Detect WebMCP runtime API [informational]INFODetect WebMCP runtime API status="informational"INFOProbe rendered browser for WebMCP runtime objects SKIPCheck current W3C runtime API actual="not detected" expected="document.modelContext/registerTool available"INFOWebMCP evidence was recorded for context. status="informational"Probe WebMCP operability [warning]! No WebMCP surface was found to probe.INFOProbe WebMCP operability status="warning"INFORun safe WebMCP operability checks safeProbeOnly=trueWARNCheck usable WebMCP evidence actual=0 expected="at least 1 usable runtime, declarative, annotation, or static manifest signal"WARNWebMCP operability warning warning="No WebMCP surface was found to probe."WARNWebMCP operability warning warning="Conventional WebMCP manifest paths were checked but did not return a valid manifest."WARNNo WebMCP surface was found to probe.Validate declarative WebMCP form tools [informational]! No W3C-style declarative WebMCP form attributes were found.INFOValidate declarative WebMCP form tools status="informational"INFOInspect visible forms and controls for current declarative WebMCP attributes annotatedElements=0 formsWithAttributes=0 controlsWithAttributes=0SKIPValidate declarative WebMCP attribute quality actual=0 expected=0INFONo W3C-style declarative WebMCP form attributes were found. status="informational"Validate MCP-aware HTML annotations [informational]! No data-mcp-tool or hyphenated WebMCP compatibility annotations were found.INFOValidate MCP-aware HTML annotations status="informational"INFOInspect HTML for MCP compatibility annotations compatibilityAttributeCount=0 dataMcpToolCount=0 examples=[]SKIPValidate compatibility annotation quality actual=0 expected=0INFONo data-mcp-tool or hyphenated WebMCP compatibility annotations were found. status="informational"Validate static WebMCP JSON compatibility [warning]! No static WebMCP JSON manifest or WMCP interaction graph was found.INFOValidate static WebMCP JSON compatibility status="warning"INFODiscover static WebMCP manifest candidates conventionalPaths=["/.well-known/webmcp.json","/webmcp.json"] checkedCount=2 profileCounts={}INFOWebMCP manifest candidate checked source="path" path="/.well-known/webmcp.json" url="https://anon.li/.well-known/webmcp.json" statusCode=404 contentType="text/html; charset=utf-8"INFOWebMCP manifest candidate checked source="path" path="/webmcp.json" url="https://anon.li/webmcp.json" statusCode=404 contentType="text/html; charset=utf-8"WARNValidate discovered static WebMCP metadata actual={"validManifestCount":0,"invalidManifestCount":0,"toolCount":0,"wmcpActionCount":0} expected="at least 1 valid tools[] manifest or WMCP graph when static metadata is present"WARNNo static WebMCP JSON manifest or WMCP interaction graph was found.Validate WebMCP tool metadata quality [informational]INFOValidate WebMCP tool metadata quality status="informational"INFOInspect WebMCP tool names, descriptions, schemas, and safety hints toolCount=0SKIPCheck tool metadata findings actual={"issueCount":0,"warningCount":0} expected="0 issues and 0 warnings"INFOWebMCP evidence was recorded for context. status="informational"Review WebMCP security and policy signals [informational]INFOReview WebMCP security and policy signals status="informational"INFOInspect WebMCP security and policy signals permissionsPolicy="camera=(), microphone=(), geolocation=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=()" failureCount=0 warningCount=0PASSCheck security findings actual={"failures":0,"warnings":0} expected="0 failures and 0 warnings"INFOWebMCP evidence was recorded for context. status="informational"

Classify AI crawler rules [fail]! No explicit User-agent rules were found for major AI crawler tokens.INFOClassify AI crawler rulesINFOParsing User-agent groups and Allow/Disallow records for known AI crawler tokens evaluatedPath="/"INFOEvaluating exact User-agent matches before wildcard fallback exactAiPolicyCount=0 totalCrawlerTokens=18FAILNo explicit AI crawler User-agent groups were found examplesExpected=["GPTBot","OAI-SearchBot","ClaudeBot","Google-Extended","CCBot"]FAILCompare explicit AI crawler coverage actual=0 expected="> 0 explicit non-search AI crawler policies" missingTokens=["GPTBot","OAI-SearchBot","ChatGPT-User","ClaudeBot","Claude-SearchBot","Claude-User","Google-Extended","Applebot-Extended","Amazonbot","Amzn-SearchBot","Amzn-User","PerplexityBot"]INFOResolved effective root-path policy for crawler tokens blocked=0 allowed=21 unspecified=0

Markdown representation [fail]! No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks.INFOMarkdown representationFAILCheck usable Markdown representation was selected actual={"source":"negotiated","url":"https://anon.li/","statusCode":404,"contentType":"text/html; charset=utf-8","mediaType":"text/html","vary":"Accept","requireVaryAccept":true,"contentTypeStatus":"fail","cacheStatus":"pass","bodyStatus":"fail","pass":false,"quality":{"valid":false,"formatStatus":"fail","dialect":"html-heavy","hasHeading":false,"headingCount":0,"wordCount":2543,"features":{"markdownLinks":0,"referenceLinks":0,"listItems":0,"tables":0,"taskListItems":0,"fencedCodeBlocks":0,"yamlFrontmatter":false,"jsonLdFencedBlocks":0,"admonitions":0,"strikethrough":0,"autolinks":0,"rawHtmlTags":84,"jsxOrMdxSignals":0},"issues":["missing-heading","raw-html-heavy","plain-text-like"],"excerpt":"<!DOCTYPE html><html lang=\"en\" data-scroll-behavior=\"smooth\"><head><meta charSet=\"utf-8\"/><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"/><link rel=\"stylesheet\" href=\"/_next/static/chunks/016t0ux5-61en.css\" data-precede","issue":"Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."}} expected="negotiated, advertised alternate, or conventional mirror" selected={"source":"negotiated","url":"https://anon.li/","statusCode":404,"contentType":"text/html; charset=utf-8","mediaType":"text/html","vary":"Accept","requireVaryAccept":true,"contentTypeStatus":"fail","cacheStatus":"pass","bodyStatus":"fail","pass":false,"quality":{"valid":false,"formatStatus":"fail","dialect":"html-heavy","hasHeading":false,"headingCount":0,"wordCount":2543,"features":{"markdownLinks":0,"referenceLinks":0,"listItems":0,"tables":0,"taskListItems":0,"fencedCodeBlocks":0,"yamlFrontmatter":false,"jsonLdFencedBlocks":0,"admonitions":0,"strikethrough":0,"autolinks":0,"rawHtmlTags":84,"jsxOrMdxSignals":0},"issues":["missing-heading","raw-html-heavy","plain-text-like"],"excerpt":"<!DOCTYPE html><html lang=\"en\" data-scroll-behavior=\"smooth\"><head><meta charSet=\"utf-8\"/><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"/><link rel=\"stylesheet\" href=\"/_next/static/chunks/016t0ux5-61en.css\" data-precede","issue":"Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."}} candidatesChecked=2FAILMarkdown representation failed issue="No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks."Same-URL negotiation [fail]! Same-URL Accept: text/markdown did not return a valid Markdown representation.INFOSame-URL negotiationFAILCheck negotiated Markdown response actual={"statusCode":404,"mediaType":"text/html","vary":"Accept"} expected="HTTP 2xx text/markdown with Vary: Accept" url="https://anon.li/" statusCode=404 mediaType="text/html" vary="Accept"FAILSame-URL negotiation failed issue="Same-URL Accept: text/markdown did not return a valid Markdown representation."Markdown format validation [fail]! Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation.INFOMarkdown format validationFAILCheck Markdown body quality actual={"valid":false,"wordCount":2543,"headingCount":0,"dialect":"html-heavy"} expected="valid Markdown with substantive text and headings" valid=false dialect="html-heavy" wordCount=2543 headingCount=0FAILMarkdown format validation failed issue="Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."Advertised Markdown alternate [warning]! No Link or HTML rel=alternate text/markdown URL was advertised.INFOAdvertised Markdown alternateWARNCheck advertised Markdown alternate candidates actual=0 expected="> 0 when HTML advertises a Markdown alternate" advertisedUrls=[] candidateCount=0WARNAdvertised Markdown alternate has a warning issue="No Link or HTML rel=alternate text/markdown URL was advertised."Conventional .md mirror [fail]! Conventional .md mirror candidates did not return valid Markdown.INFOConventional .md mirrorFAILCheck conventional Markdown mirror candidates actual=1 expected="> 0 when a conventional mirror is discoverable" conventionalUrls=["https://anon.li/index.html.md"] candidateCount=1FAILConventional .md mirror failed issue="Conventional .md mirror candidates did not return valid Markdown."

Validate OpenAPI shape [fail]! missing openapi/swagger version; missing info.title; missing info.version; no paths or webhooks defined; no operations defined; no operation responses definedINFOValidate OpenAPI shape status="fail"INFOValidate required OpenAPI shape versionFamily="missing" pathCount=0 webhookCount=0 operationCount=0FAILCheck operations define responses actual=0 expected="every operation should define responses"FAILCheck info metadata actual={"hasInfoTitle":false,"hasInfoVersion":false} expected="info.title and info.version present"FAILOpenAPI shape issue issue="missing openapi/swagger version"FAILOpenAPI shape issue issue="missing info.title"FAILOpenAPI shape issue issue="missing info.version"FAILOpenAPI shape issue issue="no paths or webhooks defined"FAILOpenAPI shape issue issue="no operations defined"FAILOpenAPI shape issue issue="no operation responses defined"FAILmissing openapi/swagger version; missing info.title; missing info.version; no paths or webhooks defined; no operations defined; no operation responses definedCheck machine-usable details [fail]! OpenAPI is valid, but missing schemas, parameters, servers, auth, operation IDs, tags, or examples reduces machine usability.INFOCheck machine-usable details status="fail"INFOInspect machine-usable operation details hasServers=false hasSecuritySchemes=false hasExplicitNoAuth=false requestBodyOperationCount=0 parameterOperationCount=0 responseSchemaOperationCount=0 operationIdCount=0 taggedOperationCount=0 exampleOperationCount=0WARNCheck OpenAPI operations include enough detail for agents to call them safely actual="2 machine-usability warning(s)" expected="servers, auth/no-auth signals, operationIds, parameters, request bodies, responses, tags, and examples where relevant"WARNMachine-usability warning warning="No server, host, or basePath information was found."WARNMachine-usability warning warning="No security schemes or explicit no-auth declaration were found."FAILOpenAPI is valid, but missing schemas, parameters, servers, auth, operation IDs, tags, or examples reduces machine usability.

Warn when auth surface lacks Auth.md [warning]! The site appears to support login, signup, account access, or credentials but does not publish /auth.md.INFOWarn when auth surface lacks Auth.mdWARNThe site appears to support login, signup, account access, or credentials but does not publish /auth.md.

Discover RSL declarations [warning]! No RSL declarations were found.INFODiscover RSL declarationsINFOChecking robots.txt License records, HTTP Link rel=license headers, HTML license links, and inline RSL XML robotsFound=trueSKIPCount discovered RSL declarations actual=0 expected=">= 1 when RSL licensing terms are published" sources={}WARNNo RSL declarations were found on any supported discovery surface.

Fetch /.well-known/tdmrep.json [warning]! No TDMRep declaration was found at /.well-known/tdmrep.json.INFOFetch /.well-known/tdmrep.jsonINFORequesting origin-level TDMRep declaration at /.well-known/tdmrep.jsonWARNCompare TDMRep file response actual=404 expected="2xx with JSON array when origin-level TDMRep is published" contentType="text/html; charset=utf-8" length=24506WARNNo TDMRep declaration was found at /.well-known/tdmrep.json. 

WebSite entity [fail]! No WebSite entity was found in Schema.org structured data.INFOWebSite entityINFOLooking for WebSite entity in structured data FAILCheck WebSite entity presence actual=false expected=true fields=[{"name":"WebSite.@type","present":false},{"name":"WebSite.@id","present":false},{"name":"WebSite.name","present":false},{"name":"WebSite.url","present":false},{"name":"WebSite.publisher.@id","present":false},{"name":"WebSite.publisher.name","present":false},{"name":"WebSite.publisher.url","present":false}]FAILWebSite entity is missingIdentity fields [warning]! Missing identity field(s): WebSite.name, WebSite.url.INFOIdentity fieldsINFOChecking Organization and WebSite name/url fields organizationFormat="json-ld"WARNCheck required identity fields actual=2 expected=4 missing=["WebSite.name","WebSite.url"] organizationFields=[{"name":"Organization.@type","present":true,"value":"Organization","format":"json-ld"},{"name":"Organization.@id","present":false,"format":"json-ld"},{"name":"Organization.name","present":true,"value":"anon.li","format":"json-ld"},{"name":"Organization.url","present":true,"value":"https://anon.li","format":"json-ld"},{"name":"Organization.logo","present":true,"value":"https://anon.li/icon-512.png","format":"json-ld"},{"name":"Organization.sameAs","present":false,"format":"json-ld"}] websiteFields=[{"name":"WebSite.@type","present":false},{"name":"WebSite.@id","present":false},{"name":"WebSite.name","present":false},{"name":"WebSite.url","present":false},{"name":"WebSite.publisher.@id","present":false},{"name":"WebSite.publisher.name","present":false},{"name":"WebSite.publisher.url","present":false}]WARNCheck identity URLs match scanned origin actual={"organizationUrlMatchesOrigin":true,"websiteUrlMatchesOrigin":false} expected={"organizationUrlMatchesOrigin":true,"websiteUrlMatchesOrigin":true}WARNIdentity fields are partially complete missing=["WebSite.name","WebSite.url"]WebSite publisher linkage [fail]! WebSite.publisher is missing.INFOWebSite publisher linkageINFOChecking whether WebSite.publisher points to the Organization entity organizationFormat="json-ld"FAILCheck publisher presence actual=false expected=true publisher={"present":false,"matchesOrganization":false} website={} organization={"name":"anon.li","url":"https://anon.li"}FAILCheck publisher matches Organization actual=false expected=trueFAILWebSite publisher is missingOrganization trust fields [warning]! Organization schema is missing sameAs or public contact evidence.INFOOrganization trust fieldsINFOChecking logo, sameAs, and public contact evidence format="json-ld"PASSCheck logo presence actual=true expected=true fields=[{"name":"Organization.logo","present":true,"value":"https://anon.li/icon-512.png","format":"json-ld"},{"name":"Organization.sameAs","present":false,"format":"json-ld"},{"name":"Organization.contactPoint","present":false,"format":"json-ld"},{"name":"Organization.telephone","present":false,"format":"json-ld"},{"name":"Organization.email","present":false,"format":"json-ld"},{"name":"Organization.address","present":false,"format":"json-ld"}]FAILCheck sameAs or contact evidence actual=0 expected=">= 1" sameAsCount=0 contactSignalCount=0 fields=[{"name":"Organization.logo","present":true,"value":"https://anon.li/icon-512.png","format":"json-ld"},{"name":"Organization.sameAs","present":false,"format":"json-ld"},{"name":"Organization.contactPoint","present":false,"format":"json-ld"},{"name":"Organization.telephone","present":false,"format":"json-ld"},{"name":"Organization.email","present":false,"format":"json-ld"},{"name":"Organization.address","present":false,"format":"json-ld"}]WARNOrganization trust fields are partially complete

Discover MCP server card [warning]! The MCP server card was found only at a transitional or linked path.INFODiscover MCP server card candidateCount=6INFOBuild MCP server-card candidate list currentPath="/.well-known/mcp-server-card" transitionalPaths=["/.well-known/mcp/server-card.json","/.well-known/mcp/server-cards.json","/mcp.json","/.well-known/mcp.json"] linkedPaths=["/docs/api/mcp"]INFOTrying to fetch /.well-known/mcp-server-card url="https://anon.li/.well-known/mcp-server-card" source="current"FAIL/.well-known/mcp-server-card did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /.well-known/mcp/server-card.json url="https://anon.li/.well-known/mcp/server-card.json" source="transitional"PASS/.well-known/mcp/server-card.json returned a successful response statusCode=200 contentType="application/json" finalUrl="https://anon.li/.well-known/mcp/server-card.json"INFOTrying to fetch /.well-known/mcp/server-cards.json url="https://anon.li/.well-known/mcp/server-cards.json" source="transitional"FAIL/.well-known/mcp/server-cards.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /mcp.json url="https://anon.li/mcp.json" source="transitional"FAIL/mcp.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /.well-known/mcp.json url="https://anon.li/.well-known/mcp.json" source="transitional"FAIL/.well-known/mcp.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /docs/api/mcp url="https://anon.li/docs/api/mcp" source="linked"PASS/docs/api/mcp returned a successful response statusCode=200 contentType="text/html; charset=utf-8" finalUrl="https://anon.li/docs/api/mcp"WARNCheck selected card is published at the current well-known path actual="/.well-known/mcp/server-card.json" expected="/.well-known/mcp-server-card" source="transitional" finalUrl="https://anon.li/.well-known/mcp/server-card.json"WARNMCP server card was discovered through a transitional or linked path path="/.well-known/mcp/server-card.json" source="transitional" reason="The MCP server card was found only at a transitional or linked path."Validate server-card shape [warning]! Card uses the transitional serverInfo/protocolVersion/transport shape instead of the current remotes[] model.INFOValidate server-card shape profile="legacy-server-card"PASSCheck response body parsed as JSON actual=true expected=truePASSCheck Content-Type is JSON-compatible actual=true expected=trueWARNCheck recognized MCP server-card profile actual="legacy-server-card" expected="sep-2127-draft" reason="Document uses the transitional serverInfo/protocolVersion/transport metadata model."PASSCheck required card fields are present actual=0 expected=0 missing=[]WARNCheck MCP server-card uses the current remotes[] profile without legacy compatibility warnings actual="1 compatibility warning(s)" expected="current sep-2127-draft card shape with no legacy compatibility warnings" warnings=["Card uses the transitional serverInfo/protocolVersion/transport shape instead of the current remotes[] model."]WARNMCP server-card shape is usable but needs migration or cleanup reason="Card uses the transitional serverInfo/protocolVersion/transport shape instead of the current remotes[] model."Probe same-origin MCP endpoint [warning]! MCP initialize was blocked by authentication; endpoint shape could not be verified unauthenticated.INFOProbe same-origin MCP endpoint probeCount=1INFOSelecting same-origin unauthenticated MCP remotes for a bounded initialize probeINFOSending MCP initialize probe url="https://anon.li/api/mcp"WARNCheck initialize response shape actual=false expected=true statusCode=401 contentType="application/json" authBlocked=true error={"code":-32000,"message":"Unauthorized: Authentication required","www-authenticate":"Bearer resource_metadata=\"https://anon.li/api/auth/.well-known/oauth-protected-resource\""}WARNCheck successful initialize probe count actual=0 expected="> 0 when a safe same-origin unauthenticated remote exists" activeProbeCount=1 authBlocked=1WARNMCP endpoint probe could not fully confirm operability reason="MCP initialize was blocked by authentication; endpoint shape could not be verified unauthenticated."

Discover A2A Agent Card [warning]! No A2A Agent Card was found at the current, legacy, or fallback discovery paths.INFODiscover A2A Agent CardINFOTry A2A discovery paths in priority order paths=["/.well-known/agent-card.json","/.well-known/agent.json","/agent-card.json","/.well-known/a2a/agent-card.json"]WARNA2A candidate path did not return a usable card path="/.well-known/agent-card.json" statusCode=404 contentType="text/html; charset=utf-8"WARNA2A candidate path did not return a usable card path="/.well-known/agent.json" statusCode=404 contentType="text/html; charset=utf-8"WARNA2A candidate path did not return a usable card path="/agent-card.json" statusCode=404 contentType="text/html; charset=utf-8"WARNA2A candidate path did not return a usable card path="/.well-known/a2a/agent-card.json" statusCode=404 contentType="text/html; charset=utf-8"WARNNo A2A Agent Card candidate was selectedWARNNo A2A Agent Card was found at the current, legacy, or fallback discovery paths.

Discover agents.json [warning]! No Wildcard-style agents.json file was found.INFODiscover agents.jsonINFOTry agents.json discovery paths in priority order paths=["/.well-known/agents.json","/agents.json"]WARNagents.json candidate path did not return a usable contract path="/.well-known/agents.json" statusCode=404 contentType="text/html; charset=utf-8"WARNagents.json candidate path did not return a usable contract path="/agents.json" statusCode=404 contentType="text/html; charset=utf-8"WARNNo agents.json candidate was selectedWARNNo Wildcard-style agents.json file was found.

Query DNS-AID records [warning]! No DNS-AID HTTPS/SVCB records were found under _agents.INFOQuery DNS-AID recordsINFOBuild DNS-AID query names from hostname hostname="anon.li" labels=["_index._agents.anon.li","_a2a._agents.anon.li"] claimedOnPage=falseWARNDNS query returned no DNS-AID answers name="_index._agents.anon.li" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.anon.li" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.anon.li" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _index._agents.anon.li"WARNDNS query returned no DNS-AID answers name="_a2a._agents.anon.li" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.anon.li" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.anon.li" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _a2a._agents.anon.li"WARNCompare total DNS-AID answer count actual=0 expected="> 0"WARNNo DNS-AID HTTPS/SVCB records were found under _agents.Check DNSSEC authentication evidence [warning]! DNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.INFOCheck DNSSEC authentication evidenceWARNCompare DNSSEC authenticated-data flag actual=false expected=trueWARNCompare visible DNSSEC material actual=false expected=trueWARNResolver did not confirm authenticated DNSSEC data name="_index._agents.anon.li" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.anon.li" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.anon.li" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.anon.li" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.anon.li" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.anon.li" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.anon.li" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.anon.li" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="anon.li" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNDNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.

Schema.org attribution [warning]! Schema.org attribution is incomplete or relies only on publisher/fallback evidence.INFOSchema.org attributionINFOChecking structured data for author, creator, and publisher contributorsWARNCheck named Schema.org author count actual=0 expected="> 0" authorCount=0 publisherCount=0 namedContributors=0 authors=[] publishers=[] formats=[]WARNSchema.org attribution is incomplete or fallback-only authorCount=0 publisherCount=0 authors=[] publishers=[]Author identity quality [fail]! No named author or publisher identity could be extracted.INFOAuthor identity qualityINFOChecking contributors for stable identity signalsFAILCheck identified contributor count actual=0 expected="> 0" namedContributors=0 identifiedContributors=[] unidentifiedContributors=[]FAILNo named contributor identity could be extracted

Validate metadata profile [warning]! jwks_uri is omitted; this can be valid for pure OAuth metadata but limits signed-token/OIDC verification.INFOValidate metadata profileINFOParsing and validating OAuth/OIDC metadata profile valid=true compatibleContentType=true profile="oauth-authorization-server" missingCount=0 warningsCount=3 endpointIssuesCount=0 issuer="https://anon.li" authorizationEndpoint="https://anon.li/api/auth/mcp/authorize" tokenEndpoint="https://anon.li/api/auth/mcp/token"PASSCheck metadata profile was recognized actual="oauth-authorization-server" expected="oauth-authorization-server, oidc, or hybrid"PASSCheck required metadata fields are present actual=0 expected=0 missing=[]WARNCheck OAuth metadata is fully usable by browser and agent clients actual="3 client-usage warning(s)" expected="no CORS, endpoint, or compatibility warnings" warnings=["jwks_uri is omitted; this can be valid for pure OAuth metadata but limits signed-token/OIDC verification.","revocation_endpoint is omitted.","introspection_endpoint is omitted."]WARNOAuth metadata client-usage warning warning="jwks_uri is omitted; this can be valid for pure OAuth metadata but limits signed-token/OIDC verification."WARNOAuth metadata client-usage warning warning="revocation_endpoint is omitted."WARNOAuth metadata client-usage warning warning="introspection_endpoint is omitted."WARNValidate metadata profile completed with warnings issue="jwks_uri is omitted; this can be valid for pure OAuth metadata but limits signed-token/OIDC verification."Validate discovery CORS [warning]! Discovery metadata did not include Access-Control-Allow-Origin: *, so browser-based clients may be unable to fetch it cross-origin.INFOValidate discovery CORSINFOChecking whether browser clients can read the public discovery document profile="oauth-authorization-server" corsPresent=trueWARNCheck Access-Control-Allow-Origin header actual="missing" expected="present or wildcard for browser-readable discovery"WARNValidate discovery CORS completed with warnings issue="Discovery metadata did not include Access-Control-Allow-Origin: *, so browser-based clients may be unable to fetch it cross-origin."Probe authorization endpoint [fail]! authorization_endpoint did not behave like an operational OAuth authorization endpoint.INFOProbe authorization endpointINFOSafely probing advertised authorization endpoint shape url="https://anon.li/api/auth/mcp/authorize?response_type=code&client_id=can-agent-use-scanner&redirect_uri=https%3A%2F%2Fcan-agent-use.invalid%2Foauth%2Fcallback&scope=openid&state=can-agent-use-probe" method="GET" statusCode=302 location="/login?response_type=code&client_id=can-agent-use-scanner&redirect_uri=https%3A%2F%2Fcan-agent-use.invalid%2Foauth%2Fcallback&scope=&state=can-agent-use-probe" contentType="application/json"FAILCheck authorization endpoint responds with protocol-shaped result actual=302 expected="redirect or OAuth error response"FAILProbe authorization endpoint failed issue="authorization_endpoint did not behave like an operational OAuth authorization endpoint."Validate JWKS when required [warning]! jwks_uri is absent; this can be valid for pure OAuth but is required for OIDC and signed-token verification.INFOValidate JWKS when requiredINFOValidating advertised JWKS signing-key document profile="oauth-authorization-server"WARNCheck valid JWK count actual=0 expected="> 0 when jwks_uri is advertised" warnings=[]WARNValidate JWKS when required completed with warnings issue="jwks_uri is absent; this can be valid for pure OAuth but is required for OIDC and signed-token verification."

Check API catalog HEAD Link header [warning]! HEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog".INFOCheck API catalog HEAD Link headerINFOSend HEAD request to API catalog path attempted=true statusCode=200 contentType="application/linkset+json; profile=\"https://www.rfc-editor.org/info/rfc9727\""WARNCompare HEAD Link rel=api-catalog count actual=0 expected="> 0"WARNHEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog". status="warning"Validate API catalog targets [fail]! API catalog target https://anon.li/api/v1/alias (item) returned HTTP 401 instead of a 2xx/3xx response.INFOValidate API catalog targetsINFOFetch same-origin API catalog targets and record same-site/external skipsFAILAPI catalog target failed validation rel="item" href="https://anon.li/api/v1/alias" statusCode=401 contentType="application/json" typeMatches=trueFAILAPI catalog target failed validation rel="item" href="https://anon.li/api/v1/drop" statusCode=401 contentType="application/json" typeMatches=trueFAILAPI catalog target failed validation rel="item" href="https://anon.li/api/v1/form" statusCode=401 contentType="application/json" typeMatches=trueFAILAPI catalog target failed validation rel="item" href="https://anon.li/api/v1/domain" statusCode=401 contentType="application/json" typeMatches=trueFAILAPI catalog target failed validation rel="item" href="https://anon.li/api/v1/recipient" statusCode=401 contentType="application/json" typeMatches=trueFAILAPI catalog target failed validation rel="item" href="https://anon.li/api/mcp" statusCode=401 contentType="application/json" typeMatches=truePASSAPI catalog target is reachable rel="service-doc" href="https://anon.li/docs/api/alias" statusCode=200 contentType="text/html; charset=utf-8" advertisedType="text/html"PASSAPI catalog target is reachable rel="service-doc" href="https://anon.li/docs/api/drop" statusCode=200 contentType="text/html; charset=utf-8" advertisedType="text/html"PASSAPI catalog target is reachable rel="service-doc" href="https://anon.li/docs/api/form" statusCode=200 contentType="text/html; charset=utf-8" advertisedType="text/html"PASSAPI catalog target is reachable rel="service-doc" href="https://anon.li/docs/api/domain" statusCode=200 contentType="text/html; charset=utf-8" advertisedType="text/html"PASSAPI catalog target is reachable rel="service-doc" href="https://anon.li/docs/api/recipient" statusCode=200 contentType="text/html; charset=utf-8" advertisedType="text/html"PASSAPI catalog target is reachable rel="service-doc" href="https://anon.li/docs/api/mcp" statusCode=200 contentType="text/html; charset=utf-8" advertisedType="text/html"PASSAPI catalog target is reachable rel="service-meta" href="https://anon.li/.well-known/mcp/server-card.json" statusCode=200 contentType="application/json" advertisedType="application/json"PASSAPI catalog target is reachable rel="service-meta" href="https://anon.li/.well-known/oauth-authorization-server" statusCode=200 contentType="application/json" advertisedType="application/json"PASSAPI catalog target is reachable rel="service-meta" href="https://anon.li/.well-known/oauth-protected-resource" statusCode=200 contentType="application/json" advertisedType="application/json"FAILCompare API catalog target failure count actual=6 expected=0FAILAPI catalog target https://anon.li/api/v1/alias (item) returned HTTP 401 instead of a 2xx/3xx response.

Evaluate script execution [warning]! script-src allows unsafe-inline without nonce or hash controls.INFOEvaluate script executionINFOInspect effective script directive effectiveDirective="script-src" sources=["'self'","'unsafe-inline'","'wasm-unsafe-eval'","https://cloud.umami.is","https://challenges.cloudflare.com"]WARNCompare script execution posture actual={"hasNonce":false,"hasHash":false,"hasStrictDynamic":false,"hasUnsafeInline":true,"hasUnsafeEval":true,"hasWildcardHost":false,"hasBroadScheme":false,"dangerousSchemes":[]} expected="constrained script sources without unsafe execution allowances" issue="script-src allows unsafe-inline without nonce or hash controls."WARNscript-src allows unsafe-inline without nonce or hash controls.Review CSP reporting [warning]! CSP does not define a reporting endpoint.INFOReview CSP reportingINFOInspect CSP reporting directives reportOnlyHeaderPresent=false reportOnlyDirectives=[]WARNCompare violation reporting configuration actual="no reporting endpoint" expected="report-to or report-uri present" issue="CSP does not define a reporting endpoint."WARNCSP does not define a reporting endpoint.

Validate metadata shape [warning]! Access-Control-Allow-Origin is absent; browser-based clients may not be able to read metadata.INFOValidate metadata shapeINFOParsing and validating RFC 9728 protected-resource metadata valid=true compatibleContentType=true warningsCount=1 resource="https://anon.li" resourceIssuesCount=0 authorizationServersCount=1 authorizationServerIssuesCount=0 scopesSupportedCount=3 bearerMethodsSupportedCount=1PASSCheck metadata resource field is present actual="https://anon.li" expected="absolute protected resource identifier"PASSCheck required metadata field failures actual=0 expected=0 missing=[]WARNCheck protected-resource metadata is browser-readable and complete for OAuth clients actual="1 client-usage warning(s)" expected="no CORS, authorization-server, or compatibility warnings" warnings=["Access-Control-Allow-Origin is absent; browser-based clients may not be able to read metadata."]WARNProtected-resource metadata client-usage warning warning="Access-Control-Allow-Origin is absent; browser-based clients may not be able to read metadata."WARNValidate metadata shape completed with warnings issue="Access-Control-Allow-Origin is absent; browser-based clients may not be able to read metadata."Validate protected resource challenge [warning]! No protected route with a 401 resource_metadata challenge was detected; metadata shape is valid but route linkage was not proven.INFOValidate protected resource challengeINFOProbing protected routes for WWW-Authenticate resource_metadata linkage checkedCount=5INFOChecked protected route challenge url="https://anon.li/docs/api" statusCode=200 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://anon.li/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://anon.li" metadataResource="https://anon.li" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://anon.li/mcp" statusCode=200 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://anon.li/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://anon.li" metadataResource="https://anon.li" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://anon.li/api/scans" statusCode=404 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://anon.li/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://anon.li" metadataResource="https://anon.li" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://anon.li/api/admin/scans" statusCode=404 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://anon.li/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://anon.li" metadataResource="https://anon.li" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://anon.li/api/admin/summary" statusCode=404 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://anon.li/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://anon.li" metadataResource="https://anon.li" resourceMatches=true scopePresent=falseWARNCheck challenge includes resource_metadata linkage actual=5 expected="> 0 matching protected route challenges"WARNValidate protected resource challenge completed with warnings issue="No protected route with a 401 resource_metadata challenge was detected; metadata shape is valid but route linkage was not proven."

Validate skill content [warning]! description does not clearly state when an agent should activate the skill.INFOValidate skill contentWARNCompare skill artifact content failures actual=0 expected=0 name="anon-li" type="skill-md" url="https://anon.li/.well-known/agent-skills/anon-li/SKILL.md"WARNSkill content validation warning name="anon-li" warning="description does not clearly state when an agent should activate the skill."WARNSkill content validation warning name="anon-li" warning="SKILL.md body lacks obvious workflow, input/output, example, or validation guidance."WARNdescription does not clearly state when an agent should activate the skill.Review skill artifact security [warning]! SKILL.md references external URLs; fetched content is an additional trust boundary (https://anon.li/api/mcp`, https://anon.li/docs/api/mcp`, https://anon.li/api/v1`, https://anon.li/docs/api/alias`, https://anon.li/docs/api/recipient`, https://anon.li/docs/api/domain`, https://anon.li/docs/api/drop`, https://anon.li/docs/api/form`).INFOReview skill artifact securityFAILCompare security finding count actual=1 expected=0WARNAgent Skills artifact security warning finding="SKILL.md references external URLs; fetched content is an additional trust boundary (https://anon.li/api/mcp`, https://anon.li/docs/api/mcp`, https://anon.li/api/v1`, https://anon.li/docs/api/alias`, https://anon.li/docs/api/recipient`, https://anon.li/docs/api/domain`, https://anon.li/docs/api/drop`, https://anon.li/docs/api/form`)."WARNSKILL.md references external URLs; fetched content is an additional trust boundary (https://anon.li/api/mcp`, https://anon.li/docs/api/mcp`, https://anon.li/api/v1`, https://anon.li/docs/api/alias`, https://anon.li/docs/api/recipient`, https://anon.li/docs/api/domain`, https://anon.li/docs/api/drop`, https://anon.li/docs/api/form`).

Review preload opt-in [warning]! preload is present; verify hstspreload.org operational requirements before submission.INFOReview preload opt-inINFOInspect preload opt-in preload=true includeSubDomains=true maxAge=63072000WARNCompare header-level preload requirements actual="eligible by header" expected="preload + includeSubDomains + max-age >= 31536000" issue="preload is present; verify hstspreload.org operational requirements before submission."WARNpreload is present; verify hstspreload.org operational requirements before submission.

Schema policy recommendations [warning]! SoftwareApplication schema is missing recommended Google field(s): aggregateRating.INFOSchema policy recommendationsINFOChecking search feature recommended fields on detected primary schema nodesWARNCheck schema policy recommendation issue count actual=1 expected=0 issues=[{"schemaTypes":["SoftwareApplication"],"format":"json-ld","missingRecommended":["aggregateRating"],"fieldEvidence":[{"name":"aggregateRating","present":false,"format":"json-ld"},{"name":"offers.priceCurrency","present":true,"value":"USD","format":"json-ld"}],"message":"SoftwareApplication schema is missing recommended Google field(s): aggregateRating."}]WARNSchema policy recommendations are missing issues=[{"schemaTypes":["SoftwareApplication"],"format":"json-ld","missingRecommended":["aggregateRating"],"fieldEvidence":[{"name":"aggregateRating","present":false,"format":"json-ld"},{"name":"offers.priceCurrency","present":true,"value":"USD","format":"json-ld"}],"message":"SoftwareApplication schema is missing recommended Google field(s): aggregateRating."}]

Find advertised IndexNow key location [informational]! No IndexNow key location was advertised in HTML, Link headers, or robots.txt.INFOFind advertised IndexNow key locationINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"WARNNo IndexNow key location was advertised in HTML, Link headers, or robots.txt.Fetch and validate IndexNow key file [informational]! No discoverable IndexNow key file was found.INFOFetch and validate IndexNow key fileINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"INFOFetch each advertised same-origin key file and validate filename/body matchFAILCompare valid IndexNow key file count actual=0 expected="> 0"WARNNo discoverable IndexNow key file was found.