Find useful Link headers [fail]! No useful agent discovery Link headers were found.INFOFind useful Link headersINFOParse response Link header linkCount=0FAILCompare registered agent-useful relation count actual=0 expected="> 0"FAILCompare community relation count actual=0 expected="accepted as weaker evidence"FAILNo useful agent discovery Link headers were found.Fetch same-origin Link header targets [fail]! Link headers did not expose any same-origin targets to validate.INFOFetch same-origin Link header targetsINFOFetch same-origin Link header targets and record external skipsFAILCompare same-origin Link target failures actual=1 expected=0FAILLink headers did not expose any same-origin targets to validate.

Check API catalog HEAD Link header [warning]! HEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog".INFOCheck API catalog HEAD Link headerINFOSend HEAD request to API catalog path attempted=true statusCode=200 contentType="text/html; charset=utf-8"WARNCompare HEAD Link rel=api-catalog count actual=0 expected="> 0"WARNHEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog". status="warning"Validate API catalog media type [fail]! Content-Type "text/html; charset=utf-8" is not valid for an RFC 9727 API catalog.INFOValidate API catalog media typeFAILCompare API catalog media type actual="text/html; charset=utf-8" expected="application/linkset+json"FAILCompare JSON compatibility fallback actual=false expected=trueFAILContent-Type "text/html; charset=utf-8" is not valid for an RFC 9727 API catalog.Validate Linkset shape [fail]! Unexpected token '<', "
<!DOCTYPE "... is not valid JSONINFOValidate Linkset shapeFAILCompare Linkset JSON parse result actual=false expected=trueFAILCompare top-level linkset item count actual=0 expected="> 0"FAILCompare extracted href target count actual=0 expected="> 0"FAILLinkset shape issue issue="Unexpected token '<', \"\n<!DOCTYPE \"... is not valid JSON"FAILLinkset JSON parse error error="Unexpected token '<', \"\n<!DOCTYPE \"... is not valid JSON"FAILUnexpected token '<', "
<!DOCTYPE "... is not valid JSONClassify API catalog relations [fail]! API catalog did not include API endpoint links or useful API discovery relations.INFOClassify API catalog relationsINFOClassify API catalog relation types relations=[] summary={"registered":[],"metadata":[],"adjacent":[],"community":[],"legacy":[],"unknown":[]}FAILCompare registered or metadata API relation count actual=0 expected="> 0"FAILAPI catalog did not include API endpoint links or useful API discovery relations.Validate API catalog targets [fail]! API catalog did not expose any href targets to validate.INFOValidate API catalog targetsINFOFetch same-origin API catalog targets and record same-site/external skipsFAILCompare API catalog target failure count actual=0 expected=0FAILAPI catalog did not expose any href targets to validate.

Validate server-card shape [fail]! MCP Server Card response is not valid JSON.INFOValidate server-card shape profile="unknown-json"FAILCheck response body parsed as JSON actual=false expected=trueFAILCheck Content-Type is JSON-compatible actual=false expected=trueFAILCheck recognized MCP server-card profile actual="unknown-json" expected="sep-2127-draft"PASSCheck required card fields are present actual=0 expected=0 missing=[]PASSCheck MCP server-card uses the current remotes[] profile without legacy compatibility warnings actual="no compatibility warnings" expected="current sep-2127-draft card shape with no legacy compatibility warnings" warnings=[]FAILMCP server-card shape validation failed reason="MCP Server Card response is not valid JSON."Validate MCP remotes [fail]! No usable MCP remote transport was declared.INFOValidate MCP remotes remoteCount=0FAILCheck at least one MCP remote is declared actual=0 expected="> 0"PASSCheck invalid remote count actual=0 expected=0 invalidRemotes=[]PASSCheck same-origin remote coverage actual=0 expected=0FAILMCP remote validation failed reason="No usable MCP remote transport was declared."Validate HTTP delivery [fail]! Content-Type "text/html; charset=utf-8" is not JSON.INFOValidate HTTP delivery finalUrl="https://fonts.bunny.net/.well-known/mcp-server-card"PASSCheck server card returned HTTP 2xx actual=200 expected="200-299"FAILCheck card is served as JSON actual="text/html; charset=utf-8" expected="application/json or +json"PASSCheck card is served over HTTPS actual="https:" expected="https:"PASSCheck browser-readable CORS header actual="*" expected="Access-Control-Allow-Origin present"PASSCheck cache header is present actual="public, max-age=2592000" expected="Cache-Control present"FAILMCP server-card HTTP delivery failed issues=["Content-Type \"text/html; charset=utf-8\" is not JSON."] reason="Content-Type \"text/html; charset=utf-8\" is not JSON."Probe same-origin MCP endpoint [warning]! No MCP remote endpoint could be probed.INFOProbe same-origin MCP endpoint probeCount=0INFOSelecting same-origin unauthenticated MCP remotes for a bounded initialize probeWARNCheck successful initialize probe count actual=0 expected="> 0 when a safe same-origin unauthenticated remote exists" activeProbeCount=0 authBlocked=0WARNMCP endpoint probe could not fully confirm operability reason="No MCP remote endpoint could be probed."

Parse OpenAPI document [fail]! OpenAPI candidate was not parseable as JSON or YAML-like OpenAPI.INFOParse OpenAPI document status="fail"INFOParse selected document as JSON first, then YAML-like OpenAPI parsed=false format="unknown" versionFamily="missing"FAILCheck parse result actual="not parseable" expected="parseable OpenAPI 3.x or Swagger 2.0 document" compatibleContentType=falseFAILOpenAPI candidate was not parseable as JSON or YAML-like OpenAPI.Validate OpenAPI shape [fail]! Response is not valid JSON and does not match baseline OpenAPI YAML shape.INFOValidate OpenAPI shape status="fail"INFOValidate required OpenAPI shape versionFamily="missing" pathCount=0 webhookCount=0 operationCount=0PASSCheck operations define responses actual=0 expected="every operation should define responses"FAILCheck info metadata actual={"hasInfoTitle":false,"hasInfoVersion":false} expected="info.title and info.version present"FAILOpenAPI shape issue issue="Response is not valid JSON and does not match baseline OpenAPI YAML shape."FAILResponse is not valid JSON and does not match baseline OpenAPI YAML shape.Check machine-usable details [fail]INFOCheck machine-usable details status="fail"INFOInspect machine-usable operation details hasServers=false hasSecuritySchemes=false hasExplicitNoAuth=false requestBodyOperationCount=0 parameterOperationCount=0 responseSchemaOperationCount=0 operationIdCount=0 taggedOperationCount=0 exampleOperationCount=0PASSCheck OpenAPI operations include enough detail for agents to call them safely actual="no machine-usability warnings" expected="servers, auth/no-auth signals, operationIds, parameters, request bodies, responses, tags, and examples where relevant"FAILOpenAPI discovery validation failed.

Detect WebMCP runtime API [informational]INFODetect WebMCP runtime API status="informational"INFOProbe rendered browser for WebMCP runtime objects SKIPCheck current W3C runtime API actual="not detected" expected="document.modelContext/registerTool available"INFOWebMCP evidence was recorded for context. status="informational"Probe WebMCP operability [warning]! No WebMCP surface was found to probe.INFOProbe WebMCP operability status="warning"INFORun safe WebMCP operability checks safeProbeOnly=trueWARNCheck usable WebMCP evidence actual=0 expected="at least 1 usable runtime, declarative, annotation, or static manifest signal"WARNWebMCP operability warning warning="No WebMCP surface was found to probe."WARNWebMCP operability warning warning="Conventional WebMCP manifest paths were checked but did not return a valid manifest."WARNNo WebMCP surface was found to probe.Validate declarative WebMCP form tools [informational]! No W3C-style declarative WebMCP form attributes were found.INFOValidate declarative WebMCP form tools status="informational"INFOInspect visible forms and controls for current declarative WebMCP attributes annotatedElements=0 formsWithAttributes=0 controlsWithAttributes=0SKIPValidate declarative WebMCP attribute quality actual=0 expected=0INFONo W3C-style declarative WebMCP form attributes were found. status="informational"Validate MCP-aware HTML annotations [informational]! No data-mcp-tool or hyphenated WebMCP compatibility annotations were found.INFOValidate MCP-aware HTML annotations status="informational"INFOInspect HTML for MCP compatibility annotations compatibilityAttributeCount=0 dataMcpToolCount=0 examples=[]SKIPValidate compatibility annotation quality actual=0 expected=0INFONo data-mcp-tool or hyphenated WebMCP compatibility annotations were found. status="informational"Validate static WebMCP JSON compatibility [warning]! No static WebMCP JSON manifest or WMCP interaction graph was found.INFOValidate static WebMCP JSON compatibility status="warning"INFODiscover static WebMCP manifest candidates conventionalPaths=["/.well-known/webmcp.json","/webmcp.json"] checkedCount=2 profileCounts={}INFOWebMCP manifest candidate checked source="path" path="/.well-known/webmcp.json" url="https://fonts.bunny.net/.well-known/webmcp.json" statusCode=404 contentType=nullINFOWebMCP manifest candidate checked source="path" path="/webmcp.json" url="https://fonts.bunny.net/webmcp.json" statusCode=404 contentType=nullWARNValidate discovered static WebMCP metadata actual={"validManifestCount":0,"invalidManifestCount":0,"toolCount":0,"wmcpActionCount":0} expected="at least 1 valid tools[] manifest or WMCP graph when static metadata is present"WARNNo static WebMCP JSON manifest or WMCP interaction graph was found.Validate WebMCP tool metadata quality [informational]INFOValidate WebMCP tool metadata quality status="informational"INFOInspect WebMCP tool names, descriptions, schemas, and safety hints toolCount=0SKIPCheck tool metadata findings actual={"issueCount":0,"warningCount":0} expected="0 issues and 0 warnings"INFOWebMCP evidence was recorded for context. status="informational"Review WebMCP security and policy signals [informational]INFOReview WebMCP security and policy signals status="informational"INFOInspect WebMCP security and policy signals permissionsPolicy="(missing)" failureCount=0 warningCount=0PASSCheck security findings actual={"failures":0,"warnings":0} expected="0 failures and 0 warnings"INFOWebMCP evidence was recorded for context. status="informational"

Validate metadata shape [fail]! Response is not valid JSON.INFOValidate metadata shapeINFOParsing and validating RFC 9728 protected-resource metadata valid=false compatibleContentType=false issue="Response is not valid JSON." warningsCount=0 resourceIssuesCount=0 authorizationServersCount=0 authorizationServerIssuesCount=0 scopesSupportedCount=0 bearerMethodsSupportedCount=0 optionalFieldIssuesCount=0FAILCheck metadata resource field is present actual="missing" expected="absolute protected resource identifier"PASSCheck required metadata field failures actual=0 expected=0 missing=[]PASSCheck protected-resource metadata is browser-readable and complete for OAuth clients actual="no client-usage warnings" expected="no CORS, authorization-server, or compatibility warnings" warnings=[]FAILValidate metadata shape failed issue="Response is not valid JSON."Validate resource identity [fail]! Protected resource metadata `resource` did not match the resource identifier used to retrieve it.INFOValidate resource identityINFOComparing metadata resource identifier with the candidate resource expectedResource="https://fonts.bunny.net" candidatePresent=trueFAILCheck protected resource identity matches expected="https://fonts.bunny.net"FAILValidate resource identity failed issue="Protected resource metadata `resource` did not match the resource identifier used to retrieve it."Validate authorization servers [warning]! authorization_servers is omitted; this is allowed by base RFC 9728 but limits authorization server discovery.INFOValidate authorization serversINFOValidating advertised authorization server issuer URLs authorizationServerCount=0PASSCheck authorization server count actual=0 expected="> 0 when required"PASSCheck authorization server URL issue count actual=0 expected=0 issues=[]WARNValidate authorization servers completed with warnings issue="authorization_servers is omitted; this is allowed by base RFC 9728 but limits authorization server discovery."Validate protected resource challenge [warning]! No protected route with a 401 resource_metadata challenge was detected; metadata shape is valid but route linkage was not proven.INFOValidate protected resource challengeINFOProbing protected routes for WWW-Authenticate resource_metadata linkage checkedCount=4INFOChecked protected route challenge url="https://fonts.bunny.net/api/scans" statusCode=200 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://fonts.bunny.net/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://fonts.bunny.net" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://fonts.bunny.net/api/admin/scans" statusCode=200 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://fonts.bunny.net/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://fonts.bunny.net" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://fonts.bunny.net/api/admin/summary" statusCode=200 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://fonts.bunny.net/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://fonts.bunny.net" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://fonts.bunny.net/mcp" statusCode=200 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://fonts.bunny.net/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://fonts.bunny.net" resourceMatches=true scopePresent=falseWARNCheck challenge includes resource_metadata linkage actual=4 expected="> 0 matching protected route challenges"WARNValidate protected resource challenge completed with warnings issue="No protected route with a 401 resource_metadata challenge was detected; metadata shape is valid but route linkage was not proven."

Fetch UCP profile [fail]! UCP profile content type "text/html; charset=utf-8" is not JSON-compatible.INFOFetch UCP profile status="fail"INFOFetch /.well-known/ucp statusCode=200 contentType="text/html; charset=utf-8" error="Unexpected token '<', \"\n<!DOCTYPE \"... is not valid JSON"FAILCheck UCP profile availability actual=true expected=trueFAILCheck JSON-compatible profile response actual=false expected=true jsonCompatible=false parsed=falseFAILUCP profile content type "text/html; charset=utf-8" is not JSON-compatible.Validate UCP profile shape [fail]! UCP profile could not be parsed.INFOValidate UCP profile shape status="fail"INFOValidate top-level ucp object, version, services, payment handlers, and supported versionsFAILCheck top-level ucp object actual=false expected=trueFAILCheck production-friendly version actual=false expected=true stableVersion=false draftVersion=falseFAILCheck required UCP sections actual={"services":false,"paymentHandlers":false,"supportedVersionCount":0} expected="services, payment_handlers, and supported versions"FAILUCP profile could not be parsed.

Validate metadata profile [fail]! Response is not valid JSON.INFOValidate metadata profileINFOParsing and validating OAuth/OIDC metadata profile valid=false compatibleContentType=false profile="unknown" issue="Response is not valid JSON." missingCount=0 warningsCount=0 endpointIssuesCount=0 responseTypesSupportedCount=0 grantTypesSupportedCount=0 inferredGrantTypes=falsePASSCheck metadata profile was recognized actual="unknown" expected="oauth-authorization-server, oidc, or hybrid"PASSCheck required metadata fields are present actual=0 expected=0 missing=[]PASSCheck OAuth metadata is fully usable by browser and agent clients actual="no client-usage warnings" expected="no CORS, endpoint, or compatibility warnings" warnings=[]FAILValidate metadata profile failed issue="Response is not valid JSON."

Fetch root llms.txt [fail]! /llms.txt was not found or could not be fetched.INFOFetch root llms.txt path="/llms.txt"INFOTrying to fetch /llms.txt url="https://fonts.bunny.net/llms.txt"FAIL/llms.txt was not found or could not be fetched statusCode=404FAILFetch root llms.txt failed reason="/llms.txt is required for this check."Inspect optional llms-full.txt [informational]INFOInspect optional llms-full.txtINFOTrying to fetch /llms-full.txt url="https://fonts.bunny.net/llms-full.txt"SKIP/llms-full.txt is not present statusCode=404

Organization entity [fail]! No Organization or Organization subtype was found in Schema.org structured data.INFOOrganization entityINFOLooking for Organization or Organization subtype in structured data observedTypes=[]FAILCheck Organization entity presence actual=false expected=true fields=[{"name":"Organization.@type","present":false},{"name":"Organization.@id","present":false},{"name":"Organization.name","present":false},{"name":"Organization.url","present":false},{"name":"Organization.logo","present":false},{"name":"Organization.sameAs","present":false}]FAILOrganization entity is missingWebSite entity [fail]! No WebSite entity was found in Schema.org structured data.INFOWebSite entityINFOLooking for WebSite entity in structured data FAILCheck WebSite entity presence actual=false expected=true fields=[{"name":"WebSite.@type","present":false},{"name":"WebSite.@id","present":false},{"name":"WebSite.name","present":false},{"name":"WebSite.url","present":false},{"name":"WebSite.publisher.@id","present":false},{"name":"WebSite.publisher.name","present":false},{"name":"WebSite.publisher.url","present":false}]FAILWebSite entity is missingIdentity fields [fail]! Missing identity field(s): Organization.name, Organization.url, WebSite.name, WebSite.url.INFOIdentity fieldsINFOChecking Organization and WebSite name/url fields FAILCheck required identity fields actual=0 expected=4 missing=["Organization.name","Organization.url","WebSite.name","WebSite.url"] organizationFields=[{"name":"Organization.@type","present":false},{"name":"Organization.@id","present":false},{"name":"Organization.name","present":false},{"name":"Organization.url","present":false},{"name":"Organization.logo","present":false},{"name":"Organization.sameAs","present":false}] websiteFields=[{"name":"WebSite.@type","present":false},{"name":"WebSite.@id","present":false},{"name":"WebSite.name","present":false},{"name":"WebSite.url","present":false},{"name":"WebSite.publisher.@id","present":false},{"name":"WebSite.publisher.name","present":false},{"name":"WebSite.publisher.url","present":false}]WARNCheck identity URLs match scanned origin actual={"organizationUrlMatchesOrigin":false,"websiteUrlMatchesOrigin":false} expected={"organizationUrlMatchesOrigin":true,"websiteUrlMatchesOrigin":true}FAILIdentity fields are missing missing=["Organization.name","Organization.url","WebSite.name","WebSite.url"]WebSite publisher linkage [fail]! WebSite.publisher is missing.INFOWebSite publisher linkageINFOChecking whether WebSite.publisher points to the Organization entity FAILCheck publisher presence actual=false expected=true publisher={"present":false,"matchesOrganization":false} website={} organization={}FAILCheck publisher matches Organization actual=false expected=trueFAILWebSite publisher is missingOrganization trust fields [fail]! Organization schema is missing logo and sameAs or public contact evidence.INFOOrganization trust fieldsINFOChecking logo, sameAs, and public contact evidence FAILCheck logo presence actual=false expected=true fields=[{"name":"Organization.logo","present":false},{"name":"Organization.sameAs","present":false},{"name":"Organization.contactPoint","present":false},{"name":"Organization.telephone","present":false},{"name":"Organization.email","present":false},{"name":"Organization.address","present":false}]FAILCheck sameAs or contact evidence actual=0 expected=">= 1" sameAsCount=0 contactSignalCount=0 fields=[{"name":"Organization.logo","present":false},{"name":"Organization.sameAs","present":false},{"name":"Organization.contactPoint","present":false},{"name":"Organization.telephone","present":false},{"name":"Organization.email","present":false},{"name":"Organization.address","present":false}]FAILOrganization trust fields are missing

Recognized structured data format [fail]! No JSON-LD, Microdata, or RDFa structured data was found.INFORecognized structured data formatINFODetecting JSON-LD, Microdata, and RDFa in the page HTMLFAILCheck recognized structured-data formats found actual=0 expected="> 0" formatsFound=[]FAILNo recognized structured-data format found

Markdown representation [fail]! No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks.INFOMarkdown representationFAILCheck usable Markdown representation was selected actual={"source":"negotiated","url":"https://fonts.bunny.net/","statusCode":200,"contentType":"text/html; charset=utf-8","mediaType":"text/html","vary":"Accept-Encoding","requireVaryAccept":true,"contentTypeStatus":"fail","cacheStatus":"fail","bodyStatus":"fail","pass":false,"quality":{"valid":false,"formatStatus":"fail","dialect":"html-heavy","hasHeading":false,"headingCount":0,"wordCount":3667,"features":{"markdownLinks":0,"referenceLinks":0,"listItems":0,"tables":0,"taskListItems":0,"fencedCodeBlocks":0,"yamlFrontmatter":false,"jsonLdFencedBlocks":0,"admonitions":0,"strikethrough":0,"autolinks":0,"rawHtmlTags":304,"jsxOrMdxSignals":0},"issues":["missing-heading","raw-html-heavy","plain-text-like"],"excerpt":"<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"utf-8\" />\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no\" />\n    <base href=\"/\" />\n    \n    <link rel=\"shortcut icon\"","issue":"Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."}} expected="negotiated, advertised alternate, or conventional mirror" selected={"source":"negotiated","url":"https://fonts.bunny.net/","statusCode":200,"contentType":"text/html; charset=utf-8","mediaType":"text/html","vary":"Accept-Encoding","requireVaryAccept":true,"contentTypeStatus":"fail","cacheStatus":"fail","bodyStatus":"fail","pass":false,"quality":{"valid":false,"formatStatus":"fail","dialect":"html-heavy","hasHeading":false,"headingCount":0,"wordCount":3667,"features":{"markdownLinks":0,"referenceLinks":0,"listItems":0,"tables":0,"taskListItems":0,"fencedCodeBlocks":0,"yamlFrontmatter":false,"jsonLdFencedBlocks":0,"admonitions":0,"strikethrough":0,"autolinks":0,"rawHtmlTags":304,"jsxOrMdxSignals":0},"issues":["missing-heading","raw-html-heavy","plain-text-like"],"excerpt":"<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"utf-8\" />\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no\" />\n    <base href=\"/\" />\n    \n    <link rel=\"shortcut icon\"","issue":"Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."}} candidatesChecked=2FAILMarkdown representation failed issue="No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks."Same-URL negotiation [fail]! Same-URL Accept: text/markdown did not return a valid Markdown representation.INFOSame-URL negotiationFAILCheck negotiated Markdown response actual={"statusCode":200,"mediaType":"text/html","vary":"Accept-Encoding"} expected="HTTP 2xx text/markdown with Vary: Accept" url="https://fonts.bunny.net/" statusCode=200 mediaType="text/html" vary="Accept-Encoding"FAILSame-URL negotiation failed issue="Same-URL Accept: text/markdown did not return a valid Markdown representation."Markdown format validation [fail]! Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation.INFOMarkdown format validationFAILCheck Markdown body quality actual={"valid":false,"wordCount":3667,"headingCount":0,"dialect":"html-heavy"} expected="valid Markdown with substantive text and headings" valid=false dialect="html-heavy" wordCount=3667 headingCount=0FAILMarkdown format validation failed issue="Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."Advertised Markdown alternate [warning]! No Link or HTML rel=alternate text/markdown URL was advertised.INFOAdvertised Markdown alternateWARNCheck advertised Markdown alternate candidates actual=0 expected="> 0 when HTML advertises a Markdown alternate" advertisedUrls=[] candidateCount=0WARNAdvertised Markdown alternate has a warning issue="No Link or HTML rel=alternate text/markdown URL was advertised."Conventional .md mirror [fail]! Conventional .md mirror candidates did not return valid Markdown.INFOConventional .md mirrorFAILCheck conventional Markdown mirror candidates actual=1 expected="> 0 when a conventional mirror is discoverable" conventionalUrls=["https://fonts.bunny.net/index.html.md"] candidateCount=1FAILConventional .md mirror failed issue="Conventional .md mirror candidates did not return valid Markdown."

Probe x402 runtime response [fail]! x402 candidate routes were found, but none returned HTTP 402 before payment.INFOProbe x402 runtime response status="fail"INFOProbe candidate GET routes without sending payment credentials checkedCount=1INFOProbe x402 candidate route path="/" source="well-known" statusCode=200 contentType="text/html; charset=utf-8" finalUrl="https://fonts.bunny.net/" headers={} textSample=" <!DOCTYPE html> <html lang=\"en\"> <head> <meta charset=\"utf-8\" /> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no\" /> <bas"FAILCheck pre-payment runtime response actual="none" expected=402 best={}FAILx402 candidate routes were found, but none returned HTTP 402 before payment.Validate x402 V2 headers [warning]! No x402 runtime response was available for header validation.INFOValidate x402 V2 headers status="warning"INFOInspect payment headers on the best HTTP 402 response observedHeaders={}WARNCheck PAYMENT-REQUIRED header actual=false expected=true hasLegacyOnly=falseWARNCheck legacy-only x402 header usage actual=false expected=falseWARNNo x402 runtime response was available for header validation.Validate x402 payment requirement payload [warning]! No x402 runtime response was available for payload validation.INFOValidate x402 payment requirement payload status="warning"INFODecode PAYMENT-REQUIRED as Base64 JSON and inspect accepted payment optionsWARNCheck PAYMENT-REQUIRED decoding actual={} expected={"decoded":true,"parsed":true}WARNCheck x402 payment option shape actual={} expected="x402Version 2 with accepted options containing payee and amount"INFOSummarize decoded payment requirement WARNNo x402 runtime response was available for payload validation.Compare x402 metadata consistency [warning]! x402 metadata was found, but no probed candidate returned HTTP 402.INFOCompare x402 metadata consistency status="warning"INFOCompare metadata-declared payable routes with observed runtime 402 behavior openApiSignals=[] wellKnown={"found":true,"statusCode":200,"contentType":"text/html; charset=utf-8","markers":[],"candidateCount":1} runtime402=falseWARNCheck runtime 402 evidence against metadata actual={"openApiSignals":[],"wellKnown":{"found":true,"statusCode":200,"contentType":"text/html; charset=utf-8","markers":[],"candidateCount":1},"runtime402":false} expected="metadata and runtime agree on payable resources"WARNx402 metadata was found, but no probed candidate returned HTTP 402.

Page landmarks [fail]! Expected exactly one visible main landmark; found 0.INFOPage landmarksFAILCheck page landmarks evidence actual={"counts":{"main":0,"roleMain":0,"nav":1,"roleNavigation":0,"header":0,"roleBanner":0,"footer":1,"pageFooter":1,"roleContentinfo":0},"main":false} expected="semantic HTML evidence for this step"FAILPage landmarks failed issue="Expected exactly one visible main landmark; found 0."Heading structure [fail]! Expected one meaningful visible h1; found 0.INFOHeading structureFAILCheck heading structure evidence actual={"counts":{"h1":0,"visibleH1":0,"headings":2,"emptyHeadings":3},"meaningfulH1":false} expected="semantic HTML evidence for this step"FAILHeading structure failed issue="Expected one meaningful visible h1; found 0."Links [fail]! 2 links are missing accessible names.INFOLinksFAILCheck links evidence actual={"counts":{"links":49,"inaccessibleLinks":2,"nonCrawlableLinks":41,"genericLinks":0},"accessibleLinks":false} expected="semantic HTML evidence for this step"FAILLinks failed issue="2 links are missing accessible names."Buttons and interactive controls [fail]! 4 button controls are missing accessible names.INFOButtons and interactive controlsFAILCheck buttons and interactive controls evidence actual={"counts":{"buttons":15,"inaccessibleButtons":4},"accessibleButtons":false} expected="links, buttons, and form controls expose accessible names"FAILButtons and interactive controls failed issue="4 button controls are missing accessible names."Form labels and autocomplete [fail]! 3 user-fillable form controls are missing labels.INFOForm labels and autocompleteFAILCheck form labels and autocomplete evidence actual={"counts":{"formControls":3,"unlabeledFormControls":3,"autocompleteInputs":0,"inputsWithAutocomplete":0,"missingAutocompleteInputs":0},"formLabelCoverage":false} expected="semantic HTML evidence for this step"FAILForm labels and autocomplete failed issue="3 user-fillable form controls are missing labels."Image text alternatives [warning]! 1 image alt text issues were found.INFOImage text alternativesWARNCheck image text alternatives evidence actual={"counts":{"images":2,"imagesWithAlt":2,"imageAltIssues":1},"imageAltCoverage":true} expected="semantic HTML evidence for this step"WARNImage text alternatives has a warning issue="1 image alt text issues were found."

Classify AI crawler rules [fail]! No explicit User-agent rules were found for major AI crawler tokens.INFOClassify AI crawler rulesINFOParsing User-agent groups and Allow/Disallow records for known AI crawler tokens evaluatedPath="/"INFOEvaluating exact User-agent matches before wildcard fallback exactAiPolicyCount=0 totalCrawlerTokens=18FAILNo explicit AI crawler User-agent groups were found examplesExpected=["GPTBot","OAI-SearchBot","ClaudeBot","Google-Extended","CCBot"]FAILCompare explicit AI crawler coverage actual=0 expected="> 0 explicit non-search AI crawler policies" missingTokens=["GPTBot","OAI-SearchBot","ChatGPT-User","ClaudeBot","Claude-SearchBot","Claude-User","Google-Extended","Applebot-Extended","Amazonbot","Amzn-SearchBot","Amzn-User","PerplexityBot"]INFOResolved effective root-path policy for crawler tokens blocked=0 allowed=21 unspecified=0

Find Referrer-Policy header [fail]! Referrer-Policy header is missing.INFOFind Referrer-Policy headerINFORead Referrer-Policy delivery header="referrer-policy" value="missing" metaReferrerPolicyCount=0 browserDefault="strict-origin-when-cross-origin"FAILRequire explicit HTTP Referrer-Policy header actual="missing" expected="HTTP response header present" issue="Referrer-Policy header is missing."FAILReferrer-Policy header is missing.Review observed browser responses [warning]! One or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy.INFOReview observed browser responsesINFOSample Chrome-observed same-origin responses observedResponseCount=14 sameOriginCount=12 htmlDocumentCount=1WARNCompare observed Referrer-Policy coverage actual={"missingPolicyCount":1,"unsafeOrInvalidPolicyCount":0,"weakPolicyCount":0,"affected":[{"url":"https://fonts.bunny.net/","status":200,"resourceType":"document","contentType":"text/html; charset=utf-8","referrerPolicy":null,"classification":"invalid"}]} expected="0 missing, unsafe, invalid, or weak same-origin HTML responses" issue="One or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy."WARNOne or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy.

Discover A2A Agent Card [warning]! No A2A Agent Card was found at the current, legacy, or fallback discovery paths.INFODiscover A2A Agent CardINFOTry A2A discovery paths in priority order paths=["/.well-known/agent-card.json","/.well-known/agent.json","/agent-card.json","/.well-known/a2a/agent-card.json"]WARNA2A candidate path did not return a usable card path="/.well-known/agent-card.json" statusCode=404 contentType=nullWARNA2A candidate path did not return a usable card path="/.well-known/agent.json" statusCode=404 contentType=nullWARNA2A candidate path did not return a usable card path="/agent-card.json" statusCode=404 contentType=nullWARNA2A candidate path did not return a usable card path="/.well-known/a2a/agent-card.json" statusCode=404 contentType=nullWARNNo A2A Agent Card candidate was selectedWARNNo A2A Agent Card was found at the current, legacy, or fallback discovery paths.

Discover Agent Skills index [warning]! No Agent Skills discovery index was found at the canonical or legacy path.INFODiscover Agent Skills indexINFOTry Agent Skills index paths in priority order paths=["/.well-known/agent-skills/index.json","/.well-known/skills/index.json"]WARNAgent Skills index candidate was not usable path="/.well-known/agent-skills/index.json" url="https://fonts.bunny.net/.well-known/agent-skills/index.json" statusCode=404WARNAgent Skills index candidate was not usable path="/.well-known/skills/index.json" url="https://fonts.bunny.net/.well-known/skills/index.json" statusCode=404WARNNo Agent Skills discovery index was found at the canonical or legacy path.

Discover agents.json [warning]! No Wildcard-style agents.json file was found.INFODiscover agents.jsonINFOTry agents.json discovery paths in priority order paths=["/.well-known/agents.json","/agents.json"]WARNagents.json candidate path did not return a usable contract path="/.well-known/agents.json" statusCode=404 contentType=nullWARNagents.json candidate path did not return a usable contract path="/agents.json" statusCode=404 contentType=nullWARNNo agents.json candidate was selectedWARNNo Wildcard-style agents.json file was found.

Query DNS-AID records [warning]! No DNS-AID HTTPS/SVCB records were found under _agents.INFOQuery DNS-AID recordsINFOBuild DNS-AID query names from hostname hostname="fonts.bunny.net" labels=["_index._agents.fonts.bunny.net","_a2a._agents.fonts.bunny.net"] claimedOnPage=falseWARNDNS query returned no DNS-AID answers name="_index._agents.fonts.bunny.net" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.fonts.bunny.net" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.fonts.bunny.net" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _index._agents.fonts.bunny.net"WARNDNS query returned no DNS-AID answers name="_a2a._agents.fonts.bunny.net" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.fonts.bunny.net" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.fonts.bunny.net" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _a2a._agents.fonts.bunny.net"WARNCompare total DNS-AID answer count actual=0 expected="> 0"WARNNo DNS-AID HTTPS/SVCB records were found under _agents.Check DNSSEC authentication evidence [warning]! DNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.INFOCheck DNSSEC authentication evidenceWARNCompare DNSSEC authenticated-data flag actual=false expected=trueWARNCompare visible DNSSEC material actual=false expected=trueWARNResolver did not confirm authenticated DNSSEC data name="_index._agents.fonts.bunny.net" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.fonts.bunny.net" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.fonts.bunny.net" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.fonts.bunny.net" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.fonts.bunny.net" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.fonts.bunny.net" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.fonts.bunny.net" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.fonts.bunny.net" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="fonts.bunny.net" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="bunny.net" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNDNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.

Find enforcing CSP delivery [fail]! Applicable HTML response is missing an enforcing Content-Security-Policy header.INFOFind enforcing CSP deliveryINFORead CSP delivery headers enforcingHeader="missing" reportOnlyHeader="missing" metaPolicyCount=0 legacyHeadersPresent=[]FAILRequire enforcing Content-Security-Policy header actual="missing" expected="present" issue="Applicable HTML response is missing an enforcing Content-Security-Policy header."FAILApplicable HTML response is missing an enforcing Content-Security-Policy header.

Validate CSP frame-ancestors [warning]! No enforcing CSP frame-ancestors directive is present.INFOValidate CSP frame-ancestorsINFORead CSP frame-ancestors signals enforcingHeaderPresent=false reportOnlyHeaderPresent=false metaFrameAncestors=false policyCount=0 duplicateDirectives=[]WARNCompare effective frame-ancestors directive actual="missing" expected="valid restrictive enforcing frame-ancestors" issue="No enforcing CSP frame-ancestors directive is present."WARNNo enforcing CSP frame-ancestors directive is present.Validate X-Frame-Options [fail]! No valid X-Frame-Options fallback is present.INFOValidate X-Frame-OptionsINFORead X-Frame-Options fallback value="missing" parsedValues=[] normalizedValues=[]FAILCompare X-Frame-Options value actual="missing" expected="DENY or SAMEORIGIN" valid=false obsoleteAllowFrom=false duplicateOrConflicting=false issue="No valid X-Frame-Options fallback is present."FAILNo valid X-Frame-Options fallback is present.Review observed browser responses [warning]! One or more same-origin HTML documents observed by Chrome did not emit valid frame protection.INFOReview observed browser responsesINFOSample Chrome-observed same-origin responses observedResponseCount=14 sameOriginCount=12 htmlDocumentCount=1WARNCompare observed HTML frame protection actual={"missingOrInvalidFrameProtectionCount":1,"broadFrameAncestorsCount":0,"affected":[{"url":"https://fonts.bunny.net/","status":200,"resourceType":"document","contentType":"text/html; charset=utf-8","contentSecurityPolicy":null,"contentSecurityPolicyReportOnly":null}]} expected="0 missing/invalid or broad same-origin HTML responses" issue="One or more same-origin HTML documents observed by Chrome did not emit valid frame protection."WARNOne or more same-origin HTML documents observed by Chrome did not emit valid frame protection.

Validate directory media type [fail]! Content-Type "text/html; charset=utf-8" is not valid for a Web Bot Auth signing key directory.INFOValidate directory media type status="fail"INFORead directory Content-Type header contentType="text/html; charset=utf-8"FAILCompare directory media type actual="text/html; charset=utf-8" expected="application/http-message-signatures-directory+json" compatible=false draftConformant=falseFAILContent-Type "text/html; charset=utf-8" is not valid for a Web Bot Auth signing key directory.Validate public signing keys [fail]! Directory body is not valid JSON.INFOValidate public signing keys status="fail"INFOParse directory body as JWKS parsed=false parseError="Unexpected token '<', \"\n<!DOCTYPE \"... is not valid JSON"FAILCheck public signing keys actual="0 valid of 0 keys" expected="at least 1 valid public key and no key failures"FAILDirectory body is not valid JSON.Inspect directory response signature binding [warning]! The directory response is not signed with RFC 9421 Signature and Signature-Input headers.INFOInspect directory response signature binding status="warning"INFOInspect RFC 9421 response signature headers signatureHeaderPresent=false signatureInputHeaderPresent=false labels=[]WARNCheck required signature binding parameters actual={} expected="Signature, Signature-Input, directory tag, keyid, created, and expires"WARNThe directory response is not signed with RFC 9421 Signature and Signature-Input headers.

Find Strict-Transport-Security [fail]! HTTPS response is missing Strict-Transport-Security.INFOFind Strict-Transport-SecurityINFORead Strict-Transport-Security header header="strict-transport-security" value="missing" effectiveValue=null duplicateHeaderValueCount=0FAILRequire HSTS header on HTTPS response actual="missing" expected="present" issue="HTTPS response is missing Strict-Transport-Security."FAILHTTPS response is missing Strict-Transport-Security.

Validate declared usage preferences [warning]! No Content-Usage or Content-Signal declarations were found.INFOValidate declared usage preferencesINFOParsing declared preferences into terms and values recordCount=0SKIPSkipping declaration validation because no Content-Usage or Content-Signal records were declared.SKIPCompare declared records to validation requirement actual=0 expected="No validation needed when no records are declared"WARNNo Content-Usage or Content-Signal declarations were present.

Discover RSL declarations [warning]! No RSL declarations were found.INFODiscover RSL declarationsINFOChecking robots.txt License records, HTTP Link rel=license headers, HTML license links, and inline RSL XML robotsFound=trueSKIPCount discovered RSL declarations actual=0 expected=">= 1 when RSL licensing terms are published" sources={}WARNNo RSL declarations were found on any supported discovery surface.

Fetch /.well-known/tdmrep.json [warning]! No TDMRep declaration was found at /.well-known/tdmrep.json.INFOFetch /.well-known/tdmrep.jsonINFORequesting origin-level TDMRep declaration at /.well-known/tdmrep.jsonWARNCompare TDMRep file response actual=404 expected="2xx with JSON array when origin-level TDMRep is published" contentType=null length=0WARNNo TDMRep declaration was found at /.well-known/tdmrep.json. 

Find X-Content-Type-Options [fail]! Browser-loadable response is missing X-Content-Type-Options.INFOFind X-Content-Type-OptionsINFORead X-Content-Type-Options header header="x-content-type-options" value="missing"FAILRequire nosniff header actual="missing" expected="present" issue="Browser-loadable response is missing X-Content-Type-Options."FAILBrowser-loadable response is missing X-Content-Type-Options.Review observed browser responses [warning]! One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.INFOReview observed browser responsesINFOSample Chrome-observed same-origin resources observedResponseCount=14 sameOriginCount=12 eligibleCount=12WARNCompare observed nosniff coverage actual={"missingNosniffCount":12,"malformedNosniffCount":0,"activeResourceMissingNosniffCount":8,"affected":[{"url":"https://fonts.bunny.net/","status":200,"resourceType":"document","contentType":"text/html; charset=utf-8"},{"url":"https://fonts.bunny.net/css?family=Rubik:400,700|Courier+Prime|Allison|Aleo|Abril+Fatface|Alata","status":200,"resourceType":"stylesheet","contentType":"text/css; charset=utf-8"},{"url":"https://fonts.bunny.net/assets/bootstrap/bootstrap.min.css","status":200,"resourceType":"stylesheet","contentType":"text/css"},{"url":"https://fonts.bunny.net/assets/animate.min.css","status":200,"resourceType":"stylesheet","contentType":"text/css"},{"url":"https://fonts.bunny.net/assets/bootstrap/jquery.slim.js","status":200,"resourceType":"script","contentType":"application/javascript"},{"url":"https://fonts.bunny.net/_content/Sve.Blazor.InfiniteScroll/js/Observer.js","status":200,"resourceType":"script","contentType":"application/javascript"},{"url":"https://fonts.bunny.net/assets/bootstrap/bootstrap.min.js","status":200,"resourceType":"script","contentType":"application/javascript"},{"url":"https://fonts.bunny.net/assets/footer-dark.svg","status":200,"resourceType":"image","contentType":"image/svg+xml"},{"url":"https://fonts.bunny.net/rubik/files/rubik-latin-700-normal.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://fonts.bunny.net/_framework/blazor.webassembly.js","status":200,"resourceType":"script","contentType":"application/javascript"},{"url":"https://fonts.bunny.net/_framework/blazor.boot.json","status":200,"resourceType":"fetch","contentType":"application/json"}]} expected="0 missing or malformed eligible same-origin responses" issue="One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff."WARNOne or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.

Schema.org attribution [warning]! Schema.org attribution is incomplete or relies only on publisher/fallback evidence.INFOSchema.org attributionINFOChecking structured data for author, creator, and publisher contributorsWARNCheck named Schema.org author count actual=0 expected="> 0" authorCount=0 publisherCount=0 namedContributors=0 authors=[] publishers=[] formats=[]WARNSchema.org attribution is incomplete or fallback-only authorCount=0 publisherCount=0 authors=[] publishers=[]Author identity quality [fail]! No named author or publisher identity could be extracted.INFOAuthor identity qualityINFOChecking contributors for stable identity signalsFAILCheck identified contributor count actual=0 expected="> 0" namedContributors=0 identifiedContributors=[] unidentifiedContributors=[]FAILNo named contributor identity could be extracted

Fetch ACP discovery [warning]! ACP discovery was found only at /.well-known/acp; the ACP discovery proposal uses /.well-known/acp.json.INFOFetch ACP discovery status="warning"INFOFetch canonical ACP discovery /.well-known/acp.json statusCode=404 contentType=null parsed=falseINFOFetch compatibility ACP discovery /.well-known/acp statusCode=200 contentType="text/html; charset=utf-8" parsed=false error="Unexpected token '<', \"\n<!DOCTYPE \"... is not valid JSON"WARNCheck canonical ACP discovery response actual=false expected=true canonicalFound=false compatibilityFound=trueWARNACP discovery was found only at /.well-known/acp; the ACP discovery proposal uses /.well-known/acp.json.

Find advertised IndexNow key location [informational]! No IndexNow key location was advertised in HTML, Link headers, or robots.txt.INFOFind advertised IndexNow key locationINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"WARNNo IndexNow key location was advertised in HTML, Link headers, or robots.txt.Fetch and validate IndexNow key file [informational]! No discoverable IndexNow key file was found.INFOFetch and validate IndexNow key fileINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"INFOFetch each advertised same-origin key file and validate filename/body matchFAILCompare valid IndexNow key file count actual=0 expected="> 0"WARNNo discoverable IndexNow key file was found.