Export Report
OVERALL SCORE
Level 3, Bot-Aware
- AI Discoverability 43 out of 100
- Agent Ease of Use 6 out of 100
- Security & Trust 80 out of 100
- GEO, AIO and AEO 83 out of 100
- SEO 100 out of 100
- Performance and Accessibility 97 out of 100
What AI sees of your website
Castle – Stop bots and account abuse in minutes
A complete suite of SDKs and APIs to monitor users, block bots, and stop in-app fraud.
Next step
Turn this report into a fix workflow
24 failed checks are ready to move into MCP or CLI remediation. Generate a repair prompt, connect the scanner to your coding agent, or open the integration docs before your next rescan.
| Metric | Score | Status | Passed | Failed | Warning | Evidence |
|---|---|---|---|---|---|---|
| AI Discoverability | 43 | Priority fix | 10 | 14 | 0 | View details |
| Discoverability | 67 | Needs work | 5 | 4 | 0 | View details |
| Content Readiness | 50 | Needs work | 5 | 6 | 0 | View details |
| Bot Access Control | 0 | Priority fix | 0 | 4 | 0 | View details |
| Agent Ease of Use | 6 | Priority fix | 4 | 29 | 3 | View details |
| API | 0 | Priority fix | 0 | 6 | 0 | View details |
| Auth | Not Applicable | Not Applicable | 0 | 7 | 0 | View details |
| MCP | 13 | Priority fix | 0 | 6 | 2 | View details |
| Skill Discovery | 5 | Priority fix | 0 | 10 | 1 | View details |
| Agent Commerce | Not Applicable | Not Applicable | 4 | 0 | 0 | |
| GEO, AIO and AEO | 83 | Mostly ready | 7 | 0 | 10 | |
| GEO Readiness | 86 | Mostly ready | 1 | 0 | 4 | |
| AIO Readiness | Not Applicable | Not Applicable | 5 | 0 | 0 | |
| AEO Readiness | 71 | Needs work | 1 | 0 | 6 | |
| SEO | 100 | Strong | 11 | 0 | 0 | |
| SEO | 100 | Strong | 11 | 0 | 0 | |
| Security & Trust | 80 | Mostly ready | 8 | 1 | 0 | View details |
| Security & Trust | 80 | Mostly ready | 4 | 1 | 0 | View details |
| AI Training Exposure | Not Applicable | Not Applicable | 4 | 0 | 0 | |
| Performance and Accessibility | 97 | Strong | 22 | 3 | 2 | View details |
| Performance | 97 | Strong | 17 | 2 | 2 | View details |
| Accessibility | 96 | Strong | 5 | 1 | 0 | View details |
Prioritized recommendations
Issues ranked by score impact
39 items need attention
Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy is missing or incomplete.
100 Fail
Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy is missing or incomplete.
Needs attention
Content-Security-Policy
Issue
Content-Security-Policy is missing or incomplete.
Why it matters
Content Security Policy limits where scripts, styles, frames, and connections can load from, reducing the impact of injection bugs.
Check name
Content-Security-Policy
Score
0/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Constrain script, style, frame, and resource loading with a Content-Security-Policy header.
Result
Content-Security-Policy is missing or incomplete.
Evidence
{
"header": "content-security-policy",
"value": null
}Agent Ease of UseAPIEstablished
API Catalog
API Catalog failed at "Fetch API catalog".
50 Fail
Agent Ease of UseAPIEstablished
API Catalog
API Catalog failed at "Fetch API catalog".
Needs attention
API Catalog
Issue
The API catalog endpoint did not return HTTP 2xx.
Why it matters
API catalogs help agents find service descriptions, documentation, and status resources without guessing API entry points.
Check name
API Catalog
Score
0/100
Status
fail
Category
API
Maturity
Established
Goal
Publish an API catalog for automated API discovery using RFC 9727.
Result
API Catalog failed at "Fetch API catalog".
Validation steps
Fetch API catalog
The API catalog endpoint did not return HTTP 2xx.
Validate RFC 9727 linkset
Response is not valid JSON.
Fetch advertised API catalog targets
API Catalog did not expose any same-origin hrefs to validate.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Fetch API catalog",
"status": "fail",
"evidence": {
"statusCode": 404,
"contentType": "text/html; charset=utf-8"
},
"issue": "The API catalog endpoint did not return HTTP 2xx.",
"howToFix": "Publish /.well-known/api-catalog."
},
{
"id": "validate",
"title": "Validate RFC 9727 linkset",
"status": "fail",
"evidence": {
"valid": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: "
},
"issue": "Response is not valid JSON.",
"howToFix": "Use application/linkset+json with service-desc, service-doc, and status relations that each include href."
},
{
"id": "target-validation",
"title": "Fetch advertised API catalog targets",
"status": "fail",
"evidence": {
"checked": [],
"failures": [
{
"reason": "No same-origin API catalog hrefs were available to fetch."
}
]
},
"issue": "API Catalog did not expose any same-origin hrefs to validate.",
"howToFix": "Make each same-origin API catalog href reachable and serve the advertised media type."
}
]
}AI DiscoverabilityDiscoverabilityEstablished
High-value schema types
High-value schema types is missing or incomplete.
50 Fail
AI DiscoverabilityDiscoverabilityEstablished
High-value schema types
High-value schema types is missing or incomplete.
Needs attention
High-value schema types
Issue
No high-value schema types (e.g. Article, Product, Service) were found.
Why it matters
High-value schema types tell agents whether a page is an article, product, event, service, or other actionable content type.
Check name
High-value schema types
Score
0/100
Status
fail
Category
Discoverability
Maturity
Established
Goal
Use schema types that describe the page's primary content or offering.
Result
High-value schema types is missing or incomplete.
Evidence
{
"found": [],
"expected": [
"Article",
"BlogPosting",
"NewsArticle",
"Product",
"SoftwareApplication",
"FAQPage",
"LocalBusiness",
"VideoObject",
"HowTo",
"Event",
"Course",
"Review",
"Service"
],
"allTypes": [
"Organization",
"WebSite"
]
}AI DiscoverabilityDiscoverabilityEstablished
Link headers
Link headers failed at "Find useful Link headers".
50 Fail
AI DiscoverabilityDiscoverabilityEstablished
Link headers
Link headers failed at "Find useful Link headers".
Needs attention
Link headers
Issue
No useful agent discovery Link headers were found.
Why it matters
Link headers let automated clients discover API catalogs, documentation, and machine-readable alternates without parsing page markup first.
Check name
Link headers
Score
0/100
Status
fail
Category
Discoverability
Maturity
Established
Goal
Include Link response headers for agent discovery using RFC 8288.
Result
Link headers failed at "Find useful Link headers".
Validation steps
Find useful Link headers
No useful agent discovery Link headers were found.
Fetch same-origin Link header targets
Link headers did not expose any same-origin targets to validate.
Evidence
{
"failedStep": "presence",
"steps": [
{
"id": "presence",
"title": "Find useful Link headers",
"status": "fail",
"evidence": {
"links": []
},
"issue": "No useful agent discovery Link headers were found.",
"howToFix": "Expose useful Link headers such as rel=\"api-catalog\", rel=\"service-doc\", and rel=\"service-desc\"."
},
{
"id": "target-validation",
"title": "Fetch same-origin Link header targets",
"status": "fail",
"evidence": {
"checked": [],
"failures": [
{
"reason": "No same-origin Link header targets were available to fetch."
}
]
},
"issue": "Link headers did not expose any same-origin targets to validate.",
"howToFix": "Make each same-origin Link href reachable and serve the advertised media type."
}
]
}Agent Ease of UseAPIEstablished
OpenAPI discovery
OpenAPI discovery failed at "Find valid OpenAPI document".
50 Fail
Agent Ease of UseAPIEstablished
OpenAPI discovery
OpenAPI discovery failed at "Find valid OpenAPI document".
Needs attention
OpenAPI discovery
Issue
OpenAPI YAML document did not match the expected shape. Content-Type "text/html; charset=utf-8" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.
Why it matters
OpenAPI documents let agents understand available operations, schemas, authentication, and request formats before calling an API.
Check name
OpenAPI discovery
Score
0/100
Status
fail
Category
API
Maturity
Established
Goal
Publish a valid OpenAPI or Swagger document for API discovery.
Result
OpenAPI discovery failed at "Find valid OpenAPI document".
Validation steps
Find valid OpenAPI document
OpenAPI YAML document did not match the expected shape. Content-Type "text/html; charset=utf-8" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Find valid OpenAPI document",
"status": "fail",
"evidence": {
"checked": [
{
"path": "/openapi.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": false,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: "
},
{
"path": "/openapi.yaml",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": false,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: "
},
{
"path": "/swagger.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": false,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: "
},
{
"path": "/swagger.yaml",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": false,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: "
},
{
"path": "/api/openapi.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": false,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: "
},
{
"path": "/api/swagger.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": false,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: "
},
{
"path": "/docs/openapi.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": false,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: "
}
]
},
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"howToFix": "Publish a valid OpenAPI 3.x or Swagger 2.0 JSON/YAML document with info, paths, operations, and responses."
}
]
}AI DiscoverabilityBot Access ControlEstablished
AI bot rules in robots.txt
AI bot rules in robots.txt is missing or incomplete.
33 Fail
AI DiscoverabilityBot Access ControlEstablished
AI bot rules in robots.txt
AI bot rules in robots.txt is missing or incomplete.
Needs attention
AI bot rules in robots.txt
Issue
No specific User-agent rules found for major AI crawlers (GPTBot, ClaudeBot, etc.) in robots.txt.
Why it matters
Explicit AI bot rules reduce ambiguity for crawler operators and make training, indexing, or retrieval access policy auditable.
Check name
AI bot rules in robots.txt
Score
0/100
Status
fail
Category
Bot Access Control
Maturity
Established
Goal
Add User-agent rules for AI crawlers like GPTBot, Claude-Web, and others.
Result
AI bot rules in robots.txt is missing or incomplete.
Evidence
{
"expectedBots": [
"GPTBot",
"ChatGPT-User",
"ClaudeBot",
"Claude-Web",
"Anthropic-AI",
"Google-Extended",
"PerplexityBot",
"CCBot",
"Applebot-Extended",
"Meta-ExternalAgent",
"Bytespider",
"Amazonbot",
"Cohere-AI"
],
"configuredBots": []
}AI DiscoverabilityContent ReadinessEstablished
Content freshness signals
Content freshness signals is missing or incomplete.
33 Fail
AI DiscoverabilityContent ReadinessEstablished
Content freshness signals
Content freshness signals is missing or incomplete.
Needs attention
Content freshness signals
Issue
Content freshness signals are incomplete: missing Last-Modified HTTP header; missing dateModified/datePublished in JSON-LD; missing meta or <time> freshness tags.
Why it matters
Freshness signals help agents decide whether content is current enough to cite, summarize, or compare against newer sources.
Check name
Content freshness signals
Score
0/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Expose modified and published dates for freshness-aware retrieval and ranking.
Result
Content freshness signals is missing or incomplete.
Evidence
{
"lastModified": null,
"schemaDates": [],
"metaDateCount": 0,
"timeDateCount": 0
}AI DiscoverabilityBot Access ControlInformational
Content Signal
Content Signal is missing or incomplete.
33 Fail
AI DiscoverabilityBot Access ControlInformational
Content Signal
Content Signal is missing or incomplete.
Needs attention
Content Signal
Issue
No Content Signal found in robots.txt
Why it matters
Content Signal provides a machine-readable way to communicate AI usage preferences where participating crawlers look for policy.
Check name
Content Signal
Score
0/100
Status
fail
Category
Bot Access Control
Maturity
Informational
Goal
Declare AI content usage preferences with Content Signal in robots.txt.
Result
Content Signal is missing or incomplete.
Evidence
{
"signals": [],
"ai-train": false,
"search": false,
"ai-input": false
}AI DiscoverabilityContent ReadinessEstablished
Markdown negotiation
Markdown negotiation failed at "Markdown content type".
33 Fail
AI DiscoverabilityContent ReadinessEstablished
Markdown negotiation
Markdown negotiation failed at "Markdown content type".
Needs attention
Markdown negotiation
Issue
Content-Type "text/html; charset=UTF-8" does not indicate Markdown when requested with Accept: text/markdown.
Why it matters
Markdown negotiation gives agents a cleaner representation of page content while preserving normal HTML for browsers.
Check name
Markdown negotiation
Score
0/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Return HTML responses as markdown when agents request it.
Result
Markdown negotiation failed at "Markdown content type".
Validation steps
Markdown content type
Content-Type "text/html; charset=UTF-8" does not indicate Markdown when requested with Accept: text/markdown.
Vary: Accept header
Markdown negotiation is missing Vary: Accept; current Vary header is "Accept-Encoding".
Structured Markdown body
Markdown response is missing a heading.
Evidence
{
"failedStep": "content-type",
"steps": [
{
"id": "content-type",
"title": "Markdown content type",
"status": "fail",
"evidence": {
"statusCode": 200,
"contentType": "text/html; charset=UTF-8"
},
"issue": "Content-Type \"text/html; charset=UTF-8\" does not indicate Markdown when requested with Accept: text/markdown.",
"howToFix": "Return Content-Type: text/markdown; charset=utf-8 for requests with Accept: text/markdown."
},
{
"id": "vary-accept",
"title": "Vary: Accept header",
"status": "fail",
"evidence": {
"vary": "Accept-Encoding"
},
"issue": "Markdown negotiation is missing Vary: Accept; current Vary header is \"Accept-Encoding\".",
"howToFix": "Add Vary: Accept on negotiated Markdown responses so shared caches keep HTML and Markdown variants separate."
},
{
"id": "markdown-content",
"title": "Structured Markdown body",
"status": "fail",
"evidence": {
"valid": false,
"hasHeading": false,
"wordCount": 146723,
"excerpt": "<!DOCTYPE html><html lang=\"en\"> <head><meta charset=\"UTF-8\"><!-- Theme detection script - must run before any CSS to prevent flash --><script>\n function applyTheme() {\n const theme = localStorage.getItem('theme') ||\n (w",
"issue": "Markdown response is missing a heading."
},
"issue": "Markdown response is missing a heading.",
"howToFix": "Return Markdown with at least one heading and substantive page content, including useful links or instructions for agents."
}
]
}AI DiscoverabilityContent ReadinessEstablished
Semantic HTML
Semantic HTML is missing or incomplete.
33 Fail
AI DiscoverabilityContent ReadinessEstablished
Semantic HTML
Semantic HTML is missing or incomplete.
Needs attention
Semantic HTML
Issue
Semantic HTML is incomplete: 0/2 applicable form inputs have autocomplete attributes (2 missing).
Details
Why it matters
Semantic HTML gives browsers, assistive technology, search systems, and agents reliable landmarks, headings, controls, form semantics, and image context.
Check name
Semantic HTML
Score
0/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Expose readable page structure through semantic HTML and accessible controls.
Result
Semantic HTML is missing or incomplete.
Evidence
{
"main": true,
"nav": true,
"footer": true,
"meaningfulH1": true,
"headingOrder": true,
"accessibleLinks": true,
"accessibleButtons": true,
"imageAltCoverage": true,
"formAutocompleteCoverage": false,
"details": {
"inaccessibleLinks": [],
"inaccessibleButtons": [],
"missingAutocompleteInputs": [
"<input type=\"email\" data-slot=\"input\" class=\"placeholder:text-gray-a8 outline-none disabled:opacity-50 flex h-9 w-full min-w-0 rounded-md px-3 py-1 text-base md:text-sm file:text-gray-12 file:inline-flex file:h-7 file:border-0 file:bg-transparent file:text-sm file:font-medium disabled:pointer-events-none disabled:cursor-not-allowed ring-gray-a5 bg-gray-1/50 border-gray-1 border shadow-xs ring-1 transition-[color,box-shadow] dark:bg-black/20 selection:bg-gray-a5 selection:text-gray-12 focus-visib",
"<input type=\"password\" data-slot=\"input\" class=\"placeholder:text-gray-a8 outline-none disabled:opacity-50 flex h-9 w-full min-w-0 rounded-md px-3 py-1 text-base md:text-sm file:text-gray-12 file:inline-flex file:h-7 file:border-0 file:bg-transparent file:text-sm file:font-medium disabled:pointer-events-none disabled:cursor-not-allowed ring-gray-a5 bg-gray-1/50 border-gray-1 border shadow-xs ring-1 transition-[color,box-shadow] dark:bg-black/20 selection:bg-gray-a5 selection:text-gray-12 focus-vi"
],
"imagesMissingAlt": [],
"skippedHeadingLevels": []
},
"counts": {
"h1": 1,
"headings": 53,
"links": 55,
"inaccessibleLinks": 0,
"buttons": 546,
"inaccessibleButtons": 0,
"images": 1,
"imagesWithAlt": 1,
"autocompleteInputs": 2,
"inputsWithAutocomplete": 0,
"missingAutocompleteInputs": 2
}
}AI DiscoverabilityBot Access ControlInformational
Web Bot Auth request signing
Web Bot Auth request signing failed at "Fetch to find resource".
33 Fail
AI DiscoverabilityBot Access ControlInformational
Web Bot Auth request signing
Web Bot Auth request signing failed at "Fetch to find resource".
Needs attention
Web Bot Auth request signing
Issue
Web Bot Auth request signing was not found at the expected path.
Why it matters
Web Bot Auth discovery lets servers and clients find signing keys for bot identity workflows based on HTTP Message Signatures.
Check name
Web Bot Auth request signing
Score
0/100
Status
fail
Category
Bot Access Control
Maturity
Informational
Goal
Advertise HTTP Message Signatures keys when this site operates signed bot clients or supports Web Bot Auth workflows.
Result
Web Bot Auth request signing failed at "Fetch to find resource".
Validation steps
Fetch to find resource
Web Bot Auth request signing was not found at the expected path.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Fetch to find resource",
"status": "fail",
"evidence": {
"checked": [
{
"path": "/.well-known/http-message-signatures-directory",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
}
]
},
"issue": "Web Bot Auth request signing was not found at the expected path.",
"howToFix": "If publishing Web Bot Auth keys, return a JSON key directory with a non-empty keys array and the draft media type."
}
]
}Agent Ease of UseMCPEmerging recommendation
MCP Server Card
MCP Server Card failed at "Fetch to find resource".
25 Fail
Agent Ease of UseMCPEmerging recommendation
MCP Server Card
MCP Server Card failed at "Fetch to find resource".
Needs attention
MCP Server Card
Issue
MCP Server Card was not found at the expected path.
Why it matters
MCP Server Cards help agents discover server transports, capabilities, and protocol details before opening an MCP session.
Check name
MCP Server Card
Score
0/100
Status
fail
Category
MCP
Maturity
Emerging recommendation
Goal
Publish an MCP Server Card for agent discovery.
Result
MCP Server Card failed at "Fetch to find resource".
Validation steps
Fetch to find resource
MCP Server Card was not found at the expected path.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Fetch to find resource",
"status": "fail",
"evidence": {
"checked": [
{
"path": "/.well-known/mcp/server-card.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/.well-known/mcp/server-cards.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/.well-known/mcp.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
}
]
},
"issue": "MCP Server Card was not found at the expected path.",
"howToFix": "Publish an MCP server card with valid transports and make each advertised local endpoint answer an MCP initialize request."
}
]
}Agent Ease of UseMCPEmerging recommendation
mcp.json
mcp.json failed at "Fetch to find resource".
25 Fail
Agent Ease of UseMCPEmerging recommendation
mcp.json
mcp.json failed at "Fetch to find resource".
Needs attention
mcp.json
Issue
mcp.json was not found at the expected path.
Why it matters
MCP clients need trustworthy server metadata, protocol version, transport details, and capability hints before connecting to a remote MCP server.
Check name
mcp.json
Score
0/100
Status
fail
Category
MCP
Maturity
Emerging recommendation
Goal
Expose a stable MCP server metadata document that points agents to the site's MCP endpoint.
Result
mcp.json failed at "Fetch to find resource".
Validation steps
Fetch to find resource
mcp.json was not found at the expected path.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Fetch to find resource",
"status": "fail",
"evidence": {
"checked": [
{
"path": "/mcp.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/.well-known/mcp.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/.well-known/mcp/server-card.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
}
]
},
"issue": "mcp.json was not found at the expected path.",
"howToFix": "Publish mcp.json or an MCP server card with serverInfo, protocolVersion, transport endpoint, and capabilities."
}
]
}Agent Ease of UseMCPInformational
WebMCP manifest
WebMCP manifest failed at "Fetch to find resource".
25 Fail
Agent Ease of UseMCPInformational
WebMCP manifest
WebMCP manifest failed at "Fetch to find resource".
Needs attention
WebMCP manifest
Issue
WebMCP manifest was not found at the expected path.
Why it matters
A WebMCP manifest advertises browser-exposed tools declaratively so agents can understand available site actions before invoking them.
Check name
WebMCP manifest
Score
0/100
Status
fail
Category
MCP
Maturity
Informational
Goal
Publish a WebMCP manifest for declarative browser tool discovery when using the draft manifest convention.
Result
WebMCP manifest failed at "Fetch to find resource".
Validation steps
Fetch to find resource
WebMCP manifest was not found at the expected path.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Fetch to find resource",
"status": "fail",
"evidence": {
"checked": [
{
"path": "/.well-known/webmcp.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/webmcp.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/mcp.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
}
]
},
"issue": "WebMCP manifest was not found at the expected path.",
"howToFix": "Keep declarative WebMCP manifest discovery informational until the manifest shape stabilizes; validate tools if you publish one."
}
]
}Agent Ease of UseSkill DiscoveryEmerging recommendation
A2A Agent Card
A2A Agent Card failed at "Fetch to find resource".
20 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
A2A Agent Card
A2A Agent Card failed at "Fetch to find resource".
Needs attention
A2A Agent Card
Issue
A2A Agent Card was not found at the expected path.
Why it matters
A2A Agent Cards let compatible clients discover agent skills, input and output modes, and the endpoint used to invoke those skills.
Check name
A2A Agent Card
Score
0/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish an agent card so A2A-compatible clients can discover capabilities.
Result
A2A Agent Card failed at "Fetch to find resource".
Validation steps
Fetch to find resource
A2A Agent Card was not found at the expected path.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Fetch to find resource",
"status": "fail",
"evidence": {
"checked": [
{
"path": "/.well-known/agent-card.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/.well-known/a2a/agent-card.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/agent-card.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
}
]
},
"issue": "A2A Agent Card was not found at the expected path.",
"howToFix": "Publish an A2A Agent Card with required skill details and make the advertised url answer A2A JSON-RPC requests."
}
]
}Agent Ease of UseSkill DiscoveryEmerging recommendation
Agent Skills index
Agent Skills index failed at "Fetch to find resource".
20 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
Agent Skills index
Agent Skills index failed at "Fetch to find resource".
Needs attention
Agent Skills index
Issue
Agent Skills index was not found at the expected path.
Why it matters
An Agent Skills index lets clients find task-specific SKILL.md documents that describe how to use site capabilities correctly.
Check name
Agent Skills index
Score
0/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish an agent skills discovery index.
Result
Agent Skills index failed at "Fetch to find resource".
Validation steps
Fetch to find resource
Agent Skills index was not found at the expected path.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Fetch to find resource",
"status": "fail",
"evidence": {
"checked": [
{
"path": "/.well-known/agent-skills/index.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/.well-known/skills/index.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
}
]
},
"issue": "Agent Skills index was not found at the expected path.",
"howToFix": "Publish an index with a non-empty skills array and reachable SKILL.md URLs."
}
]
}Agent Ease of UseSkill DiscoveryEmerging recommendation
agent.json
agent.json failed at "Fetch to find resource".
20 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
agent.json
agent.json failed at "Fetch to find resource".
Needs attention
agent.json
Issue
agent.json was not found at the expected path.
Why it matters
agent.json is an emerging machine-readable manifest for declaring what a website does, how agents authenticate, and which actions or protocols are available.
Check name
agent.json
Score
0/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish the singular Agent Web Protocol agent.json manifest without confusing it with the separate agents.json directory convention.
Result
agent.json failed at "Fetch to find resource".
Validation steps
Fetch to find resource
agent.json was not found at the expected path.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Fetch to find resource",
"status": "fail",
"evidence": {
"checked": [
{
"path": "/.well-known/agent.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/agent.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
}
]
},
"issue": "agent.json was not found at the expected path.",
"howToFix": "Publish agent.json with awp_version, domain, intent, and typed actions that point to real same-origin API or protocol endpoints."
}
]
}Agent Ease of UseSkill DiscoveryInformational
agents.json
agents.json failed at "Fetch to find resource".
20 Fail
Agent Ease of UseSkill DiscoveryInformational
agents.json
agents.json failed at "Fetch to find resource".
Needs attention
agents.json
Issue
agents.json was not found at the expected path.
Why it matters
agents.json gives clients a simple directory of agent-facing capabilities and contacts when a site chooses to advertise them.
Check name
agents.json
Score
0/100
Status
fail
Category
Skill Discovery
Maturity
Informational
Goal
Publish an agents.json directory for agent-facing capabilities and contacts when using this convention.
Result
agents.json failed at "Fetch to find resource".
Validation steps
Fetch to find resource
agents.json was not found at the expected path.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Fetch to find resource",
"status": "fail",
"evidence": {
"checked": [
{
"path": "/.well-known/agents.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/agents.json",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
}
]
},
"issue": "agents.json was not found at the expected path.",
"howToFix": "If this site uses agents.json, publish JSON with an agents array containing name and url for each agent."
}
]
}Agent Ease of UseSkill DiscoveryEmerging recommendation
DNS-AID Agent Discovery
DNS-AID Agent Discovery failed at "Resolve DNS-AID SVCB/HTTPS records".
15 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
DNS-AID Agent Discovery
DNS-AID Agent Discovery failed at "Resolve DNS-AID SVCB/HTTPS records".
Needs attention
DNS-AID Agent Discovery
Issue
No DNS-AID entrypoint records were found under _agents.
Why it matters
DNS-AID lets agents discover index, A2A, and other agent entrypoints before fetching HTTP metadata, while DNSSEC can authenticate the discovery zone.
Check name
DNS-AID Agent Discovery
Score
25/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish DNS for AI Discovery records under _agents for DNS-based agent entrypoint discovery.
Result
DNS-AID Agent Discovery failed at "Resolve DNS-AID SVCB/HTTPS records".
Validation steps
Resolve DNS-AID SVCB/HTTPS records
No DNS-AID entrypoint records were found under _agents.
Validate alpn and endpoint parameters
Include alpn and endpoint service parameters in each DNS-AID record so agents know the protocol and target entrypoint.
Check DNSSEC material
DNSSEC material was not visible for the hostname or parent zone from this resolver.
Evidence
{
"failedStep": "svcb-https-records",
"steps": [
{
"id": "svcb-https-records",
"title": "Resolve DNS-AID SVCB/HTTPS records",
"status": "fail",
"evidence": {
"hostname": "castle.io",
"probes": [
{
"name": "_index._agents.castle.io",
"found": false,
"recordCount": 1,
"records": [],
"hasAlpn": false,
"hasEndpoint": false
},
{
"name": "_a2a._agents.castle.io",
"found": false,
"recordCount": 1,
"records": [],
"hasAlpn": false,
"hasEndpoint": false
}
]
},
"issue": "No DNS-AID entrypoint records were found under _agents.",
"howToFix": "Publish ServiceMode SVCB/HTTPS records such as _index._agents.example.com or _a2a._agents.example.com."
},
{
"id": "service-params",
"title": "Validate alpn and endpoint parameters",
"status": "informational",
"evidence": {
"discovered": []
},
"howToFix": "Include alpn and endpoint service parameters in each DNS-AID record so agents know the protocol and target entrypoint."
},
{
"id": "dnssec",
"title": "Check DNSSEC material",
"status": "warning",
"evidence": {
"hasDnssecMaterial": false,
"checked": [
{
"name": "castle.io",
"dnssecTypes": [],
"dnssecRecordCount": 0
}
]
},
"issue": "DNSSEC material was not visible for the hostname or parent zone from this resolver.",
"howToFix": "Sign the public discovery zone with DNSSEC so validating resolvers can return authenticated data."
}
]
}Agent Ease of UseMCPInformational
WebMCP
WebMCP has a validation warning at "Validate WebMCP declarative annotation quality".
13 Warning
Agent Ease of UseMCPInformational
WebMCP
WebMCP has a validation warning at "Validate WebMCP declarative annotation quality".
Needs attention
WebMCP
Issue
WebMCP declarative annotations need fixes.
Details
Why it matters
WebMCP can expose page context and actions directly through the browser, giving agents safer structured hooks than screen scraping alone.
Check name
WebMCP
Score
50/100
Status
warning
Category
MCP
Maturity
Informational
Goal
Support WebMCP to expose site tools to AI agents via the browser.
Result
WebMCP has a validation warning at "Validate WebMCP declarative annotation quality".
Validation steps
Detect data-mcp-tool annotations
No data-mcp-tool attributes were found on interactive elements.
Detect WebMCP declarative tags
No elements found with tool-name or tool-description attributes.
Validate WebMCP declarative annotation quality
WebMCP declarative annotations need fixes.
WebMCP declarative annotation issues
<input> is missing a name attribute.<input> is missing a label.<input> is missing tool-param-description.<input> is missing a name attribute.<input> is missing a label.<input> is missing tool-param-description.
Detect WebMCP imperative API usage
navigator.modelContext.provideContext(), navigator.modelContext.registerTool(), or other imperative signals were not detected in rendered browser state.
Detect WebMCP browser navigator injection
navigator.modelContext was not detected in the rendered browser page.
Interactive surface coverage
Only 0% of interactive surfaces are annotated.
Evidence
{
"failedStep": "declarative-annotation-quality",
"steps": [
{
"id": "data-mcp-tool-attributes",
"title": "Detect data-mcp-tool annotations",
"status": "informational",
"evidence": {
"dataMcpToolCount": 0,
"dataMcpTools": []
},
"issue": "No data-mcp-tool attributes were found on interactive elements.",
"howToFix": "Add data-mcp-tool attributes to high-value forms, buttons, and links so generic MCP-aware tooling can identify intended actions."
},
{
"id": "declarative-tags",
"title": "Detect WebMCP declarative tags",
"status": "informational",
"evidence": {
"totalForms": 0,
"formsWithTags": 0,
"totalInteractive": 603,
"interactiveWithTags": 0,
"totalCount": 603,
"taggedCount": 0,
"dataMcpToolCount": 0,
"dataMcpTools": [],
"coverage": 0,
"annotationIssues": [
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description.",
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description."
]
},
"issue": "No elements found with tool-name or tool-description attributes.",
"howToFix": "Add tool-name and tool-description attributes to forms and interactive elements."
},
{
"id": "declarative-annotation-quality",
"title": "Validate WebMCP declarative annotation quality",
"status": "warning",
"evidence": {
"issueCount": 6,
"issues": [
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description.",
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description."
]
},
"issue": "WebMCP declarative annotations need fixes.",
"issueDetails": [
{
"title": "WebMCP declarative annotation issues",
"items": [
{
"type": "code",
"value": "<input> is missing a name attribute."
},
{
"type": "code",
"value": "<input> is missing a label."
},
{
"type": "code",
"value": "<input> is missing tool-param-description."
},
{
"type": "code",
"value": "<input> is missing a name attribute."
},
{
"type": "code",
"value": "<input> is missing a label."
},
{
"type": "code",
"value": "<input> is missing tool-param-description."
}
]
}
],
"howToFix": "Use snake_case tool-name values, descriptive tool-description values, named and labeled fields, and tool-param-description on inputs."
},
{
"id": "imperative-api",
"title": "Detect WebMCP imperative API usage",
"status": "informational",
"evidence": {
"staticSignals": {
"detected": false,
"matched": []
},
"browser": {
"checked": true,
"detected": false,
"hasNavigatorModelContext": false,
"modelContextType": "undefined",
"hasProvideContext": false,
"hasRegisterTool": false
}
},
"issue": "navigator.modelContext.provideContext(), navigator.modelContext.registerTool(), or other imperative signals were not detected in rendered browser state.",
"howToFix": "Use navigator.modelContext.provideContext() to register tools programmatically."
},
{
"id": "browser-navigator-injection",
"title": "Detect WebMCP browser navigator injection",
"status": "informational",
"evidence": {
"browser": {
"checked": true,
"detected": false,
"hasNavigatorModelContext": false,
"modelContextType": "undefined",
"hasProvideContext": false,
"hasRegisterTool": false
}
},
"issue": "navigator.modelContext was not detected in the rendered browser page.",
"howToFix": "Expose WebMCP through navigator.modelContext in the browser runtime when the page is intended to provide in-page tools."
},
{
"id": "surface-coverage",
"title": "Interactive surface coverage",
"status": "informational",
"evidence": {
"totalForms": 0,
"formsWithTags": 0,
"totalInteractive": 603,
"interactiveWithTags": 0,
"totalCount": 603,
"taggedCount": 0,
"dataMcpToolCount": 0,
"dataMcpTools": [],
"coverage": 0,
"annotationIssues": [
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description.",
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description."
]
},
"issue": "Only 0% of interactive surfaces are annotated.",
"howToFix": "Add WebMCP annotations to all forms and interactive elements to increase agent coverage."
}
],
"staticSignals": {
"detected": false,
"matched": []
},
"coverage": {
"totalForms": 0,
"formsWithTags": 0,
"totalInteractive": 603,
"interactiveWithTags": 0,
"totalCount": 603,
"taggedCount": 0,
"dataMcpToolCount": 0,
"dataMcpTools": [],
"coverage": 0,
"annotationIssues": [
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description.",
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description."
]
},
"browserWebMcp": {
"checked": true,
"detected": false,
"hasNavigatorModelContext": false,
"modelContextType": "undefined",
"hasProvideContext": false,
"hasRegisterTool": false
}
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer-first sections
AEO: Answer-first sections scored 65/100 and needs improvement.
4 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer-first sections
AEO: Answer-first sections scored 65/100 and needs improvement.
Needs attention
AEO: Answer-first sections
Issue
52 section(s) may benefit from a clearer opening answer; this is optional for feature/card sections.
Details
Why it matters
Answer engines need concise answers, question-led structure, entity clarity, visible evidence, and trust signals that can be extracted without relying on search-only metadata checks.
Check name
AEO: Answer-first sections
Score
65/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to answer from directly.
Result
AEO: Answer-first sections scored 65/100 and needs improvement.
Evidence
{
"sectionCount": 52,
"passing": 0,
"failing": [
{
"heading": "Dual-layer fraud defense",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Dual-layer fraud defense</h2>",
"firstParagraph": "Castle is natively built to run at the edge and in-app as one system.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Castle is natively built to run at the edge and in-app as one system.</p>",
"words": 14,
"direct": false,
"issue": "First paragraph is 14 words and does not look like a concise direct answer."
},
{
"heading": "Block abuse at the edge",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Block abuse at the edge</h3>",
"firstParagraph": "Deploy Castle at the edge to analyze every request and credential stuffing and scripted abuse before they reach your backend.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base max-w-sm\">Deploy Castle at the edge to analyze every request and credential stuffing and scripted abuse before they reach your backend.</p>",
"words": 20,
"direct": false,
"issue": "First paragraph is 20 words and does not look like a concise direct answer."
},
{
"heading": "Catch fraud in the app",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Catch fraud in the app</h3>",
"firstParagraph": "Add our SDK to track sessions, devices, and behavior, enriched with your own business context. Spot fake signups, account takeovers, and multi-accounting in real time.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base max-w-sm\">Add our SDK to track sessions, devices, and behavior, enriched with your own business context. Spot fake signups, account takeovers, and multi-accounting in real time.</p>",
"words": 25,
"direct": false,
"issue": "First paragraph is 25 words and does not look like a concise direct answer."
},
{
"heading": "Go live in minutes",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Go live in minutes</h3>",
"firstParagraph": "Start in monitoring mode, switch to blocking when ready. No DNS swap. No contracts. Just connect, observe, and protect.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base max-w-sm\">Start in monitoring mode, switch to blocking when ready. No DNS swap. No contracts. Just connect, observe, and protect.</p>",
"words": 19,
"direct": false,
"issue": "First paragraph is 19 words and does not look like a concise direct answer."
},
{
"heading": "Everything you need to stop fraud & abuse",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Everything you need to stop fraud & abuse</h2>",
"firstParagraph": "A complete stack of data, tools, and APIs, eliminating the need for multiple, disconnected tools.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">A complete stack of data, tools, and APIs, eliminating the need for multiple, disconnected tools.</p>",
"words": 15,
"direct": false,
"issue": "First paragraph is 15 words and does not look like a concise direct answer."
},
{
"heading": "Behavioral analysis",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Behavioral analysis</h3>",
"firstParagraph": "Use out-of-the-box signals or create your own custom aggregations and rate limiters.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Use out-of-the-box signals or create your own custom aggregations and rate limiters.</p>",
"words": 12,
"direct": false,
"issue": "First paragraph is 12 words and does not look like a concise direct answer."
},
{
"heading": "Device fingerprinting",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Device fingerprinting</h3>",
"firstParagraph": "99.5% accurate fingerprinting. Uncover headless browsers, tampering, carrier data, etc.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">99.5% accurate fingerprinting. Uncover headless browsers, tampering, carrier data, etc.</p>",
"words": 11,
"direct": false,
"issue": "First paragraph is 11 words and does not look like a concise direct answer."
},
{
"heading": "Bot detection",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Bot detection</h3>",
"firstParagraph": "Detect bots, scripts, and coordinated attacks. Identify automated behavior and tampering.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Detect bots, scripts, and coordinated attacks. Identify automated behavior and tampering.</p>",
"words": 11,
"direct": false,
"issue": "First paragraph is 11 words and does not look like a concise direct answer."
},
{
"heading": "AI scoring",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">AI scoring</h3>",
"firstParagraph": "Spot account takeover attempts and abusive behavior using self-learning AI.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Spot account takeover attempts and abusive behavior using self-learning AI.</p>",
"words": 10,
"direct": false,
"issue": "First paragraph is 10 words and does not look like a concise direct answer."
},
{
"heading": "Rules engine",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Rules engine</h3>",
"firstParagraph": "Real-time allow, challenge, or deny actions. Manage rules seamlessly, without code changes.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Real-time allow, challenge, or deny actions. Manage rules seamlessly, without code changes.</p>",
"words": 12,
"direct": false,
"issue": "First paragraph is 12 words and does not look like a concise direct answer."
},
{
"heading": "Email intelligence",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Email intelligence</h3>",
"firstParagraph": "Assess email reputation and risk. Detect disposable domains and enumeration patterns.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Assess email reputation and risk. Detect disposable domains and enumeration patterns.</p>",
"words": 11,
"direct": false,
"issue": "First paragraph is 11 words and does not look like a concise direct answer."
},
{
"heading": "Case & state management",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Case & state management</h3>",
"firstParagraph": "Manage dynamic trust, block, and review lists of users, devices, or any custom attribute.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Manage dynamic trust, block, and review lists of users, devices, or any custom attribute.</p>",
"words": 14,
"direct": false,
"issue": "First paragraph is 14 words and does not look like a concise direct answer."
},
{
"heading": "Proactive threat hunting with user behavior analytics",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Proactive threat hunting with user behavior analytics</h2>",
"firstParagraph": "Monitor, analyze, and alert on up to 18 months of historical data enriched with user and device intelligence to stop evolving abuse trends.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Monitor, analyze, and alert on up to 18 months of historical data enriched with user and device intelligence to stop evolving abuse trends.</p>",
"words": 23,
"direct": false,
"issue": "First paragraph is 23 words and does not look like a concise direct answer."
},
{
"heading": "Pattern exploration",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Pattern exploration</h3>",
"firstParagraph": "Uncover bad user activity by querying and visualizing large amounts data and turn into rules with a few clicks.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Uncover bad user activity by querying and visualizing large amounts data and turn into rules with a few clicks.</p>",
"words": 19,
"direct": false,
"issue": "First paragraph is 19 words and does not look like a concise direct answer."
},
{
"heading": "Network analysis",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Network analysis</h3>",
"firstParagraph": "Spot network of bad user activity via shared devices, emails, IPs, payment methods, or addresses.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Spot network of bad user activity via shared devices, emails, IPs, payment methods, or addresses.</p>",
"words": 15,
"direct": false,
"issue": "First paragraph is 15 words and does not look like a concise direct answer."
},
{
"heading": "Session monitoring",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Session monitoring</h3>",
"firstParagraph": "Get a complete history of each user and company, down to individual page views and any custom actions.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Get a complete history of each user and company, down to individual page views and any custom actions.</p>",
"words": 18,
"direct": false,
"issue": "First paragraph is 18 words and does not look like a concise direct answer."
},
{
"heading": "Rule backtesting",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Rule backtesting</h3>",
"firstParagraph": "Test complex risk logic on historical data first, ensuring zero disruption to legitimate users.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Test complex risk logic on historical data first, ensuring zero disruption to legitimate users.</p>",
"words": 14,
"direct": false,
"issue": "First paragraph is 14 words and does not look like a concise direct answer."
},
{
"heading": "Pattern exploration",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Pattern exploration</h3>",
"firstParagraph": "Uncover bad user activity by querying and visualizing large amounts data and turn into rules with a few clicks.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-sm pl-1 pt-1\">Uncover bad user activity by querying and visualizing large amounts data and turn into rules with a few clicks.</p>",
"words": 19,
"direct": false,
"issue": "First paragraph is 19 words and does not look like a concise direct answer."
},
{
"heading": "Network analysis",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Network analysis</h3>",
"firstParagraph": "Spot network of bad user activity via shared devices, emails, IPs, payment methods, or addresses.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-sm pl-1 pt-1\">Spot network of bad user activity via shared devices, emails, IPs, payment methods, or addresses.</p>",
"words": 15,
"direct": false,
"issue": "First paragraph is 15 words and does not look like a concise direct answer."
},
{
"heading": "Session monitoring",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Session monitoring</h3>",
"firstParagraph": "Get a complete history of each user and company, down to individual page views and any custom actions.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-sm pl-1 pt-1\">Get a complete history of each user and company, down to individual page views and any custom actions.</p>",
"words": 18,
"direct": false,
"issue": "First paragraph is 18 words and does not look like a concise direct answer."
},
{
"heading": "Rule backtesting",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Rule backtesting</h3>",
"firstParagraph": "Test complex risk logic on historical data first, ensuring zero disruption to legitimate users.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-sm pl-1 pt-1\">Test complex risk logic on historical data first, ensuring zero disruption to legitimate users.</p>",
"words": 14,
"direct": false,
"issue": "First paragraph is 14 words and does not look like a concise direct answer."
},
{
"heading": "Fraudulent behavior, as defined by you",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Fraudulent behavior, as defined by you</h2>",
"firstParagraph": "Combine Castle's threat data with velocity checks and rate limiters to categorize users according to what's considered fraud and abuse on your specific platform.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Combine Castle's threat data with velocity checks and rate limiters to categorize users according to what's considered fraud and abuse on your specific platform.</p>",
"words": 24,
"direct": false,
"issue": "First paragraph is 24 words and does not look like a concise direct answer."
},
{
"heading": "Block fake accounts in minutes",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Block fake accounts in minutes</h2>",
"firstParagraph": "Efficiently weed out fake accounts with a our five minute frontend and backend integration.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Efficiently weed out fake accounts with a our five minute frontend and backend integration.</p>",
"words": 14,
"direct": false,
"issue": "First paragraph is 14 words and does not look like a concise direct answer."
},
{
"heading": "Identify both bots and human attacks",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Identify both bots and human attacks</h2>",
"firstParagraph": "Use a combination of scores and heuristics to highlight suspicious or hijacked accounts.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Use a combination of scores and heuristics to highlight suspicious or hijacked accounts.</p>",
"words": 13,
"direct": false,
"issue": "First paragraph is 13 words and does not look like a concise direct answer."
},
{
"heading": "Only allow signing up once",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Only allow signing up once</h2>",
"firstParagraph": "Aggregate the number of accounts created per device, IP, or credit card and block when it exceeds a threshold.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Aggregate the number of accounts created per device, IP, or credit card and block when it exceeds a threshold.</p>",
"words": 19,
"direct": false,
"issue": "First paragraph is 19 words and does not look like a concise direct answer."
},
{
"heading": "Mitigate content abuse in minutes",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Mitigate content abuse in minutes</h2>",
"firstParagraph": "Efficiently weed out content abuse with a our five minute frontend and backend integration.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Efficiently weed out content abuse with a our five minute frontend and backend integration.</p>",
"words": 14,
"direct": false,
"issue": "First paragraph is 14 words and does not look like a concise direct answer."
},
{
"heading": "Eliminate SMS verification abuse",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Eliminate SMS verification abuse</h2>",
"firstParagraph": "Use a mix of bot detection and velocity signals to lock down spammy SMS fees with high precision.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Use a mix of bot detection and velocity signals to lock down spammy SMS fees with high precision.</p>",
"words": 18,
"direct": false,
"issue": "First paragraph is 18 words and does not look like a concise direct answer."
},
{
"heading": "Define account sharing your way",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Define account sharing your way</h2>",
"firstParagraph": "Uncovering account sharing requires granular controls to define the exact behavior that breaches your terms of services.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Uncovering account sharing requires granular controls to define the exact behavior that breaches your terms of services.</p>",
"words": 17,
"direct": false,
"issue": "First paragraph is 17 words and does not look like a concise direct answer."
},
{
"heading": "Stop card testing before the transaction",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Stop card testing before the transaction</h2>",
"firstParagraph": "Implement velocity checks to prevent a transaction attempt from reaching your payment processor in the first place.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Implement velocity checks to prevent a transaction attempt from reaching your payment processor in the first place.</p>",
"words": 17,
"direct": false,
"issue": "First paragraph is 17 words and does not look like a concise direct answer."
},
{
"heading": "Headless API protection",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Headless API protection</h2>",
"firstParagraph": "Castle supports protection of endpoints where client-side code can't be injected, such as desktop apps or REST APIs",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Castle supports protection of endpoints where client-side code can't be injected, such as desktop apps or REST APIs</p>",
"words": 18,
"direct": false,
"issue": "First paragraph is 18 words and does not look like a concise direct answer."
},
{
"heading": "Scale threat response with custom flows",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Scale threat response with custom flows</h2>",
"firstParagraph": "Model custom security flows, blocklists, and trusted device management. Manage review states across signups, logins, and in-app activity.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Model custom security flows, blocklists, and trusted device management. Manage review states across signups, logins, and in-app activity.</p>",
"words": 18,
"direct": false,
"issue": "First paragraph is 18 words and does not look like a concise direct answer."
},
{
"heading": "State management",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">State management</h3>",
"firstParagraph": "Maintain custom security lists (blocklists, allowlists, trusted devices, reviews, etc.) and update states in real-time based on rules and manual actions.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Maintain custom security lists (blocklists, allowlists, trusted devices, reviews, etc.) and update states in real-time based on rules and manual actions.</p>",
"words": 21,
"direct": false,
"issue": "First paragraph is 21 words and does not look like a concise direct answer."
},
{
"heading": "Inline blocking",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Inline blocking</h3>",
"firstParagraph": "Initiate real-time blocks or step-up verifications anywhere in your app without disrupting the user experience.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Initiate real-time blocks or step-up verifications anywhere in your app without disrupting the user experience.</p>",
"words": 15,
"direct": false,
"issue": "First paragraph is 15 words and does not look like a concise direct answer."
},
{
"heading": "Alerts & notifications",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Alerts & notifications</h3>",
"firstParagraph": "Ensure your team stay informed with triggered Slack notifications, or automate end-user notifications or internal processes using granular webhooks.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Ensure your team stay informed with triggered Slack notifications, or automate end-user notifications or internal processes using granular webhooks.</p>",
"words": 19,
"direct": false,
"issue": "First paragraph is 19 words and does not look like a concise direct answer."
},
{
"heading": "A single API to detect, score, and act. Everywhere.",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">A single API to detect, score, and act. Everywhere.</h2>",
"firstParagraph": "Retrieve comprehensive threat insights in real-time and use them to tailor the user experience.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Retrieve comprehensive threat insights in real-time and use them to tailor the user experience.</p>",
"words": 14,
"direct": false,
"issue": "First paragraph is 14 words and does not look like a concise direct answer."
},
{
"heading": "Device Intelligence",
"headingHtml": "<h3 class=\"font-semibold text-balance text-sm lg:text-base text-gray-12\">Device Intelligence</h3>",
"firstParagraph": "99.5% accurate fingerprinting. Uncover headless browsers, tampering, carrier data, etc.",
"paragraphHtml": "<p class=\"text-gray-11 hidden text-sm font-normal text-balance lg:block\">99.5% accurate fingerprinting. Uncover headless browsers, tampering, carrier data, etc.</p>",
"words": 11,
"direct": false,
"issue": "First paragraph is 11 words and does not look like a concise direct answer."
},
{
"heading": "Bot Detection",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm lg:text-base\">Bot Detection</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "ATO & Abuse Scoring",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm lg:text-base\">ATO & Abuse Scoring</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "IP & Proxy Analysis",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm lg:text-base\">IP & Proxy Analysis</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Email Intelligence",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm lg:text-base\">Email Intelligence</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Custom Metrics",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm lg:text-base\">Custom Metrics</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Custom Alerts",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm lg:text-base\">Custom Alerts</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Rule Evaluation",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm lg:text-base\">Rule Evaluation</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "State Management",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm lg:text-base\">State Management</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Built for scale",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Built for scale</h3>",
"firstParagraph": "Our APIs process billions of monthly requests with resilience against severe bot attacks.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Our APIs process billions of monthly requests with resilience against severe bot attacks.</p>",
"words": 13,
"direct": false,
"issue": "First paragraph is 13 words and does not look like a concise direct answer."
},
{
"heading": "100ms response time",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">100ms response time</h3>",
"firstParagraph": "Fingerprinting, risk scores, and rules computed instantly in real-time.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Fingerprinting, risk scores, and rules computed instantly in real-time.</p>",
"words": 9,
"direct": false,
"issue": "First paragraph is 9 words and does not look like a concise direct answer."
},
{
"heading": "Pay-as-you-go pricing",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-lg\">Pay-as-you-go pricing</h3>",
"firstParagraph": "Transparent and predictable plans based on requests or MAU.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-base\">Transparent and predictable plans based on requests or MAU.</p>",
"words": 9,
"direct": false,
"issue": "First paragraph is 9 words and does not look like a concise direct answer."
},
{
"heading": "Create your free account today",
"headingHtml": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Create your free account today</h2>",
"firstParagraph": "Starting at $0 for 1,000 requests per month, with transparent pricing that scales with your needs.",
"paragraphHtml": "<p class=\"text-gray-11 text-balance text-lg\">Starting at $0 for 1,000 requests per month, with transparent pricing that scales with your needs.</p>",
"words": 17,
"direct": false,
"issue": "First paragraph is 17 words and does not look like a concise direct answer."
},
{
"heading": "Use Cases",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm\">Use Cases</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Company",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm\">Company</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Support",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm\">Support</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Developers",
"headingHtml": "<h3 class=\"font-semibold text-balance text-gray-12 text-sm\">Developers</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
}
],
"score": 65,
"weight": 28
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Question-led structure
AEO: Question-led structure scored 50/100 and needs improvement.
3 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Question-led structure
AEO: Question-led structure scored 50/100 and needs improvement.
Needs attention
AEO: Question-led structure
Issue
No question-led h2 sections or FAQ pattern was detected.
Details
Why it matters
Answer engines need concise answers, question-led structure, entity clarity, visible evidence, and trust signals that can be extracted without relying on search-only metadata checks.
Check name
AEO: Question-led structure
Score
50/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to answer from directly.
Result
AEO: Question-led structure scored 50/100 and needs improvement.
Evidence
{
"h2Count": 15,
"questionH2s": [],
"hasFaq": false,
"score": 50,
"weight": 18
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Entity clarity
GEO: Entity clarity scored 80/100 and needs improvement.
3 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Entity clarity
GEO: Entity clarity scored 80/100 and needs improvement.
Needs attention
GEO: Entity clarity
Issue
Title/H1 terms missing from description: castle, account, abuse, minutes.
Details
Why it matters
Generative engines favor pages with self-contained answer passages, clear entities, structured data, summaries, FAQ patterns, and crawler-accessible HTML that can be cited without extra interpretation.
Check name
GEO: Entity clarity
Score
80/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute.
Result
GEO: Entity clarity scored 80/100 and needs improvement.
Evidence
{
"title": "Castle – Stop bots and account abuse in minutes",
"h1": "Stop bots and account abuse in minutes",
"description": "A complete suite of SDKs and APIs to monitor users, block bots, and stop in-app fraud.",
"topicOverlap": 0.3333333333333333,
"topicTerms": [
"castle",
"stop",
"bots",
"account",
"abuse",
"minutes"
],
"descriptionTerms": [
"complete",
"suite",
"sdks",
"apis",
"monitor",
"users",
"block",
"bots",
"stop",
"app",
"fraud"
],
"missingFromDescription": [
"castle",
"account",
"abuse",
"minutes"
],
"score": 80,
"weight": 28
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Explanatory content depth
GEO: Explanatory content depth scored 75/100 and needs improvement.
2 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Explanatory content depth
GEO: Explanatory content depth scored 75/100 and needs improvement.
Needs attention
GEO: Explanatory content depth
Issue
No substantial explanatory paragraphs were found.
Details
Why it matters
Generative engines favor pages with self-contained answer passages, clear entities, structured data, summaries, FAQ patterns, and crawler-accessible HTML that can be cited without extra interpretation.
Check name
GEO: Explanatory content depth
Score
75/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute.
Result
GEO: Explanatory content depth scored 75/100 and needs improvement.
Evidence
{
"candidatePassages": 1,
"citablePassages": 0,
"failingCandidateParagraphs": [],
"citableParagraphs": [],
"score": 75,
"weight": 18
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Extraction-friendly structure
GEO: Extraction-friendly structure scored 85/100 and needs improvement.
2 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Extraction-friendly structure
GEO: Extraction-friendly structure scored 85/100 and needs improvement.
Needs attention
GEO: Extraction-friendly structure
Issue
Missing extraction signals: optional top summary / TL;DR / key takeaways block, table with <thead> only if the page already has tabular/comparative data, ordered list only if the page explains a workflow/process, optional visible FAQ or FAQPage schema.
Details
Why it matters
Generative engines favor pages with self-contained answer passages, clear entities, structured data, summaries, FAQ patterns, and crawler-accessible HTML that can be cited without extra interpretation.
Check name
GEO: Extraction-friendly structure
Score
85/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute.
Result
GEO: Extraction-friendly structure scored 85/100 and needs improvement.
Evidence
{
"hasSummary": false,
"tableCount": 0,
"tablesWithHead": 0,
"tablesMissingThead": [],
"orderedLists": 0,
"hasFaq": false,
"definitionPatterns": 25,
"schemaBlocks": 2,
"missingSignals": [
"optional top summary / TL;DR / key takeaways block",
"table with <thead> only if the page already has tabular/comparative data",
"ordered list only if the page explains a workflow/process",
"optional visible FAQ or FAQPage schema"
],
"score": 85,
"weight": 24
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer evidence and trust
AEO: Answer evidence and trust scored 80/100 and needs improvement.
2 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer evidence and trust
AEO: Answer evidence and trust scored 80/100 and needs improvement.
Needs attention
AEO: Answer evidence and trust
Issue
Missing AIO trust signals: freshnessDate.
Details
Why it matters
Answer engines need concise answers, question-led structure, entity clarity, visible evidence, and trust signals that can be extracted without relying on search-only metadata checks.
Check name
AEO: Answer evidence and trust
Score
80/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to answer from directly.
Result
AEO: Answer evidence and trust scored 80/100 and needs improvement.
Evidence
{
"signals": {
"author": true,
"publisher": true,
"freshnessDate": false,
"aboutOrContact": true,
"policyLinks": true
},
"missing": [
"freshnessDate"
],
"authorMeta": "Castle",
"schemaAuthors": [],
"schemaPublishers": [
"Castle"
],
"schemaDates": [],
"visibleDates": [],
"aboutLinks": [
{
"href": "https://www.goto.com/",
"text": "GoTo Company Logo",
"html": "<a href=\"https://www.goto.com/\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"flex items-center justify-center transition-opacity duration-200 [&>svg]:opacity-50 hover:[&>svg]:opacity-100 [&>svg]:h-full [&>svg]:w-auto [&>svg]:max-w-24 sm:[&>svg]:max-w-32 md:[&>svg]:max-w-40 lg:[&>svg]:max-w-48 max-lg:last:hidden sm:max-lg:nth-last-2:hidden\" style=\"height:32px\" title=\"GoTo\"> <svg class=\"go-nav-logo\" width=\"78\" height=\"41\" viewBox=\"0 0..."
},
{
"href": "/use-cases/fake-accounts",
"text": "More about Fake Accounts",
"html": "<a href=\"/use-cases/fake-accounts\" class=\"inline-flex items-center justify-center gap-2 whitespace-nowrap font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 focus-ring ring-1 ring-gray-a2 bg-gray-1/90 text-gray-12 inset-shadow-xs inset-shadow-white shadow-sm shadow-black/4 dark:bg-gray-a3 dark:inset-shadow-white/10 dark:ring-black/20 dark:shadow-black/20 dark:focus-visibl..."
},
{
"href": "/use-cases/account-takeovers",
"text": "More about Account Takeovers",
"html": "<a href=\"/use-cases/account-takeovers\" class=\"inline-flex items-center justify-center gap-2 whitespace-nowrap font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 focus-ring ring-1 ring-gray-a2 bg-gray-1/90 text-gray-12 inset-shadow-xs inset-shadow-white shadow-sm shadow-black/4 dark:bg-gray-a3 dark:inset-shadow-white/10 dark:ring-black/20 dark:shadow-black/20 dark:focus-vi..."
},
{
"href": "/use-cases/multi-accounting",
"text": "More about Multi-Accounting",
"html": "<a href=\"/use-cases/multi-accounting\" class=\"inline-flex items-center justify-center gap-2 whitespace-nowrap font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 focus-ring ring-1 ring-gray-a2 bg-gray-1/90 text-gray-12 inset-shadow-xs inset-shadow-white shadow-sm shadow-black/4 dark:bg-gray-a3 dark:inset-shadow-white/10 dark:ring-black/20 dark:shadow-black/20 dark:focus-vis..."
},
{
"href": "/use-cases/content-abuse",
"text": "More about Content Abuse",
"html": "<a href=\"/use-cases/content-abuse\" class=\"inline-flex items-center justify-center gap-2 whitespace-nowrap font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 focus-ring ring-1 ring-gray-a2 bg-gray-1/90 text-gray-12 inset-shadow-xs inset-shadow-white shadow-sm shadow-black/4 dark:bg-gray-a3 dark:inset-shadow-white/10 dark:ring-black/20 dark:shadow-black/20 dark:focus-visibl..."
},
{
"href": "/use-cases/sms-pumping",
"text": "More about SMS Pumping",
"html": "<a href=\"/use-cases/sms-pumping\" class=\"inline-flex items-center justify-center gap-2 whitespace-nowrap font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 focus-ring ring-1 ring-gray-a2 bg-gray-1/90 text-gray-12 inset-shadow-xs inset-shadow-white shadow-sm shadow-black/4 dark:bg-gray-a3 dark:inset-shadow-white/10 dark:ring-black/20 dark:shadow-black/20 dark:focus-visible:..."
},
{
"href": "/use-cases/account-sharing",
"text": "More about Account Sharing",
"html": "<a href=\"/use-cases/account-sharing\" class=\"inline-flex items-center justify-center gap-2 whitespace-nowrap font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 focus-ring ring-1 ring-gray-a2 bg-gray-1/90 text-gray-12 inset-shadow-xs inset-shadow-white shadow-sm shadow-black/4 dark:bg-gray-a3 dark:inset-shadow-white/10 dark:ring-black/20 dark:shadow-black/20 dark:focus-visi..."
},
{
"href": "/use-cases/transaction-abuse",
"text": "More about Transaction Abuse",
"html": "<a href=\"/use-cases/transaction-abuse\" class=\"inline-flex items-center justify-center gap-2 whitespace-nowrap font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 focus-ring ring-1 ring-gray-a2 bg-gray-1/90 text-gray-12 inset-shadow-xs inset-shadow-white shadow-sm shadow-black/4 dark:bg-gray-a3 dark:inset-shadow-white/10 dark:ring-black/20 dark:shadow-black/20 dark:focus-vi..."
},
{
"href": "/use-cases/api-abuse",
"text": "More about API Abuse",
"html": "<a href=\"/use-cases/api-abuse\" class=\"inline-flex items-center justify-center gap-2 whitespace-nowrap font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 focus-ring ring-1 ring-gray-a2 bg-gray-1/90 text-gray-12 inset-shadow-xs inset-shadow-white shadow-sm shadow-black/4 dark:bg-gray-a3 dark:inset-shadow-white/10 dark:ring-black/20 dark:shadow-black/20 dark:focus-visible:ri..."
},
{
"href": "/about",
"text": "About",
"html": "<a href=\"/about\" class=\"text-gray-11 text-sm\"> About </a>"
}
],
"contactLinks": [
{
"href": "/contact",
"text": "Contact us",
"html": "<a href=\"/contact\" class=\"items-center justify-center gap-2 whitespace-nowrap font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 focus-ring text-gray-11 hover:bg-gray-a2 hover:text-gray-12 h-9 px-3 py-2 text-sm rounded-lg hidden lg:flex\">Contact us</a>"
},
{
"href": "/contact",
"text": "Contact us",
"html": "<a href=\"/contact\" class=\"inline-flex items-center justify-center gap-2 whitespace-nowrap font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 focus-ring ring-1 ring-gray-a2 bg-gray-1/90 text-gray-12 inset-shadow-xs inset-shadow-white shadow-sm shadow-black/4 dark:bg-gray-a3 dark:inset-shadow-white/10 dark:ring-black/20 dark:shadow-black/20 dark:focus-visible:ring-blue-9 ho..."
},
{
"href": "/contact",
"text": "Contact us",
"html": "<a href=\"/contact\" class=\"inline-flex items-center justify-center gap-2 whitespace-nowrap font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 focus-ring ring-1 ring-gray-a2 bg-gray-1/90 text-gray-12 inset-shadow-xs inset-shadow-white shadow-sm shadow-black/4 dark:bg-gray-a3 dark:inset-shadow-white/10 dark:ring-black/20 dark:shadow-black/20 dark:focus-visible:ring-blue-9 ho..."
},
{
"href": "/contact",
"text": "Contact Us",
"html": "<a href=\"/contact\" class=\"text-gray-11 text-sm\"> Contact Us </a>"
}
],
"privacyLinks": [
{
"href": "/terms",
"text": "Terms of Use",
"html": "<a href=\"/terms\" class=\"text-gray-11 text-sm\"> Terms of Use </a>"
},
{
"href": "/privacy",
"text": "Privacy Policy",
"html": "<a href=\"/privacy\" class=\"text-gray-11 text-sm\"> Privacy Policy </a>"
}
],
"score": 80,
"weight": 22
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Entity and definition clarity
AEO: Entity and definition clarity scored 83/100 and needs improvement.
1 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Entity and definition clarity
AEO: Entity and definition clarity scored 83/100 and needs improvement.
Needs attention
AEO: Entity and definition clarity
Issue
Entity or definition gaps: castle, account, abuse, minutes.
Details
Why it matters
Answer engines need concise answers, question-led structure, entity clarity, visible evidence, and trust signals that can be extracted without relying on search-only metadata checks.
Check name
AEO: Entity and definition clarity
Score
83/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to answer from directly.
Result
AEO: Entity and definition clarity scored 83/100 and needs improvement.
Evidence
{
"title": "Castle – Stop bots and account abuse in minutes",
"h1": "Stop bots and account abuse in minutes",
"description": "A complete suite of SDKs and APIs to monitor users, block bots, and stop in-app fraud.",
"topicOverlap": 0.3333333333333333,
"definitionCount": 25,
"topicTerms": [
"castle",
"stop",
"bots",
"account",
"abuse",
"minutes"
],
"descriptionTerms": [
"complete",
"suite",
"sdks",
"apis",
"monitor",
"users",
"block",
"bots",
"stop",
"app",
"fraud"
],
"missingFromDescription": [
"castle",
"account",
"abuse",
"minutes"
],
"score": 83,
"weight": 18
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer intent coverage
AEO: Answer intent coverage scored 70/100 and needs improvement.
1 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer intent coverage
AEO: Answer intent coverage scored 70/100 and needs improvement.
Needs attention
AEO: Answer intent coverage
Issue
Missing likely AI Overview intent sections: what, how, compare.
Details
Why it matters
Answer engines need concise answers, question-led structure, entity clarity, visible evidence, and trust signals that can be extracted without relying on search-only metadata checks.
Check name
AEO: Answer intent coverage
Score
70/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to answer from directly.
Result
AEO: Answer intent coverage scored 70/100 and needs improvement.
Evidence
{
"headings": [
{
"text": "Dual-layer fraud defense",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Dual-layer fraud defense</h2>"
},
{
"text": "Everything you need to stop fraud & abuse",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Everything you need to stop fraud & abuse</h2>"
},
{
"text": "Proactive threat hunting with user behavior analytics",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Proactive threat hunting with user behavior analytics</h2>"
},
{
"text": "Fraudulent behavior, as defined by you",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Fraudulent behavior, as defined by you</h2>"
},
{
"text": "Block fake accounts in minutes",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Block fake accounts in minutes</h2>"
},
{
"text": "Identify both bots and human attacks",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Identify both bots and human attacks</h2>"
},
{
"text": "Only allow signing up once",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Only allow signing up once</h2>"
},
{
"text": "Mitigate content abuse in minutes",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Mitigate content abuse in minutes</h2>"
},
{
"text": "Eliminate SMS verification abuse",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Eliminate SMS verification abuse</h2>"
},
{
"text": "Define account sharing your way",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Define account sharing your way</h2>"
},
{
"text": "Stop card testing before the transaction",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Stop card testing before the transaction</h2>"
},
{
"text": "Headless API protection",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Headless API protection</h2>"
},
{
"text": "Scale threat response with custom flows",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Scale threat response with custom flows</h2>"
},
{
"text": "A single API to detect, score, and act. Everywhere.",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">A single API to detect, score, and act. Everywhere.</h2>"
},
{
"text": "Create your free account today",
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Create your free account today</h2>"
}
],
"expected": [
{
"id": "what",
"label": "What is Castle – Stop bots and account abuse in minutes?",
"pattern": {}
},
{
"id": "how",
"label": "How does Castle – Stop bots and account abuse in minutes work?",
"pattern": {}
},
{
"id": "benefits",
"label": "Why use Castle – Stop bots and account abuse in minutes?",
"pattern": {}
},
{
"id": "cost",
"label": "Is Castle – Stop bots and account abuse in minutes free or paid?",
"pattern": {}
},
{
"id": "compare",
"label": "How does Castle – Stop bots and account abuse in minutes compare with alternatives?",
"pattern": {}
}
],
"missing": [
{
"id": "what",
"label": "What is Castle – Stop bots and account abuse in minutes?",
"pattern": {}
},
{
"id": "how",
"label": "How does Castle – Stop bots and account abuse in minutes work?",
"pattern": {}
},
{
"id": "compare",
"label": "How does Castle – Stop bots and account abuse in minutes compare with alternatives?",
"pattern": {}
}
],
"score": 70,
"weight": 8
}Agent Ease of UseAPIEmerging recommendation
AI context endpoint
AI context endpoint is informational for this page.
Informational
Agent Ease of UseAPIEmerging recommendation
AI context endpoint
AI context endpoint is informational for this page.
Needs attention
AI context endpoint
Issue
AI context endpoint is informational for this page.
Why it matters
A context endpoint gives agents a small, low-latency summary of product purpose, safe actions, and canonical machine-readable resources without scraping the whole site.
Check name
AI context endpoint
Score
100/100
Status
informational
Category
API
Maturity
Emerging recommendation
Goal
Expose a compact API context endpoint agents can fetch before deciding which public API or discovery resource to use.
Result
AI context endpoint is informational for this page.
Validation steps
Fetch to find resource
AI context endpoint was not found at the expected path.
Evidence
{
"steps": [
{
"id": "fetch",
"title": "Fetch to find resource",
"status": "informational",
"evidence": {
"checked": [
{
"path": "/api/ai/context",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/api/context",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/context",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
}
]
},
"issue": "AI context endpoint was not found at the expected path.",
"howToFix": "Publish a concise JSON or Markdown AI context endpoint describing the product, public actions, and machine-readable resources."
}
]
}Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration has an informational finding because the page appears to support authentication.
Informational
Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration has an informational finding because the page appears to support authentication.
Needs attention
Auth.md Agent Registration
Issue
auth.md response did not match the expected agent registration shape. Content-Type "text/html; charset=utf-8" is not Markdown or text/plain; missing registration instructions; missing /.well-known/oauth-protected-resource link; missing /.well-known/oauth-authorization-server link; missing supported identity type language; missing credential type language.
Why it matters
Agent registration metadata lets automated clients find the registration path, supported identity types, credential types, and related claim or revocation endpoints without scraping human docs.
Check name
Auth.md Agent Registration
Score
0/100
Status
informational
Category
Auth
Maturity
Emerging recommendation
Goal
Publish Auth.md and agent_auth metadata so agents can discover registration and credential requirements.
Result
Auth.md Agent Registration has an informational finding because the page appears to support authentication.
Validation steps
Fetch and validate /auth.md
auth.md response did not match the expected agent registration shape. Content-Type "text/html; charset=utf-8" is not Markdown or text/plain; missing registration instructions; missing /.well-known/oauth-protected-resource link; missing /.well-known/oauth-authorization-server link; missing supported identity type language; missing credential type language.
Publish protected resource metadata
The OAuth Protected Resource metadata endpoint did not return HTTP 2xx.
Validate agent_auth authorization metadata
OAuth authorization server metadata could not be fetched.
Evidence
{
"failedStep": "auth-md",
"steps": [
{
"id": "auth-md",
"title": "Fetch and validate /auth.md",
"status": "fail",
"evidence": {
"path": "/auth.md",
"ok": false,
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437,
"validation": {
"valid": false,
"issue": "auth.md response did not match the expected agent registration shape. Content-Type \"text/html; charset=utf-8\" is not Markdown or text/plain; missing registration instructions; missing /.well-known/oauth-protected-resource link; missing /.well-known/oauth-authorization-server link; missing supported identity type language; missing credential type language.",
"compatibleContentType": false,
"contentLength": 2533,
"hasRegisterInstructions": false,
"hasProtectedResourceLink": false,
"hasAuthorizationServerLink": false,
"mentionsIdentity": false,
"mentionsCredential": false,
"links": [
"/title",
"/style",
"/head",
"/h1",
"/p",
"https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125?utm_source=404page&utm_campaign=community_tracking\"",
"/a",
"/p",
"/div",
"/div"
],
"rawExcerpt": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: "
}
},
"issue": "auth.md response did not match the expected agent registration shape. Content-Type \"text/html; charset=utf-8\" is not Markdown or text/plain; missing registration instructions; missing /.well-known/oauth-protected-resource link; missing /.well-known/oauth-authorization-server link; missing supported identity type language; missing credential type language.",
"howToFix": "Serve /auth.md at the site root as Markdown with agent registration instructions and links to OAuth metadata."
},
{
"id": "oauth-protected-resource",
"title": "Publish protected resource metadata",
"status": "fail",
"evidence": {
"path": "/.well-known/oauth-protected-resource",
"ok": false,
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437,
"text": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: 6 11 16;\n }\n body {\n font-family: system-ui, -apple-system, BlinkMacSystemFont, \"Segoe UI\",\n Roboto, Helvetica, Arial, sans-serif, \"Apple Color Emoji\",\n \"Segoe UI Emoji\", \"Segoe UI Symbol\";\n background: white;\n overflow: hidden;\n margin: 0;\n padding: 0;\n line-height: 1.5;\n color: rgb(var(--colorText));\n }\n\n @media (prefers-color-scheme: dark) {\n body {\n background: rgb(var(--colorRgbFacetsNeutralDark900));\n }\n }\n\n h1 {\n margin: 0;\n font-size: 1.375rem;\n line-height: 1;\n }\n\n h1 + p {\n margin-top: 8px;\n }\n\n .main {\n position: relative;\n display: flex;\n flex-direction: column;\n align-items: center;\n justify-content: center;\n height: 100vh;\n width: 100vw;\n }\n\n .card {\n position: relative;\n width: 75%;\n max-width: 364px;\n padding: 24px;\n background: white;\n border-radius: 8px;\n box-shadow: var(--effectShadowLightShallow);\n border: 1px solid rgb(var(--colorGrayLighter));\n }\n\n a {\n margin: 0;\n font-weight: 600;\n color: rgb(var(--colorTealAction));\n text-decoration-skip-ink: all;\n text-decoration-thickness: 1px;\n text-underline-offset: 2px;\n text-decoration-color: rgb(var(--colorTealAction) / 0.5);\n transition: text-decoration-color 0.15s ease-in-out;\n }\n\n a:hover,\n a:focus-visible {\n text-decoration-color: rgb(var(--colorTealAction));\n }\n\n p:last-of-type {\n margin-bottom: 0;\n }\n\n hr {\n border: 0;\n height: 1px;\n background: rgb(var(--colorHr));\n margin-top: 16px;\n margin-bottom: 16px;\n }\n\n .your-site {\n font-size: 0.875rem;\n }\n </style>\n </head>\n <body>\n <div class=\"main\">\n <div class=\"card\">\n <h1>Page not found</h1>\n <p>\n Looks like you’ve followed a broken link or entered a URL that doesn’t\n exist on this site.\n </p>\n <hr />\n <p class=\"your-site\">\n If this is your site, and you weren’t expecting a 404 for this path,\n please visit Netlify’s\n <a\n href=\"https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125?utm_source=404page&utm_campaign=community_tracking\"\n >“page not found” support guide</a\n >\n for troubleshooting tips.\n </p>\n </div>\n </div>\n </body>\n</html>\n"
},
"issue": "The OAuth Protected Resource metadata endpoint did not return HTTP 2xx.",
"howToFix": "Publish /.well-known/oauth-protected-resource with resource and authorization_servers fields."
},
{
"id": "agent-auth-block",
"title": "Validate agent_auth authorization metadata",
"status": "fail",
"evidence": {
"valid": false,
"issue": "OAuth authorization server metadata could not be fetched.",
"fetch": {
"ok": false,
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437,
"text": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: 6 11 16;\n }\n body {\n font-family: system-ui, -apple-system, BlinkMacSystemFont, \"Segoe UI\",\n Roboto, Helvetica, Arial, sans-serif, \"Apple Color Emoji\",\n \"Segoe UI Emoji\", \"Segoe UI Symbol\";\n background: white;\n overflow: hidden;\n margin: 0;\n padding: 0;\n line-height: 1.5;\n color: rgb(var(--colorText));\n }\n\n @media (prefers-color-scheme: dark) {\n body {\n background: rgb(var(--colorRgbFacetsNeutralDark900));\n }\n }\n\n h1 {\n margin: 0;\n font-size: 1.375rem;\n line-height: 1;\n }\n\n h1 + p {\n margin-top: 8px;\n }\n\n .main {\n position: relative;\n display: flex;\n flex-direction: column;\n align-items: center;\n justify-content: center;\n height: 100vh;\n width: 100vw;\n }\n\n .card {\n position: relative;\n width: 75%;\n max-width: 364px;\n padding: 24px;\n background: white;\n border-radius: 8px;\n box-shadow: var(--effectShadowLightShallow);\n border: 1px solid rgb(var(--colorGrayLighter));\n }\n\n a {\n margin: 0;\n font-weight: 600;\n color: rgb(var(--colorTealAction));\n text-decoration-skip-ink: all;\n text-decoration-thickness: 1px;\n text-underline-offset: 2px;\n text-decoration-color: rgb(var(--colorTealAction) / 0.5);\n transition: text-decoration-color 0.15s ease-in-out;\n }\n\n a:hover,\n a:focus-visible {\n text-decoration-color: rgb(var(--colorTealAction));\n }\n\n p:last-of-type {\n margin-bottom: 0;\n }\n\n hr {\n border: 0;\n height: 1px;\n background: rgb(var(--colorHr));\n margin-top: 16px;\n margin-bottom: 16px;\n }\n\n .your-site {\n font-size: 0.875rem;\n }\n </style>\n </head>\n <body>\n <div class=\"main\">\n <div class=\"card\">\n <h1>Page not found</h1>\n <p>\n Looks like you’ve followed a broken link or entered a URL that doesn’t\n exist on this site.\n </p>\n <hr />\n <p class=\"your-site\">\n If this is your site, and you weren’t expecting a 404 for this path,\n please visit Netlify’s\n <a\n href=\"https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125?utm_source=404page&utm_campaign=community_tracking\"\n >“page not found” support guide</a\n >\n for troubleshooting tips.\n </p>\n </div>\n </div>\n </body>\n</html>\n"
}
},
"issue": "OAuth authorization server metadata could not be fetched.",
"howToFix": "Add agent_auth to /.well-known/oauth-authorization-server with register_uri, supported identity types, credential types, and claim or revocation URLs where applicable."
}
],
"authApplicability": {
"supportsAuth": true,
"score": 23,
"signals": [
{
"source": "field:type",
"weight": 5,
"match": "password input"
},
{
"source": "link:href",
"weight": 3,
"match": "auth link"
},
{
"source": "visible-text",
"weight": 3,
"match": "login"
},
{
"source": "visible-text",
"weight": 3,
"match": "sign in"
},
{
"source": "visible-text",
"weight": 3,
"match": "create account"
},
{
"source": "visible-text",
"weight": 3,
"match": "password"
},
{
"source": "visible-text",
"weight": 3,
"match": "sso"
}
]
},
"resourceFetchSucceeded": false
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Q&A and FAQ opportunities
GEO: Q&A and FAQ opportunities is informational for this page.
Informational
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Q&A and FAQ opportunities
GEO: Q&A and FAQ opportunities is informational for this page.
Needs attention
GEO: Q&A and FAQ opportunities
Issue
15 h2 heading(s) are not phrased as questions; this is optional and only useful where Q&A wording is natural. No visible FAQ or FAQPage schema was detected; this is optional unless the page answers common questions.
Details
Why it matters
Generative engines favor pages with self-contained answer passages, clear entities, structured data, summaries, FAQ patterns, and crawler-accessible HTML that can be cited without extra interpretation.
Check name
GEO: Q&A and FAQ opportunities
Score
75/100
Status
informational
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute.
Result
GEO: Q&A and FAQ opportunities is informational for this page.
Evidence
{
"h2Count": 15,
"questionH2s": 0,
"hasFaq": false,
"nonQuestionH2s": [
{
"index": 1,
"text": "Dual-layer fraud defense",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Dual-layer fraud defense</h2>"
},
{
"index": 2,
"text": "Everything you need to stop fraud & abuse",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Everything you need to stop fraud & abuse</h2>"
},
{
"index": 3,
"text": "Proactive threat hunting with user behavior analytics",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Proactive threat hunting with user behavior analytics</h2>"
},
{
"index": 4,
"text": "Fraudulent behavior, as defined by you",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Fraudulent behavior, as defined by you</h2>"
},
{
"index": 5,
"text": "Block fake accounts in minutes",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Block fake accounts in minutes</h2>"
},
{
"index": 6,
"text": "Identify both bots and human attacks",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Identify both bots and human attacks</h2>"
},
{
"index": 7,
"text": "Only allow signing up once",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Only allow signing up once</h2>"
},
{
"index": 8,
"text": "Mitigate content abuse in minutes",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Mitigate content abuse in minutes</h2>"
},
{
"index": 9,
"text": "Eliminate SMS verification abuse",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Eliminate SMS verification abuse</h2>"
},
{
"index": 10,
"text": "Define account sharing your way",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Define account sharing your way</h2>"
},
{
"index": 11,
"text": "Stop card testing before the transaction",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Stop card testing before the transaction</h2>"
},
{
"index": 12,
"text": "Headless API protection",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Headless API protection</h2>"
},
{
"index": 13,
"text": "Scale threat response with custom flows",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">Scale threat response with custom flows</h2>"
},
{
"index": 14,
"text": "A single API to detect, score, and act. Everywhere.",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-3xl md:text-4xl lg:text-5xl xl:text-6xl/16 tracking-[-0.04em]\">A single API to detect, score, and act. Everywhere.</h2>"
},
{
"index": 15,
"text": "Create your free account today",
"isQuestion": false,
"html": "<h2 class=\"font-semibold text-balance text-gray-12 text-2xl md:text-3xl lg:text-4xl xl:text-5xl/13\">Create your free account today</h2>"
}
],
"score": 75,
"weight": 4
}AI DiscoverabilityDiscoverabilityEstablished
IndexNow key
IndexNow key is informational for this page.
Informational
AI DiscoverabilityDiscoverabilityEstablished
IndexNow key
IndexNow key is informational for this page.
Needs attention
IndexNow key
Issue
IndexNow key is informational for this page.
Why it matters
IndexNow lets sites notify participating search engines about changed URLs, but ownership verification requires a UTF-8 key file whose filename matches the key.
Check name
IndexNow key
Score
100/100
Status
informational
Category
Discoverability
Maturity
Established
Goal
Verify that IndexNow ownership key placement is detectable when the site advertises it.
Result
IndexNow key is informational for this page.
Validation steps
Find advertised IndexNow key location
No IndexNow key location was advertised in HTML, Link headers, or robots.txt.
Fetch and validate IndexNow key file
No discoverable IndexNow key file was found.
Evidence
{
"steps": [
{
"id": "advertised-location",
"title": "Find advertised IndexNow key location",
"status": "informational",
"evidence": {
"advertised": []
},
"issue": "No IndexNow key location was advertised in HTML, Link headers, or robots.txt.",
"howToFix": "Advertise the key location with robots.txt IndexNow-Key, rel=\"indexnow-key\", or meta name=\"indexnow-key-location\" if you want scanners to verify it."
},
{
"id": "fetch-key",
"title": "Fetch and validate IndexNow key file",
"status": "informational",
"evidence": {
"advertised": [],
"checked": []
},
"issue": "No discoverable IndexNow key file was found.",
"howToFix": "Host a UTF-8 text file named {key}.txt using a 32-character hexadecimal key whose body exactly matches the key."
}
]
}Agent Ease of UseAuthEstablished
OAuth / OIDC discovery
OAuth / OIDC discovery has an informational finding because the page appears to support authentication.
Informational
Agent Ease of UseAuthEstablished
OAuth / OIDC discovery
OAuth / OIDC discovery has an informational finding because the page appears to support authentication.
Needs attention
OAuth / OIDC discovery
Issue
OAuth / OIDC discovery was not found at the expected path.
Why it matters
OAuth and OIDC discovery let agents find authorization, token, and key endpoints programmatically instead of relying on human documentation.
Check name
OAuth / OIDC discovery
Score
0/100
Status
informational
Category
Auth
Maturity
Established
Goal
Publish OAuth/OIDC discovery metadata so agents can authenticate with your APIs.
Result
OAuth / OIDC discovery has an informational finding because the page appears to support authentication.
Validation steps
Fetch to find resource
OAuth / OIDC discovery was not found at the expected path.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Fetch to find resource",
"status": "fail",
"evidence": {
"checked": [
{
"path": "/.well-known/openid-configuration",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
},
{
"path": "/.well-known/oauth-authorization-server",
"statusCode": 404,
"contentType": "text/html; charset=utf-8",
"length": 3437
}
]
},
"issue": "OAuth / OIDC discovery was not found at the expected path.",
"howToFix": "Publish valid OAuth/OIDC metadata only when the site actually supports OAuth/OIDC. Otherwise omit provider discovery and document any unauthenticated public APIs separately."
}
],
"authApplicability": {
"supportsAuth": true,
"score": 23,
"signals": [
{
"source": "field:type",
"weight": 5,
"match": "password input"
},
{
"source": "link:href",
"weight": 3,
"match": "auth link"
},
{
"source": "visible-text",
"weight": 3,
"match": "login"
},
{
"source": "visible-text",
"weight": 3,
"match": "sign in"
},
{
"source": "visible-text",
"weight": 3,
"match": "create account"
},
{
"source": "visible-text",
"weight": 3,
"match": "password"
},
{
"source": "visible-text",
"weight": 3,
"match": "sso"
}
]
},
"resourceFetchSucceeded": false
}Agent Ease of UseAuthEmerging recommendation
OAuth Protected Resource
OAuth Protected Resource has an informational finding because the page appears to support authentication.
Informational
Agent Ease of UseAuthEmerging recommendation
OAuth Protected Resource
OAuth Protected Resource has an informational finding because the page appears to support authentication.
Needs attention
OAuth Protected Resource
Issue
The OAuth Protected Resource metadata endpoint did not return HTTP 2xx.
Why it matters
Protected Resource metadata tells agents which authorization servers protect an API and how to connect authentication challenges to the right resource.
Check name
OAuth Protected Resource
Score
0/100
Status
informational
Category
Auth
Maturity
Emerging recommendation
Goal
Publish OAuth Protected Resource Metadata so agents can discover how to authenticate.
Result
OAuth Protected Resource has an informational finding because the page appears to support authentication.
Validation steps
Fetch protected resource metadata
The OAuth Protected Resource metadata endpoint did not return HTTP 2xx.
Validate protected resource metadata
Response is not valid JSON.
Validate protected resource identity
Protected resource metadata `resource` did not match the resource identifier used to retrieve it.
Probe protected API Bearer challenge
No protected route with a 401 Bearer challenge was detected; metadata alone does not prove a protected resource.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Fetch protected resource metadata",
"status": "fail",
"evidence": {
"path": "/.well-known/oauth-protected-resource",
"statusCode": 404,
"contentType": "text/html; charset=utf-8"
},
"issue": "The OAuth Protected Resource metadata endpoint did not return HTTP 2xx.",
"howToFix": "Publish /.well-known/oauth-protected-resource JSON."
},
{
"id": "metadata",
"title": "Validate protected resource metadata",
"status": "fail",
"evidence": {
"valid": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />\n <title>Page not found</title>\n <style>\n :root {\n --colorRgbFacetsTeal600: 2 128 125;\n --colorTealAction: var(--colorRgbFacetsTeal600);\n --colorRgbFacetsNeutralLight200: 233 235 237;\n --colorHr: var(--colorRgbFacetsNeutralLight200);\n --colorRgbFacetsNeutralLight700: 53 58 62;\n --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700);\n --colorGrayLighter: var(--colorRgbFacetsNeutralLight200);\n --colorText: var(--colorGrayDarkest);\n --effectShadowLightShallow: 0 1px 10px 0 rgb(53 58 62 / 6%),\n 0 2px 4px 0 rgb(53 58 62 / 8%);\n --colorRgbFacetsNeutralDark900: "
},
"issue": "Response is not valid JSON.",
"howToFix": "Publish resource and authorization_servers as absolute URLs."
},
{
"id": "resource-identity",
"title": "Validate protected resource identity",
"status": "fail",
"evidence": {
"expectedResource": "https://castle.io"
},
"issue": "Protected resource metadata `resource` did not match the resource identifier used to retrieve it.",
"howToFix": "Set `resource` to the origin/resource identifier represented by /.well-known/oauth-protected-resource."
},
{
"id": "protected-route-challenge",
"title": "Probe protected API Bearer challenge",
"status": "informational",
"evidence": {
"checked": [
{
"path": "/api/admin/scans",
"statusCode": 404,
"wwwAuthenticate": {
"valid": false,
"present": false
},
"expectedMetadataUrl": "https://castle.io/.well-known/oauth-protected-resource",
"metadataUrlMatches": true,
"resourceMatchesRequestContext": true
},
{
"path": "/api/admin/summary",
"statusCode": 404,
"wwwAuthenticate": {
"valid": false,
"present": false
},
"expectedMetadataUrl": "https://castle.io/.well-known/oauth-protected-resource",
"metadataUrlMatches": true,
"resourceMatchesRequestContext": true
},
{
"path": "/api/scans",
"statusCode": 404,
"wwwAuthenticate": {
"valid": false,
"present": false
},
"expectedMetadataUrl": "https://castle.io/.well-known/oauth-protected-resource",
"metadataUrlMatches": true,
"resourceMatchesRequestContext": true
}
]
},
"issue": "No protected route with a 401 Bearer challenge was detected; metadata alone does not prove a protected resource.",
"howToFix": "When this site exposes bearer-protected APIs, return 401 with WWW-Authenticate: Bearer and link resource_metadata."
}
],
"authApplicability": {
"supportsAuth": true,
"score": 23,
"signals": [
{
"source": "field:type",
"weight": 5,
"match": "password input"
},
{
"source": "link:href",
"weight": 3,
"match": "auth link"
},
{
"source": "visible-text",
"weight": 3,
"match": "login"
},
{
"source": "visible-text",
"weight": 3,
"match": "sign in"
},
{
"source": "visible-text",
"weight": 3,
"match": "create account"
},
{
"source": "visible-text",
"weight": 3,
"match": "password"
},
{
"source": "visible-text",
"weight": 3,
"match": "sso"
}
]
},
"resourceFetchSucceeded": false
}Performance and AccessibilityAccessibilityBrowser audit
`[aria-hidden="true"]` elements contain focusable descendents
100 Fail
Performance and AccessibilityAccessibilityBrowser audit
`[aria-hidden="true"]` elements contain focusable descendents
Check name
`[aria-hidden="true"]` elements contain focusable descendents
Score
0/100
Status
fail
Device
desktop
Category
Accessibility
Fix guidance
Focusable descendents within an `[aria-hidden="true"]` element prevent those interactive elements from being available to users of assistive technologies like screen readers. [Learn how `aria-hidden` affects focusable elements](https://dequeuniversity.com/rules/axe/4.11/aria-hidden-focus).
References
https://web.dev/learn/accessibility/Evidence
{
"description": "Focusable descendents within an `[aria-hidden=\"true\"]` element prevent those interactive elements from being available to users of assistive technologies like screen readers. [Learn how `aria-hidden` affects focusable elements](https://dequeuniversity.com/rules/axe/4.11/aria-hidden-focus)."
}Performance and AccessibilityPerformanceBrowser audit
Network dependency tree
25 Fail
Performance and AccessibilityPerformanceBrowser audit
Network dependency tree
Check name
Network dependency tree
Score
0/100
Status
fail
Device
desktop
Category
Performance
Fix guidance
[Avoid chaining critical requests](https://developer.chrome.com/docs/performance/insights/network-dependency-tree) by reducing the length of chains, reducing the download size of resources, or deferring the download of unnecessary resources to improve page load.
References
https://web.dev/learn/performance/Evidence
{
"description": "[Avoid chaining critical requests](https://developer.chrome.com/docs/performance/insights/network-dependency-tree) by reducing the length of chains, reducing the download size of resources, or deferring the download of unnecessary resources to improve page load."
}Performance and AccessibilityPerformanceBrowser audit
Render-blocking requests
25 Fail
Performance and AccessibilityPerformanceBrowser audit
Render-blocking requests
Check name
Render-blocking requests
Score
0/100
Status
fail
Device
desktop
Category
Performance
Estimated savings
Est savings of 330 ms
Fix guidance
Requests are blocking the page's initial render, which may delay LCP. [Deferring or inlining](https://developer.chrome.com/docs/performance/insights/render-blocking) can move these network requests out of the critical path.
References
https://web.dev/learn/performance/Evidence
{
"displayValue": "Est savings of 330 ms",
"description": "Requests are blocking the page's initial render, which may delay LCP. [Deferring or inlining](https://developer.chrome.com/docs/performance/insights/render-blocking) can move these network requests out of the critical path."
}Performance and AccessibilityPerformanceBrowser audit
Legacy JavaScript
13 Warning
Performance and AccessibilityPerformanceBrowser audit
Legacy JavaScript
Check name
Legacy JavaScript
Score
50/100
Status
warning
Device
desktop
Category
Performance
Estimated savings
Est savings of 19 KiB
Fix guidance
Polyfills and transforms enable older browsers to use new JavaScript features. However, many aren't necessary for modern browsers. Consider modifying your JavaScript build process to not transpile [Baseline](https://web.dev/articles/baseline-and-polyfills) features, unless you know you must support older browsers. [Learn why most sites can deploy ES6+ code without transpiling](https://developer.chrome.com/docs/performance/insights/legacy-javascript)
References
https://web.dev/learn/performance/Evidence
{
"displayValue": "Est savings of 19 KiB",
"description": "Polyfills and transforms enable older browsers to use new JavaScript features. However, many aren't necessary for modern browsers. Consider modifying your JavaScript build process to not transpile [Baseline](https://web.dev/articles/baseline-and-polyfills) features, unless you know you must support older browsers. [Learn why most sites can deploy ES6+ code without transpiling](https://developer.chrome.com/docs/performance/insights/legacy-javascript)"
}Performance and AccessibilityPerformanceBrowser audit
Use efficient cache lifetimes
13 Warning
Performance and AccessibilityPerformanceBrowser audit
Use efficient cache lifetimes
Check name
Use efficient cache lifetimes
Score
50/100
Status
warning
Device
desktop
Category
Performance
Estimated savings
Est savings of 255 KiB
Fix guidance
A long cache lifetime can speed up repeat visits to your page. [Learn more about caching](https://developer.chrome.com/docs/performance/insights/cache).
References
https://web.dev/learn/performance/Evidence
{
"displayValue": "Est savings of 255 KiB",
"description": "A long cache lifetime can speed up repeat visits to your page. [Learn more about caching](https://developer.chrome.com/docs/performance/insights/cache)."
}Fix with MCP or CLI
Use this report as the handoff into remediation. Generate a coding-agent prompt with the failing checks attached, or jump to the MCP and CLI setup docs before your next rescan.
Score history
Public scan score over time
Public reports for this website origin. Select any point or report link to open that canonical report.
| Scan date | Score | Readiness | Report |
|---|---|---|---|
| 68/100 | Level 3, Bot-Aware | Current report |