Markdown representation [fail]! No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks.INFOMarkdown representationFAILCheck usable Markdown representation was selected actual={"source":"negotiated","url":"https://templatefox.com/","statusCode":200,"contentType":"text/html","mediaType":"text/html","vary":"","requireVaryAccept":true,"contentTypeStatus":"fail","cacheStatus":"fail","bodyStatus":"fail","pass":false,"quality":{"valid":false,"formatStatus":"fail","dialect":"html-heavy","hasHeading":false,"headingCount":0,"wordCount":64145,"features":{"markdownLinks":0,"referenceLinks":0,"listItems":0,"tables":0,"taskListItems":0,"fencedCodeBlocks":0,"yamlFrontmatter":false,"jsonLdFencedBlocks":0,"admonitions":0,"strikethrough":0,"autolinks":0,"rawHtmlTags":936,"jsxOrMdxSignals":0},"issues":["missing-heading","raw-html-heavy","plain-text-like"],"excerpt":"<!DOCTYPE html><!--HI_yeyy2IVfdwQLWb8rU9--><html lang=\"en\" data-theme=\"light\" class=\"__variable_472ac2\" style=\"font-family:var(--font-inter)\"><head><meta charSet=\"utf-8\"/><meta charSet=\"utf-8\"/><meta name=\"viewport\" content=\"width=device-wi","issue":"Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."}} expected="negotiated, advertised alternate, or conventional mirror" selected={"source":"negotiated","url":"https://templatefox.com/","statusCode":200,"contentType":"text/html","mediaType":"text/html","vary":"","requireVaryAccept":true,"contentTypeStatus":"fail","cacheStatus":"fail","bodyStatus":"fail","pass":false,"quality":{"valid":false,"formatStatus":"fail","dialect":"html-heavy","hasHeading":false,"headingCount":0,"wordCount":64145,"features":{"markdownLinks":0,"referenceLinks":0,"listItems":0,"tables":0,"taskListItems":0,"fencedCodeBlocks":0,"yamlFrontmatter":false,"jsonLdFencedBlocks":0,"admonitions":0,"strikethrough":0,"autolinks":0,"rawHtmlTags":936,"jsxOrMdxSignals":0},"issues":["missing-heading","raw-html-heavy","plain-text-like"],"excerpt":"<!DOCTYPE html><!--HI_yeyy2IVfdwQLWb8rU9--><html lang=\"en\" data-theme=\"light\" class=\"__variable_472ac2\" style=\"font-family:var(--font-inter)\"><head><meta charSet=\"utf-8\"/><meta charSet=\"utf-8\"/><meta name=\"viewport\" content=\"width=device-wi","issue":"Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."}} candidatesChecked=2FAILMarkdown representation failed issue="No usable Markdown representation was found through negotiation, advertised alternates, or conservative .md mirror checks."Same-URL negotiation [fail]! Same-URL Accept: text/markdown did not return a valid Markdown representation.INFOSame-URL negotiationFAILCheck negotiated Markdown response actual={"statusCode":200,"mediaType":"text/html","vary":""} expected="HTTP 2xx text/markdown with Vary: Accept" url="https://templatefox.com/" statusCode=200 mediaType="text/html"FAILSame-URL negotiation failed issue="Same-URL Accept: text/markdown did not return a valid Markdown representation."Markdown format validation [fail]! Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation.INFOMarkdown format validationFAILCheck Markdown body quality actual={"valid":false,"wordCount":64145,"headingCount":0,"dialect":"html-heavy"} expected="valid Markdown with substantive text and headings" valid=false dialect="html-heavy" wordCount=64145 headingCount=0FAILMarkdown format validation failed issue="Markdown response contains too much raw HTML to be a clean agent-facing Markdown representation."Advertised Markdown alternate [warning]! No Link or HTML rel=alternate text/markdown URL was advertised.INFOAdvertised Markdown alternateWARNCheck advertised Markdown alternate candidates actual=0 expected="> 0 when HTML advertises a Markdown alternate" advertisedUrls=[] candidateCount=0WARNAdvertised Markdown alternate has a warning issue="No Link or HTML rel=alternate text/markdown URL was advertised."Conventional .md mirror [fail]! Conventional .md mirror candidates did not return valid Markdown.INFOConventional .md mirrorFAILCheck conventional Markdown mirror candidates actual=1 expected="> 0 when a conventional mirror is discoverable" conventionalUrls=["https://templatefox.com/index.html.md"] candidateCount=1FAILConventional .md mirror failed issue="Conventional .md mirror candidates did not return valid Markdown."

Discover MCP server card [warning]! The MCP server card was found only at a transitional or linked path.INFODiscover MCP server card candidateCount=5INFOBuild MCP server-card candidate list currentPath="/.well-known/mcp-server-card" transitionalPaths=["/.well-known/mcp/server-card.json","/.well-known/mcp/server-cards.json","/mcp.json","/.well-known/mcp.json"] linkedPaths=[]INFOTrying to fetch /.well-known/mcp-server-card url="https://templatefox.com/.well-known/mcp-server-card" source="current"FAIL/.well-known/mcp-server-card did not return a usable server card statusCode=404 contentType=nullINFOTrying to fetch /.well-known/mcp/server-card.json url="https://templatefox.com/.well-known/mcp/server-card.json" source="transitional"PASS/.well-known/mcp/server-card.json returned a successful response statusCode=200 contentType="application/json" finalUrl="https://templatefox.com/.well-known/mcp/server-card.json"INFOTrying to fetch /.well-known/mcp/server-cards.json url="https://templatefox.com/.well-known/mcp/server-cards.json" source="transitional"FAIL/.well-known/mcp/server-cards.json did not return a usable server card statusCode=404 contentType=nullINFOTrying to fetch /mcp.json url="https://templatefox.com/mcp.json" source="transitional"FAIL/mcp.json did not return a usable server card statusCode=404 contentType=nullINFOTrying to fetch /.well-known/mcp.json url="https://templatefox.com/.well-known/mcp.json" source="transitional"FAIL/.well-known/mcp.json did not return a usable server card statusCode=404 contentType=nullWARNCheck selected card is published at the current well-known path actual="/.well-known/mcp/server-card.json" expected="/.well-known/mcp-server-card" source="transitional" finalUrl="https://templatefox.com/.well-known/mcp/server-card.json"WARNMCP server card was discovered through a transitional or linked path path="/.well-known/mcp/server-card.json" source="transitional" reason="The MCP server card was found only at a transitional or linked path."Validate server-card shape [fail]! MCP Server Card is missing required fields: protocolVersion.INFOValidate server-card shape profile="legacy-server-card"PASSCheck response body parsed as JSON actual=true expected=truePASSCheck Content-Type is JSON-compatible actual=true expected=trueWARNCheck recognized MCP server-card profile actual="legacy-server-card" expected="sep-2127-draft" reason="Document uses the transitional serverInfo/protocolVersion/transport metadata model."FAILCheck required card fields are present actual=1 expected=0 missing=["protocolVersion"]WARNCheck MCP server-card uses the current remotes[] profile without legacy compatibility warnings actual="1 compatibility warning(s)" expected="current sep-2127-draft card shape with no legacy compatibility warnings" warnings=["Card uses the transitional serverInfo/protocolVersion/transport shape instead of the current remotes[] model."]FAILMCP server-card shape validation failed reason="MCP Server Card is missing required fields: protocolVersion."Validate MCP remotes [warning]! At least one MCP remote is cross-origin and was not actively probed by this scanner.INFOValidate MCP remotes remoteCount=1PASSCheck at least one MCP remote is declared actual=1 expected="> 0"PASSCheck invalid remote count actual=0 expected=0 invalidRemotes=[]WARNCheck same-origin remote coverage actual=0 expected=1PASSRemote #0 is syntactically usable index=0 source="transport" type="streamable-http" url="https://mcp-server-599407781746.us-central1.run.app/mcp" sameOrigin=false authRequired=false issues=[]WARNMCP remotes are valid but not all can be actively probed reason="At least one MCP remote is cross-origin and was not actively probed by this scanner."Probe same-origin MCP endpoint [warning]! MCP remotes were discovered, but none could be safely probed by this scanner.INFOProbe same-origin MCP endpoint probeCount=1INFOSelecting same-origin unauthenticated MCP remotes for a bounded initialize probeSKIPSkipped MCP endpoint probe url="https://mcp-server-599407781746.us-central1.run.app/mcp" reason="Cross-origin MCP remote was validated syntactically but not actively probed."WARNCheck successful initialize probe count actual=0 expected="> 0 when a safe same-origin unauthenticated remote exists" activeProbeCount=0 authBlocked=0WARNMCP endpoint probe could not fully confirm operability reason="MCP remotes were discovered, but none could be safely probed by this scanner."

Detect WebMCP runtime API [informational]INFODetect WebMCP runtime API status="informational"INFOProbe rendered browser for WebMCP runtime objects SKIPCheck current W3C runtime API actual="not detected" expected="document.modelContext/registerTool available"INFOWebMCP evidence was recorded for context. status="informational"Probe WebMCP operability [warning]! No WebMCP surface was found to probe.INFOProbe WebMCP operability status="warning"INFORun safe WebMCP operability checks safeProbeOnly=trueWARNCheck usable WebMCP evidence actual=0 expected="at least 1 usable runtime, declarative, annotation, or static manifest signal"WARNWebMCP operability warning warning="No WebMCP surface was found to probe."WARNWebMCP operability warning warning="Conventional WebMCP manifest paths were checked but did not return a valid manifest."WARNNo WebMCP surface was found to probe.Validate declarative WebMCP form tools [informational]! No W3C-style declarative WebMCP form attributes were found.INFOValidate declarative WebMCP form tools status="informational"INFOInspect visible forms and controls for current declarative WebMCP attributes annotatedElements=0 formsWithAttributes=0 controlsWithAttributes=0SKIPValidate declarative WebMCP attribute quality actual=0 expected=0INFONo W3C-style declarative WebMCP form attributes were found. status="informational"Validate MCP-aware HTML annotations [informational]! No data-mcp-tool or hyphenated WebMCP compatibility annotations were found.INFOValidate MCP-aware HTML annotations status="informational"INFOInspect HTML for MCP compatibility annotations compatibilityAttributeCount=0 dataMcpToolCount=0 examples=[]SKIPValidate compatibility annotation quality actual=0 expected=0INFONo data-mcp-tool or hyphenated WebMCP compatibility annotations were found. status="informational"Validate static WebMCP JSON compatibility [warning]! No static WebMCP JSON manifest or WMCP interaction graph was found.INFOValidate static WebMCP JSON compatibility status="warning"INFODiscover static WebMCP manifest candidates conventionalPaths=["/.well-known/webmcp.json","/webmcp.json"] checkedCount=2 profileCounts={}INFOWebMCP manifest candidate checked source="path" path="/.well-known/webmcp.json" url="https://templatefox.com/.well-known/webmcp.json" statusCode=404 contentType=nullINFOWebMCP manifest candidate checked source="path" path="/webmcp.json" url="https://templatefox.com/webmcp.json" statusCode=404 contentType=nullWARNValidate discovered static WebMCP metadata actual={"validManifestCount":0,"invalidManifestCount":0,"toolCount":0,"wmcpActionCount":0} expected="at least 1 valid tools[] manifest or WMCP graph when static metadata is present"WARNNo static WebMCP JSON manifest or WMCP interaction graph was found.Validate WebMCP tool metadata quality [informational]INFOValidate WebMCP tool metadata quality status="informational"INFOInspect WebMCP tool names, descriptions, schemas, and safety hints toolCount=0SKIPCheck tool metadata findings actual={"issueCount":0,"warningCount":0} expected="0 issues and 0 warnings"INFOWebMCP evidence was recorded for context. status="informational"Review WebMCP security and policy signals [informational]INFOReview WebMCP security and policy signals status="informational"INFOInspect WebMCP security and policy signals permissionsPolicy="(missing)" failureCount=0 warningCount=0PASSCheck security findings actual={"failures":0,"warnings":0} expected="0 failures and 0 warnings"INFOWebMCP evidence was recorded for context. status="informational"

Warn when auth surface lacks Auth.md [warning]! The site appears to support login, signup, account access, or credentials but does not publish /auth.md.INFOWarn when auth surface lacks Auth.mdWARNThe site appears to support login, signup, account access, or credentials but does not publish /auth.md.

Detect OAuth/OIDC applicability [warning]! Generic authentication signals were found, but no OAuth/OIDC discovery signal was detected.INFODetect OAuth/OIDC applicabilityINFOInspecting homepage, headers, and known auth/API signals for OAuth or OIDC claims applies=false signalsCount=0 genericAuthSignalsCount=1 checkedCount=2WARNCheck OAuth/OIDC applicability signal actual=false expected="true when metadata exists or OAuth/OIDC is claimed" checked=[{"path":"/.well-known/openid-configuration","statusCode":404,"contentType":null,"length":0},{"path":"/.well-known/oauth-authorization-server","statusCode":404,"contentType":null,"length":0}]WARNDetect OAuth/OIDC applicability completed with warnings issue="Generic authentication signals were found, but no OAuth/OIDC discovery signal was detected."

Detect protected-resource applicability [warning]! Generic authentication signals were found, but no OAuth Protected Resource metadata signal was detected.INFODetect protected-resource applicabilityINFOInspecting auth headers, MCP/OAuth claims, and protected-resource hints applies=false requiresAuthorizationServers=false signalsCount=0 genericAuthSignalsCount=1 checkedCount=1WARNCheck protected-resource metadata applicability actual=false expected="true when RFC 9728 metadata exists or support is claimed" checked=[{"url":"https://templatefox.com/.well-known/oauth-protected-resource","path":"/.well-known/oauth-protected-resource","source":"root-well-known","resourceIdentifier":"https://templatefox.com","statusCode":404,"contentType":null,"length":0}]WARNDetect protected-resource applicability completed with warnings issue="Generic authentication signals were found, but no OAuth Protected Resource metadata signal was detected."

Discover RSL declarations [warning]! No RSL declarations were found.INFODiscover RSL declarationsINFOChecking robots.txt License records, HTTP Link rel=license headers, HTML license links, and inline RSL XML robotsFound=trueSKIPCount discovered RSL declarations actual=0 expected=">= 1 when RSL licensing terms are published" sources={}WARNNo RSL declarations were found on any supported discovery surface.

Fetch /.well-known/tdmrep.json [warning]! No TDMRep declaration was found at /.well-known/tdmrep.json.INFOFetch /.well-known/tdmrep.jsonINFORequesting origin-level TDMRep declaration at /.well-known/tdmrep.jsonWARNCompare TDMRep file response actual=404 expected="2xx with JSON array when origin-level TDMRep is published" contentType=null length=0WARNNo TDMRep declaration was found at /.well-known/tdmrep.json. 

Discover OpenAPI document [warning]! The site appears to publish or document a public API, but no OpenAPI or Swagger document was found.INFODiscover OpenAPI document status="warning"INFOBuild OpenAPI candidate list conventionalPaths=19 candidateCount=19 sources={"conventional-path":19}INFOFetch OpenAPI candidate path="/openapi.json" source="conventional-path" statusCode=404 contentType=nullINFOFetch OpenAPI candidate path="/openapi.yaml" source="conventional-path" statusCode=404 contentType=nullINFOFetch OpenAPI candidate path="/swagger.json" source="conventional-path" statusCode=404 contentType=nullINFOFetch OpenAPI candidate path="/swagger.yaml" source="conventional-path" statusCode=404 contentType=nullINFOFetch OpenAPI candidate path="/api/openapi.json" source="conventional-path" statusCode=404 contentType=nullINFOFetch OpenAPI candidate path="/api/openapi.yaml" source="conventional-path" statusCode=404 contentType=nullINFOFetch OpenAPI candidate path="/api/swagger.json" source="conventional-path" statusCode=404 contentType=nullINFOFetch OpenAPI candidate path="/api/swagger.yaml" source="conventional-path" statusCode=404 contentType=nullINFOFetch OpenAPI candidate path="/docs/openapi.json" source="conventional-path" statusCode=404 contentType=nullINFOFetch OpenAPI candidate path="/docs/openapi.yaml" source="conventional-path" statusCode=404 contentType=nullINFOFetch OpenAPI candidate path="/api-docs" source="conventional-path" statusCode=404 contentType=nullINFOFetch OpenAPI candidate path="/v3/api-docs" source="conventional-path" statusCode=404 contentType=nullWARNSelect a usable OpenAPI candidate actual="none" expected="same-origin candidate with a parseable OpenAPI or Swagger document"WARNThe site appears to publish or document a public API, but no OpenAPI or Swagger document was found.

Score llms.txt structure and usefulness [fail]! llms.txt includes unsafe or private links that should not be advertised to agents.INFOScore llms.txt structure and usefulnessINFOChecking recommended summary, sections, link labels, agent-friendly links, duplicates, and unsafe targetsPASSCheck blockquote summary is present actual=true expected=truePASSCheck H2 section count actual=11 expected="> 0"PASSCheck Markdown-formatted links actual=23 expected="> 0"FAILCheck unsafe/private link count actual=1 expected=0FAILllms.txt structure-quality validation failed reason="llms.txt includes unsafe or private links that should not be advertised to agents."Probe sampled linked resources [fail]! Most sampled llms.txt links were broken or none returned agent-readable content.INFOProbe sampled linked resourcesINFOSelecting safe, useful links for bounded probing selectedCount=25PASSCheck probed links were attempted actual=25 expected="> 0"FAILCheck broken probed link count actual=13 expected=0PASSCheck agent-readable probed links actual=12 expected="> 0"FAILLinked resource probe validation failed reason="Most sampled llms.txt links were broken or none returned agent-readable content."Inspect optional llms-full.txt [informational]INFOInspect optional llms-full.txtINFOTrying to fetch /llms-full.txt url="https://templatefox.com/llms-full.txt"PASS/llms-full.txt returned HTTP 2xx statusCode=200 contentType="text/plain" length=13633PASSCheck llms-full.txt content type is Markdown-compatible text actual="text/plain" expected="text/markdown, text/x-markdown, text/plain, or another Markdown text type"PASSCheck llms-full.txt looks like supplemental full corpus content actual=true expected=truePASSOptional llms-full.txt inspection recorded

Discover A2A Agent Card [warning]! No A2A Agent Card was found at the current, legacy, or fallback discovery paths.INFODiscover A2A Agent CardINFOTry A2A discovery paths in priority order paths=["/.well-known/agent-card.json","/.well-known/agent.json","/agent-card.json","/.well-known/a2a/agent-card.json"]WARNA2A candidate path did not return a usable card path="/.well-known/agent-card.json" statusCode=404 contentType=nullWARNA2A candidate path did not return a usable card path="/.well-known/agent.json" statusCode=404 contentType=nullWARNA2A candidate path did not return a usable card path="/agent-card.json" statusCode=404 contentType=nullWARNA2A candidate path did not return a usable card path="/.well-known/a2a/agent-card.json" statusCode=404 contentType=nullWARNNo A2A Agent Card candidate was selectedWARNNo A2A Agent Card was found at the current, legacy, or fallback discovery paths.

Discover Agent Skills index [warning]! No Agent Skills discovery index was found at the canonical or legacy path.INFODiscover Agent Skills indexINFOTry Agent Skills index paths in priority order paths=["/.well-known/agent-skills/index.json","/.well-known/skills/index.json"]WARNAgent Skills index candidate was not usable path="/.well-known/agent-skills/index.json" url="https://templatefox.com/.well-known/agent-skills/index.json" statusCode=404WARNAgent Skills index candidate was not usable path="/.well-known/skills/index.json" url="https://templatefox.com/.well-known/skills/index.json" statusCode=404WARNNo Agent Skills discovery index was found at the canonical or legacy path.

Discover agents.json [warning]! No Wildcard-style agents.json file was found.INFODiscover agents.jsonINFOTry agents.json discovery paths in priority order paths=["/.well-known/agents.json","/agents.json"]WARNagents.json candidate path did not return a usable contract path="/.well-known/agents.json" statusCode=404 contentType=nullWARNagents.json candidate path did not return a usable contract path="/agents.json" statusCode=404 contentType=nullWARNNo agents.json candidate was selectedWARNNo Wildcard-style agents.json file was found.

Query DNS-AID records [warning]! No DNS-AID HTTPS/SVCB records were found under _agents.INFOQuery DNS-AID recordsINFOBuild DNS-AID query names from hostname hostname="templatefox.com" labels=["_index._agents.templatefox.com","_a2a._agents.templatefox.com"] claimedOnPage=falseWARNDNS query returned no DNS-AID answers name="_index._agents.templatefox.com" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.templatefox.com" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.templatefox.com" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _index._agents.templatefox.com"WARNDNS query returned no DNS-AID answers name="_a2a._agents.templatefox.com" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.templatefox.com" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.templatefox.com" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _a2a._agents.templatefox.com"WARNCompare total DNS-AID answer count actual=0 expected="> 0"WARNNo DNS-AID HTTPS/SVCB records were found under _agents.Check DNSSEC authentication evidence [warning]! DNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.INFOCheck DNSSEC authentication evidenceWARNCompare DNSSEC authenticated-data flag actual=false expected=trueWARNCompare visible DNSSEC material actual=false expected=trueWARNResolver did not confirm authenticated DNSSEC data name="_index._agents.templatefox.com" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.templatefox.com" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.templatefox.com" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.templatefox.com" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.templatefox.com" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.templatefox.com" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.templatefox.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.templatefox.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="templatefox.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNDNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.

Find enforcing CSP delivery [fail]! Applicable HTML response is missing an enforcing Content-Security-Policy header.INFOFind enforcing CSP deliveryINFORead CSP delivery headers enforcingHeader="missing" reportOnlyHeader="missing" metaPolicyCount=0 legacyHeadersPresent=[]FAILRequire enforcing Content-Security-Policy header actual="missing" expected="present" issue="Applicable HTML response is missing an enforcing Content-Security-Policy header."FAILApplicable HTML response is missing an enforcing Content-Security-Policy header.

Find Referrer-Policy header [fail]! Referrer-Policy header is missing.INFOFind Referrer-Policy headerINFORead Referrer-Policy delivery header="referrer-policy" value="missing" metaReferrerPolicyCount=0 browserDefault="strict-origin-when-cross-origin"FAILRequire explicit HTTP Referrer-Policy header actual="missing" expected="HTTP response header present" issue="Referrer-Policy header is missing."FAILReferrer-Policy header is missing.Review observed browser responses [warning]! One or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy.INFOReview observed browser responsesINFOSample Chrome-observed same-origin responses observedResponseCount=41 sameOriginCount=36 htmlDocumentCount=1WARNCompare observed Referrer-Policy coverage actual={"missingPolicyCount":1,"unsafeOrInvalidPolicyCount":0,"weakPolicyCount":0,"affected":[{"url":"https://templatefox.com/","status":200,"resourceType":"document","contentType":"text/html","referrerPolicy":null,"classification":"invalid"}]} expected="0 missing, unsafe, invalid, or weak same-origin HTML responses" issue="One or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy."WARNOne or more same-origin HTML documents observed by Chrome did not emit Referrer-Policy.

Validate CSP frame-ancestors [warning]! No enforcing CSP frame-ancestors directive is present.INFOValidate CSP frame-ancestorsINFORead CSP frame-ancestors signals enforcingHeaderPresent=false reportOnlyHeaderPresent=false metaFrameAncestors=false policyCount=0 duplicateDirectives=[]WARNCompare effective frame-ancestors directive actual="missing" expected="valid restrictive enforcing frame-ancestors" issue="No enforcing CSP frame-ancestors directive is present."WARNNo enforcing CSP frame-ancestors directive is present.Validate X-Frame-Options [fail]! No valid X-Frame-Options fallback is present.INFOValidate X-Frame-OptionsINFORead X-Frame-Options fallback value="missing" parsedValues=[] normalizedValues=[]FAILCompare X-Frame-Options value actual="missing" expected="DENY or SAMEORIGIN" valid=false obsoleteAllowFrom=false duplicateOrConflicting=false issue="No valid X-Frame-Options fallback is present."FAILNo valid X-Frame-Options fallback is present.Review observed browser responses [warning]! One or more same-origin HTML documents observed by Chrome did not emit valid frame protection.INFOReview observed browser responsesINFOSample Chrome-observed same-origin responses observedResponseCount=41 sameOriginCount=36 htmlDocumentCount=1WARNCompare observed HTML frame protection actual={"missingOrInvalidFrameProtectionCount":1,"broadFrameAncestorsCount":0,"affected":[{"url":"https://templatefox.com/","status":200,"resourceType":"document","contentType":"text/html","contentSecurityPolicy":null,"contentSecurityPolicyReportOnly":null}]} expected="0 missing/invalid or broad same-origin HTML responses" issue="One or more same-origin HTML documents observed by Chrome did not emit valid frame protection."WARNOne or more same-origin HTML documents observed by Chrome did not emit valid frame protection.

Find Strict-Transport-Security [fail]! HTTPS response is missing Strict-Transport-Security.INFOFind Strict-Transport-SecurityINFORead Strict-Transport-Security header header="strict-transport-security" value="missing" effectiveValue=null duplicateHeaderValueCount=0FAILRequire HSTS header on HTTPS response actual="missing" expected="present" issue="HTTPS response is missing Strict-Transport-Security."FAILHTTPS response is missing Strict-Transport-Security.

Find X-Content-Type-Options [fail]! Browser-loadable response is missing X-Content-Type-Options.INFOFind X-Content-Type-OptionsINFORead X-Content-Type-Options header header="x-content-type-options" value="missing"FAILRequire nosniff header actual="missing" expected="present" issue="Browser-loadable response is missing X-Content-Type-Options."FAILBrowser-loadable response is missing X-Content-Type-Options.Review observed browser responses [warning]! One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.INFOReview observed browser responsesINFOSample Chrome-observed same-origin resources observedResponseCount=41 sameOriginCount=36 eligibleCount=36WARNCompare observed nosniff coverage actual={"missingNosniffCount":36,"malformedNosniffCount":0,"activeResourceMissingNosniffCount":32,"affected":[{"url":"https://templatefox.com/","status":200,"resourceType":"document","contentType":"text/html"},{"url":"https://templatefox.com/_next/static/media/icon-200.67fd2c4d.webp","status":200,"resourceType":"image","contentType":"image/webp"},{"url":"https://templatefox.com/_next/static/media/e4af272ccee01ff0-s.p.woff2","status":200,"resourceType":"font","contentType":"font/woff2"},{"url":"https://templatefox.com/_next/static/chunks/6619-0b4e298f5c44ef82.js","status":200,"resourceType":"script","contentType":"text/javascript"},{"url":"https://templatefox.com/_next/static/chunks/2619-024c323f8ca0f6aa.js","status":200,"resourceType":"script","contentType":"text/javascript"},{"url":"https://templatefox.com/_next/static/chunks/2521-390587e8db4ea7e0.js","status":200,"resourceType":"script","contentType":"text/javascript"},{"url":"https://templatefox.com/_next/static/chunks/webpack-87764a41c20d0b23.js","status":200,"resourceType":"script","contentType":"text/javascript"},{"url":"https://templatefox.com/_next/static/chunks/7704-87b61d994d79d34b.js","status":200,"resourceType":"script","contentType":"text/javascript"},{"url":"https://templatefox.com/_next/static/chunks/4bd1b696-100b9d70ed4e49c1.js","status":200,"resourceType":"script","contentType":"text/javascript"},{"url":"https://templatefox.com/_next/static/chunks/5707-191565f1b177e10d.js","status":200,"resourceType":"script","contentType":"text/javascript"},{"url":"https://templatefox.com/_next/static/chunks/107-bb32fe647a609fa0.js","status":200,"resourceType":"script","contentType":"text/javascript"},{"url":"https://templatefox.com/_next/static/chunks/8936-05d7ceb5b48f48b0.js","status":200,"resourceType":"script","contentType":"text/javascript"}]} expected="0 missing or malformed eligible same-origin responses" issue="One or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff."WARNOne or more same-origin active resources observed by Chrome did not emit X-Content-Type-Options: nosniff.

Validate declared usage preferences [warning]! Declared content usage preferences are valid but partial or include unrecognized extension terms.INFOValidate declared usage preferencesINFOParsing declared preferences into terms and values recordCount=1INFORecognized declaration formats formats=["legacy-content-signal"] sources=["robots.txt"]WARNCompare valid declarations to declared records actual=1 expected=">= 1 valid declaration with recognized preference terms" invalidRecords=[] warningRecords=[{"source":"robots.txt","directive":"Content-Signal","format":"legacy-content-signal","line":29,"preferences":["search=yes","ai-train=no"],"warnings":["Legacy Content-Signal declaration is partial; missing ai-input."]}]WARNLegacy Content-Signal declaration is partial; missing ai-input. record={"source":"robots.txt","directive":"Content-Signal","format":"legacy-content-signal","line":29,"preferences":["search=yes","ai-train=no"]}

Links [fail]! 1 links are missing accessible names.INFOLinksFAILCheck links evidence actual={"counts":{"links":101,"inaccessibleLinks":1,"nonCrawlableLinks":0,"genericLinks":0},"accessibleLinks":false} expected="semantic HTML evidence for this step"FAILLinks failed issue="1 links are missing accessible names."

Check API catalog HEAD Link header [warning]! HEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog".INFOCheck API catalog HEAD Link headerINFOSend HEAD request to API catalog path attempted=true statusCode=200 contentType="application/linkset+json; profile=\"https://www.rfc-editor.org/info/rfc9727\""WARNCompare HEAD Link rel=api-catalog count actual=0 expected="> 0"WARNHEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog". status="warning"

Find advertised IndexNow key location [informational]! No IndexNow key location was advertised in HTML, Link headers, or robots.txt.INFOFind advertised IndexNow key locationINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"WARNNo IndexNow key location was advertised in HTML, Link headers, or robots.txt.Fetch and validate IndexNow key file [informational]! No discoverable IndexNow key file was found.INFOFetch and validate IndexNow key fileINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"INFOFetch each advertised same-origin key file and validate filename/body matchFAILCompare valid IndexNow key file count actual=0 expected="> 0"WARNNo discoverable IndexNow key file was found.