Find useful Link headers [fail]! No useful agent discovery Link headers were found.INFOFind useful Link headersINFOParse response Link header linkCount=1FAILCompare registered agent-useful relation count actual=0 expected="> 0"FAILCompare community relation count actual=0 expected="accepted as weaker evidence"INFOIgnored non-discovery Link relation rel="https://api.w.org/" url="https://hsping.com/wp-json/"FAILNo useful agent discovery Link headers were found.Fetch same-origin Link header targets [fail]! Link headers did not expose any same-origin targets to validate.INFOFetch same-origin Link header targetsINFOFetch same-origin Link header targets and record external skipsFAILCompare same-origin Link target failures actual=1 expected=0FAILLink headers did not expose any same-origin targets to validate.

Discover MCP server card [warning]! The MCP server card was found only at a transitional or linked path.INFODiscover MCP server card candidateCount=5INFOBuild MCP server-card candidate list currentPath="/.well-known/mcp-server-card" transitionalPaths=["/.well-known/mcp/server-card.json","/.well-known/mcp/server-cards.json","/mcp.json","/.well-known/mcp.json"] linkedPaths=[]INFOTrying to fetch /.well-known/mcp-server-card url="https://hsping.com/.well-known/mcp-server-card" source="current"FAIL/.well-known/mcp-server-card did not return a usable server card statusCode=404 contentType="text/html"INFOTrying to fetch /.well-known/mcp/server-card.json url="https://hsping.com/.well-known/mcp/server-card.json" source="transitional"FAIL/.well-known/mcp/server-card.json did not return a usable server card statusCode=404 contentType="text/html"INFOTrying to fetch /.well-known/mcp/server-cards.json url="https://hsping.com/.well-known/mcp/server-cards.json" source="transitional"FAIL/.well-known/mcp/server-cards.json did not return a usable server card statusCode=404 contentType="text/html"INFOTrying to fetch /mcp.json url="https://hsping.com/mcp.json" source="transitional"PASS/mcp.json returned a successful response statusCode=200 contentType="text/html; charset=UTF-8" finalUrl="https://hsping.com/"INFOTrying to fetch /.well-known/mcp.json url="https://hsping.com/.well-known/mcp.json" source="transitional"FAIL/.well-known/mcp.json did not return a usable server card statusCode=404 contentType="text/html"WARNCheck selected card is published at the current well-known path actual="/mcp.json" expected="/.well-known/mcp-server-card" source="transitional" finalUrl="https://hsping.com/"WARNMCP server card was discovered through a transitional or linked path path="/mcp.json" source="transitional" reason="The MCP server card was found only at a transitional or linked path."Validate server-card shape [fail]! MCP Server Card response is not valid JSON.INFOValidate server-card shape profile="unknown-json"FAILCheck response body parsed as JSON actual=false expected=trueFAILCheck Content-Type is JSON-compatible actual=false expected=trueFAILCheck recognized MCP server-card profile actual="unknown-json" expected="sep-2127-draft"PASSCheck required card fields are present actual=0 expected=0 missing=[]PASSCheck MCP server-card uses the current remotes[] profile without legacy compatibility warnings actual="no compatibility warnings" expected="current sep-2127-draft card shape with no legacy compatibility warnings" warnings=[]FAILMCP server-card shape validation failed reason="MCP Server Card response is not valid JSON."Validate MCP remotes [fail]! No usable MCP remote transport was declared.INFOValidate MCP remotes remoteCount=0FAILCheck at least one MCP remote is declared actual=0 expected="> 0"PASSCheck invalid remote count actual=0 expected=0 invalidRemotes=[]PASSCheck same-origin remote coverage actual=0 expected=0FAILMCP remote validation failed reason="No usable MCP remote transport was declared."Validate HTTP delivery [fail]! Content-Type "text/html; charset=UTF-8" is not JSON.INFOValidate HTTP delivery finalUrl="https://hsping.com/"PASSCheck server card returned HTTP 2xx actual=200 expected="200-299"FAILCheck card is served as JSON actual="text/html; charset=UTF-8" expected="application/json or +json"PASSCheck card is served over HTTPS actual="https:" expected="https:"WARNCheck browser-readable CORS header actual="missing" expected="Access-Control-Allow-Origin present"WARNCheck cache header is present actual="missing" expected="Cache-Control present"FAILMCP server-card HTTP delivery failed issues=["Content-Type \"text/html; charset=UTF-8\" is not JSON.","CORS header Access-Control-Allow-Origin is absent.","Cache-Control is absent."] reason="Content-Type \"text/html; charset=UTF-8\" is not JSON."Probe same-origin MCP endpoint [warning]! No MCP remote endpoint could be probed.INFOProbe same-origin MCP endpoint probeCount=0INFOSelecting same-origin unauthenticated MCP remotes for a bounded initialize probeWARNCheck successful initialize probe count actual=0 expected="> 0 when a safe same-origin unauthenticated remote exists" activeProbeCount=0 authBlocked=0WARNMCP endpoint probe could not fully confirm operability reason="No MCP remote endpoint could be probed."

Fetch and validate /auth.md [fail]! auth.md response did not match Auth.md v1 agent registration guidance. Content-Type "text/html; charset=UTF-8" is not Markdown or text/plain; missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance.INFOFetch and validate /auth.mdINFOFetch Auth.md-related resource path="/auth.md" statusCode=200 contentType="text/html; charset=UTF-8" bytes=177173FAILCompare response Content-Type with expected Auth.md media type actual=false expected=trueFAILCompare Auth.md/OAuth metadata validation result actual=false expected=trueFAILCompare Auth.md content length actual=171942 expected=">= 80 characters"WARNAuth.md validation warning warning="missing agent_verified/user_claimed or claim ceremony guidance"FAILAuth.md validation issue issue="auth.md response did not match Auth.md v1 agent registration guidance. Content-Type \"text/html; charset=UTF-8\" is not Markdown or text/plain; missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance."FAILauth.md response did not match Auth.md v1 agent registration guidance. Content-Type "text/html; charset=UTF-8" is not Markdown or text/plain; missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance.Validate protected resource metadata [fail]! OAuth Protected Resource Metadata could not be fetched.INFOValidate protected resource metadataINFOFetch Auth.md-related resource path="/.well-known/oauth-protected-resource" statusCode=404 contentType="text/html" bytes=93FAILCompare response Content-Type with expected Auth.md media type actual=false expected=trueFAILCompare Auth.md/OAuth metadata validation result actual=false expected=trueFAILAuth.md validation issue issue="OAuth Protected Resource Metadata could not be fetched."FAILOAuth Protected Resource Metadata could not be fetched.Validate Auth.md authorization metadata [fail]! OAuth authorization-server metadata could not be fetched.INFOValidate Auth.md authorization metadataINFOFetch Auth.md-related resource path="/.well-known/oauth-authorization-server" statusCode=404 contentType="text/html" bytes=93FAILCompare response Content-Type with expected Auth.md media type actual=false expected=trueFAILCompare Auth.md/OAuth metadata validation result actual=false expected=trueFAILAuth.md validation issue issue="OAuth authorization-server metadata could not be fetched."FAILOAuth authorization-server metadata could not be fetched.

Detect WebMCP runtime API [warning]! WebMCP-like strings were found, but rendered browser evidence did not confirm a usable runtime API.INFODetect WebMCP runtime API status="warning"INFOProbe rendered browser for WebMCP runtime objects WARNCheck current W3C runtime API actual="not detected" expected="document.modelContext/registerTool available"WARNWebMCP-like strings were found, but rendered browser evidence did not confirm a usable runtime API.Probe WebMCP operability [fail]! Discovered WebMCP static metadata was fetchable but invalid.INFOProbe WebMCP operability status="fail"INFORun safe WebMCP operability checks safeProbeOnly=trueFAILCheck usable WebMCP evidence actual=0 expected="at least 1 usable runtime, declarative, annotation, or static manifest signal"FAILWebMCP operability failure issue="Discovered WebMCP static metadata was fetchable but invalid."FAILDiscovered WebMCP static metadata was fetchable but invalid.Validate declarative WebMCP form tools [informational]! No W3C-style declarative WebMCP form attributes were found.INFOValidate declarative WebMCP form tools status="informational"INFOInspect visible forms and controls for current declarative WebMCP attributes annotatedElements=0 formsWithAttributes=0 controlsWithAttributes=0SKIPValidate declarative WebMCP attribute quality actual=0 expected=0INFONo W3C-style declarative WebMCP form attributes were found. status="informational"Validate MCP-aware HTML annotations [informational]! No data-mcp-tool or hyphenated WebMCP compatibility annotations were found.INFOValidate MCP-aware HTML annotations status="informational"INFOInspect HTML for MCP compatibility annotations compatibilityAttributeCount=0 dataMcpToolCount=0 examples=[]SKIPValidate compatibility annotation quality actual=0 expected=0INFONo data-mcp-tool or hyphenated WebMCP compatibility annotations were found. status="informational"Validate static WebMCP JSON compatibility [fail]! A discovered WebMCP static manifest or WMCP interaction graph was invalid.INFOValidate static WebMCP JSON compatibility status="fail"INFODiscover static WebMCP manifest candidates conventionalPaths=["/.well-known/webmcp.json","/webmcp.json"] checkedCount=2 profileCounts={"unknown-webmcp-json":1}INFOWebMCP manifest candidate checked source="path" path="/.well-known/webmcp.json" url="https://hsping.com/.well-known/webmcp.json" statusCode=404 contentType="text/html"PASSWebMCP manifest candidate found source="path" path="/webmcp.json" url="https://hsping.com/webmcp.json" statusCode=200 contentType="text/html; charset=UTF-8"FAILValidate discovered static WebMCP metadata actual={"validManifestCount":0,"invalidManifestCount":1,"toolCount":0,"wmcpActionCount":0} expected="at least 1 valid tools[] manifest or WMCP graph when static metadata is present"FAILA discovered WebMCP static manifest or WMCP interaction graph was invalid.

Discover agents.json [warning]! agents.json was found only at the fallback /agents.json path.INFODiscover agents.jsonINFOTry agents.json discovery paths in priority order paths=["/.well-known/agents.json","/agents.json"]WARNagents.json candidate path did not return a usable contract path="/.well-known/agents.json" statusCode=404 contentType="text/html"PASSFound an agents.json candidate path="/agents.json" statusCode=200 contentType="text/html; charset=UTF-8" bytes=177173WARNSelected fallback agents.json location path="/agents.json" requestedUrl="https://hsping.com/agents.json"WARNagents.json was found only at the fallback /agents.json path.Validate Wildcard schema shape [fail]! agents.json response is not valid JSON.INFOValidate Wildcard schema shapeINFOParse agents.json and classify contract shape shape="unknown"FAILCompare contract shape actual="unknown" expected="wildcard"FAILCompare missing required schema fields actual="none" expected="none"FAILCompare Content-Type with JSON expectation actual=false expected=trueFAILagents.json response is not valid JSON.Validate API actions [fail]! Wildcard agents.json must include valid OpenAPI-derived action or operation definitions.INFOValidate API actionsFAILCompare API action count actual=0 expected="> 0"FAILCompare invalid action definitions actual=0 expected=0FAILWildcard agents.json must include valid OpenAPI-derived action or operation definitions.Validate flows and links [fail]! No executable flows were found.INFOValidate flows and linksFAILCompare workflow flow count actual=0 expected="> 0"FAILCompare operation link issues actual=0 expected=0FAILNo executable flows were found.Review examples and LLM usability [warning]! Examples or descriptions are too thin for reliable agent argument generation.INFOReview examples and LLM usabilityWARNCompare usable example count actual=0 expected="> 0 when actions are present"WARNExamples or descriptions are too thin for reliable agent argument generation.

Markdown representation [fail]! No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks.INFOMarkdown representationFAILCheck usable Markdown representation was selected actual={"source":"negotiated","url":"https://hsping.com/","statusCode":200,"contentType":"text/html; charset=UTF-8","mediaType":"text/html","vary":"Accept-Encoding","requireVaryAccept":true,"contentTypeStatus":"fail","cacheStatus":"fail","bodyStatus":"fail","pass":false,"quality":{"valid":false,"formatStatus":"fail","dialect":"html-heavy","hasHeading":false,"headingCount":0,"wordCount":24475,"features":{"markdownLinks":0,"referenceLinks":0,"listItems":0,"tables":0,"taskListItems":0,"fencedCodeBlocks":0,"yamlFrontmatter":false,"jsonLdFencedBlocks":0,"admonitions":0,"strikethrough":0,"autolinks":0,"rawHtmlTags":716,"jsxOrMdxSignals":0},"issues":["missing-heading","raw-html-heavy","plain-text-like"],"excerpt":"<!DOCTYPE html>\n<html lang=\"en-US\" prefix=\"og: https://ogp.me/ns#\">\n<head>\n<meta charset=\"UTF-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\"> \n\t\n<!-- Search Engin","issue":"Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."}} expected="negotiated, advertised alternate, or conventional mirror" selected={"source":"negotiated","url":"https://hsping.com/","statusCode":200,"contentType":"text/html; charset=UTF-8","mediaType":"text/html","vary":"Accept-Encoding","requireVaryAccept":true,"contentTypeStatus":"fail","cacheStatus":"fail","bodyStatus":"fail","pass":false,"quality":{"valid":false,"formatStatus":"fail","dialect":"html-heavy","hasHeading":false,"headingCount":0,"wordCount":24475,"features":{"markdownLinks":0,"referenceLinks":0,"listItems":0,"tables":0,"taskListItems":0,"fencedCodeBlocks":0,"yamlFrontmatter":false,"jsonLdFencedBlocks":0,"admonitions":0,"strikethrough":0,"autolinks":0,"rawHtmlTags":716,"jsxOrMdxSignals":0},"issues":["missing-heading","raw-html-heavy","plain-text-like"],"excerpt":"<!DOCTYPE html>\n<html lang=\"en-US\" prefix=\"og: https://ogp.me/ns#\">\n<head>\n<meta charset=\"UTF-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\"> \n\t\n<!-- Search Engin","issue":"Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."}} candidatesChecked=2FAILMarkdown representation failed issue="No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks."Same-URL negotiation [fail]! Same-URL Accept: text/markdown did not return a valid Markdown representation.INFOSame-URL negotiationFAILCheck negotiated Markdown response actual={"statusCode":200,"mediaType":"text/html","vary":"Accept-Encoding"} expected="HTTP 2xx text/markdown with Vary: Accept" url="https://hsping.com/" statusCode=200 mediaType="text/html" vary="Accept-Encoding"FAILSame-URL negotiation failed issue="Same-URL Accept: text/markdown did not return a valid Markdown representation."Markdown format validation [fail]! Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation.INFOMarkdown format validationFAILCheck Markdown body quality actual={"valid":false,"wordCount":24475,"headingCount":0,"dialect":"html-heavy"} expected="valid Markdown with substantive text and headings" valid=false dialect="html-heavy" wordCount=24475 headingCount=0FAILMarkdown format validation failed issue="Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."Advertised Markdown alternate [warning]! No Link or HTML rel=alternate text/markdown URL was advertised.INFOAdvertised Markdown alternateWARNCheck advertised Markdown alternate candidates actual=0 expected="> 0 when HTML advertises a Markdown alternate" advertisedUrls=[] candidateCount=0WARNAdvertised Markdown alternate has a warning issue="No Link or HTML rel=alternate text/markdown URL was advertised."Conventional .md mirror [fail]! Conventional .md mirror candidates did not return valid Markdown.INFOConventional .md mirrorFAILCheck conventional Markdown mirror candidates actual=1 expected="> 0 when a conventional mirror is discoverable" conventionalUrls=["https://hsping.com/index.html.md"] candidateCount=1FAILConventional .md mirror failed issue="Conventional .md mirror candidates did not return valid Markdown."

Detect OAuth/OIDC applicability [warning]! Generic authentication signals were found, but no OAuth/OIDC discovery signal was detected.INFODetect OAuth/OIDC applicabilityINFOInspecting homepage, headers, and known auth/API signals for OAuth or OIDC claims applies=false signalsCount=0 genericAuthSignalsCount=4 checkedCount=2WARNCheck OAuth/OIDC applicability signal actual=false expected="true when metadata exists or OAuth/OIDC is claimed" checked=[{"path":"/.well-known/openid-configuration","statusCode":404,"contentType":"text/html","length":93},{"path":"/.well-known/oauth-authorization-server","statusCode":404,"contentType":"text/html","length":93}]WARNDetect OAuth/OIDC applicability completed with warnings issue="Generic authentication signals were found, but no OAuth/OIDC discovery signal was detected."

Detect protected-resource applicability [warning]! Generic authentication signals were found, but no OAuth Protected Resource metadata signal was detected.INFODetect protected-resource applicabilityINFOInspecting auth headers, MCP/OAuth claims, and protected-resource hints applies=false requiresAuthorizationServers=false signalsCount=0 genericAuthSignalsCount=4 checkedCount=1WARNCheck protected-resource metadata applicability actual=false expected="true when RFC 9728 metadata exists or support is claimed" checked=[{"url":"https://hsping.com/.well-known/oauth-protected-resource","path":"/.well-known/oauth-protected-resource","source":"root-well-known","resourceIdentifier":"https://hsping.com","statusCode":404,"contentType":"text/html","length":93}]WARNDetect protected-resource applicability completed with warnings issue="Generic authentication signals were found, but no OAuth Protected Resource metadata signal was detected."

Validate transport [fail]! ai.txt appears to be an HTML page or error document rather than a plain-text policy.INFOValidate transportINFOChecking ai.txt media type, size, line count, and whether the response looks like plain text contentType="text/html; charset=UTF-8" length=177173 lineCount=1112FAILCompare media type to preferred text/plain transport actual="text/html" expected="text/plain preferred; readable text required"FAILai.txt appears to be an HTML page or error document rather than a plain-text policy.Parse ai.txt policy [fail]! Transport validation failed before policy parsing could be trusted.INFOParse ai.txt policyINFODetecting ai.txt convention from bracket sections, frontmatter, headings, and ai.txt context linksINFODetected policy structure convention="unknown-text" sections=[] markdownHeadings=[]WARNCheck AI Visibility required sections actual="missing identity, permissions, restrictions" expected="identity, permissions, and restrictions" missingRecommended=["attribution","contact","content-types"]WARNTransport validation failed before policy parsing could be trusted.Validate policy content [fail]! ai.txt appears to expose secrets, tokens, or credentials.INFOValidate policy contentINFOChecking required section content, permission/restriction language, attribution, contact details, and safety risks convention="unknown-text"INFODetected policy signals hasPermissionLanguage=false hasRestrictionLanguage=false hasTrainingLanguage=true hasAttributionLanguage=true hasContact=falseFAILCheck required and recommended section coverage actual={"missingRequired":["identity","permissions","restrictions"],"missingRecommended":["attribution","contact","content-types"]} expected={"missingRequired":[],"recommendedPresentWhenPossible":true}FAILai.txt appears to expose secrets, tokens, or credentials. possibleSecrets=["/ai.txt: Public metadata appears to expose a secret detected by Betterleaks. match=\"posthog-project-api-key\" snippet=\"phc_...HUW2\""]

Discover A2A Agent Card [warning]! The A2A Agent Card was found at a legacy or fallback path.INFODiscover A2A Agent CardINFOTry A2A discovery paths in priority order paths=["/.well-known/agent-card.json","/.well-known/agent.json","/agent-card.json","/.well-known/a2a/agent-card.json"]WARNA2A candidate path did not return a usable card path="/.well-known/agent-card.json" statusCode=404 contentType="text/html"WARNA2A candidate path did not return a usable card path="/.well-known/agent.json" statusCode=404 contentType="text/html"PASSFound an A2A candidate path="/agent-card.json" statusCode=200 contentType="text/html; charset=UTF-8" bytes=177173WARNA2A candidate path did not return a usable card path="/.well-known/a2a/agent-card.json" statusCode=404 contentType="text/html"WARNSelected non-canonical A2A Agent Card path="/agent-card.json" pathClass="fallback" requestedUrl="https://hsping.com/agent-card.json"WARNThe A2A Agent Card was found at a legacy or fallback path.Detect A2A card version [fail]! The discovered JSON document does not match a supported A2A Agent Card version family.INFODetect A2A card versionINFORead version indicators from the card detectionEvidence=[]FAILCompare detected A2A version family actual="unknown" expected="v0.1, v0.2, v0.3, or v1"FAILThe discovered JSON document does not match a supported A2A Agent Card version family.Validate version-specific card shape [fail]! A2A Agent Card response is not valid JSON.INFOValidate version-specific card shapeFAILCompare missing required card fields actual="none" expected="none"FAILCheck every declared A2A skill has required name, description, and endpoint fields actual=0 expected=0 invalidSkills=[]INFOReview declared endpoint interfaces interfaces=[]FAILA2A Agent Card response is not valid JSON.Validate HTTP delivery [warning]! The card was parseable JSON but was not served with a JSON-compatible content type.INFOValidate HTTP deliveryWARNCompare card Content-Type with JSON expectation actual="text/html; charset=UTF-8" expected="application/json or +json"INFOReview selected discovery path path="/agent-card.json" pathClass="fallback"WARNHTTP delivery/path warning warning="card was found only at a non-standard fallback path"WARNThe card was parseable JSON but was not served with a JSON-compatible content type.Probe same-origin A2A endpoint [warning]! A2A endpoint probing was skipped because the endpoint was cross-origin, unavailable from the card, or uses an unsupported binding.INFOProbe same-origin A2A endpointINFOProbe same-origin A2A endpoint when scanner policy allows itSKIPSkipped endpoint probe reason="No valid A2A card was available to probe."WARNA2A endpoint probing was skipped because the endpoint was cross-origin, unavailable from the card, or uses an unsupported binding.

Classify AI crawler rules [fail]! No explicit User-agent rules were found for major AI crawler tokens.INFOClassify AI crawler rulesINFOParsing User-agent groups and Allow/Disallow records for known AI crawler tokens evaluatedPath="/"INFOEvaluating exact User-agent matches before wildcard fallback exactAiPolicyCount=0 totalCrawlerTokens=18FAILNo explicit AI crawler User-agent groups were found examplesExpected=["GPTBot","OAI-SearchBot","ClaudeBot","Google-Extended","CCBot"]FAILCompare explicit AI crawler coverage actual=0 expected="> 0 explicit non-search AI crawler policies" missingTokens=["GPTBot","OAI-SearchBot","ChatGPT-User","ClaudeBot","Claude-SearchBot","Claude-User","Google-Extended","Applebot-Extended","Amazonbot","Amzn-SearchBot","Amzn-User","PerplexityBot"]INFOResolved effective root-path policy for crawler tokens blocked=0 allowed=21 unspecified=0

Find Referrer-Policy header [fail]! Referrer-Policy header is missing.INFOFind Referrer-Policy headerINFORead Referrer-Policy delivery header="referrer-policy" value="missing" metaReferrerPolicyCount=0 browserDefault="strict-origin-when-cross-origin"FAILRequire explicit HTTP Referrer-Policy header actual="missing" expected="HTTP response header present" issue="Referrer-Policy header is missing."FAILReferrer-Policy header is missing.Review observed browser responses [warning]! One or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy.INFOReview observed browser responsesINFOSample Chrome-observed same-origin responses observedResponseCount=26 sameOriginCount=25 htmlDocumentCount=1WARNCompare observed Referrer-Policy coverage actual={"missingPolicyCount":1,"unsafeOrInvalidPolicyCount":0,"weakPolicyCount":0,"affected":[{"url":"https://hsping.com/","status":200,"resourceType":"document","contentType":"text/html; charset=UTF-8","referrerPolicy":null,"classification":"invalid"}]} expected="0 missing, unsafe, invalid, or weak same-origin HTML responses" issue="One or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy."WARNOne or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy.

Validate Markdown discovery shape [fail]! llms.txt did not provide the minimum expected Markdown discovery shape.INFOValidate Markdown discovery shapeINFOChecking response compatibility, title, content length, and usable linksFAILCheck content type is Markdown-compatible text actual="text/html; charset=UTF-8" expected="text/markdown, text/x-markdown, text/plain, or another Markdown text type"FAILCheck response is not HTML actual=true expected=falseFAILCheck H1 title is present actual=false expected=truePASSCheck minimum text length actual=171942 expected=">= 160"PASSCheck at least one usable public link actual=67 expected="> 0" linkCount=69FAILMarkdown discovery shape validation failedScore llms.txt structure and usefulness [fail]! llms.txt includes unsafe or private links that should not be advertised to agents.INFOScore llms.txt structure and usefulnessINFOChecking recommended summary, sections, link labels, agent-friendly links, duplicates, and unsafe targetsWARNCheck blockquote summary is present actual=false expected=trueWARNCheck H2 section count actual=0 expected="> 0"WARNCheck Markdown-formatted links actual=0 expected="> 0"FAILCheck unsafe/private link count actual=2 expected=0FAILllms.txt structure-quality validation failed reason="llms.txt includes unsafe or private links that should not be advertised to agents."Probe sampled linked resources [warning]! Some sampled llms.txt links were broken, redirected unexpectedly, or did not return clearly agent-readable content.INFOProbe sampled linked resourcesINFOSelecting safe, useful links for bounded probing selectedCount=23PASSCheck probed links were attempted actual=23 expected="> 0"WARNCheck broken probed link count actual=1 expected=0PASSCheck agent-readable probed links actual=22 expected="> 0"WARNLinked resource probe validation completed with warnings reason="Some sampled llms.txt links were broken, redirected unexpectedly, or did not return clearly agent-readable content."Inspect optional llms-full.txt [informational]INFOInspect optional llms-full.txtINFOTrying to fetch /llms-full.txt url="https://hsping.com/llms-full.txt"PASS/llms-full.txt returned HTTP 2xx statusCode=200 contentType="text/html; charset=UTF-8" length=177173WARNCheck llms-full.txt content type is Markdown-compatible text actual="text/html; charset=UTF-8" expected="text/markdown, text/x-markdown, text/plain, or another Markdown text type"PASSCheck llms-full.txt looks like supplemental full corpus content actual=true expected=truePASSOptional llms-full.txt inspection recorded

Discover Agent Skills index [warning]! No Agent Skills discovery index was found at the canonical or legacy path.INFODiscover Agent Skills indexINFOTry Agent Skills index paths in priority order paths=["/.well-known/agent-skills/index.json","/.well-known/skills/index.json"]WARNAgent Skills index candidate was not usable path="/.well-known/agent-skills/index.json" url="https://hsping.com/.well-known/agent-skills/index.json" statusCode=404WARNAgent Skills index candidate was not usable path="/.well-known/skills/index.json" url="https://hsping.com/.well-known/skills/index.json" statusCode=404WARNNo Agent Skills discovery index was found at the canonical or legacy path.

Query DNS-AID records [warning]! No DNS-AID HTTPS/SVCB records were found under _agents.INFOQuery DNS-AID recordsINFOBuild DNS-AID query names from hostname hostname="hsping.com" labels=["_index._agents.hsping.com","_a2a._agents.hsping.com"] claimedOnPage=falseWARNDNS query returned no DNS-AID answers name="_index._agents.hsping.com" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.hsping.com" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.hsping.com" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _index._agents.hsping.com"WARNDNS query returned no DNS-AID answers name="_a2a._agents.hsping.com" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.hsping.com" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.hsping.com" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _a2a._agents.hsping.com"WARNCompare total DNS-AID answer count actual=0 expected="> 0"WARNNo DNS-AID HTTPS/SVCB records were found under _agents.Check DNSSEC authentication evidence [warning]! DNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.INFOCheck DNSSEC authentication evidenceWARNCompare DNSSEC authenticated-data flag actual=false expected=trueWARNCompare visible DNSSEC material actual=false expected=trueWARNResolver did not confirm authenticated DNSSEC data name="_index._agents.hsping.com" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.hsping.com" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.hsping.com" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.hsping.com" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.hsping.com" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.hsping.com" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.hsping.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.hsping.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="hsping.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNDNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.

Find enforcing CSP delivery [fail]! Applicable HTML response is missing an enforcing Content-Security-Policy header.INFOFind enforcing CSP deliveryINFORead CSP delivery headers enforcingHeader="missing" reportOnlyHeader="missing" metaPolicyCount=0 legacyHeadersPresent=[]FAILRequire enforcing Content-Security-Policy header actual="missing" expected="present" issue="Applicable HTML response is missing an enforcing Content-Security-Policy header."FAILApplicable HTML response is missing an enforcing Content-Security-Policy header.

Validate CSP frame-ancestors [warning]! No enforcing CSP frame-ancestors directive is present.INFOValidate CSP frame-ancestorsINFORead CSP frame-ancestors signals enforcingHeaderPresent=false reportOnlyHeaderPresent=false metaFrameAncestors=false policyCount=0 duplicateDirectives=[]WARNCompare effective frame-ancestors directive actual="missing" expected="valid restrictive enforcing frame-ancestors" issue="No enforcing CSP frame-ancestors directive is present."WARNNo enforcing CSP frame-ancestors directive is present.Validate X-Frame-Options [fail]! No valid X-Frame-Options fallback is present.INFOValidate X-Frame-OptionsINFORead X-Frame-Options fallback value="missing" parsedValues=[] normalizedValues=[]FAILCompare X-Frame-Options value actual="missing" expected="DENY or SAMEORIGIN" valid=false obsoleteAllowFrom=false duplicateOrConflicting=false issue="No valid X-Frame-Options fallback is present."FAILNo valid X-Frame-Options fallback is present.Review observed browser responses [warning]! One or more same-origin HTML documents observed by Chrome did not emit valid frame protection.INFOReview observed browser responsesINFOSample Chrome-observed same-origin responses observedResponseCount=26 sameOriginCount=25 htmlDocumentCount=1WARNCompare observed HTML frame protection actual={"missingOrInvalidFrameProtectionCount":1,"broadFrameAncestorsCount":0,"affected":[{"url":"https://hsping.com/","status":200,"resourceType":"document","contentType":"text/html; charset=UTF-8","contentSecurityPolicy":null,"contentSecurityPolicyReportOnly":null}]} expected="0 missing/invalid or broad same-origin HTML responses" issue="One or more same-origin HTML documents observed by Chrome did not emit valid frame protection."WARNOne or more same-origin HTML documents observed by Chrome did not emit valid frame protection.

Find Strict-Transport-Security [fail]! HTTPS response is missing Strict-Transport-Security.INFOFind Strict-Transport-SecurityINFORead Strict-Transport-Security header header="strict-transport-security" value="missing" effectiveValue=null duplicateHeaderValueCount=0FAILRequire HSTS header on HTTPS response actual="missing" expected="present" issue="HTTPS response is missing Strict-Transport-Security."FAILHTTPS response is missing Strict-Transport-Security.

Validate declared usage preferences [warning]! No Content-Usage or Content-Signal declarations were found.INFOValidate declared usage preferencesINFOParsing declared preferences into terms and values recordCount=0SKIPSkipping declaration validation because no Content-Usage or Content-Signal records were declared.SKIPCompare declared records to validation requirement actual=0 expected="No validation needed when no records are declared"WARNNo Content-Usage or Content-Signal declarations were present.

Discover RSL declarations [warning]! No RSL declarations were found.INFODiscover RSL declarationsINFOChecking robots.txt License records, HTTP Link rel=license headers, HTML license links, and inline RSL XML robotsFound=trueSKIPCount discovered RSL declarations actual=0 expected=">= 1 when RSL licensing terms are published" sources={}WARNNo RSL declarations were found on any supported discovery surface.

Fetch /.well-known/tdmrep.json [warning]! No TDMRep declaration was found at /.well-known/tdmrep.json.INFOFetch /.well-known/tdmrep.jsonINFORequesting origin-level TDMRep declaration at /.well-known/tdmrep.jsonWARNCompare TDMRep file response actual=404 expected="2xx with JSON array when origin-level TDMRep is published" contentType="text/html" length=93WARNNo TDMRep declaration was found at /.well-known/tdmrep.json. 

Heading structure [fail]! Headings skip levels or include empty heading elements.INFOHeading structureFAILCheck heading structure evidence actual={"counts":{"h1":1,"visibleH1":1,"headings":31,"emptyHeadings":0},"meaningfulH1":true} expected="semantic HTML evidence for this step"FAILHeading structure failed issue="Headings skip levels or include empty heading elements."Links [fail]! 1 links are missing accessible names.INFOLinksFAILCheck links evidence actual={"counts":{"links":50,"inaccessibleLinks":1,"nonCrawlableLinks":0,"genericLinks":0},"accessibleLinks":false} expected="semantic HTML evidence for this step"FAILLinks failed issue="1 links are missing accessible names."Image text alternatives [warning]! 1 image alt text issues were found.INFOImage text alternativesWARNCheck image text alternatives evidence actual={"counts":{"images":17,"imagesWithAlt":17,"imageAltIssues":1},"imageAltCoverage":true} expected="semantic HTML evidence for this step"WARNImage text alternatives has a warning issue="1 image alt text issues were found."Native semantics and ARIA [warning]! 1 ARIA/native semantic conflicts or redundancies were found.INFONative semantics and ARIAWARNCheck native semantics and aria evidence actual={"counts":{"ariaIssues":1},"nativeSemanticIntegrity":false} expected="native HTML semantics are present and not replaced by conflicting ARIA"WARNNative semantics and ARIA has a warning issue="1 ARIA/native semantic conflicts or redundancies were found."

Check machine-usable details [warning]! OpenAPI is valid, but missing schemas, parameters, servers, auth, operation IDs, tags, or examples reduces machine usability.INFOCheck machine-usable details status="warning"INFOInspect machine-usable operation details hasServers=true hasSecuritySchemes=true hasExplicitNoAuth=false requestBodyOperationCount=2 parameterOperationCount=2 responseSchemaOperationCount=3 operationIdCount=0 taggedOperationCount=0 exampleOperationCount=0WARNCheck OpenAPI operations include enough detail for agents to call them safely actual="4 machine-usability warning(s)" expected="servers, auth/no-auth signals, operationIds, parameters, request bodies, responses, tags, and examples where relevant"WARNMachine-usability warning warning="One or more operations lack response schema or response media type detail."WARNMachine-usability warning warning="One or more operations are missing operationId."WARNMachine-usability warning warning="One or more operations are missing tags."WARNMachine-usability warning warning="One or more operations do not include examples."WARNOpenAPI is valid, but missing schemas, parameters, servers, auth, operation IDs, tags, or examples reduces machine usability.

Format consistency [warning]! The page mixes structured-data syntaxes. This is allowed when consistent, but a single primary syntax is easier to maintain and debug.INFOFormat consistencyINFOComparing structured-data formats and duplicated entity values primaryFormat="mixed"WARNCheck conflicting duplicated entity values actual=0 expected=0 mixedFormats=true formatsFound=["json-ld","microdata"]WARNMultiple structured-data syntaxes are mixed formatsFound=["json-ld","microdata"]Page-relevant schema family [fail]! The page has specific visible content intent, but structured data does not include a matching primary schema family.INFOPage-relevant schema familyINFOInferring specific page intent and comparing it with detected Schema.org typesFAILCheck schema types matching specific visible page intent actual=0 expected="> 0" inferredIntents=["software","qa"] expectedTypes=["SoftwareApplication","WebApplication","MobileApplication","QAPage","FAQPage"] matchingTypes=[] observedTypes=["Article","CreativeWork","ImageObject","Organization","Person","SiteNavigationElement","WPFooter","WPHeader","WebPage","WebSite"]FAILNo primary schema family matches the inferred page intent expectedTypes=["SoftwareApplication","WebApplication","MobileApplication","QAPage","FAQPage"] primaryTypes=["Article"]

Review observed browser responses [warning]! One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.INFOReview observed browser responsesINFOSample Chrome-observed same-origin resources observedResponseCount=26 sameOriginCount=25 eligibleCount=25WARNCompare observed nosniff coverage actual={"missingNosniffCount":23,"malformedNosniffCount":0,"activeResourceMissingNosniffCount":9,"affected":[{"url":"https://hsping.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.12.0","status":200,"resourceType":"stylesheet","contentType":"text/css"},{"url":"https://hsping.com/wp-content/plugins/prismatic/lib/prism/css/theme-tomorrow-night.css?ver=3.7.5","status":200,"resourceType":"stylesheet","contentType":"text/css"},{"url":"https://hsping.com/wp-content/uploads/2026/03/hs-code-search-ui-design-show.png","status":200,"resourceType":"image","contentType":"image/png"},{"url":"https://hsping.com/wp-content/uploads/2026/01/USITC-logo-150x150.png","status":200,"resourceType":"image","contentType":"image/png"},{"url":"https://hsping.com/wp-content/themes/astra/assets/js/minified/flexibility.min.js?ver=4.12.0","status":200,"resourceType":"script","contentType":"application/javascript"},{"url":"https://hsping.com/wp-content/uploads/2026/01/WCO-logo-150x150.png","status":200,"resourceType":"image","contentType":"image/png"},{"url":"https://hsping.com/wp-content/uploads/2026/01/hsping-logo-110x23.png","status":200,"resourceType":"image","contentType":"image/png"},{"url":"https://hsping.com/wp-content/plugins/prismatic/lib/prism/js/lang-json.js?ver=3.7.5","status":200,"resourceType":"script","contentType":"application/javascript"},{"url":"https://hsping.com/wp-content/plugins/prismatic/lib/prism/js/plugin-line-numbers.js?ver=3.7.5","status":200,"resourceType":"script","contentType":"application/javascript"},{"url":"https://hsping.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.12.0","status":200,"resourceType":"script","contentType":"application/javascript"},{"url":"https://hsping.com/wp-content/plugins/prismatic/lib/prism/js/plugin-line-highlight.js?ver=3.7.5","status":200,"resourceType":"script","contentType":"application/javascript"},{"url":"https://hsping.com/wp-content/plugins/prismatic/lib/prism/js/prism-core.js?ver=3.7.5","status":200,"resourceType":"script","contentType":"application/javascript"}]} expected="0 missing or malformed eligible same-origin responses" issue="One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff."WARNOne or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.

Organization trust fields [warning]! Organization schema is missing sameAs or public contact evidence.INFOOrganization trust fieldsINFOChecking logo, sameAs, and public contact evidence format="json-ld"PASSCheck logo presence actual=true expected=true fields=[{"name":"Organization.logo","present":true,"value":"https://hsping.com/wp-content/uploads/2026/01/hsping-logo.png","format":"json-ld"},{"name":"Organization.sameAs","present":false,"format":"json-ld"},{"name":"Organization.contactPoint","present":false,"format":"json-ld"},{"name":"Organization.telephone","present":false,"format":"json-ld"},{"name":"Organization.email","present":false,"format":"json-ld"},{"name":"Organization.address","present":false,"format":"json-ld"}]FAILCheck sameAs or contact evidence actual=0 expected=">= 1" sameAsCount=0 contactSignalCount=0 fields=[{"name":"Organization.logo","present":true,"value":"https://hsping.com/wp-content/uploads/2026/01/hsping-logo.png","format":"json-ld"},{"name":"Organization.sameAs","present":false,"format":"json-ld"},{"name":"Organization.contactPoint","present":false,"format":"json-ld"},{"name":"Organization.telephone","present":false,"format":"json-ld"},{"name":"Organization.email","present":false,"format":"json-ld"},{"name":"Organization.address","present":false,"format":"json-ld"}]WARNOrganization trust fields are partially complete

Find advertised IndexNow key location [informational]! No IndexNow key location was advertised in HTML, Link headers, or robots.txt.INFOFind advertised IndexNow key locationINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"WARNNo IndexNow key location was advertised in HTML, Link headers, or robots.txt.Fetch and validate IndexNow key file [informational]! No discoverable IndexNow key file was found.INFOFetch and validate IndexNow key fileINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"INFOFetch each advertised same-origin key file and validate filename/body matchFAILCompare valid IndexNow key file count actual=0 expected="> 0"WARNNo discoverable IndexNow key file was found.