Evaluate fetch baseline [fail]! default-src is present but not meaningfully restrictive.INFOEvaluate fetch baselineINFOEvaluate resource loading fallback defaultSrc=["'self'","https:"] explicitFetchDirectives=["img-src","object-src","script-src","style-src"]FAILCompare fetch baseline actual=["'self'","https:"] expected="restricted default-src or broad explicit fetch coverage" issue="default-src is present but not meaningfully restrictive."FAILdefault-src is present but not meaningfully restrictive.Evaluate script execution [fail]! script-src leaves script execution broadly unrestricted.INFOEvaluate script executionINFOInspect effective script directive effectiveDirective="script-src" sources=["'self'","'unsafe-inline'","https:"]FAILCompare script execution posture actual={"hasNonce":false,"hasHash":false,"hasStrictDynamic":false,"hasUnsafeInline":true,"hasUnsafeEval":false,"hasWildcardHost":false,"hasBroadScheme":true,"dangerousSchemes":[]} expected="constrained script sources without unsafe execution allowances" issue="script-src leaves script execution broadly unrestricted."FAILscript-src leaves script execution broadly unrestricted.Review hardening directives [warning]! CSP is missing recommended hardening directives: base-uri.INFOReview hardening directivesINFOInspect CSP hardening directives objectSrc=["'none'"] frameAncestors=["'self'"] formCount=0WARNCompare recommended hardening coverage actual=["base-uri"] expected="no missing object-src/base-uri/form-action requirements" issue="CSP is missing recommended hardening directives: base-uri."WARNCSP is missing recommended hardening directives: base-uri.Review CSP reporting [warning]! CSP does not define a reporting endpoint.INFOReview CSP reportingINFOInspect CSP reporting directives reportOnlyHeaderPresent=false reportOnlyDirectives=[]WARNCompare violation reporting configuration actual="no reporting endpoint" expected="report-to or report-uri present" issue="CSP does not define a reporting endpoint."WARNCSP does not define a reporting endpoint.

Fetch /ai.txt [fail]! /ai.txt returned HTTP 403.INFOFetch /ai.txtINFORequesting optional advisory policy file at /ai.txtFAILCompare /ai.txt HTTP response actual=403 expected="2xx when ai.txt is intentionally published; 404/410 means absent optional file" contentType="application/xml" length=111FAIL/ai.txt returned HTTP 403. statusCode=403Validate transport [warning]! ai.txt was served as application/xml; text/plain is preferred.INFOValidate transportINFOChecking ai.txt media type, size, line count, and whether the response looks like plain text contentType="application/xml" length=111 lineCount=2WARNCompare media type to preferred text/plain transport actual="application/xml" expected="text/plain preferred; readable text required"WARNai.txt was served as application/xml; text/plain is preferred. warnings=["ai.txt was served as application/xml; text/plain is preferred."]Parse ai.txt policy [warning]! ai.txt is present but does not follow the AI Visibility section model.INFOParse ai.txt policyINFODetecting ai.txt convention from bracket sections, frontmatter, headings, and ai.txt context linksINFODetected policy structure convention="unknown-text" sections=[] markdownHeadings=[]WARNCheck AI Visibility required sections actual="missing identity, permissions, restrictions" expected="identity, permissions, and restrictions" missingRecommended=["attribution","contact","content-types"]WARNai.txt is present but does not follow the AI Visibility section model.Validate policy content [fail]! ai.txt is too short to provide useful advisory policy guidance.INFOValidate policy contentINFOChecking required section content, permission/restriction language, attribution, contact details, and safety risks convention="unknown-text"INFODetected policy signals hasPermissionLanguage=false hasRestrictionLanguage=false hasTrainingLanguage=false hasAttributionLanguage=false hasContact=falseFAILCheck required and recommended section coverage actual={"missingRequired":["identity","permissions","restrictions"],"missingRecommended":["attribution","contact","content-types"]} expected={"missingRequired":[],"recommendedPresentWhenPossible":true}FAILai.txt is too short to provide useful advisory policy guidance.

Classify AI crawler rules [fail]! No explicit User-agent rules were found for major AI crawler tokens.INFOClassify AI crawler rulesINFOParsing User-agent groups and Allow/Disallow records for known AI crawler tokens evaluatedPath="/"INFOEvaluating exact User-agent matches before wildcard fallback exactAiPolicyCount=0 totalCrawlerTokens=18FAILNo explicit AI crawler User-agent groups were found examplesExpected=["GPTBot","OAI-SearchBot","ClaudeBot","Google-Extended","CCBot"]FAILCompare explicit AI crawler coverage actual=0 expected="> 0 explicit non-search AI crawler policies" missingTokens=["GPTBot","OAI-SearchBot","ChatGPT-User","ClaudeBot","Claude-SearchBot","Claude-User","Google-Extended","Applebot-Extended","Amazonbot","Amzn-SearchBot","Amzn-User","PerplexityBot"]INFOResolved effective root-path policy for crawler tokens blocked=0 allowed=21 unspecified=0