Find useful Link headers [fail]! No useful agent discovery Link headers were found.INFOFind useful Link headersINFOParse response Link header linkCount=0FAILCompare registered agent-useful relation count actual=0 expected="> 0"FAILCompare community relation count actual=0 expected="accepted as weaker evidence"FAILNo useful agent discovery Link headers were found.Fetch same-origin Link header targets [fail]! Link headers did not expose any same-origin targets to validate.INFOFetch same-origin Link header targetsINFOFetch same-origin Link header targets and record external skipsFAILCompare same-origin Link target failures actual=1 expected=0FAILLink headers did not expose any same-origin targets to validate.

Validate RFC 9309 core syntax [fail]! robots.txt was found but did not contain a valid, parseable User-agent group.INFOValidate RFC 9309 core syntaxINFOParsing robots.txt into User-agent groups and Allow/Disallow recordsPASSCheck User-agent group count actual=1 expected=">= 1 parseable group" parsedUserAgents=["*"]FAILCheck malformed lines and orphan Allow/Disallow records actual={"invalidLines":0,"orphanRecords":18} expected={"invalidLines":0,"orphanRecords":0}FAILAllow/Disallow records appeared before any User-agent group orphanRecords=[{"directive":"allow","value":"*.png","line":4},{"directive":"allow","value":"*.svg","line":5},{"directive":"disallow","value":"*.pdf","line":8},{"directive":"disallow","value":"/legacy-docs/","line":11},{"directive":"disallow","value":"/api/*","line":12}]

Discover MCP server card [warning]! No MCP server card was found at current, transitional, or linked discovery paths.INFODiscover MCP server card candidateCount=5INFOBuild MCP server-card candidate list currentPath="/.well-known/mcp-server-card" transitionalPaths=["/.well-known/mcp/server-card.json","/.well-known/mcp/server-cards.json","/mcp.json","/.well-known/mcp.json"] linkedPaths=[]PASSCheck whether page claims MCP support actual=false expected="true only when HTML or Link headers mention MCP" textMatches=[] headerLinkCount=0INFOTrying to fetch /.well-known/mcp-server-card url="https://plaid.com/.well-known/mcp-server-card" source="current"FAIL/.well-known/mcp-server-card did not return a usable server card statusCode=404 contentType="text/html"INFOTrying to fetch /.well-known/mcp/server-card.json url="https://plaid.com/.well-known/mcp/server-card.json" source="transitional"FAIL/.well-known/mcp/server-card.json did not return a usable server card statusCode=404 contentType="text/html"INFOTrying to fetch /.well-known/mcp/server-cards.json url="https://plaid.com/.well-known/mcp/server-cards.json" source="transitional"FAIL/.well-known/mcp/server-cards.json did not return a usable server card statusCode=404 contentType="text/html"INFOTrying to fetch /mcp.json url="https://plaid.com/mcp.json" source="transitional"FAIL/mcp.json did not return a usable server card statusCode=404 contentType="text/html"INFOTrying to fetch /.well-known/mcp.json url="https://plaid.com/.well-known/mcp.json" source="transitional"FAIL/.well-known/mcp.json did not return a usable server card statusCode=404 contentType="text/html"WARNNo MCP server card was found reason="No MCP server card was found at current, transitional, or linked discovery paths."

Detect WebMCP runtime API [informational]INFODetect WebMCP runtime API status="informational"INFOProbe rendered browser for WebMCP runtime objects SKIPCheck current W3C runtime API actual="not detected" expected="document.modelContext/registerTool available"INFOWebMCP evidence was recorded for context. status="informational"Probe WebMCP operability [warning]! No WebMCP surface was found to probe.INFOProbe WebMCP operability status="warning"INFORun safe WebMCP operability checks safeProbeOnly=trueWARNCheck usable WebMCP evidence actual=0 expected="at least 1 usable runtime, declarative, annotation, or static manifest signal"WARNWebMCP operability warning warning="No WebMCP surface was found to probe."WARNWebMCP operability warning warning="Conventional WebMCP manifest paths were checked but did not return a valid manifest."WARNNo WebMCP surface was found to probe.Validate declarative WebMCP form tools [informational]! No W3C-style declarative WebMCP form attributes were found.INFOValidate declarative WebMCP form tools status="informational"INFOInspect visible forms and controls for current declarative WebMCP attributes annotatedElements=0 formsWithAttributes=0 controlsWithAttributes=0SKIPValidate declarative WebMCP attribute quality actual=0 expected=0INFONo W3C-style declarative WebMCP form attributes were found. status="informational"Validate MCP-aware HTML annotations [informational]! No data-mcp-tool or hyphenated WebMCP compatibility annotations were found.INFOValidate MCP-aware HTML annotations status="informational"INFOInspect HTML for MCP compatibility annotations compatibilityAttributeCount=0 dataMcpToolCount=0 examples=[]SKIPValidate compatibility annotation quality actual=0 expected=0INFONo data-mcp-tool or hyphenated WebMCP compatibility annotations were found. status="informational"Validate static WebMCP JSON compatibility [warning]! No static WebMCP JSON manifest or WMCP interaction graph was found.INFOValidate static WebMCP JSON compatibility status="warning"INFODiscover static WebMCP manifest candidates conventionalPaths=["/.well-known/webmcp.json","/webmcp.json"] checkedCount=2 profileCounts={}INFOWebMCP manifest candidate checked source="path" path="/.well-known/webmcp.json" url="https://plaid.com/.well-known/webmcp.json" statusCode=404 contentType="text/html"INFOWebMCP manifest candidate checked source="path" path="/webmcp.json" url="https://plaid.com/webmcp.json" statusCode=404 contentType="text/html"WARNValidate discovered static WebMCP metadata actual={"validManifestCount":0,"invalidManifestCount":0,"toolCount":0,"wmcpActionCount":0} expected="at least 1 valid tools[] manifest or WMCP graph when static metadata is present"WARNNo static WebMCP JSON manifest or WMCP interaction graph was found.Validate WebMCP tool metadata quality [informational]INFOValidate WebMCP tool metadata quality status="informational"INFOInspect WebMCP tool names, descriptions, schemas, and safety hints toolCount=0SKIPCheck tool metadata findings actual={"issueCount":0,"warningCount":0} expected="0 issues and 0 warnings"INFOWebMCP evidence was recorded for context. status="informational"Review WebMCP security and policy signals [informational]INFOReview WebMCP security and policy signals status="informational"INFOInspect WebMCP security and policy signals permissionsPolicy="(missing)" failureCount=0 warningCount=0PASSCheck security findings actual={"failures":0,"warnings":0} expected="0 failures and 0 warnings"INFOWebMCP evidence was recorded for context. status="informational"

Fetch UCP profile [warning]! UCP-like signals were found, but /.well-known/ucp was not available.INFOFetch UCP profile status="warning"INFOFetch /.well-known/ucp statusCode=404 contentType="text/html"WARNCheck UCP profile availability actual=false expected=trueWARNCheck JSON-compatible profile response actual=false expected=true jsonCompatible=false parsed=falseWARNUCP-like signals were found, but /.well-known/ucp was not available.

Classify AI crawler rules [fail]! No explicit User-agent rules were found for major AI crawler tokens.INFOClassify AI crawler rulesINFOParsing User-agent groups and Allow/Disallow records for known AI crawler tokens evaluatedPath="/"INFOEvaluating exact User-agent matches before wildcard fallback exactAiPolicyCount=0 totalCrawlerTokens=18FAILNo explicit AI crawler User-agent groups were found examplesExpected=["GPTBot","OAI-SearchBot","ClaudeBot","Google-Extended","CCBot"]FAILCompare explicit AI crawler coverage actual=0 expected="> 0 explicit non-search AI crawler policies" missingTokens=["GPTBot","OAI-SearchBot","ChatGPT-User","ClaudeBot","Claude-SearchBot","Claude-User","Google-Extended","Applebot-Extended","Amazonbot","Amzn-SearchBot","Amzn-User","PerplexityBot"]INFOResolved effective root-path policy for crawler tokens blocked=0 allowed=21 unspecified=0

Organization entity [fail]! No Organization or Organization subtype was found in Schema.org structured data.INFOOrganization entityINFOLooking for Organization or Organization subtype in structured data observedTypes=[]FAILCheck Organization entity presence actual=false expected=true fields=[{"name":"Organization.@type","present":false},{"name":"Organization.@id","present":false},{"name":"Organization.name","present":false},{"name":"Organization.url","present":false},{"name":"Organization.logo","present":false},{"name":"Organization.sameAs","present":false}]FAILOrganization entity is missingWebSite entity [fail]! No WebSite entity was found in Schema.org structured data.INFOWebSite entityINFOLooking for WebSite entity in structured data FAILCheck WebSite entity presence actual=false expected=true fields=[{"name":"WebSite.@type","present":false},{"name":"WebSite.@id","present":false},{"name":"WebSite.name","present":false},{"name":"WebSite.url","present":false},{"name":"WebSite.publisher.@id","present":false},{"name":"WebSite.publisher.name","present":false},{"name":"WebSite.publisher.url","present":false}]FAILWebSite entity is missingIdentity fields [fail]! Missing identity field(s): Organization.name, Organization.url, WebSite.name, WebSite.url.INFOIdentity fieldsINFOChecking Organization and WebSite name/url fields FAILCheck required identity fields actual=0 expected=4 missing=["Organization.name","Organization.url","WebSite.name","WebSite.url"] organizationFields=[{"name":"Organization.@type","present":false},{"name":"Organization.@id","present":false},{"name":"Organization.name","present":false},{"name":"Organization.url","present":false},{"name":"Organization.logo","present":false},{"name":"Organization.sameAs","present":false}] websiteFields=[{"name":"WebSite.@type","present":false},{"name":"WebSite.@id","present":false},{"name":"WebSite.name","present":false},{"name":"WebSite.url","present":false},{"name":"WebSite.publisher.@id","present":false},{"name":"WebSite.publisher.name","present":false},{"name":"WebSite.publisher.url","present":false}]WARNCheck identity URLs match scanned origin actual={"organizationUrlMatchesOrigin":false,"websiteUrlMatchesOrigin":false} expected={"organizationUrlMatchesOrigin":true,"websiteUrlMatchesOrigin":true}FAILIdentity fields are missing missing=["Organization.name","Organization.url","WebSite.name","WebSite.url"]WebSite publisher linkage [fail]! WebSite.publisher is missing.INFOWebSite publisher linkageINFOChecking whether WebSite.publisher points to the Organization entity FAILCheck publisher presence actual=false expected=true publisher={"present":false,"matchesOrganization":false} website={} organization={}FAILCheck publisher matches Organization actual=false expected=trueFAILWebSite publisher is missingOrganization trust fields [fail]! Organization schema is missing logo and sameAs or public contact evidence.INFOOrganization trust fieldsINFOChecking logo, sameAs, and public contact evidence FAILCheck logo presence actual=false expected=true fields=[{"name":"Organization.logo","present":false},{"name":"Organization.sameAs","present":false},{"name":"Organization.contactPoint","present":false},{"name":"Organization.telephone","present":false},{"name":"Organization.email","present":false},{"name":"Organization.address","present":false}]FAILCheck sameAs or contact evidence actual=0 expected=">= 1" sameAsCount=0 contactSignalCount=0 fields=[{"name":"Organization.logo","present":false},{"name":"Organization.sameAs","present":false},{"name":"Organization.contactPoint","present":false},{"name":"Organization.telephone","present":false},{"name":"Organization.email","present":false},{"name":"Organization.address","present":false}]FAILOrganization trust fields are missing

Recognized structured data format [fail]! No JSON-LD, Microdata, or RDFa structured data was found.INFORecognized structured data formatINFODetecting JSON-LD, Microdata, and RDFa in the page HTMLFAILCheck recognized structured-data formats found actual=0 expected="> 0" formatsFound=[]FAILNo recognized structured-data format foundPage-relevant schema family [fail]! The page has specific visible content intent, but structured data does not include a matching primary schema family.INFOPage-relevant schema familyINFOInferring specific page intent and comparing it with detected Schema.org typesFAILCheck schema types matching specific visible page intent actual=0 expected="> 0" inferredIntents=["software"] expectedTypes=["SoftwareApplication","WebApplication","MobileApplication"] matchingTypes=[] observedTypes=[]FAILNo primary schema family matches the inferred page intent expectedTypes=["SoftwareApplication","WebApplication","MobileApplication"] primaryTypes=[]

Warn when auth surface lacks Auth.md [warning]! The site appears to support login, signup, account access, or credentials but does not publish /auth.md.INFOWarn when auth surface lacks Auth.mdWARNThe site appears to support login, signup, account access, or credentials but does not publish /auth.md.

Detect OAuth/OIDC applicability [warning]! Generic authentication signals were found, but no OAuth/OIDC discovery signal was detected.INFODetect OAuth/OIDC applicabilityINFOInspecting homepage, headers, and known auth/API signals for OAuth or OIDC claims applies=false signalsCount=0 genericAuthSignalsCount=4 checkedCount=2WARNCheck OAuth/OIDC applicability signal actual=false expected="true when metadata exists or OAuth/OIDC is claimed" checked=[{"path":"/.well-known/openid-configuration","statusCode":404,"contentType":"text/html","length":212626},{"path":"/.well-known/oauth-authorization-server","statusCode":404,"contentType":"text/html","length":212626}]WARNDetect OAuth/OIDC applicability completed with warnings issue="Generic authentication signals were found, but no OAuth/OIDC discovery signal was detected."

Detect protected-resource applicability [warning]! Generic authentication signals were found, but no OAuth Protected Resource metadata signal was detected.INFODetect protected-resource applicabilityINFOInspecting auth headers, MCP/OAuth claims, and protected-resource hints applies=false requiresAuthorizationServers=false signalsCount=0 genericAuthSignalsCount=4 checkedCount=2WARNCheck protected-resource metadata applicability actual=false expected="true when RFC 9728 metadata exists or support is claimed" checked=[{"url":"https://plaid.com/.well-known/oauth-protected-resource","path":"/.well-known/oauth-protected-resource","source":"root-well-known","resourceIdentifier":"https://plaid.com","statusCode":404,"contentType":"text/html","length":212626},{"url":"https://plaid.com/.well-known/oauth-protected-resource/products/identity-verification/","path":"/.well-known/oauth-protected-resource/products/identity-verification/","source":"final-url-path","resourceIdentifier":"https://plaid.com/products/identity-verification/","statusCode":404,"contentType":"text/html","length":212626}]WARNDetect protected-resource applicability completed with warnings issue="Generic authentication signals were found, but no OAuth Protected Resource metadata signal was detected."

Find Referrer-Policy header [fail]! Referrer-Policy header is missing.INFOFind Referrer-Policy headerINFORead Referrer-Policy delivery header="referrer-policy" value="missing" metaReferrerPolicyCount=0 browserDefault="strict-origin-when-cross-origin"FAILRequire explicit HTTP Referrer-Policy header actual="missing" expected="HTTP response header present" issue="Referrer-Policy header is missing."FAILReferrer-Policy header is missing.Review observed browser responses [warning]! One or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy.INFOReview observed browser responsesINFOSample Chrome-observed same-origin responses observedResponseCount=67 sameOriginCount=49 htmlDocumentCount=1WARNCompare observed Referrer-Policy coverage actual={"missingPolicyCount":1,"unsafeOrInvalidPolicyCount":0,"weakPolicyCount":0,"affected":[{"url":"https://plaid.com/products/identity-verification/","status":200,"resourceType":"document","contentType":"text/html","referrerPolicy":null,"classification":"invalid"}]} expected="0 missing, unsafe, invalid, or weak same-origin HTML responses" issue="One or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy."WARNOne or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy.

Discover A2A Agent Card [warning]! No A2A Agent Card was found at the current, legacy, or fallback discovery paths.INFODiscover A2A Agent CardINFOTry A2A discovery paths in priority order paths=["/.well-known/agent-card.json","/.well-known/agent.json","/agent-card.json","/.well-known/a2a/agent-card.json"]WARNA2A candidate path did not return a usable card path="/.well-known/agent-card.json" statusCode=404 contentType="text/html"WARNA2A candidate path did not return a usable card path="/.well-known/agent.json" statusCode=404 contentType="text/html"WARNA2A candidate path did not return a usable card path="/agent-card.json" statusCode=404 contentType="text/html"WARNA2A candidate path did not return a usable card path="/.well-known/a2a/agent-card.json" statusCode=404 contentType="text/html"WARNNo A2A Agent Card candidate was selectedWARNNo A2A Agent Card was found at the current, legacy, or fallback discovery paths.

Discover Agent Skills index [warning]! No Agent Skills discovery index was found at the canonical or legacy path.INFODiscover Agent Skills indexINFOTry Agent Skills index paths in priority order paths=["/.well-known/agent-skills/index.json","/.well-known/skills/index.json"]WARNAgent Skills index candidate was not usable path="/.well-known/agent-skills/index.json" url="https://plaid.com/.well-known/agent-skills/index.json" statusCode=404WARNAgent Skills index candidate was not usable path="/.well-known/skills/index.json" url="https://plaid.com/.well-known/skills/index.json" statusCode=404WARNNo Agent Skills discovery index was found at the canonical or legacy path.

Discover agents.json [warning]! No Wildcard-style agents.json file was found.INFODiscover agents.jsonINFOTry agents.json discovery paths in priority order paths=["/.well-known/agents.json","/agents.json"]WARNagents.json candidate path did not return a usable contract path="/.well-known/agents.json" statusCode=404 contentType="text/html"WARNagents.json candidate path did not return a usable contract path="/agents.json" statusCode=404 contentType="text/html"WARNNo agents.json candidate was selectedWARNNo Wildcard-style agents.json file was found.

Validate declared usage preferences [warning]! No Content-Usage or Content-Signal declarations were found.INFOValidate declared usage preferencesINFOParsing declared preferences into terms and values recordCount=0SKIPSkipping declaration validation because no Content-Usage or Content-Signal records were declared.SKIPCompare declared records to validation requirement actual=0 expected="No validation needed when no records are declared"WARNNo Content-Usage or Content-Signal declarations were present.

Query DNS-AID records [warning]! No DNS-AID HTTPS/SVCB records were found under _agents.INFOQuery DNS-AID recordsINFOBuild DNS-AID query names from hostname hostname="plaid.com" labels=["_index._agents.plaid.com","_a2a._agents.plaid.com"] claimedOnPage=falseWARNDNS query returned no DNS-AID answers name="_index._agents.plaid.com" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.plaid.com" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.plaid.com" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _index._agents.plaid.com"WARNDNS query returned no DNS-AID answers name="_a2a._agents.plaid.com" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.plaid.com" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.plaid.com" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _a2a._agents.plaid.com"WARNCompare total DNS-AID answer count actual=0 expected="> 0"WARNNo DNS-AID HTTPS/SVCB records were found under _agents.Check DNSSEC authentication evidence [warning]! DNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.INFOCheck DNSSEC authentication evidenceWARNCompare DNSSEC authenticated-data flag actual=false expected=trueWARNCompare visible DNSSEC material actual=false expected=trueWARNResolver did not confirm authenticated DNSSEC data name="_index._agents.plaid.com" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.plaid.com" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.plaid.com" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.plaid.com" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.plaid.com" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.plaid.com" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.plaid.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.plaid.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="plaid.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNDNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.

Discover RSL declarations [warning]! No RSL declarations were found.INFODiscover RSL declarationsINFOChecking robots.txt License records, HTTP Link rel=license headers, HTML license links, and inline RSL XML robotsFound=trueSKIPCount discovered RSL declarations actual=0 expected=">= 1 when RSL licensing terms are published" sources={}WARNNo RSL declarations were found on any supported discovery surface.

Fetch /.well-known/tdmrep.json [warning]! No TDMRep declaration was found at /.well-known/tdmrep.json.INFOFetch /.well-known/tdmrep.jsonINFORequesting origin-level TDMRep declaration at /.well-known/tdmrep.jsonWARNCompare TDMRep file response actual=404 expected="2xx with JSON array when origin-level TDMRep is published" contentType="text/html" length=212626WARNNo TDMRep declaration was found at /.well-known/tdmrep.json. 

Find enforcing CSP delivery [fail]! Applicable HTML response is missing an enforcing Content-Security-Policy header.INFOFind enforcing CSP deliveryINFORead CSP delivery headers enforcingHeader="missing" reportOnlyHeader="missing" metaPolicyCount=0 legacyHeadersPresent=[]FAILRequire enforcing Content-Security-Policy header actual="missing" expected="present" issue="Applicable HTML response is missing an enforcing Content-Security-Policy header."FAILApplicable HTML response is missing an enforcing Content-Security-Policy header.

Validate CSP frame-ancestors [warning]! No enforcing CSP frame-ancestors directive is present.INFOValidate CSP frame-ancestorsINFORead CSP frame-ancestors signals enforcingHeaderPresent=false reportOnlyHeaderPresent=false metaFrameAncestors=false policyCount=0 duplicateDirectives=[]WARNCompare effective frame-ancestors directive actual="missing" expected="valid restrictive enforcing frame-ancestors" issue="No enforcing CSP frame-ancestors directive is present."WARNNo enforcing CSP frame-ancestors directive is present.Validate X-Frame-Options [fail]! No valid X-Frame-Options fallback is present.INFOValidate X-Frame-OptionsINFORead X-Frame-Options fallback value="missing" parsedValues=[] normalizedValues=[]FAILCompare X-Frame-Options value actual="missing" expected="DENY or SAMEORIGIN" valid=false obsoleteAllowFrom=false duplicateOrConflicting=false issue="No valid X-Frame-Options fallback is present."FAILNo valid X-Frame-Options fallback is present.Review observed browser responses [warning]! One or more same-origin HTML documents observed by Chrome did not emit valid frame protection.INFOReview observed browser responsesINFOSample Chrome-observed same-origin responses observedResponseCount=67 sameOriginCount=49 htmlDocumentCount=1WARNCompare observed HTML frame protection actual={"missingOrInvalidFrameProtectionCount":1,"broadFrameAncestorsCount":0,"affected":[{"url":"https://plaid.com/products/identity-verification/","status":200,"resourceType":"document","contentType":"text/html","contentSecurityPolicy":null,"contentSecurityPolicyReportOnly":null}]} expected="0 missing/invalid or broad same-origin HTML responses" issue="One or more same-origin HTML documents observed by Chrome did not emit valid frame protection."WARNOne or more same-origin HTML documents observed by Chrome did not emit valid frame protection.

Find X-Content-Type-Options [fail]! Browser-loadable response is missing X-Content-Type-Options.INFOFind X-Content-Type-OptionsINFORead X-Content-Type-Options header header="x-content-type-options" value="missing"FAILRequire nosniff header actual="missing" expected="present" issue="Browser-loadable response is missing X-Content-Type-Options."FAILBrowser-loadable response is missing X-Content-Type-Options.Review observed browser responses [warning]! One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.INFOReview observed browser responsesINFOSample Chrome-observed same-origin resources observedResponseCount=67 sameOriginCount=49 eligibleCount=49WARNCompare observed nosniff coverage actual={"missingNosniffCount":49,"malformedNosniffCount":0,"activeResourceMissingNosniffCount":30,"affected":[{"url":"https://plaid.com/products/identity-verification/","status":200,"resourceType":"document","contentType":"text/html"},{"url":"https://plaid.com/assets/fonts/PlaidSans-Medium.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://plaid.com/assets/fonts/PlaidSans-Regular.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://plaid.com/assets/fonts/PlaidSans-Bold.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://plaid.com/assets/fonts/PlaidSans-SemiBold.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://plaid.com/assets/fonts/cern-bold.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://plaid.com/assets/fonts/cern-extrabold.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://plaid.com/assets/fonts/cern-italic.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://plaid.com/assets/fonts/cern-medium.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://plaid.com/assets/fonts/cern-regular.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://plaid.com/assets/fonts/cern-semibold.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://plaid.com/assets/fonts/Inconsolata-Bold.woff2","status":200,"resourceType":"font","contentType":"font/woff2"}]} expected="0 missing or malformed eligible same-origin responses" issue="One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff."WARNOne or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.

Heading structure [fail]! Expected one meaningful visible h1; found 2.INFOHeading structureFAILCheck heading structure evidence actual={"counts":{"h1":2,"visibleH1":2,"headings":35,"emptyHeadings":0},"meaningfulH1":false} expected="semantic HTML evidence for this step"FAILHeading structure failed issue="Expected one meaningful visible h1; found 2."Form labels and autocomplete [fail]! 5/6 applicable personal-data inputs have valid autocomplete attributes (1 missing).INFOForm labels and autocompleteFAILCheck form labels and autocomplete evidence actual={"counts":{"formControls":6,"unlabeledFormControls":0,"autocompleteInputs":6,"inputsWithAutocomplete":5,"missingAutocompleteInputs":1},"formLabelCoverage":true} expected="semantic HTML evidence for this step"FAILForm labels and autocomplete failed issue="5/6 applicable personal-data inputs have valid autocomplete attributes (1 missing)."Image text alternatives [fail]! 1 images are missing alt attributes.INFOImage text alternativesFAILCheck image text alternatives evidence actual={"counts":{"images":10,"imagesWithAlt":9,"imageAltIssues":0},"imageAltCoverage":false} expected="semantic HTML evidence for this step"FAILImage text alternatives failed issue="1 images are missing alt attributes."Native semantics and ARIA [warning]! 11 ARIA/native semantic conflicts or redundancies were found.INFONative semantics and ARIAWARNCheck native semantics and aria evidence actual={"counts":{"ariaIssues":11},"nativeSemanticIntegrity":false} expected="native HTML semantics are present and not replaced by conflicting ARIA"WARNNative semantics and ARIA has a warning issue="11 ARIA/native semantic conflicts or redundancies were found."

Schema.org attribution [warning]! Schema.org attribution is incomplete or relies only on publisher/fallback evidence.INFOSchema.org attributionINFOChecking structured data for author, creator, and publisher contributorsWARNCheck named Schema.org author count actual=0 expected="> 0" authorCount=0 publisherCount=0 namedContributors=0 authors=[] publishers=[] formats=[]WARNSchema.org attribution is incomplete or fallback-only authorCount=0 publisherCount=0 authors=[] publishers=[]Author identity quality [fail]! No named author or publisher identity could be extracted.INFOAuthor identity qualityINFOChecking contributors for stable identity signalsFAILCheck identified contributor count actual=0 expected="> 0" namedContributors=0 identifiedContributors=[] unidentifiedContributors=[]FAILNo named contributor identity could be extracted

Score llms.txt structure and usefulness [fail]! llms.txt includes unsafe or private links that should not be advertised to agents.INFOScore llms.txt structure and usefulnessINFOChecking recommended summary, sections, link labels, agent-friendly links, duplicates, and unsafe targetsPASSCheck blockquote summary is present actual=true expected=truePASSCheck H2 section count actual=20 expected="> 0"PASSCheck Markdown-formatted links actual=1560 expected="> 0"FAILCheck unsafe/private link count actual=14 expected=0FAILllms.txt structure-quality validation failed reason="llms.txt includes unsafe or private links that should not be advertised to agents."Inspect optional llms-full.txt [informational]INFOInspect optional llms-full.txtINFOTrying to fetch /llms-full.txt url="https://plaid.com/llms-full.txt"SKIP/llms-full.txt is not present statusCode=404

Same-URL negotiation [informational]INFOSame-URL negotiationINFOCheck negotiated Markdown response actual={"statusCode":200,"mediaType":"text/html","vary":"Accept-Encoding"} expected="HTTP 2xx text/markdown with Vary: Accept" url="https://plaid.com/products/identity-verification/" statusCode=200 mediaType="text/html" vary="Accept-Encoding"PASSSame-URL negotiation recorded for context status="informational"Advertised Markdown alternate [informational]INFOAdvertised Markdown alternateINFOCheck advertised Markdown alternate candidates actual=0 expected="> 0 when HTML advertises a Markdown alternate" advertisedUrls=[] candidateCount=0PASSAdvertised Markdown alternate recorded for context status="informational"Conventional .md mirror [warning]! A conventional Markdown mirror exists, but it is not advertised as an alternate representation.INFOConventional .md mirrorWARNCheck conventional Markdown mirror candidates actual=2 expected="> 0 when a conventional mirror is discoverable" conventionalUrls=["https://plaid.com/products/identity-verification/index.html.md","https://plaid.com/products/identity-verification.md"] candidateCount=2WARNConventional .md mirror has a warning issue="A conventional Markdown mirror exists, but it is not advertised as an alternate representation."

Review preload opt-in [warning]! preload is present; verify hstspreload.org operational requirements before submission.INFOReview preload opt-inINFOInspect preload opt-in preload=true includeSubDomains=true maxAge=63072000WARNCompare header-level preload requirements actual="eligible by header" expected="preload + includeSubDomains + max-age >= 31536000" issue="preload is present; verify hstspreload.org operational requirements before submission."WARNpreload is present; verify hstspreload.org operational requirements before submission.

Find advertised IndexNow key location [informational]! No IndexNow key location was advertised in HTML, Link headers, or robots.txt.INFOFind advertised IndexNow key locationINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"WARNNo IndexNow key location was advertised in HTML, Link headers, or robots.txt.Fetch and validate IndexNow key file [informational]! No discoverable IndexNow key file was found.INFOFetch and validate IndexNow key fileINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"INFOFetch each advertised same-origin key file and validate filename/body matchFAILCompare valid IndexNow key file count actual=0 expected="> 0"WARNNo discoverable IndexNow key file was found.