Classify AI crawler rules [fail]! No explicit User-agent rules were found for major AI crawler tokens.INFOClassify AI crawler rulesINFOParsing User-agent groups and Allow/Disallow records for known AI crawler tokens evaluatedPath="/"INFOEvaluating exact User-agent matches before wildcard fallback exactAiPolicyCount=0 totalCrawlerTokens=18FAILNo explicit AI crawler User-agent groups were found examplesExpected=["GPTBot","OAI-SearchBot","ClaudeBot","Google-Extended","CCBot"]FAILCompare explicit AI crawler coverage actual=0 expected="> 0 explicit non-search AI crawler policies" missingTokens=["GPTBot","OAI-SearchBot","ChatGPT-User","ClaudeBot","Claude-SearchBot","Claude-User","Google-Extended","Applebot-Extended","Amazonbot","Amzn-SearchBot","Amzn-User","PerplexityBot"]INFOResolved effective root-path policy for crawler tokens blocked=0 allowed=21 unspecified=0

Discover MCP server card [warning]! The MCP server card was found only at a transitional or linked path.INFODiscover MCP server card candidateCount=5INFOBuild MCP server-card candidate list currentPath="/.well-known/mcp-server-card" transitionalPaths=["/.well-known/mcp/server-card.json","/.well-known/mcp/server-cards.json","/mcp.json","/.well-known/mcp.json"] linkedPaths=[]INFOTrying to fetch /.well-known/mcp-server-card url="https://tikmonitor.com/.well-known/mcp-server-card" source="current"FAIL/.well-known/mcp-server-card did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /.well-known/mcp/server-card.json url="https://tikmonitor.com/.well-known/mcp/server-card.json" source="transitional"PASS/.well-known/mcp/server-card.json returned a successful response statusCode=200 contentType="application/json; charset=utf-8" finalUrl="https://tikmonitor.com/.well-known/mcp/server-card.json"INFOTrying to fetch /.well-known/mcp/server-cards.json url="https://tikmonitor.com/.well-known/mcp/server-cards.json" source="transitional"FAIL/.well-known/mcp/server-cards.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /mcp.json url="https://tikmonitor.com/mcp.json" source="transitional"FAIL/mcp.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /.well-known/mcp.json url="https://tikmonitor.com/.well-known/mcp.json" source="transitional"FAIL/.well-known/mcp.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"WARNCheck selected card is published at the current well-known path actual="/.well-known/mcp/server-card.json" expected="/.well-known/mcp-server-card" source="transitional" finalUrl="https://tikmonitor.com/.well-known/mcp/server-card.json"WARNMCP server card was discovered through a transitional or linked path path="/.well-known/mcp/server-card.json" source="transitional" reason="The MCP server card was found only at a transitional or linked path."Validate server-card shape [fail]! MCP Server Card is missing required fields: protocolVersion.INFOValidate server-card shape profile="legacy-server-card"PASSCheck response body parsed as JSON actual=true expected=truePASSCheck Content-Type is JSON-compatible actual=true expected=trueWARNCheck recognized MCP server-card profile actual="legacy-server-card" expected="sep-2127-draft" reason="Document uses the transitional serverInfo/protocolVersion/transport metadata model."FAILCheck required card fields are present actual=1 expected=0 missing=["protocolVersion"]WARNCheck MCP server-card uses the current remotes[] profile without legacy compatibility warnings actual="2 compatibility warning(s)" expected="current sep-2127-draft card shape with no legacy compatibility warnings" warnings=["Card uses the transitional serverInfo/protocolVersion/transport shape instead of the current remotes[] model.","Static tools/resources/prompts are present; MCP primitives should normally be listed at runtime after connection."]FAILMCP server-card shape validation failed reason="MCP Server Card is missing required fields: protocolVersion."Validate HTTP delivery [warning]! CORS header Access-Control-Allow-Origin is absent.INFOValidate HTTP delivery finalUrl="https://tikmonitor.com/.well-known/mcp/server-card.json"PASSCheck server card returned HTTP 2xx actual=200 expected="200-299"PASSCheck card is served as JSON actual="application/json; charset=utf-8" expected="application/json or +json"PASSCheck card is served over HTTPS actual="https:" expected="https:"WARNCheck browser-readable CORS header actual="missing" expected="Access-Control-Allow-Origin present"PASSCheck cache header is present actual="public, max-age=3600" expected="Cache-Control present"WARNMCP server-card HTTP delivery has non-blocking issues issues=["CORS header Access-Control-Allow-Origin is absent."] reason="CORS header Access-Control-Allow-Origin is absent."

Discover RSL declarations [warning]! No RSL declarations were found.INFODiscover RSL declarationsINFOChecking robots.txt License records, HTTP Link rel=license headers, HTML license links, and inline RSL XML robotsFound=trueSKIPCount discovered RSL declarations actual=0 expected=">= 1 when RSL licensing terms are published" sources={}WARNNo RSL declarations were found on any supported discovery surface.

Fetch /.well-known/tdmrep.json [warning]! No TDMRep declaration was found at /.well-known/tdmrep.json.INFOFetch /.well-known/tdmrep.jsonINFORequesting origin-level TDMRep declaration at /.well-known/tdmrep.jsonWARNCompare TDMRep file response actual=404 expected="2xx with JSON array when origin-level TDMRep is published" contentType="text/html; charset=utf-8" length=10282WARNNo TDMRep declaration was found at /.well-known/tdmrep.json. 

Schema.org attribution [warning]! Schema.org attribution is incomplete or relies only on publisher/fallback evidence.INFOSchema.org attributionINFOChecking structured data for author, creator, and publisher contributorsWARNCheck named Schema.org author count actual=0 expected="> 0" authorCount=1 publisherCount=2 namedContributors=0 authors=[{"role":"author","id":"https://tikmonitor.com/#organization","sameAs":[],"format":"json-ld","mergedName":false}] publishers=[{"role":"publisher","id":"https://tikmonitor.com/#organization","sameAs":[],"format":"json-ld","mergedName":false},{"role":"publisher","id":"https://tikmonitor.com/#organization","sameAs":[],"format":"json-ld","mergedName":false}] formats=["json-ld"]WARNSchema.org attribution is incomplete or fallback-only authorCount=1 publisherCount=2 authors=[{"role":"author","id":"https://tikmonitor.com/#organization","sameAs":[],"format":"json-ld","mergedName":false}] publishers=[{"role":"publisher","id":"https://tikmonitor.com/#organization","sameAs":[],"format":"json-ld","mergedName":false},{"role":"publisher","id":"https://tikmonitor.com/#organization","sameAs":[],"format":"json-ld","mergedName":false}]Author identity quality [fail]! No named author or publisher identity could be extracted.INFOAuthor identity qualityINFOChecking contributors for stable identity signalsFAILCheck identified contributor count actual=0 expected="> 0" namedContributors=0 identifiedContributors=[] unidentifiedContributors=[{"role":"author","id":"https://tikmonitor.com/#organization","sameAs":[],"format":"json-ld","mergedName":false},{"role":"publisher","id":"https://tikmonitor.com/#organization","sameAs":[],"format":"json-ld","mergedName":false},{"role":"publisher","id":"https://tikmonitor.com/#organization","sameAs":[],"format":"json-ld","mergedName":false}]FAILNo named contributor identity could be extracted

Discover A2A Agent Card [warning]! The A2A Agent Card was found at a legacy or fallback path.INFODiscover A2A Agent CardINFOTry A2A discovery paths in priority order paths=["/.well-known/agent-card.json","/.well-known/agent.json","/agent-card.json","/.well-known/a2a/agent-card.json"]WARNA2A candidate path did not return a usable card path="/.well-known/agent-card.json" statusCode=404 contentType="text/html; charset=utf-8"PASSFound an A2A candidate path="/.well-known/agent.json" statusCode=200 contentType="application/json; charset=utf-8" bytes=1121WARNA2A candidate path did not return a usable card path="/agent-card.json" statusCode=404 contentType="text/html; charset=utf-8"WARNA2A candidate path did not return a usable card path="/.well-known/a2a/agent-card.json" statusCode=404 contentType="text/html; charset=utf-8"WARNSelected non-canonical A2A Agent Card path="/.well-known/agent.json" pathClass="legacy-a2a" requestedUrl="https://tikmonitor.com/.well-known/agent.json"WARNThe A2A Agent Card was found at a legacy or fallback path.Validate version-specific card shape [fail]! A2A Agent Card is missing required fields, contains invalid URLs, or exposes unsafe public metadata.INFOValidate version-specific card shapeFAILCompare missing required card fields actual="none" expected="none"FAILCheck every declared A2A skill has required name, description, and endpoint fields actual=2 expected=0 invalidSkills=[{"index":0,"id":"search","issues":["tags[]"]},{"index":1,"id":"contact","issues":["tags[]"]}]INFOReview declared endpoint interfaces interfaces=[{"url":"https://tikmonitor.com/api/mcp","protocolBinding":"unknown","issues":["unknown protocolBinding"]},{"url":"https://tikmonitor.com/api/rpc/contactForm/submit","protocolBinding":"HTTP+JSON","issues":[]}]FAILA2A Agent Card is missing required fields, contains invalid URLs, or exposes unsafe public metadata.Validate HTTP delivery [warning]! current A2A card is served at the legacy agent.json pathINFOValidate HTTP deliveryWARNCompare card Content-Type with JSON expectation actual="application/json; charset=utf-8" expected="application/json or +json"INFOReview selected discovery path path="/.well-known/agent.json" pathClass="legacy-a2a"WARNHTTP delivery/path warning warning="current A2A card is served at the legacy agent.json path"WARNcurrent A2A card is served at the legacy agent.json pathProbe same-origin A2A endpoint [fail]! The same-origin A2A endpoint did not return a valid A2A Message, Task, or authentication challenge.INFOProbe same-origin A2A endpointINFOProbe same-origin A2A endpoint when scanner policy allows itFAILA2A endpoint probe did not validate url="https://tikmonitor.com/message:send" statusCode=500 rpcError="Only HTML requests are supported here"FAILThe same-origin A2A endpoint did not return a valid A2A Message, Task, or authentication challenge.

Detect WebMCP runtime API [warning]! WebMCP-like strings were found, but rendered browser evidence did not confirm a usable runtime API.INFODetect WebMCP runtime API status="warning"INFOProbe rendered browser for WebMCP runtime objects WARNCheck current W3C runtime API actual="not detected" expected="document.modelContext/registerTool available"WARNWebMCP-like strings were found, but rendered browser evidence did not confirm a usable runtime API.Probe WebMCP operability [warning]! Static WebMCP runtime strings were found, but rendered browser probing did not confirm a runtime API.INFOProbe WebMCP operability status="warning"INFORun safe WebMCP operability checks safeProbeOnly=truePASSCheck usable WebMCP evidence actual=2 expected="at least 1 usable runtime, declarative, annotation, or static manifest signal"PASSUsable WebMCP surface confirmed evidence="Compatibility annotations are syntactically usable."PASSUsable WebMCP surface confirmed evidence="At least one static WebMCP JSON profile was fetchable and valid."WARNWebMCP operability warning warning="Static WebMCP runtime strings were found, but rendered browser probing did not confirm a runtime API."WARNStatic WebMCP runtime strings were found, but rendered browser probing did not confirm a runtime API.Validate declarative WebMCP form tools [informational]! No W3C-style declarative WebMCP form attributes were found.INFOValidate declarative WebMCP form tools status="informational"INFOInspect visible forms and controls for current declarative WebMCP attributes annotatedElements=0 formsWithAttributes=0 controlsWithAttributes=0SKIPValidate declarative WebMCP attribute quality actual=0 expected=0INFONo W3C-style declarative WebMCP form attributes were found. status="informational"Validate WebMCP tool metadata quality [warning]! WebMCP tool metadata has quality issues or profile warnings.INFOValidate WebMCP tool metadata quality status="warning"INFOInspect WebMCP tool names, descriptions, schemas, and safety hints toolCount=10WARNCheck tool metadata findings actual={"issueCount":4,"warningCount":0} expected="0 issues and 0 warnings"WARNTool metadata issue issue="<input name=\"query\"> tool is missing a name."WARNTool metadata issue issue="<input name=\"name\"> tool is missing a name."WARNTool metadata issue issue="<input name=\"email\"> tool is missing a name."WARNTool metadata issue issue="<textarea name=\"message\"> tool is missing a name."WARNWebMCP tool metadata has quality issues or profile warnings.

Validate metadata profile [warning]! revocation_endpoint is omitted.INFOValidate metadata profileINFOParsing and validating OAuth/OIDC metadata profile valid=true compatibleContentType=true profile="hybrid" missingCount=0 warningsCount=2 endpointIssuesCount=0 issuer="https://tikmonitor.com" authorizationEndpoint="https://tikmonitor.com/api/auth/mcp/authorize" tokenEndpoint="https://tikmonitor.com/api/auth/mcp/token"PASSCheck metadata profile was recognized actual="hybrid" expected="oauth-authorization-server, oidc, or hybrid"PASSCheck required metadata fields are present actual=0 expected=0 missing=[]WARNCheck OAuth metadata is fully usable by browser and agent clients actual="2 client-usage warning(s)" expected="no CORS, endpoint, or compatibility warnings" warnings=["revocation_endpoint is omitted.","introspection_endpoint is omitted."]WARNOAuth metadata client-usage warning warning="revocation_endpoint is omitted."WARNOAuth metadata client-usage warning warning="introspection_endpoint is omitted."WARNValidate metadata profile completed with warnings issue="revocation_endpoint is omitted."Validate discovery CORS [fail]! Discovery metadata did not include Access-Control-Allow-Origin: *, so browser-based clients may be unable to fetch it cross-origin.INFOValidate discovery CORSINFOChecking whether browser clients can read the public discovery document profile="hybrid" corsPresent=trueWARNCheck Access-Control-Allow-Origin header actual="missing" expected="present or wildcard for browser-readable discovery"FAILValidate discovery CORS failed issue="Discovery metadata did not include Access-Control-Allow-Origin: *, so browser-based clients may be unable to fetch it cross-origin."Probe authorization endpoint [fail]! authorization_endpoint did not behave like an operational OAuth authorization endpoint.INFOProbe authorization endpointINFOSafely probing advertised authorization endpoint shape url="https://tikmonitor.com/api/auth/mcp/authorize?response_type=code&client_id=can-agent-use-scanner&redirect_uri=https%3A%2F%2Fcan-agent-use.invalid%2Foauth%2Fcallback&scope=openid&state=can-agent-use-probe" method="GET" statusCode=302 location="/login?response_type=code&client_id=can-agent-use-scanner&redirect_uri=https%3A%2F%2Fcan-agent-use.invalid%2Foauth%2Fcallback&scope=openid&state=can-agent-use-probe" contentType="application/json"FAILCheck authorization endpoint responds with protocol-shaped result actual=302 expected="redirect or OAuth error response"FAILProbe authorization endpoint failed issue="authorization_endpoint did not behave like an operational OAuth authorization endpoint."Validate JWKS when required [fail]! jwks_uri did not return usable JWK entries for the advertised signing algorithms.INFOValidate JWKS when requiredINFOValidating advertised JWKS signing-key document jwksUri="https://tikmonitor.com/api/auth/mcp/jwks" statusCode=404 contentType=null corsPresent=trueFAILCheck valid JWK count actual=0 expected="> 0 when jwks_uri is advertised" warnings=[]FAILValidate JWKS when required failed issue="jwks_uri did not return usable JWK entries for the advertised signing algorithms."

Fetch and validate /auth.md [warning]INFOFetch and validate /auth.mdINFOFetch Auth.md-related resource path="/auth.md" statusCode=200 contentType="text/markdown; charset=utf-8" bytes=1816WARNCompare response Content-Type with expected Auth.md media type actual=true expected=trueWARNCompare Auth.md/OAuth metadata validation result actual=true expected=trueWARNCompare Auth.md content length actual=1711 expected=">= 80 characters"WARNAuth.md validation warning warning="missing agent_verified/user_claimed or claim ceremony guidance"WARNAuth.md step completed with warningsValidate Auth.md authorization metadata [warning]! OAuth authorization-server metadata did not include usable Auth.md v1 fields. agent_registration_endpoint issues: [{"field":"agent_registration_endpoint","issue":"Expected an absolute HTTPS URL."}]; missing credential_types_supported.INFOValidate Auth.md authorization metadataINFOFetch Auth.md-related resource path="/.well-known/oauth-authorization-server" statusCode=200 contentType="application/json" bytes=1265WARNCompare response Content-Type with expected Auth.md media type actual=true expected=trueWARNCompare Auth.md/OAuth metadata validation result actual=false expected=trueWARNCompare supported credential type count actual=0 expected="> 0"WARNAuth.md validation issue issue="OAuth authorization-server metadata did not include usable Auth.md v1 fields. agent_registration_endpoint issues: [{\"field\":\"agent_registration_endpoint\",\"issue\":\"Expected an absolute HTTPS URL.\"}]; missing credential_types_supported."WARNOAuth authorization-server metadata did not include usable Auth.md v1 fields. agent_registration_endpoint issues: [{"field":"agent_registration_endpoint","issue":"Expected an absolute HTTPS URL."}]; missing credential_types_supported.

Validate API catalog media type [warning]! The API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter.INFOValidate API catalog media typeWARNCompare API catalog media type actual="application/linkset+json" expected="application/linkset+json"WARNCompare RFC 9727 profile parameter actual=false expected=trueWARNThe API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter. status="warning"Validate API catalog targets [fail]! API catalog target https://tikmonitor.com/api/health (status) advertised application/json but returned text/plain.INFOValidate API catalog targetsINFOFetch same-origin API catalog targets and record same-site/external skipsPASSAPI catalog target is reachable rel="service-desc" href="https://tikmonitor.com/openapi.json" statusCode=200 contentType="application/json; charset=utf-8" advertisedType="application/json"PASSAPI catalog target is reachable rel="service-doc" href="https://tikmonitor.com/.well-known/webmcp.json" statusCode=200 contentType="application/json; charset=utf-8" advertisedType="application/json"FAILAPI catalog target failed validation rel="status" href="https://tikmonitor.com/api/health" statusCode=200 contentType="text/plain" advertisedType="application/json" typeMatches=falseFAILCompare API catalog target failure count actual=1 expected=0FAILAPI catalog target https://tikmonitor.com/api/health (status) advertised application/json but returned text/plain.

Validate Wildcard schema shape [warning]! agents.json uses a lightweight directory shape, not the Wildcard OpenAPI workflow contract.INFOValidate Wildcard schema shapeINFOParse agents.json and classify contract shape shape="legacy-directory"WARNCompare contract shape actual="legacy-directory" expected="wildcard"WARNCompare missing required schema fields actual="none" expected="none"WARNCompare Content-Type with JSON expectation actual=true expected=trueWARNSchema-shape warning warning="file uses the old lightweight agents directory shape, not Wildcard agents.json"WARNagents.json uses a lightweight directory shape, not the Wildcard OpenAPI workflow contract.Validate API actions [warning]! Legacy lightweight agents directory files do not contain Wildcard action definitions.INFOValidate API actionsFAILCompare API action count actual=0 expected="> 0"WARNCompare invalid action definitions actual=0 expected=0WARNLegacy lightweight agents directory files do not contain Wildcard action definitions.Validate flows and links [warning]! Legacy lightweight agents directory files do not contain Wildcard flows and links.INFOValidate flows and linksFAILCompare workflow flow count actual=0 expected="> 0"WARNCompare operation link issues actual=0 expected=0WARNLegacy lightweight agents directory files do not contain Wildcard flows and links.Review examples and LLM usability [warning]! Examples or descriptions are too thin for reliable agent argument generation.INFOReview examples and LLM usabilityWARNCompare usable example count actual=0 expected="> 0 when actions are present"WARNExamples or descriptions are too thin for reliable agent argument generation.

Validate HTTPS/SVCB shape [fail]! One or more DNS-AID records could not be parsed as usable HTTPS/SVCB ServiceMode records.INFOValidate HTTPS/SVCB shapeFAILCompare parsed DNS-AID record count actual=2 expected="> 0"FAILCompare ServiceMode record count actual=0 expected="> 0"FAILDNS-AID record has parse/shape warnings ownerName="_index._agents.tikmonitor.com" rrtype="SVCB" mode="unknown" warnings=["SvcPriority is missing or not numeric."]FAILDNS-AID record has parse/shape warnings ownerName="_a2a._agents.tikmonitor.com" rrtype="SVCB" mode="unknown" warnings=["SvcPriority is missing or not numeric."]FAILOne or more DNS-AID records could not be parsed as usable HTTPS/SVCB ServiceMode records.

Evaluate script execution [fail]! script-src leaves script execution broadly unrestricted.INFOEvaluate script executionINFOInspect effective script directive effectiveDirective="script-src" sources=["'self'","'unsafe-inline'","'unsafe-eval'","https:","blob:"]FAILCompare script execution posture actual={"hasNonce":false,"hasHash":false,"hasStrictDynamic":false,"hasUnsafeInline":true,"hasUnsafeEval":true,"hasWildcardHost":false,"hasBroadScheme":true,"dangerousSchemes":["blob:"]} expected="constrained script sources without unsafe execution allowances" issue="script-src leaves script execution broadly unrestricted."FAILscript-src leaves script execution broadly unrestricted.Review CSP reporting [warning]! CSP does not define a reporting endpoint.INFOReview CSP reportingINFOInspect CSP reporting directives reportOnlyHeaderPresent=false reportOnlyDirectives=[]WARNCompare violation reporting configuration actual="no reporting endpoint" expected="report-to or report-uri present" issue="CSP does not define a reporting endpoint."WARNCSP does not define a reporting endpoint.

Page landmarks [fail]! Expected exactly one visible main landmark; found 2.INFOPage landmarksFAILCheck page landmarks evidence actual={"counts":{"main":2,"roleMain":0,"nav":1,"roleNavigation":0,"header":9,"roleBanner":0,"footer":1,"pageFooter":1,"roleContentinfo":0},"main":false} expected="semantic HTML evidence for this step"FAILPage landmarks failed issue="Expected exactly one visible main landmark; found 2."

Validate skill entries [warning]! One or more Agent Skills entries have quality or trust warnings.INFOValidate skill entriesWARNCompare advertised skill count actual=1 expected="> 0"WARNCompare valid skill entry count actual=1 expected="same as advertised skill count"WARNSkill entry warning skill={"index":0,"valid":true,"name":"tikmonitor-live","type":"skill-md","description":"Watch any public TikTok Live with real-time viewer counts, diamond totals, chat history, and configurable alerts.","url":"https://tikmonitor.com/.well-known/agent-skills/tikmonitor-live/SKILL.md","digest":"sha256:4a47dfb9e1f878aabd9d6985c4052fa83a4ed656c621f29d8c689cae5e2f1818","resolvedUrl":"https://tikmonitor.com/.well-known/agent-skills/tikmonitor-live/SKILL.md","originClass":"same-origin","missing":[],"invalid":[],"warnings":["description should explain when to use the skill"]}WARNOne or more Agent Skills entries have quality or trust warnings.Validate skill content [warning]! description does not clearly state when an agent should activate the skill.INFOValidate skill contentWARNCompare skill artifact content failures actual=0 expected=0 name="tikmonitor-live" type="skill-md" url="https://tikmonitor.com/.well-known/agent-skills/tikmonitor-live/SKILL.md"WARNSkill content validation warning name="tikmonitor-live" warning="description does not clearly state when an agent should activate the skill."WARNSkill content validation warning name="tikmonitor-live" warning="SKILL.md body lacks obvious workflow, input/output, example, or validation guidance."WARNdescription does not clearly state when an agent should activate the skill.Review skill artifact security [warning]! SKILL.md references external URLs; fetched content is an additional trust boundary (https://tikmonitor.com/, https://tikmonitor.com/api/rpc/contactForm/submit, https://tikmonitor.com/openapi.json, https://tikmonitor.com/.well-known/webmcp.json).INFOReview skill artifact securityFAILCompare security finding count actual=1 expected=0WARNAgent Skills artifact security warning finding="SKILL.md references external URLs; fetched content is an additional trust boundary (https://tikmonitor.com/, https://tikmonitor.com/api/rpc/contactForm/submit, https://tikmonitor.com/openapi.json, https://tikmonitor.com/.well-known/webmcp.json)."WARNSKILL.md references external URLs; fetched content is an additional trust boundary (https://tikmonitor.com/, https://tikmonitor.com/api/rpc/contactForm/submit, https://tikmonitor.com/openapi.json, https://tikmonitor.com/.well-known/webmcp.json).

Validate metadata shape [warning]! Cache-Control guidance is absent for protected-resource metadata.INFOValidate metadata shapeINFOParsing and validating RFC 9728 protected-resource metadata valid=true compatibleContentType=true warningsCount=1 resource="https://tikmonitor.com" resourceIssuesCount=0 authorizationServersCount=1 authorizationServerIssuesCount=0 scopesSupportedCount=4 bearerMethodsSupportedCount=1PASSCheck metadata resource field is present actual="https://tikmonitor.com" expected="absolute protected resource identifier"PASSCheck required metadata field failures actual=0 expected=0 missing=[]WARNCheck protected-resource metadata is browser-readable and complete for OAuth clients actual="1 client-usage warning(s)" expected="no CORS, authorization-server, or compatibility warnings" warnings=["Cache-Control guidance is absent for protected-resource metadata."]WARNProtected-resource metadata client-usage warning warning="Cache-Control guidance is absent for protected-resource metadata."WARNValidate metadata shape completed with warnings issue="Cache-Control guidance is absent for protected-resource metadata."Validate protected resource challenge [warning]! No protected route with a 401 resource_metadata challenge was detected; metadata shape is valid but route linkage was not proven.INFOValidate protected resource challengeINFOProbing protected routes for WWW-Authenticate resource_metadata linkage checkedCount=5INFOChecked protected route challenge url="https://tikmonitor.com/api/rpc/contactForm/submit" statusCode=405 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://tikmonitor.com/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://tikmonitor.com" metadataResource="https://tikmonitor.com" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://tikmonitor.com/api/scans" statusCode=404 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://tikmonitor.com/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://tikmonitor.com" metadataResource="https://tikmonitor.com" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://tikmonitor.com/api/admin/scans" statusCode=404 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://tikmonitor.com/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://tikmonitor.com" metadataResource="https://tikmonitor.com" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://tikmonitor.com/api/admin/summary" statusCode=404 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://tikmonitor.com/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://tikmonitor.com" metadataResource="https://tikmonitor.com" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://tikmonitor.com/mcp" statusCode=404 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://tikmonitor.com/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://tikmonitor.com" metadataResource="https://tikmonitor.com" resourceMatches=true scopePresent=falseWARNCheck challenge includes resource_metadata linkage actual=5 expected="> 0 matching protected route challenges"WARNValidate protected resource challenge completed with warnings issue="No protected route with a 401 resource_metadata challenge was detected; metadata shape is valid but route linkage was not proven."

Probe sampled linked resources [warning]! Some sampled llms.txt links were broken, redirected unexpectedly, or did not return clearly agent-readable content.INFOProbe sampled linked resourcesINFOSelecting safe, useful links for bounded probing selectedCount=25PASSCheck probed links were attempted actual=25 expected="> 0"WARNCheck broken probed link count actual=2 expected=0PASSCheck agent-readable probed links actual=23 expected="> 0"WARNLinked resource probe validation completed with warnings reason="Some sampled llms.txt links were broken, redirected unexpectedly, or did not return clearly agent-readable content."Inspect optional llms-full.txt [informational]INFOInspect optional llms-full.txtINFOTrying to fetch /llms-full.txt url="https://tikmonitor.com/llms-full.txt"SKIP/llms-full.txt is not present statusCode=404

Check machine-usable details [warning]! OpenAPI is valid, but missing schemas, parameters, servers, auth, operation IDs, tags, or examples reduces machine usability.INFOCheck machine-usable details status="warning"INFOInspect machine-usable operation details hasServers=true hasSecuritySchemes=false hasExplicitNoAuth=false requestBodyOperationCount=117 parameterOperationCount=62 responseSchemaOperationCount=199 operationIdCount=141 taggedOperationCount=199 exampleOperationCount=1WARNCheck OpenAPI operations include enough detail for agents to call them safely actual="4 machine-usability warning(s)" expected="servers, auth/no-auth signals, operationIds, parameters, request bodies, responses, tags, and examples where relevant"WARNMachine-usability warning warning="No security schemes or explicit no-auth declaration were found."WARNMachine-usability warning warning="One or more operations are missing parameters or request bodies."WARNMachine-usability warning warning="One or more operations are missing operationId."WARNMachine-usability warning warning="One or more operations do not include examples."WARNOpenAPI is valid, but missing schemas, parameters, servers, auth, operation IDs, tags, or examples reduces machine usability.

Review observed browser responses [warning]! One or more same-origin HTML documents observed by Chrome did not emit valid frame protection.INFOReview observed browser responsesINFOSample Chrome-observed same-origin responses observedResponseCount=61 sameOriginCount=51 htmlDocumentCount=1WARNCompare observed HTML frame protection actual={"missingOrInvalidFrameProtectionCount":1,"broadFrameAncestorsCount":0,"affected":[{"url":"https://tikmonitor.com/","status":200,"resourceType":"document","contentType":"text/html; charset=utf-8","contentSecurityPolicy":"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' https: data:; connect-src 'self' https: wss:; media-src 'self' https: blob:; frame-src 'self' https:;","contentSecurityPolicyReportOnly":null}]} expected="0 missing/invalid or broad same-origin HTML responses" issue="One or more same-origin HTML documents observed by Chrome did not emit valid frame protection."WARNOne or more same-origin HTML documents observed by Chrome did not emit valid frame protection.

Review observed browser responses [warning]! One or more same-origin browser-observed responses had missing or non-conformant nosniff headers.INFOReview observed browser responsesINFOSample Chrome-observed same-origin resources observedResponseCount=61 sameOriginCount=51 eligibleCount=51WARNCompare observed nosniff coverage actual={"missingNosniffCount":1,"malformedNosniffCount":0,"activeResourceMissingNosniffCount":0,"affected":[{"url":"https://tikmonitor.com/cdn-cgi/speculation","status":200,"resourceType":"other","contentType":"application/speculationrules+json"}]} expected="0 missing or malformed eligible same-origin responses" issue="One or more same-origin browser-observed responses had missing or non-conformant nosniff headers."WARNOne or more same-origin browser-observed responses had missing or non-conformant nosniff headers.

Review preload opt-in [warning]! preload is present; verify hstspreload.org operational requirements before submission.INFOReview preload opt-inINFOInspect preload opt-in preload=true includeSubDomains=true maxAge=31536000WARNCompare header-level preload requirements actual="eligible by header" expected="preload + includeSubDomains + max-age >= 31536000" issue="preload is present; verify hstspreload.org operational requirements before submission."WARNpreload is present; verify hstspreload.org operational requirements before submission.

Find advertised IndexNow key location [informational]! No IndexNow key location was advertised in HTML, Link headers, or robots.txt.INFOFind advertised IndexNow key locationINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"WARNNo IndexNow key location was advertised in HTML, Link headers, or robots.txt.Fetch and validate IndexNow key file [informational]! No discoverable IndexNow key file was found.INFOFetch and validate IndexNow key fileINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"INFOFetch each advertised same-origin key file and validate filename/body matchFAILCompare valid IndexNow key file count actual=0 expected="> 0"WARNNo discoverable IndexNow key file was found.