Export Report
OVERALL SCORE
Level 3, Bot-Aware
- AI Discoverability 45 out of 100
- Agent Ease of Use 44 out of 100
- Security & Trust 46 out of 100
- GEO, AIO and AEO 64 out of 100
- SEO 92 out of 100
- Performance and Accessibility 94 out of 100
What AI sees of your website
Logto: Modern auth infrastructure for developers
Logto adds multi-tenancy, enterprise SSO, and RBAC to your SaaS or AI apps. All with OIDC and OAuth 2.1 made simple, fast, and developer-friendly.
Next step
Turn this report into a fix workflow
25 failed checks are ready to move into MCP or CLI remediation. Generate a repair prompt, connect the scanner to your coding agent, or open the integration docs before your next rescan.
| Metric | Score | Status | Passed | Failed | Warning | Evidence |
|---|---|---|---|---|---|---|
| AI Discoverability | 45 | Priority fix | 23 | 25 | 8 | View details |
| Discoverability | 67 | Needs work | 8 | 2 | 0 | View details |
| Content Readiness | 35 | Priority fix | 11 | 16 | 4 | View details |
| Bot Access Control | 36 | Priority fix | 4 | 7 | 4 | View details |
| Agent Ease of Use | 44 | Priority fix | 20 | 20 | 15 | View details |
| API | 59 | Needs work | 5 | 3 | 1 | View details |
| Auth | 50 | Needs work | 3 | 2 | 1 | View details |
| MCP | 37 | Priority fix | 3 | 5 | 3 | View details |
| Skill Discovery | 42 | Priority fix | 4 | 6 | 10 | View details |
| Agent Commerce | 41 | Priority fix | 5 | 4 | 0 | View details |
| GEO, AIO and AEO | 64 | Needs work | 9 | 3 | 6 | View details |
| GEO Readiness | 61 | Needs work | 3 | 1 | 2 | View details |
| AIO Readiness | 80 | Mostly ready | 3 | 0 | 3 | |
| AEO Readiness | 50 | Needs work | 3 | 2 | 1 | View details |
| SEO | 92 | Strong | 9 | 1 | 0 | View details |
| SEO | 92 | Strong | 9 | 1 | 0 | View details |
| Security & Trust | 46 | Priority fix | 8 | 5 | 4 | View details |
| Security & Trust | 46 | Priority fix | 8 | 5 | 4 | View details |
| Performance and Accessibility | 94 | Strong | 24 | 2 | 0 | View details |
| Performance | 94 | Strong | 20 | 1 | 0 | View details |
| Accessibility | 95 | Strong | 4 | 1 | 0 | View details |
Prioritized recommendations
Issues ranked by score impact
44 items need attention
AI DiscoverabilityDiscoverabilityEstablished
Link headers
Link headers failed at "Find useful Link headers".
100 Fail
AI DiscoverabilityDiscoverabilityEstablished
Link headers
Link headers failed at "Find useful Link headers".
Needs attention
Link headers
Issue
No useful agent discovery Link headers were found.
Why it matters
Link headers let automated clients discover API catalogs, documentation, and machine-readable alternates without parsing page markup first.
Check name
Link headers
Score
0/100
Status
fail
Category
Discoverability
Maturity
Established
Goal
Include Link response headers for agent discovery using RFC 8288.
Result
Link headers failed at "Find useful Link headers".
Validation steps
Find useful Link headers
No useful agent discovery Link headers were found.
Fetch same-origin Link header targets
Link headers did not expose any same-origin targets to validate.
Agent Ease of UseMCPEmerging recommendation
MCP Server Card
MCP Server Card failed at "Validate server-card shape".
35 Fail
Agent Ease of UseMCPEmerging recommendation
MCP Server Card
MCP Server Card failed at "Validate server-card shape".
Needs attention
MCP Server Card
Issue
MCP Server Card response is not valid JSON.
Why it matters
MCP server cards give agents a stable, public pre-connection discovery surface for server identity, remote transports, protocol compatibility, and safe routing without guessing endpoints.
Check name
MCP Server Card
Score
30/100
Status
fail
Category
MCP
Maturity
Emerging recommendation
Goal
Publish an MCP Server Card that helps agents discover remote MCP server transports before opening a session.
Result
MCP Server Card failed at "Validate server-card shape".
Validation steps
Discover MCP server card
The MCP server card was found only at a transitional or linked path.
Validate server-card shape
MCP Server Card response is not valid JSON.
Validate MCP remotes
No usable MCP remote transport was declared.
Validate HTTP delivery
Content-Type "text/html; charset=utf-8" is not JSON.
Probe same-origin MCP endpoint
No MCP remote endpoint could be probed.
Agent Ease of UseAgent CommerceInformational
Universal Commerce Protocol
Universal Commerce Protocol failed at "Fetch UCP profile".
32 Fail
Agent Ease of UseAgent CommerceInformational
Universal Commerce Protocol
Universal Commerce Protocol failed at "Fetch UCP profile".
Needs attention
Universal Commerce Protocol
Issue
UCP profile content type "text/html; charset=utf-8" is not JSON-compatible.
Why it matters
UCP discovery lets agents identify commerce capabilities, service transports, payment handlers, and signing keys without scraping human checkout flows.
Check name
Universal Commerce Protocol
Score
36/100
Status
fail
Category
Agent Commerce
Maturity
Informational
Goal
Expose a valid Universal Commerce Protocol business profile when this origin supports agentic commerce workflows.
Result
Universal Commerce Protocol failed at "Fetch UCP profile".
Validation steps
Fetch UCP profile
UCP profile content type "text/html; charset=utf-8" is not JSON-compatible.
Validate UCP profile shape
UCP profile could not be parsed.
Agent Ease of UseMCPEmerging recommendation
WebMCP
WebMCP failed at "Probe WebMCP operability".
28 Fail
Agent Ease of UseMCPEmerging recommendation
WebMCP
WebMCP failed at "Probe WebMCP operability".
Needs attention
WebMCP
Issue
Discovered WebMCP static metadata was fetchable but invalid.
Details
Why it matters
WebMCP gives agents structured page and browser tool hints so they can understand actions without relying only on screen scraping.
Check name
WebMCP
Score
44/100
Status
fail
Category
MCP
Maturity
Emerging recommendation
Goal
Expose browser/page WebMCP tools and compatible static WebMCP metadata when a site wants agents to understand in-page actions.
Result
WebMCP failed at "Probe WebMCP operability".
Validation steps
Detect WebMCP runtime API
WebMCP-like strings were found, but rendered browser evidence did not confirm a usable runtime API.
Probe WebMCP operability
Discovered WebMCP static metadata was fetchable but invalid.
WebMCP operability findings
- Discovered WebMCP static metadata was fetchable but invalid.
Validate declarative WebMCP form tools
No W3C-style declarative WebMCP form attributes were found.
Validate MCP-aware HTML annotations
No data-mcp-tool or hyphenated WebMCP compatibility annotations were found.
Validate static WebMCP JSON compatibility
A discovered WebMCP static manifest or WMCP interaction graph was invalid.
Body is not valid JSON.
Agent Ease of UseAgent CommerceInformational
ACP - Agentic Commerce Protocol
ACP - Agentic Commerce Protocol failed at "Fetch ACP discovery".
27 Fail
Agent Ease of UseAgent CommerceInformational
ACP - Agentic Commerce Protocol
ACP - Agentic Commerce Protocol failed at "Fetch ACP discovery".
Needs attention
ACP - Agentic Commerce Protocol
Issue
ACP discovery content type "text/html; charset=utf-8" is not JSON-compatible.
Why it matters
ACP discovery lets agents find the seller's ACP API base URL, supported versions, transports, and stable services before attempting authenticated checkout-session negotiation.
Check name
ACP - Agentic Commerce Protocol
Score
46/100
Status
fail
Category
Agent Commerce
Maturity
Informational
Goal
Expose valid ACP discovery when this origin supports Agentic Commerce Protocol workflows.
Result
ACP - Agentic Commerce Protocol failed at "Fetch ACP discovery".
Validation steps
Fetch ACP discovery
ACP discovery content type "text/html; charset=utf-8" is not JSON-compatible.
Validate ACP discovery shape
ACP discovery could not be parsed.
Agent Ease of UseAPIEstablished
OpenAPI discovery
OpenAPI discovery failed at "Parse OpenAPI document".
25 Fail
Agent Ease of UseAPIEstablished
OpenAPI discovery
OpenAPI discovery failed at "Parse OpenAPI document".
Needs attention
OpenAPI discovery
Issue
OpenAPI candidate was not parseable as JSON or YAML-like OpenAPI.
Why it matters
OpenAPI documents let agents understand operations, schemas, authentication, servers, and request/response formats before calling an API.
Check name
OpenAPI discovery
Score
50/100
Status
fail
Category
API
Maturity
Established
Goal
Publish a valid OpenAPI or Swagger document for public API discovery when this origin exposes public APIs.
Result
OpenAPI discovery failed at "Parse OpenAPI document".
Validation steps
Parse OpenAPI document
OpenAPI candidate was not parseable as JSON or YAML-like OpenAPI.
Validate OpenAPI shape
Response is not valid JSON and does not match baseline OpenAPI YAML shape.
Check machine-usable details
Add servers, parameters, request bodies, response schemas, operation IDs, tags, examples, and security or explicit no-auth declarations where they apply.
Agent Ease of UseAuthEstablished
OAuth / OIDC discovery
OAuth / OIDC discovery failed at "Fetch discovery metadata".
19 Fail
Agent Ease of UseAuthEstablished
OAuth / OIDC discovery
OAuth / OIDC discovery failed at "Fetch discovery metadata".
Needs attention
OAuth / OIDC discovery
Issue
OAuth/OIDC was claimed or referenced, but no registered OAuth/OIDC discovery document was found.
Why it matters
OAuth and OIDC discovery let agents and API clients find authorization, token, and key endpoints programmatically instead of scraping login pages or guessing provider setup.
Check name
OAuth / OIDC discovery
Score
43/100
Status
fail
Category
Auth
Maturity
Established
Goal
Publish OAuth/OIDC discovery metadata only when the site operates or advertises a real OAuth/OIDC authorization server.
Result
OAuth / OIDC discovery failed at "Fetch discovery metadata".
Validation steps
Fetch discovery metadata
OAuth/OIDC was claimed or referenced, but no registered OAuth/OIDC discovery document was found.
Agent Ease of UseSkill DiscoveryEmerging recommendation
agents.json
agents.json failed at "Validate Wildcard schema shape".
19 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
agents.json
agents.json failed at "Validate Wildcard schema shape".
Needs attention
agents.json
Issue
agents.json response is not valid JSON.
Why it matters
Wildcard agents.json gives agents workflow-level context beyond plain OpenAPI, including flows, links, examples, and API action structure. It is an emerging OpenAPI-adjacent proposal, so scanners should validate the contract shape without treating it as an A2A or IETF standard.
Check name
agents.json
Score
25/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish a Wildcard-style agents.json file so agents can discover OpenAPI-backed workflows, links, examples, and authentication requirements.
Result
agents.json failed at "Validate Wildcard schema shape".
Validation steps
Discover agents.json
agents.json was found only at the fallback /agents.json path.
Validate Wildcard schema shape
agents.json response is not valid JSON.
Validate API actions
Wildcard agents.json must include valid OpenAPI-derived action or operation definitions.
Validate flows and links
No executable flows were found.
Review examples and LLM usability
Examples or descriptions are too thin for reliable agent argument generation.
AI DiscoverabilityContent ReadinessEstablished
Organization / WebSite schema
Organization / WebSite schema is missing or incomplete.
17 Fail
AI DiscoverabilityContent ReadinessEstablished
Organization / WebSite schema
Organization / WebSite schema is missing or incomplete.
Needs attention
Organization / WebSite schema
Issue
No Organization or Organization subtype was found in Schema.org structured data. No WebSite entity was found in Schema.org structured data. Missing identity field(s): Organization.name, Organization.url, WebSite.name, WebSite.url. WebSite.publisher is missing. Organization schema is missing logo and sameAs or public contact evidence.
Why it matters
Organization and WebSite schema help agents identify the publisher, canonical site identity, logo, and related profiles for attribution.
Check name
Organization / WebSite schema
Score
0/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Identify the site owner and website entity in structured data.
Result
Organization / WebSite schema is missing or incomplete.
Validation steps
Organization entity
No Organization or Organization subtype was found in Schema.org structured data.
WebSite entity
No WebSite entity was found in Schema.org structured data.
Identity fields
Missing identity field(s): Organization.name, Organization.url, WebSite.name, WebSite.url.
WebSite publisher linkage
WebSite.publisher is missing.
Organization trust fields
Organization schema is missing logo and sameAs or public contact evidence.
AI DiscoverabilityContent ReadinessEstablished
Structured data
Structured data failed at "Recognized structured data format".
17 Fail
AI DiscoverabilityContent ReadinessEstablished
Structured data
Structured data failed at "Recognized structured data format".
Needs attention
Structured data
Issue
No JSON-LD, Microdata, or RDFa structured data was found.
Why it matters
Structured data gives agents explicit entities, relationships, and page meaning that are harder to infer reliably from visual layout alone.
Check name
Structured data
Score
0/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Expose machine-readable page entities and relationships through a recognized structured-data syntax.
Result
Structured data failed at "Recognized structured data format".
Validation steps
Recognized structured data format
No JSON-LD, Microdata, or RDFa structured data was found.
Page-relevant schema family
The page has specific visible content intent, but structured data does not include a matching primary schema family.
AI DiscoverabilityBot Access ControlEmerging recommendation
TDMRep declaration
TDMRep declaration failed at "Fetch /.well-known/tdmrep.json".
17 Fail
AI DiscoverabilityBot Access ControlEmerging recommendation
TDMRep declaration
TDMRep declaration failed at "Fetch /.well-known/tdmrep.json".
Needs attention
TDMRep declaration
Issue
Response is not valid JSON.
Why it matters
TDMRep is a W3C Community Group protocol and IANA-registered well-known URI for declaring text and data mining reservation policy on applicable content.
Check name
TDMRep declaration
Score
0/100
Status
fail
Category
Bot Access Control
Maturity
Emerging recommendation
Goal
Publish a machine-readable text and data mining reservation declaration and verifiable ODRL policy when the site needs one.
Result
TDMRep declaration failed at "Fetch /.well-known/tdmrep.json".
Validation steps
Fetch /.well-known/tdmrep.json
Response is not valid JSON.
Validate TDM declarations
No valid TDM declarations were parsed from the declared TDMRep surface.
Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration has a validation warning at "Warn when auth surface lacks Auth.md".
17 Warning
Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration has a validation warning at "Warn when auth surface lacks Auth.md".
Needs attention
Auth.md Agent Registration
Issue
The site appears to support login, signup, account access, or credentials but does not publish /auth.md.
Why it matters
Human login and signup flows are often opaque to agents. Auth.md gives automated clients a stable registration contract instead of forcing them to scrape docs, automate browser forms, or guess credential flows.
Check name
Auth.md Agent Registration
Score
50/100
Status
warning
Category
Auth
Maturity
Emerging recommendation
Goal
Publish Auth.md v1 metadata so agents can discover how to register, claim a user, and obtain credentials.
Result
Auth.md Agent Registration has a validation warning at "Warn when auth surface lacks Auth.md".
Validation steps
Warn when auth surface lacks Auth.md
The site appears to support login, signup, account access, or credentials but does not publish /auth.md.
Agent Ease of UseAPIEstablished
API Catalog
API Catalog has a validation warning at "Fetch API catalog".
17 Warning
Agent Ease of UseAPIEstablished
API Catalog
API Catalog has a validation warning at "Fetch API catalog".
Needs attention
API Catalog
Issue
This origin appears to publish or claim public APIs, but no RFC 9727 API catalog was found.
Why it matters
API catalogs help agents find API endpoints, service descriptions, documentation, status resources, auth metadata, and related machine-readable contracts without guessing entry points.
Check name
API Catalog
Score
67/100
Status
warning
Category
API
Maturity
Established
Goal
Publish an API catalog for automated public API discovery using RFC 9727 when this origin exposes public APIs.
Result
API Catalog has a validation warning at "Fetch API catalog".
Validation steps
Fetch API catalog
This origin appears to publish or claim public APIs, but no RFC 9727 API catalog was found.
Agent Ease of UseSkill DiscoveryEmerging recommendation
A2A Agent Card
A2A Agent Card failed at "Detect A2A card version".
15 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
A2A Agent Card
A2A Agent Card failed at "Detect A2A card version".
Needs attention
A2A Agent Card
Issue
The discovered JSON document does not match a supported A2A Agent Card version family.
Why it matters
A2A Agent Cards provide protocol-specific discovery for agent identity, skills, input and output modes, transport bindings, capabilities, and security requirements. Legacy A2A also used /.well-known/agent.json, so scanners must classify the card shape before reporting readiness.
Check name
A2A Agent Card
Score
39/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish a version-appropriate A2A Agent Card so A2A-compatible clients can discover agent skills and invoke the declared endpoint safely.
Result
A2A Agent Card failed at "Detect A2A card version".
Validation steps
Discover A2A Agent Card
The A2A Agent Card was found at a legacy or fallback path.
Detect A2A card version
The discovered JSON document does not match a supported A2A Agent Card version family.
Validate version-specific card shape
A2A Agent Card response is not valid JSON.
Validate HTTP delivery
The card was parseable JSON but was not served with a JSON-compatible content type.
Probe same-origin A2A endpoint
A2A endpoint probing was skipped because the endpoint was cross-origin, unavailable from the card, or uses an unsupported binding.
AI DiscoverabilityContent ReadinessEstablished
Markdown negotiation
Markdown negotiation is missing or incomplete.
15 Fail
AI DiscoverabilityContent ReadinessEstablished
Markdown negotiation
Markdown negotiation is missing or incomplete.
Needs attention
Markdown negotiation
Issue
Best candidate returned Content-Type "text/html; charset=utf-8" instead of text/markdown.
Why it matters
Markdown representations give agents a cleaner page form while preserving normal HTML for browsers and cache-safe representation handling.
Check name
Markdown negotiation
Score
10/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Expose a useful Markdown representation through negotiation or an explicit alternate URL.
Result
Markdown negotiation is missing or incomplete.
Validation steps
Markdown representation
No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks.
Same-URL negotiation
Same-URL Accept: text/markdown did not return a valid Markdown representation.
Markdown format validation
Markdown response appears to expose MDX/JSX source rather than rendered agent-facing Markdown.
Advertised Markdown alternate
No Link or HTML rel=alternate text/markdown URL was advertised.
Conventional .md mirror
Conventional .md mirror candidates did not return valid Markdown.
Agent Ease of UseAuthEmerging recommendation
OAuth Protected Resource
OAuth Protected Resource failed at "Fetch protected-resource metadata".
15 Fail
Agent Ease of UseAuthEmerging recommendation
OAuth Protected Resource
OAuth Protected Resource failed at "Fetch protected-resource metadata".
Needs attention
OAuth Protected Resource
Issue
OAuth Protected Resource metadata was claimed or linked, but no metadata document was found.
Why it matters
Protected-resource metadata tells agents which API/resource is locked, which authorization servers can issue tokens for it, and how a 401 challenge maps back to the correct resource.
Check name
OAuth Protected Resource
Score
56/100
Status
fail
Category
Auth
Maturity
Emerging recommendation
Goal
Publish OAuth Protected Resource Metadata for OAuth-protected APIs and MCP resources so clients can identify the resource and its authorization servers.
Result
OAuth Protected Resource failed at "Fetch protected-resource metadata".
Validation steps
Fetch protected-resource metadata
OAuth Protected Resource metadata was claimed or linked, but no metadata document was found.
Agent Ease of UseSkill DiscoveryEmerging recommendation
DNS-AID Agent Discovery
DNS-AID Agent Discovery has a validation warning at "Query DNS-AID records".
13 Warning
Agent Ease of UseSkill DiscoveryEmerging recommendation
DNS-AID Agent Discovery
DNS-AID Agent Discovery has a validation warning at "Query DNS-AID records".
Needs attention
DNS-AID Agent Discovery
Issue
No DNS-AID HTTPS/SVCB records were found under _agents.
Why it matters
DNS-AID lets agents discover index, A2A, and other agent entrypoints before fetching HTTP metadata. HTTPS/SVCB records provide the service-binding substrate, while DNSSEC can authenticate the discovery answer when available.
Check name
DNS-AID Agent Discovery
Score
50/100
Status
warning
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish DNS-AID HTTPS/SVCB records under _agents for DNS-based agent entrypoint discovery.
Result
DNS-AID Agent Discovery has a validation warning at "Query DNS-AID records".
Validation steps
Query DNS-AID records
No DNS-AID HTTPS/SVCB records were found under _agents.
Check DNSSEC authentication evidence
DNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.
Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy failed at "Find enforcing CSP delivery".
12 Fail
Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy failed at "Find enforcing CSP delivery".
Needs attention
Content-Security-Policy
Issue
Applicable HTML response is missing an enforcing Content-Security-Policy header.
Why it matters
Content Security Policy reduces the impact of injection bugs by limiting where scripts, styles, frames, forms, and other browser resources can load or execute.
Check name
Content-Security-Policy
Score
40/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Constrain browser resource loading and script execution with an enforcing Content-Security-Policy header.
Result
Content-Security-Policy failed at "Find enforcing CSP delivery".
Validation steps
Find enforcing CSP delivery
Applicable HTML response is missing an enforcing Content-Security-Policy header.
Security & TrustSecurity & TrustEstablished
Referrer-Policy
Referrer-Policy failed at "Find Referrer-Policy header".
12 Fail
Security & TrustSecurity & TrustEstablished
Referrer-Policy
Referrer-Policy failed at "Find Referrer-Policy header".
Needs attention
Referrer-Policy
Issue
Referrer-Policy header is missing.
Why it matters
Referrer-Policy controls how much URL context is sent to other origins, limiting accidental leakage of paths, queries, and identifiers.
Check name
Referrer-Policy
Score
40/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Limit how much referrer data leaves the site with an explicit Referrer-Policy header.
Result
Referrer-Policy failed at "Find Referrer-Policy header".
Validation steps
Find Referrer-Policy header
Referrer-Policy header is missing.
Review observed browser responses
One or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy.
AI DiscoverabilityBot Access ControlEstablished
AI bot rules in robots.txt
AI bot rules in robots.txt failed at "Classify AI crawler rules".
12 Fail
AI DiscoverabilityBot Access ControlEstablished
AI bot rules in robots.txt
AI bot rules in robots.txt failed at "Classify AI crawler rules".
Needs attention
AI bot rules in robots.txt
Issue
No explicit User-agent rules were found for major AI crawler tokens.
Why it matters
AI crawler product tokens have different meanings. Explicit robots.txt groups make training, search, and retrieval access policy auditable for compliant crawler operators.
Check name
AI bot rules in robots.txt
Score
31/100
Status
fail
Category
Bot Access Control
Maturity
Established
Goal
Declare deliberate robots.txt rules for major AI training, AI search, user-triggered, and dataset crawlers.
Result
AI bot rules in robots.txt failed at "Classify AI crawler rules".
Validation steps
Classify AI crawler rules
No explicit User-agent rules were found for major AI crawler tokens.
Agent Ease of UseSkill DiscoveryEmerging recommendation
Agent Skills index
Agent Skills index failed at "Validate discovery index schema".
11 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
Agent Skills index
Agent Skills index failed at "Validate discovery index schema".
Needs attention
Agent Skills index
Issue
Agent Skills index was not served with a JSON-compatible Content-Type.
Details
Why it matters
An Agent Skills index lets agents discover task-specific instructions through a small trusted index, then verify and load only the skill artifacts they need.
Check name
Agent Skills index
Score
55/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish an Agent Skills discovery index that advertises digest-pinned SKILL.md or archive artifacts.
Result
Agent Skills index failed at "Validate discovery index schema".
Validation steps
Validate discovery index schema
Agent Skills index was not served with a JSON-compatible Content-Type.
Response is not valid JSON.
Verify advertised artifacts
No valid skill artifacts were available to verify.
Validate skill content
For skill-md artifacts, include valid YAML frontmatter with name and description followed by Markdown. For archives, include a safe root SKILL.md and no unsafe paths.
Review skill artifact security
Do not publish secrets or prompt-injection instructions in skill artifacts. Treat scripts, archives, and cross-origin artifacts as software supply-chain surfaces.
Security & TrustSecurity & TrustEstablished
Frame protection
Frame protection failed at "Validate X-Frame-Options".
11 Fail
Security & TrustSecurity & TrustEstablished
Frame protection
Frame protection failed at "Validate X-Frame-Options".
Needs attention
Frame protection
Issue
No valid X-Frame-Options fallback is present.
Why it matters
Frame protection blocks hostile sites from embedding pages in deceptive frames, reducing clickjacking and UI redressing risk.
Check name
Frame protection
Score
44/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Prevent unwanted framing with an enforcing CSP frame-ancestors directive or a valid X-Frame-Options fallback.
Result
Frame protection failed at "Validate X-Frame-Options".
Validation steps
Validate CSP frame-ancestors
No enforcing CSP frame-ancestors directive is present.
Validate X-Frame-Options
No valid X-Frame-Options fallback is present.
Review observed browser responses
One or more same-origin HTML documents observed by Chrome did not emit valid frame protection.
AI DiscoverabilityBot Access ControlEmerging recommendation
ai.txt policy
ai.txt policy failed at "Validate transport".
10 Fail
AI DiscoverabilityBot Access ControlEmerging recommendation
ai.txt policy
ai.txt policy failed at "Validate transport".
Needs attention
ai.txt policy
Issue
ai.txt appears to be an HTML page or error document rather than a plain-text policy.
Why it matters
ai.txt is a fragmented emerging convention. It can communicate human-readable AI crawling, training, attribution, restriction, and contact guidance, but it is not a standard access-control mechanism and absence should not be penalized.
Check name
ai.txt policy
Score
38/100
Status
fail
Category
Bot Access Control
Maturity
Emerging recommendation
Goal
Publish an advisory human-readable AI usage policy only when the site intentionally needs one.
Result
ai.txt policy failed at "Validate transport".
Validation steps
Validate transport
ai.txt appears to be an HTML page or error document rather than a plain-text policy.
Parse ai.txt policy
Transport validation failed before policy parsing could be trusted.
Validate policy content
ai.txt does not follow the AI Visibility section model; treating it as non-standard advisory text.
Security & TrustSecurity & TrustEstablished
HSTS header
HSTS header failed at "Find Strict-Transport-Security".
10 Fail
Security & TrustSecurity & TrustEstablished
HSTS header
HSTS header failed at "Find Strict-Transport-Security".
Needs attention
HSTS header
Issue
HTTPS response is missing Strict-Transport-Security.
Why it matters
HSTS tells browsers to keep using HTTPS after the first secure visit, reducing downgrade, SSL-stripping, and mixed-transport risk for repeat users.
Check name
HSTS header
Score
50/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Require HTTPS for repeat browser visits with a valid Strict-Transport-Security policy.
Result
HSTS header failed at "Find Strict-Transport-Security".
Validation steps
Find Strict-Transport-Security
HTTPS response is missing Strict-Transport-Security.
AI DiscoverabilityBot Access ControlInformational
Web Bot Auth request signing
Web Bot Auth request signing failed at "Validate directory media type".
9 Fail
AI DiscoverabilityBot Access ControlInformational
Web Bot Auth request signing
Web Bot Auth request signing failed at "Validate directory media type".
Needs attention
Web Bot Auth request signing
Issue
Content-Type "text/html; charset=utf-8" is not valid for a Web Bot Auth signing key directory.
Why it matters
Web Bot Auth lets bot and agent operators publish HTTP Message Signatures keys so receiving websites can verify signed automated requests without relying only on user-agent strings, IP lists, or reverse DNS.
Check name
Web Bot Auth request signing
Score
44/100
Status
fail
Category
Bot Access Control
Maturity
Informational
Goal
Validate public signing-key discovery when this origin operates signed bots or agents whose requests other sites can verify.
Result
Web Bot Auth request signing failed at "Validate directory media type".
Validation steps
Validate directory media type
Content-Type "text/html; charset=utf-8" is not valid for a Web Bot Auth signing key directory.
Validate public signing keys
Directory body is not valid JSON.
Directory body is not valid JSON.
Inspect directory response signature binding
The directory response is not signed with RFC 9421 Signature and Signature-Input headers.
AI DiscoverabilityContent ReadinessEmerging recommendation
llms.txt
llms.txt failed at "Validate Markdown discovery shape".
9 Fail
AI DiscoverabilityContent ReadinessEmerging recommendation
llms.txt
llms.txt failed at "Validate Markdown discovery shape".
Needs attention
llms.txt
Issue
llms.txt did not provide the minimum expected Markdown discovery shape.
Details
Why it matters
llms.txt is an emerging Markdown convention for giving language-model clients curated context and links before they crawl broadly. Broken, private, or low-signal links make the file much less useful even when it exists.
Check name
llms.txt
Score
45/100
Status
fail
Category
Content Readiness
Maturity
Emerging recommendation
Goal
Publish a concise llms.txt index that helps agents discover useful public site context.
Result
llms.txt failed at "Validate Markdown discovery shape".
Validation steps
Validate Markdown discovery shape
llms.txt did not provide the minimum expected Markdown discovery shape.
Findings
- Content-Type "text/html; charset=utf-8" is not text/markdown, another Markdown type, or text/plain.
- Response looks like an HTML page rather than a Markdown/text llms.txt file.
- Missing H1 title, such as '# Example Docs'.
Score llms.txt structure and usefulness
llms.txt is present, but its structure or link curation is weaker than the emerging proposal and production examples.
Findings
- Missing a blockquote summary. The llms.txt proposal recommends a concise blockquote after the H1.
- Missing H2 sections for grouping important links.
- No Markdown-formatted links were found.
- Several links have vague labels or raw URL labels.
Probe sampled linked resources
Some sampled llms.txt links were broken, redirected unexpectedly, or did not return clearly agent-readable content.
Findings
- 6/25 probed links were broken or unreachable.
- 6/25 probed links did not look agent-readable.
Inspect optional llms-full.txt
Passed.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer-first passages
AEO: Answer-first passages scored 22/100 and needs a fix.
9 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer-first passages
AEO: Answer-first passages scored 22/100 and needs a fix.
Needs attention
AEO: Answer-first passages
Issue
43 section(s) bury or omit a concise opening answer.
Details
Why it matters
Answer engines need visible answer passages, clear question and heading structure, entity definitions, evidence, and trust signals. These signals improve extraction and attribution, but they do not guarantee answer-engine citations or search features.
Check name
AEO: Answer-first passages
Score
22/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to extract, answer from, and attribute without promising inclusion in any proprietary answer surface.
Result
AEO: Answer-first passages scored 22/100 and needs a fix.
AI DiscoverabilityContent ReadinessEstablished
Semantic HTML
Semantic HTML is partially implemented.
9 Warning
AI DiscoverabilityContent ReadinessEstablished
Semantic HTML
Semantic HTML is partially implemented.
Needs attention
Semantic HTML
Issue
Semantic HTML is incomplete: expected exactly one visible main landmark, found 0; skipped or empty headings; 1 form controls missing labels; 0/1 applicable personal-data inputs have valid autocomplete attributes (1 missing).
Details
Why it matters
Semantic HTML gives browsers, assistive technology, search systems, and agents reliable landmarks, headings, controls, form semantics, and image context.
Check name
Semantic HTML
Score
48/100
Status
warning
Category
Content Readiness
Maturity
Established
Goal
Expose readable page structure through semantic HTML and accessible controls.
Result
Semantic HTML is partially implemented.
Validation steps
Page landmarks
Expected exactly one visible main landmark; found 0.
Heading structure
Headings skip levels or include empty heading elements.
Form labels and autocomplete
1 user-fillable form controls are missing labels.
Security & TrustSecurity & TrustEstablished
X-Content-Type-Options
X-Content-Type-Options failed at "Find X-Content-Type-Options".
9 Fail
Security & TrustSecurity & TrustEstablished
X-Content-Type-Options
X-Content-Type-Options failed at "Find X-Content-Type-Options".
Needs attention
X-Content-Type-Options
Issue
Browser-loadable response is missing X-Content-Type-Options.
Why it matters
X-Content-Type-Options tells browsers to trust declared media types instead of sniffing content, reducing the risk that mislabeled files execute as active content.
Check name
X-Content-Type-Options
Score
57/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Prevent browser MIME sniffing for browser-loadable responses with X-Content-Type-Options: nosniff.
Result
X-Content-Type-Options failed at "Find X-Content-Type-Options".
Validation steps
Find X-Content-Type-Options
Browser-loadable response is missing X-Content-Type-Options.
Review observed browser responses
One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.
AI DiscoverabilityBot Access ControlInformational
Content Signal
Content Signal has a validation warning at "Validate declared usage preferences".
8 Warning
AI DiscoverabilityBot Access ControlInformational
Content Signal
Content Signal has a validation warning at "Validate declared usage preferences".
Needs attention
Content Signal
Issue
No Content-Usage or Content-Signal declarations were found.
Why it matters
Content usage preference signals communicate intended downstream AI use separately from robots.txt crawl permission. They can express training and search preferences for compliant systems without replacing access-control rules.
Check name
Content Signal
Score
50/100
Status
warning
Category
Bot Access Control
Maturity
Informational
Goal
Declare AI content usage preferences when the site intentionally publishes machine-readable usage policy.
Result
Content Signal has a validation warning at "Validate declared usage preferences".
Validation steps
Validate declared usage preferences
No Content-Usage or Content-Signal declarations were found.
AI DiscoverabilityBot Access ControlEmerging recommendation
RSL license signal
No RSL declarations were found.
8 Warning
AI DiscoverabilityBot Access ControlEmerging recommendation
RSL license signal
No RSL declarations were found.
Needs attention
RSL license signal
Issue
No RSL declarations were found.
Why it matters
Really Simple Licensing is an emerging rights-expression layer for communicating content usage and licensing terms separately from robots.txt crawl permission.
Check name
RSL license signal
Score
50/100
Status
warning
Category
Bot Access Control
Maturity
Emerging recommendation
Goal
Declare machine-readable content licensing terms for compliant AI and crawler systems when the site needs them.
Result
No RSL declarations were found.
Validation steps
Discover RSL declarations
No RSL declarations were found.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Citable passages
GEO: Citable passages scored 35/100 and needs a fix.
8 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Citable passages
GEO: Citable passages scored 35/100 and needs a fix.
Needs attention
GEO: Citable passages
Issue
No evidence-backed, citation-length explanatory paragraph was found.
Details
Why it matters
Generative answer systems work best with visible, self-contained, evidence-backed content, clear entities, trustworthy attribution, structured page sections, and crawler-accessible HTML. These signals improve machine understanding even though they do not guarantee AI citations.
Check name
GEO: Citable passages
Score
35/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute without promising inclusion in any proprietary answer surface.
Result
GEO: Citable passages scored 35/100 and needs a fix.
AI DiscoverabilityContent ReadinessEstablished
Author attribution
Author attribution is partially implemented.
8 Warning
AI DiscoverabilityContent ReadinessEstablished
Author attribution
Author attribution is partially implemented.
Needs attention
Author attribution
Issue
No named author or publisher identity could be extracted.
Why it matters
Author attribution helps agents cite content responsibly, assess source credibility, and distinguish editorial pages from anonymous marketing copy.
Check name
Author attribution
Score
55/100
Status
warning
Category
Content Readiness
Maturity
Established
Goal
Identify content authors or publishers for trust and attribution.
Result
Author attribution is partially implemented.
Validation steps
Schema.org attribution
Schema.org attribution is incomplete or relies only on publisher/fallback evidence.
Author identity quality
No named author or publisher identity could be extracted.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Evidence and trust
AEO: Evidence and trust scored 43/100 and needs a fix.
7 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Evidence and trust
AEO: Evidence and trust scored 43/100 and needs a fix.
Needs attention
AEO: Evidence and trust
Issue
Missing answer evidence or trust signals: author, publisher, freshnessDate, sameAs.
Details
Why it matters
Answer engines need visible answer passages, clear question and heading structure, entity definitions, evidence, and trust signals. These signals improve extraction and attribution, but they do not guarantee answer-engine citations or search features.
Check name
AEO: Evidence and trust
Score
43/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to extract, answer from, and attribute without promising inclusion in any proprietary answer surface.
Result
AEO: Evidence and trust scored 43/100 and needs a fix.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Question and answer structure
AEO: Question and answer structure scored 50/100 and needs improvement.
6 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Question and answer structure
AEO: Question and answer structure scored 50/100 and needs improvement.
Needs attention
AEO: Question and answer structure
Issue
No natural question headings were detected. Heading structure issues were detected.
Details
Why it matters
Answer engines need visible answer passages, clear question and heading structure, entity definitions, evidence, and trust signals. These signals improve extraction and attribution, but they do not guarantee answer-engine citations or search features.
Check name
AEO: Question and answer structure
Score
50/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to extract, answer from, and attribute without promising inclusion in any proprietary answer surface.
Result
AEO: Question and answer structure scored 50/100 and needs improvement.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Source and trust signals
GEO: Source and trust signals scored 50/100 and needs improvement.
6 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Source and trust signals
GEO: Source and trust signals scored 50/100 and needs improvement.
Needs attention
GEO: Source and trust signals
Issue
Missing source or trust signals: authorOrOwner, freshnessDate, entityLinks.
Details
Why it matters
Generative answer systems work best with visible, self-contained, evidence-backed content, clear entities, trustworthy attribution, structured page sections, and crawler-accessible HTML. These signals improve machine understanding even though they do not guarantee AI citations.
Check name
GEO: Source and trust signals
Score
50/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute without promising inclusion in any proprietary answer surface.
Result
GEO: Source and trust signals scored 50/100 and needs improvement.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Source and trust signals
AIO: Source and trust signals scored 50/100 and needs improvement.
5 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Source and trust signals
AIO: Source and trust signals scored 50/100 and needs improvement.
Needs attention
AIO: Source and trust signals
Issue
Missing AIO trust signals: author, publisher, freshnessDate.
Details
Why it matters
Google AI Overviews and AI Mode depend on normal Google Search eligibility, snippet permissions, useful visible content, consistent structured data, trust signals, and page experience basics. These signals help Google understand and preview a page, but they do not guarantee selection.
Check name
AIO: Source and trust signals
Score
50/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible, understandable, and previewable for Google Search AI features without promising inclusion.
Result
AIO: Source and trust signals scored 50/100 and needs improvement.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Structured extraction
GEO: Structured extraction scored 63/100 and needs improvement.
4 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Structured extraction
GEO: Structured extraction scored 63/100 and needs improvement.
Needs attention
GEO: Structured extraction
Issue
Missing or weak extraction signals: clean heading hierarchy, summary or key takeaways, typed JSON-LD structured data.
Details
Why it matters
Generative answer systems work best with visible, self-contained, evidence-backed content, clear entities, trustworthy attribution, structured page sections, and crawler-accessible HTML. These signals improve machine understanding even though they do not guarantee AI citations.
Check name
GEO: Structured extraction
Score
63/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute without promising inclusion in any proprietary answer surface.
Result
GEO: Structured extraction scored 63/100 and needs improvement.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Page experience proxy
AIO: Page experience proxy scored 75/100 and needs improvement.
3 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Page experience proxy
AIO: Page experience proxy scored 75/100 and needs improvement.
Needs attention
AIO: Page experience proxy
Issue
104 image(s) are missing width/height attributes. 1 possible modal/interstitial element(s) detected.
Details
Why it matters
Google AI Overviews and AI Mode depend on normal Google Search eligibility, snippet permissions, useful visible content, consistent structured data, trust signals, and page experience basics. These signals help Google understand and preview a page, but they do not guarantee selection.
Check name
AIO: Page experience proxy
Score
75/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible, understandable, and previewable for Google Search AI features without promising inclusion.
Result
AIO: Page experience proxy scored 75/100 and needs improvement.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Visible content clarity
AIO: Visible content clarity scored 87/100 and needs improvement.
1 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Visible content clarity
AIO: Visible content clarity scored 87/100 and needs improvement.
Needs attention
AIO: Visible content clarity
Issue
43 section(s) may benefit from clearer answer-first openings. Heading outline issues were detected.
Details
Why it matters
Google AI Overviews and AI Mode depend on normal Google Search eligibility, snippet permissions, useful visible content, consistent structured data, trust signals, and page experience basics. These signals help Google understand and preview a page, but they do not guarantee selection.
Check name
AIO: Visible content clarity
Score
87/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible, understandable, and previewable for Google Search AI features without promising inclusion.
Result
AIO: Visible content clarity scored 87/100 and needs improvement.
AI DiscoverabilityDiscoverabilityEstablished
IndexNow key
IndexNow key is informational for this page.
Informational
AI DiscoverabilityDiscoverabilityEstablished
IndexNow key
IndexNow key is informational for this page.
Needs attention
IndexNow key
Issue
IndexNow key is informational for this page.
Why it matters
IndexNow lets sites notify participating search engines about changed URLs, but ownership verification requires a UTF-8 key file whose filename matches the key.
Check name
IndexNow key
Score
100/100
Status
informational
Category
Discoverability
Maturity
Established
Goal
Verify that IndexNow ownership key placement is detectable when the site advertises it.
Result
IndexNow key is informational for this page.
Validation steps
Find advertised IndexNow key location
No IndexNow key location was advertised in HTML, Link headers, or robots.txt.
Fetch and validate IndexNow key file
No discoverable IndexNow key file was found.
Performance and AccessibilityAccessibilityBrowser audit
Background and foreground colors do not have a sufficient contrast ratio.
100 Fail
Performance and AccessibilityAccessibilityBrowser audit
Background and foreground colors do not have a sufficient contrast ratio.
Check name
Background and foreground colors do not have a sufficient contrast ratio.
Score
0/100
Status
fail
Device
desktop
Category
Accessibility
Fix guidance
Low-contrast text is difficult or impossible for many users to read. [Learn how to provide sufficient color contrast](https://dequeuniversity.com/rules/axe/4.11/color-contrast).
References
https://web.dev/learn/accessibility/Evidence
{
"description": "Low-contrast text is difficult or impossible for many users to read. [Learn how to provide sufficient color contrast](https://dequeuniversity.com/rules/axe/4.11/color-contrast)."
}Performance and AccessibilityPerformanceBrowser audit
Legacy JavaScript
100 Fail
Performance and AccessibilityPerformanceBrowser audit
Legacy JavaScript
Check name
Legacy JavaScript
Score
0/100
Status
fail
Device
desktop
Category
Performance
Estimated savings
Est savings of 9 KiB
Fix guidance
Polyfills and transforms enable older browsers to use new JavaScript features. However, many aren't necessary for modern browsers. Consider modifying your JavaScript build process to not transpile [Baseline](https://web.dev/articles/baseline-and-polyfills) features, unless you know you must support older browsers. [Learn why most sites can deploy ES6+ code without transpiling](https://developer.chrome.com/docs/performance/insights/legacy-javascript)
References
https://web.dev/learn/performance/Evidence
{
"description": "Polyfills and transforms enable older browsers to use new JavaScript features. However, many aren't necessary for modern browsers. Consider modifying your JavaScript build process to not transpile [Baseline](https://web.dev/articles/baseline-and-polyfills) features, unless you know you must support older browsers. [Learn why most sites can deploy ES6+ code without transpiling](https://developer.chrome.com/docs/performance/insights/legacy-javascript)",
"displayValue": "Est savings of 9 KiB"
}SEOSEOBrowser audit
Links do not have descriptive text
100 Fail
SEOSEOBrowser audit
Links do not have descriptive text
Check name
Links do not have descriptive text
Score
0/100
Status
fail
Device
desktop
Category
SEO
Estimated savings
1 link found
Fix guidance
Descriptive link text helps search engines understand your content. [Learn how to make links more accessible](https://developer.chrome.com/docs/lighthouse/seo/link-text/).
Evidence
{
"description": "Descriptive link text helps search engines understand your content. [Learn how to make links more accessible](https://developer.chrome.com/docs/lighthouse/seo/link-text/).",
"displayValue": "1 link found"
}Fix with MCP or CLI
Use this report as the handoff into remediation. Generate a coding-agent prompt with the failing checks attached, or jump to the MCP and CLI setup docs before your next rescan.
Score history
Public scan score over time
Public reports for this website origin. Select any point or report link to open that canonical report.
| Scan date | Score | Readiness | Report |
|---|---|---|---|
| 57/100 | Level 3, Bot-Aware | Current report |