website/templates*?screen=
Disallow: /*?sort=
Disallow: /marketplace/hire*?serviceIds=
Disallow: /marketplace/hire*&serviceIds=
Disallow: /marketplace/brief/
Disallow: /wix-platform
Disallow: /blog-temp-ru
Disallow: /blog/search?*
Disallow: */fullscreen-page
Disallow: /wearepages
Disallow: */laboratory/conductAllInScope
Disallow: /studio/blog/*?filter=
Disallow: /studio/academy/search-results
Disallow: /studio/academy/search
Disallow: /studio/blog/search-results?q
Disallow: /studio/blog/*&filter=
Disallow: /seo/learn/assets*?topic=
Disallow: /seo/learn/assets*&topic=
Disallow: /seo/learn/assets*?resource-type=
Disallow: /seo/learn/assets*&resource-type=
Disallow: /studio-tech-desgin
Disallow: /_api/dealer-offer-events-service/proxy/v1/dealer-offer-events
Disallow: /website/builder?storyId=
Disallow: /studio-tech-design
Disallow: /domain/names/results?
Disallow: /business-name-generator/list
Disallow: /studio/templates?criteria
Disallow: /domains/results
Disallow: /_api/header-footer-service/content
Disallow: /wixel/templates/search?
Disallow: /wixel/templates/*?color
Disallow: /wixel/templates/*?style
Disallow: /wixel/templates/*?price
Disallow: /wixel/templates/*?format
Disallow: /wixel/templates/*?type
Disallow: /_api/wix-code-app-registry-global/v1/public-code-config
Disallow: /_api/wix-laboratory-server/laboratory/conductExperiment
Disallow: /search
Disallow: /marketplace/templates?sort=
Disallow: /domain/result/
Sitemap: https://www.wix.com/sitemap.xml
# by wix.com
sitemap.xml 200 OK
Type URL Set URLs 10831 entries Valid XML Yes
A+Domain Intelligencewix.com — via GoDaddy.com, LLC, 31 years, 4 months old, hosted on WIX_COM, ILPASS
Domain Intelligence
wix.com — via GoDaddy.com, LLC, 31 years, 4 months old, hosted on WIX_COM, IL
wix.com — via GoDaddy.com, LLC, 31 years, 4 months old, hosted on WIX_COM, IL
Info::
Domain registered until May 13, 2029 (3 years, 1 months remaining)
Info::
DNSSEC is not enabled
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Info::
Registrar: GoDaddy.com, LLC
Warning::
Registrar lock is NOT enabled
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Info::
Hosting: WIX_COM, IL
Got: AS58182
Domain expiry
1062 days
May 13, 2029
SSL certificate
38 days
Issued by Let's Encrypt
Domain age
31 years, 4 months
Registered May 12, 1995
DNSSEC
Not enabled
Protects against DNS spoofing
Hosting
WIX_COM, IL
ASN AS58182
199.15.163.133
Registrar
GoDaddy.com, LLC
Unlocked 4 NS records
Expiry timeline
Today
+1 year
Domain expiry SSL expiry Danger zone (≤30 days)
Recommended actions
- Enable DNSSEC to protect visitors from DNS spoofing
- Enable registrar lock (clientTransferProhibited) to block unauthorized domain transfers
Registrar GoDaddy.com, LLC
Created May 12, 1995 (31 years, 4 months ago)
Expires May 13, 2029 (3 years, 1 months)
Last Updated June 13, 2024
Name Servers dns1.p03.nsone.net, dns2.p03.nsone.net, dns3.p03.nsone.net, dns4.p03.nsone.net
DNSSEC Not enabled
Hosting
IP Address 199.15.163.133
ASN AS58182 (WIX_COM, IL)
Provider WIX_COM, IL
Data source: rdap (0.4s)
DNSSEC protects against DNS spoofing attacks. While not required, enabling DNSSEC adds an additional layer of security. Contact your DNS provider to enable it.
Why this matters
Without DNSSEC, an attacker who can poison your DNS can hijack your domain — and SSL certs alone don't stop them.
Learn more ▾ ▴
DNSSEC adds cryptographic signatures to DNS records, preventing forged responses from poisoning resolver caches. Without it, an attacker who controls the network path can redirect your domain to a malicious server before any HTTPS handshake happens. Most modern registrars (Cloudflare, Google Domains, Route 53) enable it with one toggle.
Source: ICANN / RFC 4033
The domain can be transferred without an unlock step. Enable registrar lock (clientTransferProhibited) in your registrar's control panel to protect against unauthorized or accidental transfers.
Why this matters
Without registrar lock, an attacker who phishes your registrar credentials can transfer the domain in minutes — total brand hijack.
Learn more ▾ ▴
Registrar lock (clientTransferProhibited, clientUpdateProhibited, clientDeleteProhibited) requires extra verification before any transfer/update/delete. Every major registrar offers it free. Combined with 2FA on your registrar account, it's the strongest defense against domain hijacking.
Source: ICANN / domain-security best practice
A+HTTP Probe TimingTotal 139 ms — DNS, TCP, TLS, TTFB, content transfer breakdownPASS
HTTP Probe Timing
Total 139 ms — DNS, TCP, TLS, TTFB, content transfer breakdown
DNS Lookup DNS Lookup — time to resolve the domain name to an IP address.
27 msTCP Connect TCP Connect — time to establish a TCP connection to the server.
37 msTLS Handshake TLS Handshake — time to complete the HTTPS encryption handshake.
39 msTime to First Byte Time to First Byte — how long the server takes to respond with the first byte of data.
140 msTotal Time Total request time from DNS lookup through full response.
140 msConnection waterfall
DNS Lookup 27 ms TCP Connect 37 ms TLS Handshake 39 ms Server Processing 37 ms Content Transfer 0 ms
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.