Export Report
OVERALL SCORE
Level 3, Bot-Aware
- AI Discoverability 66 out of 100
- Agent Ease of Use 43 out of 100
- Security & Trust 55 out of 100
- GEO, AIO and AEO 61 out of 100
- SEO 100 out of 100
- Performance and Accessibility 91 out of 100
What AI sees of your website
Shipfox | Your Software Factory
The continuous shipping platform for engineering teams. Build complex workflows with agents that live in your repositories.
Next step
Turn this report into a fix workflow
8 failed checks are ready to move into MCP or CLI remediation. Generate a repair prompt, connect the scanner to your coding agent, or open the integration docs before your next rescan.
| Metric | Score | Status | Passed | Failed | Warning | Evidence |
|---|---|---|---|---|---|---|
| AI Discoverability | 66 | Needs work | 33 | 10 | 7 | View details |
| Discoverability | 67 | Needs work | 8 | 2 | 0 | View details |
| Content Readiness | 70 | Needs work | 22 | 8 | 4 | View details |
| Bot Access Control | 63 | Needs work | 3 | 0 | 3 | |
| Agent Ease of Use | 43 | Priority fix | 1 | 1 | 9 | View details |
| Auth | 50 | Needs work | 0 | 0 | 3 | |
| MCP | 25 | Priority fix | 0 | 1 | 2 | View details |
| Skill Discovery | 54 | Needs work | 1 | 0 | 4 | |
| GEO, AIO and AEO | 61 | Needs work | 11 | 6 | 1 | View details |
| GEO Readiness | 55 | Needs work | 3 | 2 | 1 | View details |
| AIO Readiness | 86 | Mostly ready | 5 | 1 | 0 | View details |
| AEO Readiness | 42 | Priority fix | 3 | 3 | 0 | View details |
| SEO | 100 | Strong | 9 | 0 | 0 | |
| SEO | 100 | Strong | 9 | 0 | 0 | |
| Security & Trust | 55 | Needs work | 11 | 4 | 5 | View details |
| Security & Trust | 55 | Needs work | 11 | 4 | 5 | View details |
| Performance and Accessibility | 91 | Strong | 25 | 2 | 0 | View details |
| Performance | 89 | Mostly ready | 17 | 2 | 0 | View details |
| Accessibility | 94 | Strong | 8 | 0 | 0 |
Prioritized recommendations
Issues ranked by score impact
33 items need attention
AI DiscoverabilityDiscoverabilityEstablished
Link headers
Link headers failed at "Find useful Link headers".
100 Fail
AI DiscoverabilityDiscoverabilityEstablished
Link headers
Link headers failed at "Find useful Link headers".
Needs attention
Link headers
Issue
No useful agent discovery Link headers were found.
Why it matters
Link headers let automated clients discover API catalogs, documentation, and machine-readable alternates without parsing page markup first.
Check name
Link headers
Score
0/100
Status
fail
Category
Discoverability
Maturity
Established
Goal
Include Link response headers for agent discovery using RFC 8288.
Result
Link headers failed at "Find useful Link headers".
Validation steps
Find useful Link headers
No useful agent discovery Link headers were found.
Fetch same-origin Link header targets
Link headers did not expose any same-origin targets to validate.
Agent Ease of UseMCPEmerging recommendation
MCP Server Card
MCP Server Card failed at "Discover MCP server card".
50 Fail
Agent Ease of UseMCPEmerging recommendation
MCP Server Card
MCP Server Card failed at "Discover MCP server card".
Needs attention
MCP Server Card
Issue
This site claims MCP support or links to MCP metadata, but no MCP server card could be fetched.
Why it matters
MCP server cards give agents a stable, public pre-connection discovery surface for server identity, remote transports, protocol compatibility, and safe routing without guessing endpoints.
Check name
MCP Server Card
Score
0/100
Status
fail
Category
MCP
Maturity
Emerging recommendation
Goal
Publish an MCP Server Card that helps agents discover remote MCP server transports before opening a session.
Result
MCP Server Card failed at "Discover MCP server card".
Validation steps
Discover MCP server card
This site claims MCP support or links to MCP metadata, but no MCP server card could be fetched.
Agent Ease of UseMCPEmerging recommendation
WebMCP
WebMCP has a validation warning at "Probe WebMCP operability".
25 Warning
Agent Ease of UseMCPEmerging recommendation
WebMCP
WebMCP has a validation warning at "Probe WebMCP operability".
Needs attention
WebMCP
Issue
No WebMCP surface was found to probe.
Details
Why it matters
WebMCP gives agents structured page and browser tool hints so they can understand actions without relying only on screen scraping.
Check name
WebMCP
Score
50/100
Status
warning
Category
MCP
Maturity
Emerging recommendation
Goal
Expose browser/page WebMCP tools and compatible static WebMCP metadata when a site wants agents to understand in-page actions.
Result
WebMCP has a validation warning at "Probe WebMCP operability".
Validation steps
Detect WebMCP runtime API
Expose current WebMCP tools through document.modelContext.registerTool(), or clearly document navigator.modelContext as a compatibility/polyfill profile.
Probe WebMCP operability
No WebMCP surface was found to probe.
WebMCP operability findings
- No WebMCP surface was found to probe.
- Conventional WebMCP manifest paths were checked but did not return a valid manifest.
Validate declarative WebMCP form tools
No W3C-style declarative WebMCP form attributes were found.
Validate MCP-aware HTML annotations
No data-mcp-tool or hyphenated WebMCP compatibility annotations were found.
Validate static WebMCP JSON compatibility
No static WebMCP JSON manifest or WMCP interaction graph was found.
Validate WebMCP tool metadata quality
Use clear tool names, useful descriptions, constrained schemas, side-effect clarity, and profile-appropriate naming.
Review WebMCP security and policy signals
Remove secrets and prompt-injection text from WebMCP metadata, avoid private endpoints, and use Permissions-Policy and annotations for tool safety.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Source and trust signals
AIO: Source and trust signals scored 17/100 and needs a fix.
25 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Source and trust signals
AIO: Source and trust signals scored 17/100 and needs a fix.
Needs attention
AIO: Source and trust signals
Issue
Missing AIO trust signals: author, publisher, freshnessDate, aboutOrContact, policyLinks.
Details
Why it matters
Google AI Overviews and AI Mode depend on normal Google Search eligibility, snippet permissions, useful visible content, consistent structured data, trust signals, and page experience basics. These signals help Google understand and preview a page, but they do not guarantee selection.
Check name
AIO: Source and trust signals
Score
17/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible, understandable, and previewable for Google Search AI features without promising inclusion.
Result
AIO: Source and trust signals scored 17/100 and needs a fix.
AI DiscoverabilityContent ReadinessEstablished
Markdown negotiation
Markdown negotiation is missing or incomplete.
18 Fail
AI DiscoverabilityContent ReadinessEstablished
Markdown negotiation
Markdown negotiation is missing or incomplete.
Needs attention
Markdown negotiation
Issue
Best candidate returned Content-Type "text/html; charset=utf-8" instead of text/markdown.
Why it matters
Markdown representations give agents a cleaner page form while preserving normal HTML for browsers and cache-safe representation handling.
Check name
Markdown negotiation
Score
10/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Expose a useful Markdown representation through negotiation or an explicit alternate URL.
Result
Markdown negotiation is missing or incomplete.
Validation steps
Markdown representation
No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks.
Same-URL negotiation
Same-URL Accept: text/markdown did not return a valid Markdown representation.
Markdown format validation
Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation.
Advertised Markdown alternate
No Link or HTML rel=alternate text/markdown URL was advertised.
Conventional .md mirror
Conventional .md mirror candidates did not return valid Markdown.
Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration has a validation warning at "Warn when auth surface lacks Auth.md".
17 Warning
Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration has a validation warning at "Warn when auth surface lacks Auth.md".
Needs attention
Auth.md Agent Registration
Issue
The site appears to support login, signup, account access, or credentials but does not publish /auth.md.
Why it matters
Human login and signup flows are often opaque to agents. Auth.md gives automated clients a stable registration contract instead of forcing them to scrape docs, automate browser forms, or guess credential flows.
Check name
Auth.md Agent Registration
Score
50/100
Status
warning
Category
Auth
Maturity
Emerging recommendation
Goal
Publish Auth.md v1 metadata so agents can discover how to register, claim a user, and obtain credentials.
Result
Auth.md Agent Registration has a validation warning at "Warn when auth surface lacks Auth.md".
Validation steps
Warn when auth surface lacks Auth.md
The site appears to support login, signup, account access, or credentials but does not publish /auth.md.
AI DiscoverabilityBot Access ControlInformational
Content Signal
Content Signal has a validation warning at "Validate declared usage preferences".
17 Warning
AI DiscoverabilityBot Access ControlInformational
Content Signal
Content Signal has a validation warning at "Validate declared usage preferences".
Needs attention
Content Signal
Issue
No Content-Usage or Content-Signal declarations were found.
Why it matters
Content usage preference signals communicate intended downstream AI use separately from robots.txt crawl permission. They can express training and search preferences for compliant systems without replacing access-control rules.
Check name
Content Signal
Score
50/100
Status
warning
Category
Bot Access Control
Maturity
Informational
Goal
Declare AI content usage preferences when the site intentionally publishes machine-readable usage policy.
Result
Content Signal has a validation warning at "Validate declared usage preferences".
Validation steps
Validate declared usage preferences
No Content-Usage or Content-Signal declarations were found.
Agent Ease of UseAuthEstablished
OAuth / OIDC discovery
OAuth / OIDC discovery has a validation warning at "Detect OAuth/OIDC applicability".
17 Warning
Agent Ease of UseAuthEstablished
OAuth / OIDC discovery
OAuth / OIDC discovery has a validation warning at "Detect OAuth/OIDC applicability".
Needs attention
OAuth / OIDC discovery
Issue
Generic authentication signals were found, but no OAuth/OIDC discovery signal was detected.
Why it matters
OAuth and OIDC discovery let agents and API clients find authorization, token, and key endpoints programmatically instead of scraping login pages or guessing provider setup.
Check name
OAuth / OIDC discovery
Score
50/100
Status
warning
Category
Auth
Maturity
Established
Goal
Publish OAuth/OIDC discovery metadata only when the site operates or advertises a real OAuth/OIDC authorization server.
Result
OAuth / OIDC discovery has a validation warning at "Detect OAuth/OIDC applicability".
Validation steps
Detect OAuth/OIDC applicability
Generic authentication signals were found, but no OAuth/OIDC discovery signal was detected.
Agent Ease of UseAuthEmerging recommendation
OAuth Protected Resource
OAuth Protected Resource has a validation warning at "Detect protected-resource applicability".
17 Warning
Agent Ease of UseAuthEmerging recommendation
OAuth Protected Resource
OAuth Protected Resource has a validation warning at "Detect protected-resource applicability".
Needs attention
OAuth Protected Resource
Issue
Generic authentication signals were found, but no OAuth Protected Resource metadata signal was detected.
Why it matters
Protected-resource metadata tells agents which API/resource is locked, which authorization servers can issue tokens for it, and how a 401 challenge maps back to the correct resource.
Check name
OAuth Protected Resource
Score
50/100
Status
warning
Category
Auth
Maturity
Emerging recommendation
Goal
Publish OAuth Protected Resource Metadata for OAuth-protected APIs and MCP resources so clients can identify the resource and its authorization servers.
Result
OAuth Protected Resource has a validation warning at "Detect protected-resource applicability".
Validation steps
Detect protected-resource applicability
Generic authentication signals were found, but no OAuth Protected Resource metadata signal was detected.
AI DiscoverabilityBot Access ControlEmerging recommendation
RSL license signal
No RSL declarations were found.
17 Warning
AI DiscoverabilityBot Access ControlEmerging recommendation
RSL license signal
No RSL declarations were found.
Needs attention
RSL license signal
Issue
No RSL declarations were found.
Why it matters
Really Simple Licensing is an emerging rights-expression layer for communicating content usage and licensing terms separately from robots.txt crawl permission.
Check name
RSL license signal
Score
50/100
Status
warning
Category
Bot Access Control
Maturity
Emerging recommendation
Goal
Declare machine-readable content licensing terms for compliant AI and crawler systems when the site needs them.
Result
No RSL declarations were found.
Validation steps
Discover RSL declarations
No RSL declarations were found.
AI DiscoverabilityBot Access ControlEmerging recommendation
TDMRep declaration
No TDMRep declaration was found.
17 Warning
AI DiscoverabilityBot Access ControlEmerging recommendation
TDMRep declaration
No TDMRep declaration was found.
Needs attention
TDMRep declaration
Issue
No TDMRep declaration was found at /.well-known/tdmrep.json.
Why it matters
TDMRep is a W3C Community Group protocol and IANA-registered well-known URI for declaring text and data mining reservation policy on applicable content.
Check name
TDMRep declaration
Score
50/100
Status
warning
Category
Bot Access Control
Maturity
Emerging recommendation
Goal
Publish a machine-readable text and data mining reservation declaration and verifiable ODRL policy when the site needs one.
Result
No TDMRep declaration was found.
Validation steps
Fetch /.well-known/tdmrep.json
No TDMRep declaration was found at /.well-known/tdmrep.json.
Agent Ease of UseSkill DiscoveryEmerging recommendation
A2A Agent Card
A2A Agent Card has a validation warning at "Discover A2A Agent Card".
13 Warning
Agent Ease of UseSkill DiscoveryEmerging recommendation
A2A Agent Card
A2A Agent Card has a validation warning at "Discover A2A Agent Card".
Needs attention
A2A Agent Card
Issue
No A2A Agent Card was found at the current, legacy, or fallback discovery paths.
Why it matters
A2A Agent Cards provide protocol-specific discovery for agent identity, skills, input and output modes, transport bindings, capabilities, and security requirements. Legacy A2A also used /.well-known/agent.json, so scanners must classify the card shape before reporting readiness.
Check name
A2A Agent Card
Score
50/100
Status
warning
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish a version-appropriate A2A Agent Card so A2A-compatible clients can discover agent skills and invoke the declared endpoint safely.
Result
A2A Agent Card has a validation warning at "Discover A2A Agent Card".
Validation steps
Discover A2A Agent Card
No A2A Agent Card was found at the current, legacy, or fallback discovery paths.
Agent Ease of UseSkill DiscoveryEmerging recommendation
Agent Skills index
Agent Skills index has a validation warning at "Discover Agent Skills index".
13 Warning
Agent Ease of UseSkill DiscoveryEmerging recommendation
Agent Skills index
Agent Skills index has a validation warning at "Discover Agent Skills index".
Needs attention
Agent Skills index
Issue
No Agent Skills discovery index was found at the canonical or legacy path.
Why it matters
An Agent Skills index lets agents discover task-specific instructions through a small trusted index, then verify and load only the skill artifacts they need.
Check name
Agent Skills index
Score
50/100
Status
warning
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish an Agent Skills discovery index that advertises digest-pinned SKILL.md or archive artifacts.
Result
Agent Skills index has a validation warning at "Discover Agent Skills index".
Validation steps
Discover Agent Skills index
No Agent Skills discovery index was found at the canonical or legacy path.
Agent Ease of UseSkill DiscoveryEmerging recommendation
agents.json
agents.json has a validation warning at "Discover agents.json".
13 Warning
Agent Ease of UseSkill DiscoveryEmerging recommendation
agents.json
agents.json has a validation warning at "Discover agents.json".
Needs attention
agents.json
Issue
No Wildcard-style agents.json file was found.
Why it matters
Wildcard agents.json gives agents workflow-level context beyond plain OpenAPI, including flows, links, examples, and API action structure. It is an emerging OpenAPI-adjacent proposal, so scanners should validate the contract shape without treating it as an A2A or IETF standard.
Check name
agents.json
Score
50/100
Status
warning
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish a Wildcard-style agents.json file so agents can discover OpenAPI-backed workflows, links, examples, and authentication requirements.
Result
agents.json has a validation warning at "Discover agents.json".
Validation steps
Discover agents.json
No Wildcard-style agents.json file was found.
Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy failed at "Find enforcing CSP delivery".
12 Fail
Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy failed at "Find enforcing CSP delivery".
Needs attention
Content-Security-Policy
Issue
Applicable HTML response is missing an enforcing Content-Security-Policy header.
Why it matters
Content Security Policy reduces the impact of injection bugs by limiting where scripts, styles, frames, forms, and other browser resources can load or execute.
Check name
Content-Security-Policy
Score
40/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Constrain browser resource loading and script execution with an enforcing Content-Security-Policy header.
Result
Content-Security-Policy failed at "Find enforcing CSP delivery".
Validation steps
Find enforcing CSP delivery
Applicable HTML response is missing an enforcing Content-Security-Policy header.
Security & TrustSecurity & TrustEstablished
Referrer-Policy
Referrer-Policy failed at "Find Referrer-Policy header".
12 Fail
Security & TrustSecurity & TrustEstablished
Referrer-Policy
Referrer-Policy failed at "Find Referrer-Policy header".
Needs attention
Referrer-Policy
Issue
Referrer-Policy header is missing.
Why it matters
Referrer-Policy controls how much URL context is sent to other origins, limiting accidental leakage of paths, queries, and identifiers.
Check name
Referrer-Policy
Score
40/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Limit how much referrer data leaves the site with an explicit Referrer-Policy header.
Result
Referrer-Policy failed at "Find Referrer-Policy header".
Validation steps
Find Referrer-Policy header
Referrer-Policy header is missing.
Review observed browser responses
One or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Citable passages
GEO: Citable passages scored 0/100 and needs a fix.
12 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Citable passages
GEO: Citable passages scored 0/100 and needs a fix.
Needs attention
GEO: Citable passages
Issue
No evidence-backed, citation-length explanatory paragraph was found.
Details
Why it matters
Generative answer systems work best with visible, self-contained, evidence-backed content, clear entities, trustworthy attribution, structured page sections, and crawler-accessible HTML. These signals improve machine understanding even though they do not guarantee AI citations.
Check name
GEO: Citable passages
Score
0/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute without promising inclusion in any proprietary answer surface.
Result
GEO: Citable passages scored 0/100 and needs a fix.
Security & TrustSecurity & TrustEstablished
Frame protection
Frame protection failed at "Validate X-Frame-Options".
11 Fail
Security & TrustSecurity & TrustEstablished
Frame protection
Frame protection failed at "Validate X-Frame-Options".
Needs attention
Frame protection
Issue
No valid X-Frame-Options fallback is present.
Why it matters
Frame protection blocks hostile sites from embedding pages in deceptive frames, reducing clickjacking and UI redressing risk.
Check name
Frame protection
Score
44/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Prevent unwanted framing with an enforcing CSP frame-ancestors directive or a valid X-Frame-Options fallback.
Result
Frame protection failed at "Validate X-Frame-Options".
Validation steps
Validate CSP frame-ancestors
No enforcing CSP frame-ancestors directive is present.
Validate X-Frame-Options
No valid X-Frame-Options fallback is present.
Review observed browser responses
One or more same-origin HTML documents observed by Chrome did not emit valid frame protection.
AI DiscoverabilityContent ReadinessEstablished
Semantic HTML
Semantic HTML is partially implemented.
10 Warning
AI DiscoverabilityContent ReadinessEstablished
Semantic HTML
Semantic HTML is partially implemented.
Needs attention
Semantic HTML
Issue
Semantic HTML is incomplete: expected exactly one visible main landmark, found 0; skipped or empty headings; 1 form controls missing labels; 0/1 applicable personal-data inputs have valid autocomplete attributes (1 missing).
Details
Why it matters
Semantic HTML gives browsers, assistive technology, search systems, and agents reliable landmarks, headings, controls, form semantics, and image context.
Check name
Semantic HTML
Score
48/100
Status
warning
Category
Content Readiness
Maturity
Established
Goal
Expose readable page structure through semantic HTML and accessible controls.
Result
Semantic HTML is partially implemented.
Validation steps
Page landmarks
Expected exactly one visible main landmark; found 0.
Heading structure
Headings skip levels or include empty heading elements.
Form labels and autocomplete
1 user-fillable form controls are missing labels.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Source and trust signals
GEO: Source and trust signals scored 17/100 and needs a fix.
10 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Source and trust signals
GEO: Source and trust signals scored 17/100 and needs a fix.
Needs attention
GEO: Source and trust signals
Issue
Missing source or trust signals: authorOrOwner, freshnessDate, sourceLinks, aboutOrContact, policyLinks.
Details
Why it matters
Generative answer systems work best with visible, self-contained, evidence-backed content, clear entities, trustworthy attribution, structured page sections, and crawler-accessible HTML. These signals improve machine understanding even though they do not guarantee AI citations.
Check name
GEO: Source and trust signals
Score
17/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute without promising inclusion in any proprietary answer surface.
Result
GEO: Source and trust signals scored 17/100 and needs a fix.
AI DiscoverabilityContent ReadinessEstablished
Author attribution
Author attribution is partially implemented.
9 Warning
AI DiscoverabilityContent ReadinessEstablished
Author attribution
Author attribution is partially implemented.
Needs attention
Author attribution
Issue
No named author or publisher identity could be extracted.
Why it matters
Author attribution helps agents cite content responsibly, assess source credibility, and distinguish editorial pages from anonymous marketing copy.
Check name
Author attribution
Score
55/100
Status
warning
Category
Content Readiness
Maturity
Established
Goal
Identify content authors or publishers for trust and attribution.
Result
Author attribution is partially implemented.
Validation steps
Schema.org attribution
Schema.org attribution is incomplete or relies only on publisher/fallback evidence.
Author identity quality
No named author or publisher identity could be extracted.
Agent Ease of UseSkill DiscoveryEmerging recommendation
DNS-AID Agent Discovery
DNS-AID Agent Discovery has a validation warning at "Query DNS-AID records".
9 Warning
Agent Ease of UseSkill DiscoveryEmerging recommendation
DNS-AID Agent Discovery
DNS-AID Agent Discovery has a validation warning at "Query DNS-AID records".
Needs attention
DNS-AID Agent Discovery
Issue
No DNS-AID HTTPS/SVCB records were found under _agents.
Why it matters
DNS-AID lets agents discover index, A2A, and other agent entrypoints before fetching HTTP metadata. HTTPS/SVCB records provide the service-binding substrate, while DNSSEC can authenticate the discovery answer when available.
Check name
DNS-AID Agent Discovery
Score
65/100
Status
warning
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish DNS-AID HTTPS/SVCB records under _agents for DNS-based agent entrypoint discovery.
Result
DNS-AID Agent Discovery has a validation warning at "Query DNS-AID records".
Validation steps
Query DNS-AID records
No DNS-AID HTTPS/SVCB records were found under _agents.
Security & TrustSecurity & TrustEstablished
X-Content-Type-Options
X-Content-Type-Options failed at "Find X-Content-Type-Options".
9 Fail
Security & TrustSecurity & TrustEstablished
X-Content-Type-Options
X-Content-Type-Options failed at "Find X-Content-Type-Options".
Needs attention
X-Content-Type-Options
Issue
Browser-loadable response is missing X-Content-Type-Options.
Why it matters
X-Content-Type-Options tells browsers to trust declared media types instead of sniffing content, reducing the risk that mislabeled files execute as active content.
Check name
X-Content-Type-Options
Score
57/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Prevent browser MIME sniffing for browser-loadable responses with X-Content-Type-Options: nosniff.
Result
X-Content-Type-Options failed at "Find X-Content-Type-Options".
Validation steps
Find X-Content-Type-Options
Browser-loadable response is missing X-Content-Type-Options.
Review observed browser responses
One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Evidence and trust
AEO: Evidence and trust scored 29/100 and needs a fix.
8 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Evidence and trust
AEO: Evidence and trust scored 29/100 and needs a fix.
Needs attention
AEO: Evidence and trust
Issue
Missing answer evidence or trust signals: author, publisher, freshnessDate, aboutOrContact, policyLinks.
Details
Why it matters
Answer engines need visible answer passages, clear question and heading structure, entity definitions, evidence, and trust signals. These signals improve extraction and attribution, but they do not guarantee answer-engine citations or search features.
Check name
AEO: Evidence and trust
Score
29/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to extract, answer from, and attribute without promising inclusion in any proprietary answer surface.
Result
AEO: Evidence and trust scored 29/100 and needs a fix.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer-first passages
AEO: Answer-first passages scored 43/100 and needs a fix.
7 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer-first passages
AEO: Answer-first passages scored 43/100 and needs a fix.
Needs attention
AEO: Answer-first passages
Issue
17 section(s) bury or omit a concise opening answer.
Details
Why it matters
Answer engines need visible answer passages, clear question and heading structure, entity definitions, evidence, and trust signals. These signals improve extraction and attribution, but they do not guarantee answer-engine citations or search features.
Check name
AEO: Answer-first passages
Score
43/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to extract, answer from, and attribute without promising inclusion in any proprietary answer surface.
Result
AEO: Answer-first passages scored 43/100 and needs a fix.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Question and answer structure
AEO: Question and answer structure scored 47/100 and needs a fix.
6 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Question and answer structure
AEO: Question and answer structure scored 47/100 and needs a fix.
Needs attention
AEO: Question and answer structure
Issue
No natural question headings were detected. No visible FAQ or Q&A pattern was detected. Heading structure issues were detected.
Details
Why it matters
Answer engines need visible answer passages, clear question and heading structure, entity definitions, evidence, and trust signals. These signals improve extraction and attribution, but they do not guarantee answer-engine citations or search features.
Check name
AEO: Question and answer structure
Score
47/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to extract, answer from, and attribute without promising inclusion in any proprietary answer surface.
Result
AEO: Question and answer structure scored 47/100 and needs a fix.
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Structured extraction
GEO: Structured extraction scored 63/100 and needs improvement.
4 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Structured extraction
GEO: Structured extraction scored 63/100 and needs improvement.
Needs attention
GEO: Structured extraction
Issue
Missing or weak extraction signals: clean heading hierarchy, summary or key takeaways, FAQ or question-answer section where appropriate.
Details
Why it matters
Generative answer systems work best with visible, self-contained, evidence-backed content, clear entities, trustworthy attribution, structured page sections, and crawler-accessible HTML. These signals improve machine understanding even though they do not guarantee AI citations.
Check name
GEO: Structured extraction
Score
63/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute without promising inclusion in any proprietary answer surface.
Result
GEO: Structured extraction scored 63/100 and needs improvement.
AI DiscoverabilityContent ReadinessEmerging recommendation
llms.txt
llms.txt has a validation warning at "Probe sampled linked resources".
3 Warning
AI DiscoverabilityContent ReadinessEmerging recommendation
llms.txt
llms.txt has a validation warning at "Probe sampled linked resources".
Needs attention
llms.txt
Issue
Some sampled llms.txt links were broken, redirected unexpectedly, or did not return clearly agent-readable content.
Details
Why it matters
llms.txt is an emerging Markdown convention for giving language-model clients curated context and links before they crawl broadly. Broken, private, or low-signal links make the file much less useful even when it exists.
Check name
llms.txt
Score
87/100
Status
warning
Category
Content Readiness
Maturity
Emerging recommendation
Goal
Publish a concise llms.txt index that helps agents discover useful public site context.
Result
llms.txt has a validation warning at "Probe sampled linked resources".
Validation steps
Probe sampled linked resources
Some sampled llms.txt links were broken, redirected unexpectedly, or did not return clearly agent-readable content.
Findings
- 1/12 probed links were broken or unreachable.
- 1/12 probed links did not look agent-readable.
Inspect optional llms-full.txt
Passed.
Security & TrustSecurity & TrustEstablished
HSTS header
HSTS header has a validation warning at "Review subdomain scope".
1 Warning
Security & TrustSecurity & TrustEstablished
HSTS header
HSTS header has a validation warning at "Review subdomain scope".
Needs attention
HSTS header
Issue
HSTS is valid, but includeSubDomains is absent.
Why it matters
HSTS tells browsers to keep using HTTPS after the first secure visit, reducing downgrade, SSL-stripping, and mixed-transport risk for repeat users.
Check name
HSTS header
Score
94/100
Status
warning
Category
Security & Trust
Maturity
Established
Goal
Require HTTPS for repeat browser visits with a valid Strict-Transport-Security policy.
Result
HSTS header has a validation warning at "Review subdomain scope".
Validation steps
Review subdomain scope
HSTS is valid, but includeSubDomains is absent.
AI DiscoverabilityContent ReadinessEstablished
Structured data
Structured data has a validation warning at "Schema policy recommendations".
0 Warning
AI DiscoverabilityContent ReadinessEstablished
Structured data
Structured data has a validation warning at "Schema policy recommendations".
Needs attention
Structured data
Issue
SoftwareApplication schema is missing recommended Google field(s): aggregateRating, offers.priceCurrency.
Why it matters
Structured data gives agents explicit entities, relationships, and page meaning that are harder to infer reliably from visual layout alone.
Check name
Structured data
Score
98/100
Status
warning
Category
Content Readiness
Maturity
Established
Goal
Expose machine-readable page entities and relationships through a recognized structured-data syntax.
Result
Structured data has a validation warning at "Schema policy recommendations".
Validation steps
Schema policy recommendations
SoftwareApplication schema is missing recommended Google field(s): aggregateRating, offers.priceCurrency.
AI DiscoverabilityDiscoverabilityEstablished
IndexNow key
IndexNow key is informational for this page.
Informational
AI DiscoverabilityDiscoverabilityEstablished
IndexNow key
IndexNow key is informational for this page.
Needs attention
IndexNow key
Issue
IndexNow key is informational for this page.
Why it matters
IndexNow lets sites notify participating search engines about changed URLs, but ownership verification requires a UTF-8 key file whose filename matches the key.
Check name
IndexNow key
Score
100/100
Status
informational
Category
Discoverability
Maturity
Established
Goal
Verify that IndexNow ownership key placement is detectable when the site advertises it.
Result
IndexNow key is informational for this page.
Validation steps
Find advertised IndexNow key location
No IndexNow key location was advertised in HTML, Link headers, or robots.txt.
Fetch and validate IndexNow key file
No discoverable IndexNow key file was found.
Performance and AccessibilityPerformanceBrowser audit
Document does not have a main landmark.
50 Fail
Performance and AccessibilityPerformanceBrowser audit
Document does not have a main landmark.
Check name
Document does not have a main landmark.
Score
0/100
Status
fail
Device
desktop
Category
Performance
Fix guidance
One main landmark helps screen reader users navigate a web page. [Learn more about landmarks](https://dequeuniversity.com/rules/axe/4.11/landmark-one-main).
References
https://web.dev/learn/performance/Evidence
{
"description": "One main landmark helps screen reader users navigate a web page. [Learn more about landmarks](https://dequeuniversity.com/rules/axe/4.11/landmark-one-main)."
}Performance and AccessibilityPerformanceBrowser audit
Render-blocking requests
50 Fail
Performance and AccessibilityPerformanceBrowser audit
Render-blocking requests
Check name
Render-blocking requests
Score
0/100
Status
fail
Device
desktop
Category
Performance
Estimated savings
Est savings of 510 ms
Fix guidance
Requests are blocking the page's initial render, which may delay LCP. [Deferring or inlining](https://developer.chrome.com/docs/performance/insights/render-blocking) can move these network requests out of the critical path.
References
https://web.dev/learn/performance/Evidence
{
"description": "Requests are blocking the page's initial render, which may delay LCP. [Deferring or inlining](https://developer.chrome.com/docs/performance/insights/render-blocking) can move these network requests out of the critical path.",
"displayValue": "Est savings of 510 ms"
}Fix with MCP or CLI
Use this report as the handoff into remediation. Generate a coding-agent prompt with the failing checks attached, or jump to the MCP and CLI setup docs before your next rescan.
Score history
Public scan score over time
Public reports for this website origin. Select any point or report link to open that canonical report.
| Scan date | Score | Readiness | Report |
|---|---|---|---|
| 65/100 | Level 3, Bot-Aware | Current report |