Export Report
OVERALL SCORE
Level 3, Bot-Aware
- AI Discoverability 45 out of 100
- Agent Ease of Use 45 out of 100
- Security & Trust 70 out of 100
- GEO, AIO and AEO 61 out of 100
- SEO 100 out of 100
- Performance and Accessibility 81 out of 100
What AI sees of your website
Permit.io | Permissions for the AI Era
Control what AI agents can do — at action time, across every system they touch. The control plane for agentic identity and fine-grained authorization.
Next step
Turn this report into a fix workflow
25 failed checks are ready to move into MCP or CLI remediation. Generate a repair prompt, connect the scanner to your coding agent, or open the integration docs before your next rescan.
| Metric | Score | Status | Passed | Failed | Warning | Evidence |
|---|---|---|---|---|---|---|
| AI Discoverability | 45 | Priority fix | 21 | 25 | 9 | View details |
| Discoverability | 67 | Needs work | 8 | 2 | 0 | View details |
| Content Readiness | 35 | Priority fix | 10 | 16 | 4 | View details |
| Bot Access Control | 35 | Priority fix | 3 | 7 | 5 | View details |
| Agent Ease of Use | 45 | Priority fix | 31 | 29 | 17 | View details |
| API | 44 | Priority fix | 7 | 7 | 1 | View details |
| Auth | 41 | Priority fix | 6 | 6 | 3 | View details |
| MCP | 42 | Priority fix | 4 | 5 | 2 | View details |
| Skill Discovery | 47 | Priority fix | 6 | 6 | 8 | View details |
| Agent Commerce | 46 | Priority fix | 8 | 5 | 3 | View details |
| GEO, AIO and AEO | 61 | Needs work | 8 | 3 | 7 | View details |
| GEO Readiness | 52 | Needs work | 2 | 1 | 3 | View details |
| AIO Readiness | 80 | Mostly ready | 3 | 0 | 3 | |
| AEO Readiness | 50 | Needs work | 3 | 2 | 1 | View details |
| SEO | 100 | Strong | 10 | 0 | 0 | |
| SEO | 100 | Strong | 10 | 0 | 0 | |
| Security & Trust | 70 | Needs work | 15 | 2 | 4 | View details |
| Security & Trust | 70 | Needs work | 15 | 2 | 4 | View details |
| Performance and Accessibility | 81 | Mostly ready | 19 | 5 | 1 | View details |
| Performance | 74 | Needs work | 12 | 3 | 1 | View details |
| Accessibility | 94 | Strong | 7 | 2 | 0 | View details |
Prioritized recommendations
Issues ranked by score impact
49 items need attention
AI DiscoverabilityDiscoverabilityEstablished
Link headers
Link headers failed at "Find useful Link headers".
100 Fail
AI DiscoverabilityDiscoverabilityEstablished
Link headers
Link headers failed at "Find useful Link headers".
Needs attention
Link headers
Issue
No useful agent discovery Link headers were found.
Why it matters
Link headers let automated clients discover API catalogs, documentation, and machine-readable alternates without parsing page markup first.
Check name
Link headers
Score
0/100
Status
fail
Category
Discoverability
Maturity
Established
Goal
Include Link response headers for agent discovery using RFC 8288.
Result
Link headers failed at "Find useful Link headers".
Validation steps
Find useful Link headers
No useful agent discovery Link headers were found.
Fetch same-origin Link header targets
Link headers did not expose any same-origin targets to validate.
Agent Ease of UseAPIEstablished
API Catalog
API Catalog failed at "Validate API catalog media type".
32 Fail
Agent Ease of UseAPIEstablished
API Catalog
API Catalog failed at "Validate API catalog media type".
Needs attention
API Catalog
Issue
Content-Type "text/html; charset=utf-8" is not valid for an RFC 9727 API catalog.
Why it matters
API catalogs help agents find API endpoints, service descriptions, documentation, status resources, auth metadata, and related machine-readable contracts without guessing entry points.
Check name
API Catalog
Score
37/100
Status
fail
Category
API
Maturity
Established
Goal
Publish an API catalog for automated public API discovery using RFC 9727 when this origin exposes public APIs.
Result
API Catalog failed at "Validate API catalog media type".
Validation steps
Check API catalog HEAD Link header
HEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog".
Validate API catalog media type
Content-Type "text/html; charset=utf-8" is not valid for an RFC 9727 API catalog.
Validate Linkset shape
Unexpected token '<', "<!DOCTYPE "... is not valid JSON
Unexpected token '<', "<!DOCTYPE "... is not valid JSON
Classify API catalog relations
API catalog did not include API endpoint links or useful API discovery relations.
Validate API catalog targets
API catalog did not expose any href targets to validate.
Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration failed at "Fetch and validate /auth.md".
30 Fail
Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration failed at "Fetch and validate /auth.md".
Needs attention
Auth.md Agent Registration
Issue
auth.md response did not match Auth.md v1 agent registration guidance. Content-Type "text/html; charset=utf-8" is not Markdown or text/plain; missing registration instructions; missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing Auth.md credential type guidance; missing agent_verified/user_claimed or claim ceremony guidance.
Why it matters
Human login and signup flows are often opaque to agents. Auth.md gives automated clients a stable registration contract instead of forcing them to scrape docs, automate browser forms, or guess credential flows.
Check name
Auth.md Agent Registration
Score
10/100
Status
fail
Category
Auth
Maturity
Emerging recommendation
Goal
Publish Auth.md v1 metadata so agents can discover how to register, claim a user, and obtain credentials.
Result
Auth.md Agent Registration failed at "Fetch and validate /auth.md".
Validation steps
Fetch and validate /auth.md
auth.md response did not match Auth.md v1 agent registration guidance. Content-Type "text/html; charset=utf-8" is not Markdown or text/plain; missing registration instructions; missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing Auth.md credential type guidance; missing agent_verified/user_claimed or claim ceremony guidance.
Validate protected resource metadata
Response is not valid JSON.
Validate Auth.md authorization metadata
Response is not valid JSON.
Agent Ease of UseMCPEmerging recommendation
MCP Server Card
MCP Server Card failed at "Validate server-card shape".
30 Fail
Agent Ease of UseMCPEmerging recommendation
MCP Server Card
MCP Server Card failed at "Validate server-card shape".
Needs attention
MCP Server Card
Issue
MCP Server Card response is not valid JSON.
Why it matters
MCP server cards give agents a stable, public pre-connection discovery surface for server identity, remote transports, protocol compatibility, and safe routing without guessing endpoints.
Check name
MCP Server Card
Score
40/100
Status
fail
Category
MCP
Maturity
Emerging recommendation
Goal
Publish an MCP Server Card that helps agents discover remote MCP server transports before opening a session.
Result
MCP Server Card failed at "Validate server-card shape".
Validation steps
Validate server-card shape
MCP Server Card response is not valid JSON.
Validate MCP remotes
No usable MCP remote transport was declared.
Validate HTTP delivery
Content-Type "text/html; charset=utf-8" is not JSON.
Probe same-origin MCP endpoint
No MCP remote endpoint could be probed.
Agent Ease of UseMCPEmerging recommendation
WebMCP
WebMCP failed at "Probe WebMCP operability".
28 Fail
Agent Ease of UseMCPEmerging recommendation
WebMCP
WebMCP failed at "Probe WebMCP operability".
Needs attention
WebMCP
Issue
Discovered WebMCP static metadata was fetchable but invalid.
Details
Why it matters
WebMCP gives agents structured page and browser tool hints so they can understand actions without relying only on screen scraping.
Check name
WebMCP
Score
44/100
Status
fail
Category
MCP
Maturity
Emerging recommendation
Goal
Expose browser/page WebMCP tools and compatible static WebMCP metadata when a site wants agents to understand in-page actions.
Result
WebMCP failed at "Probe WebMCP operability".
Validation steps
Detect WebMCP runtime API
WebMCP-like strings were found, but rendered browser evidence did not confirm a usable runtime API.
Probe WebMCP operability
Discovered WebMCP static metadata was fetchable but invalid.
WebMCP operability findings
- Discovered WebMCP static metadata was fetchable but invalid.
Validate declarative WebMCP form tools
No W3C-style declarative WebMCP form attributes were found.
Validate MCP-aware HTML annotations
No data-mcp-tool or hyphenated WebMCP compatibility annotations were found.
Validate static WebMCP JSON compatibility
A discovered WebMCP static manifest or WMCP interaction graph was invalid.
Body is not valid JSON.
Body is not valid JSON.
Agent Ease of UseAPIEstablished
OpenAPI discovery
OpenAPI discovery failed at "Parse OpenAPI document".
25 Fail
Agent Ease of UseAPIEstablished
OpenAPI discovery
OpenAPI discovery failed at "Parse OpenAPI document".
Needs attention
OpenAPI discovery
Issue
OpenAPI candidate was not parseable as JSON or YAML-like OpenAPI.
Why it matters
OpenAPI documents let agents understand operations, schemas, authentication, servers, and request/response formats before calling an API.
Check name
OpenAPI discovery
Score
50/100
Status
fail
Category
API
Maturity
Established
Goal
Publish a valid OpenAPI or Swagger document for public API discovery when this origin exposes public APIs.
Result
OpenAPI discovery failed at "Parse OpenAPI document".
Validation steps
Parse OpenAPI document
OpenAPI candidate was not parseable as JSON or YAML-like OpenAPI.
Validate OpenAPI shape
Response is not valid JSON and does not match baseline OpenAPI YAML shape.
Check machine-usable details
Add servers, parameters, request bodies, response schemas, operation IDs, tags, examples, and security or explicit no-auth declarations where they apply.
Agent Ease of UseAgent CommerceInformational
Universal Commerce Protocol
Universal Commerce Protocol failed at "Fetch UCP profile".
21 Fail
Agent Ease of UseAgent CommerceInformational
Universal Commerce Protocol
Universal Commerce Protocol failed at "Fetch UCP profile".
Needs attention
Universal Commerce Protocol
Issue
UCP profile content type "text/html; charset=utf-8" is not JSON-compatible.
Why it matters
UCP discovery lets agents identify commerce capabilities, service transports, payment handlers, and signing keys without scraping human checkout flows.
Check name
Universal Commerce Protocol
Score
36/100
Status
fail
Category
Agent Commerce
Maturity
Informational
Goal
Expose a valid Universal Commerce Protocol business profile when this origin supports agentic commerce workflows.
Result
Universal Commerce Protocol failed at "Fetch UCP profile".
Validation steps
Fetch UCP profile
UCP profile content type "text/html; charset=utf-8" is not JSON-compatible.
Validate UCP profile shape
UCP profile could not be parsed.
Agent Ease of UseAgent CommerceInformational
ACP - Agentic Commerce Protocol
ACP - Agentic Commerce Protocol failed at "Fetch ACP discovery".
18 Fail
Agent Ease of UseAgent CommerceInformational
ACP - Agentic Commerce Protocol
ACP - Agentic Commerce Protocol failed at "Fetch ACP discovery".
Needs attention
ACP - Agentic Commerce Protocol
Issue
ACP discovery content type "text/html; charset=utf-8" is not JSON-compatible.
Why it matters
ACP discovery lets agents find the seller's ACP API base URL, supported versions, transports, and stable services before attempting authenticated checkout-session negotiation.
Check name
ACP - Agentic Commerce Protocol
Score
46/100
Status
fail
Category
Agent Commerce
Maturity
Informational
Goal
Expose valid ACP discovery when this origin supports Agentic Commerce Protocol workflows.
Result
ACP - Agentic Commerce Protocol failed at "Fetch ACP discovery".
Validation steps
Fetch ACP discovery
ACP discovery content type "text/html; charset=utf-8" is not JSON-compatible.
Validate ACP discovery shape
ACP discovery could not be parsed.
AI DiscoverabilityContent ReadinessEstablished
Organization / WebSite schema
Organization / WebSite schema is missing or incomplete.
17 Fail
AI DiscoverabilityContent ReadinessEstablished
Organization / WebSite schema
Organization / WebSite schema is missing or incomplete.
Needs attention
Organization / WebSite schema
Issue
No Organization or Organization subtype was found in Schema.org structured data. No WebSite entity was found in Schema.org structured data. Missing identity field(s): Organization.name, Organization.url, WebSite.name, WebSite.url. WebSite.publisher is missing. Organization schema is missing logo and sameAs or public contact evidence.
Why it matters
Organization and WebSite schema help agents identify the publisher, canonical site identity, logo, and related profiles for attribution.
Check name
Organization / WebSite schema
Score
0/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Identify the site owner and website entity in structured data.
Result
Organization / WebSite schema is missing or incomplete.
Validation steps
Organization entity
No Organization or Organization subtype was found in Schema.org structured data.
WebSite entity
No WebSite entity was found in Schema.org structured data.
Identity fields
Missing identity field(s): Organization.name, Organization.url, WebSite.name, WebSite.url.
WebSite publisher linkage
WebSite.publisher is missing.
Organization trust fields
Organization schema is missing logo and sameAs or public contact evidence.
AI DiscoverabilityContent ReadinessEstablished
Structured data
Structured data failed at "Recognized structured data format".
17 Fail
AI DiscoverabilityContent ReadinessEstablished
Structured data
Structured data failed at "Recognized structured data format".
Needs attention
Structured data
Issue
No JSON-LD, Microdata, or RDFa structured data was found.
Why it matters
Structured data gives agents explicit entities, relationships, and page meaning that are harder to infer reliably from visual layout alone.
Check name
Structured data
Score
0/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Expose machine-readable page entities and relationships through a recognized structured-data syntax.
Result
Structured data failed at "Recognized structured data format".
Validation steps
Recognized structured data format
No JSON-LD, Microdata, or RDFa structured data was found.
Page-relevant schema family
The page has specific visible content intent, but structured data does not include a matching primary schema family.
AI DiscoverabilityBot Access ControlEmerging recommendation
TDMRep declaration
TDMRep declaration failed at "Fetch /.well-known/tdmrep.json".
17 Fail
AI DiscoverabilityBot Access ControlEmerging recommendation
TDMRep declaration
TDMRep declaration failed at "Fetch /.well-known/tdmrep.json".
Needs attention
TDMRep declaration
Issue
Response is not valid JSON.
Why it matters
TDMRep is a W3C Community Group protocol and IANA-registered well-known URI for declaring text and data mining reservation policy on applicable content.
Check name
TDMRep declaration
Score
0/100
Status
fail
Category
Bot Access Control
Maturity
Emerging recommendation
Goal
Publish a machine-readable text and data mining reservation declaration and verifiable ODRL policy when the site needs one.
Result
TDMRep declaration failed at "Fetch /.well-known/tdmrep.json".
Validation steps
Fetch /.well-known/tdmrep.json
Response is not valid JSON.
Validate TDM declarations
No valid TDM declarations were parsed from the declared TDMRep surface.
Agent Ease of UseSkill DiscoveryEmerging recommendation
agents.json
agents.json failed at "Validate Wildcard schema shape".
16 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
agents.json
agents.json failed at "Validate Wildcard schema shape".
Needs attention
agents.json
Issue
agents.json response is not valid JSON.
Why it matters
Wildcard agents.json gives agents workflow-level context beyond plain OpenAPI, including flows, links, examples, and API action structure. It is an emerging OpenAPI-adjacent proposal, so scanners should validate the contract shape without treating it as an A2A or IETF standard.
Check name
agents.json
Score
35/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish a Wildcard-style agents.json file so agents can discover OpenAPI-backed workflows, links, examples, and authentication requirements.
Result
agents.json failed at "Validate Wildcard schema shape".
Validation steps
Validate Wildcard schema shape
agents.json response is not valid JSON.
Validate API actions
Wildcard agents.json must include valid OpenAPI-derived action or operation definitions.
Validate flows and links
No executable flows were found.
Review examples and LLM usability
Examples or descriptions are too thin for reliable agent argument generation.
AI DiscoverabilityContent ReadinessEstablished
Markdown negotiation
Markdown negotiation is missing or incomplete.
15 Fail
AI DiscoverabilityContent ReadinessEstablished
Markdown negotiation
Markdown negotiation is missing or incomplete.
Needs attention
Markdown negotiation
Issue
Best candidate returned Content-Type "text/html; charset=utf-8" instead of text/markdown.
Why it matters
Markdown representations give agents a cleaner page form while preserving normal HTML for browsers and cache-safe representation handling.
Check name
Markdown negotiation
Score
10/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Expose a useful Markdown representation through negotiation or an explicit alternate URL.
Result
Markdown negotiation is missing or incomplete.
Validation steps
Markdown representation
No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks.
Same-URL negotiation
Same-URL Accept: text/markdown did not return a valid Markdown representation.
Markdown format validation
Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation.
Advertised Markdown alternate
No Link or HTML rel=alternate text/markdown URL was advertised.
Conventional .md mirror
Conventional .md mirror candidates did not return valid Markdown.
Agent Ease of UseAuthEmerging recommendation
OAuth Protected Resource
OAuth Protected Resource failed at "Validate metadata shape".
15 Fail
Agent Ease of UseAuthEmerging recommendation
OAuth Protected Resource
OAuth Protected Resource failed at "Validate metadata shape".
Needs attention
OAuth Protected Resource
Issue
Response is not valid JSON.
Why it matters
Protected-resource metadata tells agents which API/resource is locked, which authorization servers can issue tokens for it, and how a 401 challenge maps back to the correct resource.
Check name
OAuth Protected Resource
Score
55/100
Status
fail
Category
Auth
Maturity
Emerging recommendation
Goal
Publish OAuth Protected Resource Metadata for OAuth-protected APIs and MCP resources so clients can identify the resource and its authorization servers.
Result
OAuth Protected Resource failed at "Validate metadata shape".
Validation steps
Validate metadata shape
Response is not valid JSON.
Validate resource identity
Protected resource metadata `resource` did not match the resource identifier used to retrieve it.
Validate authorization servers
authorization_servers is omitted; this is allowed by base RFC 9728 but limits authorization server discovery.
Validate protected resource challenge
No protected route with a 401 resource_metadata challenge was detected; metadata shape is valid but route linkage was not proven.
Agent Ease of UseAgent CommerceEmerging recommendation
x402 Protocol
x402 Protocol failed at "Probe x402 runtime response".
15 Fail
Agent Ease of UseAgent CommerceEmerging recommendation
x402 Protocol
x402 Protocol failed at "Probe x402 runtime response".
Needs attention
x402 Protocol
Issue
x402 candidate routes were found, but none returned HTTP 402 before payment.
Why it matters
x402 lets agents discover paid HTTP resources through ordinary 402 responses, understand accepted schemes and networks, and retry with a signed payment payload without scraping checkout flows.
Check name
x402 Protocol
Score
56/100
Status
fail
Category
Agent Commerce
Maturity
Emerging recommendation
Goal
Expose x402 V2 payment requirements on payable HTTP resources so agents can recognize and satisfy payment requirements programmatically.
Result
x402 Protocol failed at "Probe x402 runtime response".
Validation steps
Probe x402 runtime response
x402 candidate routes were found, but none returned HTTP 402 before payment.
Validate x402 V2 headers
No x402 runtime response was available for header validation.
Validate x402 payment requirement payload
No x402 runtime response was available for payload validation.
Compare x402 metadata consistency
x402 metadata was found, but no probed candidate returned HTTP 402.
Agent Ease of UseAuthEstablished
OAuth / OIDC discovery
OAuth / OIDC discovery failed at "Validate metadata profile".
14 Fail
Agent Ease of UseAuthEstablished
OAuth / OIDC discovery
OAuth / OIDC discovery failed at "Validate metadata profile".
Needs attention
OAuth / OIDC discovery
Issue
Response is not valid JSON.
Why it matters
OAuth and OIDC discovery let agents and API clients find authorization, token, and key endpoints programmatically instead of scraping login pages or guessing provider setup.
Check name
OAuth / OIDC discovery
Score
58/100
Status
fail
Category
Auth
Maturity
Established
Goal
Publish OAuth/OIDC discovery metadata only when the site operates or advertises a real OAuth/OIDC authorization server.
Result
OAuth / OIDC discovery failed at "Validate metadata profile".
Validation steps
Validate metadata profile
Response is not valid JSON.
Validate discovery CORS
Discovery metadata did not include Access-Control-Allow-Origin: *, so browser-based clients may be unable to fetch it cross-origin.
Agent Ease of UseSkill DiscoveryEmerging recommendation
A2A Agent Card
A2A Agent Card failed at "Detect A2A card version".
13 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
A2A Agent Card
A2A Agent Card failed at "Detect A2A card version".
Needs attention
A2A Agent Card
Issue
The discovered JSON document does not match a supported A2A Agent Card version family.
Why it matters
A2A Agent Cards provide protocol-specific discovery for agent identity, skills, input and output modes, transport bindings, capabilities, and security requirements. Legacy A2A also used /.well-known/agent.json, so scanners must classify the card shape before reporting readiness.
Check name
A2A Agent Card
Score
48/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish a version-appropriate A2A Agent Card so A2A-compatible clients can discover agent skills and invoke the declared endpoint safely.
Result
A2A Agent Card failed at "Detect A2A card version".
Validation steps
Detect A2A card version
The discovered JSON document does not match a supported A2A Agent Card version family.
Validate version-specific card shape
A2A Agent Card response is not valid JSON.
Validate HTTP delivery
The card was parseable JSON but was not served with a JSON-compatible content type.
Probe same-origin A2A endpoint
A2A endpoint probing was skipped because the endpoint was cross-origin, unavailable from the card, or uses an unsupported binding.
Agent Ease of UseSkill DiscoveryEmerging recommendation
DNS-AID Agent Discovery
DNS-AID Agent Discovery has a validation warning at "Query DNS-AID records".
13 Warning
Agent Ease of UseSkill DiscoveryEmerging recommendation
DNS-AID Agent Discovery
DNS-AID Agent Discovery has a validation warning at "Query DNS-AID records".
Needs attention
DNS-AID Agent Discovery
Issue
No DNS-AID HTTPS/SVCB records were found under _agents.
Why it matters
DNS-AID lets agents discover index, A2A, and other agent entrypoints before fetching HTTP metadata. HTTPS/SVCB records provide the service-binding substrate, while DNSSEC can authenticate the discovery answer when available.
Check name
DNS-AID Agent Discovery
Score
50/100
Status
warning
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish DNS-AID HTTPS/SVCB records under _agents for DNS-based agent entrypoint discovery.
Result
DNS-AID Agent Discovery has a validation warning at "Query DNS-AID records".
Validation steps
Query DNS-AID records
No DNS-AID HTTPS/SVCB records were found under _agents.
Check DNSSEC authentication evidence
DNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.
Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy failed at "Find enforcing CSP delivery".
12 Fail
Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy failed at "Find enforcing CSP delivery".
Needs attention
Content-Security-Policy
Issue
Applicable HTML response is missing an enforcing Content-Security-Policy header.
Why it matters
Content Security Policy reduces the impact of injection bugs by limiting where scripts, styles, frames, forms, and other browser resources can load or execute.
Check name
Content-Security-Policy
Score
40/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Constrain browser resource loading and script execution with an enforcing Content-Security-Policy header.
Result
Content-Security-Policy failed at "Find enforcing CSP delivery".
Validation steps
Find enforcing CSP delivery
Applicable HTML response is missing an enforcing Content-Security-Policy header.
Security & TrustSecurity & TrustEstablished
Referrer-Policy
Referrer-Policy failed at "Find Referrer-Policy header".
12 Fail
Security & TrustSecurity & TrustEstablished
Referrer-Policy
Referrer-Policy failed at "Find Referrer-Policy header".
Needs attention
Referrer-Policy
Issue
Referrer-Policy header is missing.
Why it matters
Referrer-Policy controls how much URL context is sent to other origins, limiting accidental leakage of paths, queries, and identifiers.
Check name
Referrer-Policy
Score
40/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Limit how much referrer data leaves the site with an explicit Referrer-Policy header.
Result
Referrer-Policy failed at "Find Referrer-Policy header".
Validation steps
Find Referrer-Policy header
Referrer-Policy header is missing.
Review observed browser responses
One or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy.
AI DiscoverabilityBot Access ControlEstablished
AI bot rules in robots.txt
AI bot rules in robots.txt failed at "Classify AI crawler rules".
12 Fail
AI DiscoverabilityBot Access ControlEstablished
AI bot rules in robots.txt
AI bot rules in robots.txt failed at "Classify AI crawler rules".
Needs attention
AI bot rules in robots.txt
Issue
No explicit User-agent rules were found for major AI crawler tokens.
Why it matters
AI crawler product tokens have different meanings. Explicit robots.txt groups make training, search, and retrieval access policy auditable for compliant crawler operators.
Check name
AI bot rules in robots.txt
Score
31/100
Status
fail
Category
Bot Access Control
Maturity
Established
Goal
Declare deliberate robots.txt rules for major AI training, AI search, user-triggered, and dataset crawlers.
Result
AI bot rules in robots.txt failed at "Classify AI crawler rules".
Validation steps
Classify AI crawler rules
No explicit User-agent rules were found for major AI crawler tokens.
Agent Ease of UseSkill DiscoveryEmerging recommendation
Agent Skills index
Agent Skills index failed at "Validate discovery index schema".
11 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
Agent Skills index
Agent Skills index failed at "Validate discovery index schema".
Needs attention
Agent Skills index
Issue
Agent Skills index was not served with a JSON-compatible Content-Type.
Details
Why it matters
An Agent Skills index lets agents discover task-specific instructions through a small trusted index, then verify and load only the skill artifacts they need.
Check name
Agent Skills index
Score
55/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish an Agent Skills discovery index that advertises digest-pinned SKILL.md or archive artifacts.
Result
Agent Skills index failed at "Validate discovery index schema".
Validation steps
Validate discovery index schema
Agent Skills index was not served with a JSON-compatible Content-Type.
Response is not valid JSON.
Verify advertised artifacts
No valid skill artifacts were available to verify.
Validate skill content
For skill-md artifacts, include valid YAML frontmatter with name and description followed by Markdown. For archives, include a safe root SKILL.md and no unsafe paths.
Review skill artifact security
Do not publish secrets or prompt-injection instructions in skill artifacts. Treat scripts, archives, and cross-origin artifacts as software supply-chain surfaces.
AI DiscoverabilityBot Access ControlEmerging recommendation
ai.txt policy
ai.txt policy failed at "Validate transport".
10 Fail
AI DiscoverabilityBot Access ControlEmerging recommendation
ai.txt policy
ai.txt policy failed at "Validate transport".
Needs attention
ai.txt policy
Issue
ai.txt appears to be an HTML page or error document rather than a plain-text policy.
Why it matters
ai.txt is a fragmented emerging convention. It can communicate human-readable AI crawling, training, attribution, restriction, and contact guidance, but it is not a standard access-control mechanism and absence should not be penalized.
Check name
ai.txt policy
Score
38/100
Status
fail
Category
Bot Access Control
Maturity
Emerging recommendation
Goal
Publish an advisory human-readable AI usage policy only when the site intentionally needs one.
Result
ai.txt policy failed at "Validate transport".
Validation steps
Validate transport
ai.txt appears to be an HTML page or error document rather than a plain-text policy.
Parse ai.txt policy
Transport validation failed before policy parsing could be trusted.
Validate policy content
ai.txt does not follow the AI Visibility section model; treating it as non-standard advisory text.
AI DiscoverabilityBot Access ControlInformational
Web Bot Auth request signing
Web Bot Auth request signing failed at "Validate directory media type".
10 Fail
AI DiscoverabilityBot Access ControlInformational
Web Bot Auth request signing
Web Bot Auth request signing failed at "Validate directory media type".
Needs attention
Web Bot Auth request signing
Issue
Content-Type "text/html; charset=utf-8" is not valid for a Web Bot Auth signing key directory.
Why it matters
Web Bot Auth lets bot and agent operators publish HTTP Message Signatures keys so receiving websites can verify signed automated requests without relying only on user-agent strings, IP lists, or reverse DNS.
Check name
Web Bot Auth request signing
Score
38/100
Status
fail
Category
Bot Access Control
Maturity
Informational
Goal
Validate public signing-key discovery when this origin operates signed bots or agents whose requests other sites can verify.
Result
Web Bot Auth request signing failed at "Validate directory media type".
Validation steps
Validate directory media type
Content-Type "text/html; charset=utf-8" is not valid for a Web Bot Auth signing key directory.
Validate public signing keys
Directory body is not valid JSON.
Directory body is not valid JSON.
Check cache and rotation hints
Set Cache-Control so verifiers can cache keys while still observing rotation and revocation.
Inspect directory response signature binding
The directory response is not signed with RFC 9421 Signature and Signature-Input headers.
AI DiscoverabilityContent ReadinessEmerging recommendation
llms.txt
llms.txt failed at "Validate Markdown discovery shape".
9 Fail
AI DiscoverabilityContent ReadinessEmerging recommendation
llms.txt
llms.txt failed at "Validate Markdown discovery shape".
Needs attention
llms.txt
Issue
llms.txt did not provide the minimum expected Markdown discovery shape.
Details
Why it matters
llms.txt is an emerging Markdown convention for giving language-model clients curated context and links before they crawl broadly. Broken, private, or low-signal links make the file much less useful even when it exists.
Check name
llms.txt
Score
45/100
Status
fail
Category
Content Readiness
Maturity
Emerging recommendation
Goal
Publish a concise llms.txt index that helps agents discover useful public site context.
Result
llms.txt failed at "Validate Markdown discovery shape".
Validation steps
Validate Markdown discovery shape
llms.txt did not provide the minimum expected Markdown discovery shape.
Findings
- Content-Type "text/html; charset=utf-8" is not text/markdown, another Markdown type, or text/plain.
- Response looks like an HTML page rather than a Markdown/text llms.txt file.
- Missing H1 title, such as '# Example Docs'.
Score llms.txt structure and usefulness
llms.txt is present, but its structure or link curation is weaker than the emerging proposal and production examples.
Findings
- Missing a blockquote summary. The llms.txt proposal recommends a concise blockquote after the H1.
- Missing H2 sections for grouping important links.
- No Markdown-formatted links were found.
- Several links have vague labels or raw URL labels.
{ "truncated": true, "omittedCount": 1, "originalCount": 5 }
Probe sampled linked resources
Some sampled llms.txt links were broken, redirected unexpectedly, or did not return clearly agent-readable content.
Findings
- 2/20 probed links were broken or unreachable.
- 2/20 probed links did not look agent-readable.
Inspect optional llms-full.txt
Passed.
AI DiscoverabilityBot Access ControlInformational
Content Signal
Content Signal has a validation warning at "Validate declared usage preferences".
8 Warning
AI DiscoverabilityBot Access ControlInformational
Content Signal
Content Signal has a validation warning at "Validate declared usage preferences".
Needs attention
Content Signal
Issue
No Content-Usage or Content-Signal declarations were found.
Why it matters
Content usage preference signals communicate intended downstream AI use separately from robots.txt crawl permission. They can express training and search preferences for compliant systems without replacing access-control rules.
Check name
Content Signal
Score
50/100
Status
warning
Category
Bot Access Control
Maturity
Informational
Goal
Declare AI content usage preferences when the site intentionally publishes machine-readable usage policy.
Result
Content Signal has a validation warning at "Validate declared usage preferences".
Validation steps
Validate declared usage preferences
No Content-Usage or Content-Signal declarations were found.
AI DiscoverabilityBot Access ControlEmerging recommendation
RSL license signal
No RSL declarations were found.
8 Warning
AI DiscoverabilityBot Access ControlEmerging recommendation
RSL license signal
No RSL declarations were found.
Needs attention
RSL license signal
Issue
No RSL declarations were found.
Why it matters
Really Simple Licensing is an emerging rights-expression layer for communicating content usage and licensing terms separately from robots.txt crawl permission.
Check name
RSL license signal
Score
50/100
Status
warning
Category
Bot Access Control
Maturity
Emerging recommendation
Goal
Declare machine-readable content licensing terms for compliant AI and crawler systems when the site needs them.
Result
No RSL declarations were found.
Validation steps
Discover RSL declarations
No RSL declarations were found.
AI DiscoverabilityContent ReadinessEstablished
Semantic HTML
Semantic HTML is partially implemented.
8 Warning
AI DiscoverabilityContent ReadinessEstablished
Semantic HTML
Semantic HTML is partially implemented.
Needs attention
Semantic HTML
Issue
Semantic HTML is incomplete: invalid h1 structure (visible h1 count 0); 1 links missing accessible names; 1 controls missing accessible names.
Details
Why it matters
Semantic HTML gives browsers, assistive technology, search systems, and agents reliable landmarks, headings, controls, form semantics, and image context.
Check name
Semantic HTML
Score
54/100
Status
warning
Category
Content Readiness
Maturity
Established
Goal
Expose readable page structure through semantic HTML and accessible controls.
Result
Semantic HTML is partially implemented.
Validation steps
Heading structure
Expected one meaningful visible h1; found 0.
Links
1 links are missing accessible names.
Buttons and interactive controls
1 button controls are missing accessible names.
AI DiscoverabilityContent ReadinessEstablished
Author attribution
Author attribution is partially implemented.
8 Warning
AI DiscoverabilityContent ReadinessEstablished
Author attribution
Author attribution is partially implemented.
Needs attention
Author attribution
Issue
No named author or publisher identity could be extracted.
Why it matters
Author attribution helps agents cite content responsibly, assess source credibility, and distinguish editorial pages from anonymous marketing copy.
Check name
Author attribution
Score
55/100
Status
warning
Category
Content Readiness
Maturity
Established
Goal
Identify content authors or publishers for trust and attribution.
Result
Author attribution is partially implemented.
Validation steps
Schema.org attribution
Schema.org attribution is incomplete or relies only on publisher/fallback evidence.
Author identity quality
No named author or publisher identity could be extracted.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer-first passages
AEO: Answer-first passages scored 38/100 and needs a fix.
7 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer-first passages
AEO: Answer-first passages scored 38/100 and needs a fix.
Needs attention
AEO: Answer-first passages
Issue
14 section(s) bury or omit a concise opening answer.
Details
Why it matters
Answer engines need visible answer passages, clear question and heading structure, entity definitions, evidence, and trust signals. These signals improve extraction and attribution, but they do not guarantee answer-engine citations or search features.
Check name
AEO: Answer-first passages
Score
38/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to extract, answer from, and attribute without promising inclusion in any proprietary answer surface.
Result
AEO: Answer-first passages scored 38/100 and needs a fix.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Evidence and trust
AEO: Evidence and trust scored 43/100 and needs a fix.
7 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Evidence and trust
AEO: Evidence and trust scored 43/100 and needs a fix.
Needs attention
AEO: Evidence and trust
Issue
Missing answer evidence or trust signals: author, publisher, freshnessDate, sameAs.
Details
Why it matters
Answer engines need visible answer passages, clear question and heading structure, entity definitions, evidence, and trust signals. These signals improve extraction and attribution, but they do not guarantee answer-engine citations or search features.
Check name
AEO: Evidence and trust
Score
43/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to extract, answer from, and attribute without promising inclusion in any proprietary answer surface.
Result
AEO: Evidence and trust scored 43/100 and needs a fix.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Citable passages
GEO: Citable passages scored 35/100 and needs a fix.
6 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Citable passages
GEO: Citable passages scored 35/100 and needs a fix.
Needs attention
GEO: Citable passages
Issue
No evidence-backed, citation-length explanatory paragraph was found.
Details
Why it matters
Generative answer systems work best with visible, self-contained, evidence-backed content, clear entities, trustworthy attribution, structured page sections, and crawler-accessible HTML. These signals improve machine understanding even though they do not guarantee AI citations.
Check name
GEO: Citable passages
Score
35/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute without promising inclusion in any proprietary answer surface.
Result
GEO: Citable passages scored 35/100 and needs a fix.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Source and trust signals
AIO: Source and trust signals scored 50/100 and needs improvement.
5 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Source and trust signals
AIO: Source and trust signals scored 50/100 and needs improvement.
Needs attention
AIO: Source and trust signals
Issue
Missing AIO trust signals: author, publisher, freshnessDate.
Details
Why it matters
Google AI Overviews and AI Mode depend on normal Google Search eligibility, snippet permissions, useful visible content, consistent structured data, trust signals, and page experience basics. These signals help Google understand and preview a page, but they do not guarantee selection.
Check name
AIO: Source and trust signals
Score
50/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible, understandable, and previewable for Google Search AI features without promising inclusion.
Result
AIO: Source and trust signals scored 50/100 and needs improvement.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Source and trust signals
GEO: Source and trust signals scored 50/100 and needs improvement.
4 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Source and trust signals
GEO: Source and trust signals scored 50/100 and needs improvement.
Needs attention
GEO: Source and trust signals
Issue
Missing source or trust signals: authorOrOwner, freshnessDate, entityLinks.
Details
Why it matters
Generative answer systems work best with visible, self-contained, evidence-backed content, clear entities, trustworthy attribution, structured page sections, and crawler-accessible HTML. These signals improve machine understanding even though they do not guarantee AI citations.
Check name
GEO: Source and trust signals
Score
50/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute without promising inclusion in any proprietary answer surface.
Result
GEO: Source and trust signals scored 50/100 and needs improvement.
Security & TrustSecurity & TrustEstablished
Frame protection
Frame protection has a validation warning at "Validate CSP frame-ancestors".
4 Warning
Security & TrustSecurity & TrustEstablished
Frame protection
Frame protection has a validation warning at "Validate CSP frame-ancestors".
Needs attention
Frame protection
Issue
Frame protection relies only on X-Frame-Options; CSP frame-ancestors is the modern control.
Why it matters
Frame protection blocks hostile sites from embedding pages in deceptive frames, reducing clickjacking and UI redressing risk.
Check name
Frame protection
Score
81/100
Status
warning
Category
Security & Trust
Maturity
Established
Goal
Prevent unwanted framing with an enforcing CSP frame-ancestors directive or a valid X-Frame-Options fallback.
Result
Frame protection has a validation warning at "Validate CSP frame-ancestors".
Validation steps
Validate CSP frame-ancestors
Frame protection relies only on X-Frame-Options; CSP frame-ancestors is the modern control.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Question and answer structure
AEO: Question and answer structure scored 68/100 and needs improvement.
4 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Question and answer structure
AEO: Question and answer structure scored 68/100 and needs improvement.
Needs attention
AEO: Question and answer structure
Issue
Heading structure issues were detected.
Details
Why it matters
Answer engines need visible answer passages, clear question and heading structure, entity definitions, evidence, and trust signals. These signals improve extraction and attribution, but they do not guarantee answer-engine citations or search features.
Check name
AEO: Question and answer structure
Score
68/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to extract, answer from, and attribute without promising inclusion in any proprietary answer surface.
Result
AEO: Question and answer structure scored 68/100 and needs improvement.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Structured extraction
GEO: Structured extraction scored 63/100 and needs improvement.
3 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Structured extraction
GEO: Structured extraction scored 63/100 and needs improvement.
Needs attention
GEO: Structured extraction
Issue
Missing or weak extraction signals: clean heading hierarchy, summary or key takeaways, typed JSON-LD structured data.
Details
Why it matters
Generative answer systems work best with visible, self-contained, evidence-backed content, clear entities, trustworthy attribution, structured page sections, and crawler-accessible HTML. These signals improve machine understanding even though they do not guarantee AI citations.
Check name
GEO: Structured extraction
Score
63/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute without promising inclusion in any proprietary answer surface.
Result
GEO: Structured extraction scored 63/100 and needs improvement.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Page experience proxy
AIO: Page experience proxy scored 80/100 and needs improvement.
2 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Page experience proxy
AIO: Page experience proxy scored 80/100 and needs improvement.
Needs attention
AIO: Page experience proxy
Issue
25 image(s) are missing width/height attributes.
Details
Why it matters
Google AI Overviews and AI Mode depend on normal Google Search eligibility, snippet permissions, useful visible content, consistent structured data, trust signals, and page experience basics. These signals help Google understand and preview a page, but they do not guarantee selection.
Check name
AIO: Page experience proxy
Score
80/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible, understandable, and previewable for Google Search AI features without promising inclusion.
Result
AIO: Page experience proxy scored 80/100 and needs improvement.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Entity clarity
GEO: Entity clarity scored 84/100 and needs improvement.
1 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Entity clarity
GEO: Entity clarity scored 84/100 and needs improvement.
Needs attention
GEO: Entity clarity
Issue
Title/H1 terms missing from description: permit, permissions, era, permissionsfor, theai.
Details
Why it matters
Generative answer systems work best with visible, self-contained, evidence-backed content, clear entities, trustworthy attribution, structured page sections, and crawler-accessible HTML. These signals improve machine understanding even though they do not guarantee AI citations.
Check name
GEO: Entity clarity
Score
84/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute without promising inclusion in any proprietary answer surface.
Result
GEO: Entity clarity scored 84/100 and needs improvement.
Security & TrustSecurity & TrustEstablished
X-Content-Type-Options
X-Content-Type-Options has a validation warning at "Review observed browser responses".
1 Warning
Security & TrustSecurity & TrustEstablished
X-Content-Type-Options
X-Content-Type-Options has a validation warning at "Review observed browser responses".
Needs attention
X-Content-Type-Options
Issue
One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.
Why it matters
X-Content-Type-Options tells browsers to trust declared media types instead of sniffing content, reducing the risk that mislabeled files execute as active content.
Check name
X-Content-Type-Options
Score
93/100
Status
warning
Category
Security & Trust
Maturity
Established
Goal
Prevent browser MIME sniffing for browser-loadable responses with X-Content-Type-Options: nosniff.
Result
X-Content-Type-Options has a validation warning at "Review observed browser responses".
Validation steps
Review observed browser responses
One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Visible content clarity
AIO: Visible content clarity scored 87/100 and needs improvement.
1 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Visible content clarity
AIO: Visible content clarity scored 87/100 and needs improvement.
Needs attention
AIO: Visible content clarity
Issue
14 section(s) may benefit from clearer answer-first openings. Heading outline issues were detected.
Details
Why it matters
Google AI Overviews and AI Mode depend on normal Google Search eligibility, snippet permissions, useful visible content, consistent structured data, trust signals, and page experience basics. These signals help Google understand and preview a page, but they do not guarantee selection.
Check name
AIO: Visible content clarity
Score
87/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible, understandable, and previewable for Google Search AI features without promising inclusion.
Result
AIO: Visible content clarity scored 87/100 and needs improvement.
Security & TrustSecurity & TrustEstablished
HSTS header
HSTS header has a validation warning at "Review subdomain scope".
1 Warning
Security & TrustSecurity & TrustEstablished
HSTS header
HSTS header has a validation warning at "Review subdomain scope".
Needs attention
HSTS header
Issue
HSTS is valid, but includeSubDomains is absent.
Why it matters
HSTS tells browsers to keep using HTTPS after the first secure visit, reducing downgrade, SSL-stripping, and mixed-transport risk for repeat users.
Check name
HSTS header
Score
94/100
Status
warning
Category
Security & Trust
Maturity
Established
Goal
Require HTTPS for repeat browser visits with a valid Strict-Transport-Security policy.
Result
HSTS header has a validation warning at "Review subdomain scope".
Validation steps
Review subdomain scope
HSTS is valid, but includeSubDomains is absent.
AI DiscoverabilityDiscoverabilityEstablished
IndexNow key
IndexNow key is informational for this page.
Informational
AI DiscoverabilityDiscoverabilityEstablished
IndexNow key
IndexNow key is informational for this page.
Needs attention
IndexNow key
Issue
IndexNow key is informational for this page.
Why it matters
IndexNow lets sites notify participating search engines about changed URLs, but ownership verification requires a UTF-8 key file whose filename matches the key.
Check name
IndexNow key
Score
100/100
Status
informational
Category
Discoverability
Maturity
Established
Goal
Verify that IndexNow ownership key placement is detectable when the site advertises it.
Result
IndexNow key is informational for this page.
Validation steps
Find advertised IndexNow key location
No IndexNow key location was advertised in HTML, Link headers, or robots.txt.
Fetch and validate IndexNow key file
No discoverable IndexNow key file was found.
Performance and AccessibilityAccessibilityBrowser audit
Background and foreground colors do not have a sufficient contrast ratio.
50 Fail
Performance and AccessibilityAccessibilityBrowser audit
Background and foreground colors do not have a sufficient contrast ratio.
Check name
Background and foreground colors do not have a sufficient contrast ratio.
Score
0/100
Status
fail
Device
desktop
Category
Accessibility
Fix guidance
Low-contrast text is difficult or impossible for many users to read. [Learn how to provide sufficient color contrast](https://dequeuniversity.com/rules/axe/4.11/color-contrast).
References
https://web.dev/learn/accessibility/Evidence
{
"description": "Low-contrast text is difficult or impossible for many users to read. [Learn how to provide sufficient color contrast](https://dequeuniversity.com/rules/axe/4.11/color-contrast)."
}Performance and AccessibilityAccessibilityBrowser audit
Heading elements are not in a sequentially-descending order
50 Fail
Performance and AccessibilityAccessibilityBrowser audit
Heading elements are not in a sequentially-descending order
Check name
Heading elements are not in a sequentially-descending order
Score
0/100
Status
fail
Device
desktop
Category
Accessibility
Fix guidance
Properly ordered headings that do not skip levels convey the semantic structure of the page, making it easier to navigate and understand when using assistive technologies. [Learn more about heading order](https://dequeuniversity.com/rules/axe/4.11/heading-order).
References
https://web.dev/learn/accessibility/Evidence
{
"description": "Properly ordered headings that do not skip levels convey the semantic structure of the page, making it easier to navigate and understand when using assistive technologies. [Learn more about heading order](https://dequeuniversity.com/rules/axe/4.11/heading-order)."
}Performance and AccessibilityPerformanceBrowser audit
Forced reflow
25 Fail
Performance and AccessibilityPerformanceBrowser audit
Forced reflow
Check name
Forced reflow
Score
0/100
Status
fail
Device
desktop
Category
Performance
Fix guidance
A forced reflow occurs when JavaScript queries geometric properties (such as offsetWidth) after styles have been invalidated by a change to the DOM state. This can result in poor performance. Learn more about [forced reflows](https://developer.chrome.com/docs/performance/insights/forced-reflow) and possible mitigations.
References
https://web.dev/learn/performance/Evidence
{
"description": "A forced reflow occurs when JavaScript queries geometric properties (such as offsetWidth) after styles have been invalidated by a change to the DOM state. This can result in poor performance. Learn more about [forced reflows](https://developer.chrome.com/docs/performance/insights/forced-reflow) and possible mitigations."
}Performance and AccessibilityPerformanceBrowser audit
Reduce JavaScript execution time
25 Fail
Performance and AccessibilityPerformanceBrowser audit
Reduce JavaScript execution time
Check name
Reduce JavaScript execution time
Score
0/100
Status
fail
Device
desktop
Category
Performance
Estimated savings
1.3Â s
Fix guidance
Consider reducing the time spent parsing, compiling, and executing JS. You may find delivering smaller JS payloads helps with this. [Learn how to reduce Javascript execution time](https://developer.chrome.com/docs/lighthouse/performance/bootup-time/).
References
https://web.dev/learn/performance/Evidence
{
"description": "Consider reducing the time spent parsing, compiling, and executing JS. You may find delivering smaller JS payloads helps with this. [Learn how to reduce Javascript execution time](https://developer.chrome.com/docs/lighthouse/performance/bootup-time/).",
"displayValue": "1.3Â s",
"numericValue": 1344.215999999999
}Performance and AccessibilityPerformanceBrowser audit
Avoid enormous network payloads
13 Warning
Performance and AccessibilityPerformanceBrowser audit
Avoid enormous network payloads
Check name
Avoid enormous network payloads
Score
50/100
Status
warning
Device
desktop
Category
Performance
Estimated savings
Total size was 13,771Â KiB
Fix guidance
Large network payloads cost users real money and are highly correlated with long load times. [Learn how to reduce payload sizes](https://developer.chrome.com/docs/lighthouse/performance/total-byte-weight/).
References
https://web.dev/learn/performance/Evidence
{
"description": "Large network payloads cost users real money and are highly correlated with long load times. [Learn how to reduce payload sizes](https://developer.chrome.com/docs/lighthouse/performance/total-byte-weight/).",
"displayValue": "Total size was 13,771Â KiB",
"numericValue": 14101182
}Performance and AccessibilityPerformanceBrowser audit
Loading performance
5 Fail
Performance and AccessibilityPerformanceBrowser audit
Loading performance
Check name
Loading performance
Score
80/100
Status
fail
Device
desktop
Category
Performance
Fix guidance
Review the grouped loading performance checks and improve the failing sub-checks listed in evidence.
References
https://web.dev/learn/performance/Evidence
{
"checks": [
{
"id": "server-response-time",
"score": 100,
"title": "Initial server response time was short",
"displayValue": "Root document took 190Â ms",
"numericValue": 191
},
{
"id": "total-blocking-time",
"score": 29,
"title": "Total Blocking Time",
"displayValue": "500Â ms",
"numericValue": 495.5
},
{
"id": "max-potential-fid",
"score": 70,
"title": "Max Potential First Input Delay",
"displayValue": "190Â ms",
"numericValue": 191
},
{
"id": "interactive",
"score": 83,
"title": "Time to Interactive",
"displayValue": "2.8Â s",
"numericValue": 2843.100228170185
},
{
"id": "network-rtt",
"score": 100,
"title": "Network Round Trip Times",
"displayValue": "10Â ms",
"numericValue": 12.282074999999999
},
{
"id": "largest-contentful-paint",
"score": 97,
"title": "Largest Contentful Paint",
"displayValue": "0.9Â s",
"numericValue": 867.0983264559948
},
{
"id": "first-contentful-paint",
"score": 100,
"title": "First Contentful Paint",
"displayValue": "0.3Â s",
"numericValue": 321.0337119277697
},
{
"id": "speed-index",
"score": 63,
"title": "Speed Index",
"displayValue": "2.0Â s",
"numericValue": 1967.9382225585796
}
]
}Fix with MCP or CLI
Use this report as the handoff into remediation. Generate a coding-agent prompt with the failing checks attached, or jump to the MCP and CLI setup docs before your next rescan.
Score history
Public scan score over time
Public reports for this website origin. Select any point or report link to open that canonical report.
| Scan date | Score | Readiness | Report |
|---|---|---|---|
| 56/100 | Level 3, Bot-Aware | Current report |