Validate RFC 9309 core syntax [fail]! robots.txt was found but did not contain a valid, parseable User-agent group.INFOValidate RFC 9309 core syntaxINFOParsing robots.txt into User-agent groups and Allow/Disallow recordsPASSCheck User-agent group count actual=20 expected=">= 1 parseable group" parsedUserAgents=["*","Googlebot","Bingbot","GPTBot","ChatGPT-User","OAI-SearchBot","ClaudeBot","Claude-Web","Claude-User","Claude-SearchBot","Google-Extended","Googlebot-Extended"]FAILCheck malformed lines and orphan Allow/Disallow records actual={"invalidLines":0,"orphanRecords":2} expected={"invalidLines":0,"orphanRecords":0}FAILAllow/Disallow records appeared before any User-agent group orphanRecords=[{"directive":"allow","value":"/api/exam-catalog","line":11},{"directive":"allow","value":"/api/jobs","line":12}]

Warn when auth surface lacks Auth.md [warning]! The site appears to support login, signup, account access, or credentials but does not publish /auth.md.INFOWarn when auth surface lacks Auth.mdWARNThe site appears to support login, signup, account access, or credentials but does not publish /auth.md.

Discover RSL declarations [warning]! No RSL declarations were found.INFODiscover RSL declarationsINFOChecking robots.txt License records, HTTP Link rel=license headers, HTML license links, and inline RSL XML robotsFound=trueSKIPCount discovered RSL declarations actual=0 expected=">= 1 when RSL licensing terms are published" sources={}WARNNo RSL declarations were found on any supported discovery surface.

Fetch /.well-known/tdmrep.json [warning]! No TDMRep declaration was found at /.well-known/tdmrep.json.INFOFetch /.well-known/tdmrep.jsonINFORequesting origin-level TDMRep declaration at /.well-known/tdmrep.jsonWARNCompare TDMRep file response actual=404 expected="2xx with JSON array when origin-level TDMRep is published" contentType="text/html; charset=utf-8" length=28182WARNNo TDMRep declaration was found at /.well-known/tdmrep.json. 

Discover MCP server card [warning]! The MCP server card was found only at a transitional or linked path.INFODiscover MCP server card candidateCount=5INFOBuild MCP server-card candidate list currentPath="/.well-known/mcp-server-card" transitionalPaths=["/.well-known/mcp/server-card.json","/.well-known/mcp/server-cards.json","/mcp.json","/.well-known/mcp.json"] linkedPaths=[]INFOTrying to fetch /.well-known/mcp-server-card url="https://www.yourmocktest.com/.well-known/mcp-server-card" source="current"FAIL/.well-known/mcp-server-card did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /.well-known/mcp/server-card.json url="https://www.yourmocktest.com/.well-known/mcp/server-card.json" source="transitional"PASS/.well-known/mcp/server-card.json returned a successful response statusCode=200 contentType="application/json" finalUrl="https://www.yourmocktest.com/.well-known/mcp/server-card.json"INFOTrying to fetch /.well-known/mcp/server-cards.json url="https://www.yourmocktest.com/.well-known/mcp/server-cards.json" source="transitional"FAIL/.well-known/mcp/server-cards.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /mcp.json url="https://www.yourmocktest.com/mcp.json" source="transitional"FAIL/mcp.json did not return a usable server card statusCode=404 contentType="text/html; charset=utf-8"INFOTrying to fetch /.well-known/mcp.json url="https://www.yourmocktest.com/.well-known/mcp.json" source="transitional"PASS/.well-known/mcp.json returned a successful response statusCode=200 contentType="application/json" finalUrl="https://www.yourmocktest.com/.well-known/mcp.json"WARNCheck selected card is published at the current well-known path actual="/.well-known/mcp/server-card.json" expected="/.well-known/mcp-server-card" source="transitional" finalUrl="https://www.yourmocktest.com/.well-known/mcp/server-card.json"WARNMCP server card was discovered through a transitional or linked path path="/.well-known/mcp/server-card.json" source="transitional" reason="The MCP server card was found only at a transitional or linked path."Validate server-card shape [warning]! Card uses the transitional serverInfo/protocolVersion/transport shape instead of the current remotes[] model.INFOValidate server-card shape profile="legacy-server-card"PASSCheck response body parsed as JSON actual=true expected=truePASSCheck Content-Type is JSON-compatible actual=true expected=trueWARNCheck recognized MCP server-card profile actual="legacy-server-card" expected="sep-2127-draft" reason="Document uses the transitional serverInfo/protocolVersion/transport metadata model."PASSCheck required card fields are present actual=0 expected=0 missing=[]WARNCheck MCP server-card uses the current remotes[] profile without legacy compatibility warnings actual="1 compatibility warning(s)" expected="current sep-2127-draft card shape with no legacy compatibility warnings" warnings=["Card uses the transitional serverInfo/protocolVersion/transport shape instead of the current remotes[] model."]WARNMCP server-card shape is usable but needs migration or cleanup reason="Card uses the transitional serverInfo/protocolVersion/transport shape instead of the current remotes[] model."Validate HTTP delivery [warning]! CORS header Access-Control-Allow-Origin is absent.INFOValidate HTTP delivery finalUrl="https://www.yourmocktest.com/.well-known/mcp/server-card.json"PASSCheck server card returned HTTP 2xx actual=200 expected="200-299"PASSCheck card is served as JSON actual="application/json" expected="application/json or +json"PASSCheck card is served over HTTPS actual="https:" expected="https:"WARNCheck browser-readable CORS header actual="missing" expected="Access-Control-Allow-Origin present"PASSCheck cache header is present actual="public, max-age=3600, s-maxage=3600" expected="Cache-Control present"WARNMCP server-card HTTP delivery has non-blocking issues issues=["CORS header Access-Control-Allow-Origin is absent."] reason="CORS header Access-Control-Allow-Origin is absent."

Validate discovery index schema [fail]! Agent Skills index must use $schema https://schemas.agentskills.io/discovery/0.2.0/schema.json.INFOValidate discovery index schemaINFOParse Agent Skills index JSON validJson=true contentTypeCompatible=trueFAILCompare $schema URI actual="https://raw.githubusercontent.com/cloudflare/agent-skills-discovery-rfc/main/schema/index.schema.json" expected="https://schemas.agentskills.io/discovery/0.2.0/schema.json"FAILCompare top-level schema issue count actual=1 expected=0WARNCompare unknown top-level field count actual=1 expected=0FAILAgent Skills index must use $schema https://schemas.agentskills.io/discovery/0.2.0/schema.json.Validate skill entries [warning]! One or more Agent Skills entries have quality or trust warnings.INFOValidate skill entriesWARNCompare advertised skill count actual=1 expected="> 0"WARNCompare valid skill entry count actual=1 expected="same as advertised skill count"WARNSkill entry warning skill={"index":0,"valid":true,"name":"search-yourmocktest-exams","type":"skill-md","description":"Find exam pages, mock tests, guides, and preparation resources on YourMockTest.","url":"https://www.yourmocktest.com/.well-known/agent-skills/search-exams/SKILL.md","digest":"sha256:7eb6ae7410ad06579a3b1b4c4d63c45a88986ed9a6ab8c8166496a51715c4a35","resolvedUrl":"https://www.yourmocktest.com/.well-known/agent-skills/search-exams/SKILL.md","originClass":"same-origin","missing":[],"invalid":[],"warnings":["description should explain when to use the skill"]}WARNOne or more Agent Skills entries have quality or trust warnings.Validate skill content [fail]! SKILL.md is missing YAML frontmatter.INFOValidate skill contentFAILCompare skill artifact content failures actual=1 expected=0 name="search-yourmocktest-exams" type="skill-md" url="https://www.yourmocktest.com/.well-known/agent-skills/search-exams/SKILL.md"FAILSkill content validation failure name="search-yourmocktest-exams" failure="SKILL.md is missing YAML frontmatter."FAILSKILL.md is missing YAML frontmatter.Review skill artifact security [warning]! SKILL.md references external URLs; fetched content is an additional trust boundary (https://www.yourmocktest.com/exams?q={query}.).INFOReview skill artifact securityFAILCompare security finding count actual=1 expected=0WARNAgent Skills artifact security warning finding="SKILL.md references external URLs; fetched content is an additional trust boundary (https://www.yourmocktest.com/exams?q={query}.)."WARNSKILL.md references external URLs; fetched content is an additional trust boundary (https://www.yourmocktest.com/exams?q={query}.).

Query DNS-AID records [warning]! No DNS-AID HTTPS/SVCB records were found under _agents.INFOQuery DNS-AID recordsINFOBuild DNS-AID query names from hostname hostname="www.yourmocktest.com" labels=["_index._agents.www.yourmocktest.com","_a2a._agents.www.yourmocktest.com"] claimedOnPage=falseWARNDNS query returned no DNS-AID answers name="_index._agents.www.yourmocktest.com" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.www.yourmocktest.com" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_index._agents.www.yourmocktest.com" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _index._agents.www.yourmocktest.com"WARNDNS query returned no DNS-AID answers name="_a2a._agents.www.yourmocktest.com" rrtype="HTTPS" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.www.yourmocktest.com" rrtype="SVCB" resolver="cloudflare-doh-json" rcode=3 ad=false answerCount=0WARNDNS query returned no DNS-AID answers name="_a2a._agents.www.yourmocktest.com" rrtype="ANY" resolver="node-resolveAny-fallback" answerCount=0 error="queryAny ETIMEOUT _a2a._agents.www.yourmocktest.com"WARNCompare total DNS-AID answer count actual=0 expected="> 0"WARNNo DNS-AID HTTPS/SVCB records were found under _agents.Check DNSSEC authentication evidence [warning]! DNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.INFOCheck DNSSEC authentication evidenceWARNCompare DNSSEC authenticated-data flag actual=false expected=trueWARNCompare visible DNSSEC material actual=false expected=trueWARNResolver did not confirm authenticated DNSSEC data name="_index._agents.www.yourmocktest.com" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.www.yourmocktest.com" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.www.yourmocktest.com" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.www.yourmocktest.com" rrtype="HTTPS" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.www.yourmocktest.com" rrtype="SVCB" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.www.yourmocktest.com" rrtype="ANY" resolver="node-resolveAny-fallback" dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_index._agents.www.yourmocktest.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="_a2a._agents.www.yourmocktest.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="www.yourmocktest.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNResolver did not confirm authenticated DNSSEC data name="yourmocktest.com" rrtype="DNSKEY" resolver="cloudflare-doh-json" ad=false dnssecTypes=[]WARNDNSSEC authentication evidence was not visible for the DNS-AID labels or hostname.

Validate metadata profile [warning]! PKCE code_challenge_methods_supported is omitted.INFOValidate metadata profileINFOParsing and validating OAuth/OIDC metadata profile valid=true compatibleContentType=true profile="hybrid" missingCount=0 warningsCount=4 endpointIssuesCount=0 issuer="https://www.yourmocktest.com" authorizationEndpoint="https://www.yourmocktest.com/signin" tokenEndpoint="https://www.yourmocktest.com/api/auth/callback/credentials"PASSCheck metadata profile was recognized actual="hybrid" expected="oauth-authorization-server, oidc, or hybrid"PASSCheck required metadata fields are present actual=0 expected=0 missing=[]WARNCheck OAuth metadata is fully usable by browser and agent clients actual="4 client-usage warning(s)" expected="no CORS, endpoint, or compatibility warnings" warnings=["PKCE code_challenge_methods_supported is omitted.","response_modes_supported is omitted.","revocation_endpoint is omitted.","introspection_endpoint is omitted."]WARNOAuth metadata client-usage warning warning="PKCE code_challenge_methods_supported is omitted."WARNOAuth metadata client-usage warning warning="response_modes_supported is omitted."WARNOAuth metadata client-usage warning warning="revocation_endpoint is omitted."WARNOAuth metadata client-usage warning warning="introspection_endpoint is omitted."WARNValidate metadata profile completed with warnings issue="PKCE code_challenge_methods_supported is omitted."Validate discovery CORS [fail]! Discovery metadata did not include Access-Control-Allow-Origin: *, so browser-based clients may be unable to fetch it cross-origin.INFOValidate discovery CORSINFOChecking whether browser clients can read the public discovery document profile="hybrid" corsPresent=trueWARNCheck Access-Control-Allow-Origin header actual="missing" expected="present or wildcard for browser-readable discovery"FAILValidate discovery CORS failed issue="Discovery metadata did not include Access-Control-Allow-Origin: *, so browser-based clients may be unable to fetch it cross-origin."Probe authorization endpoint [fail]! authorization_endpoint did not behave like an operational OAuth authorization endpoint.INFOProbe authorization endpointINFOSafely probing advertised authorization endpoint shape url="https://www.yourmocktest.com/signin?response_type=code&client_id=can-agent-use-scanner&redirect_uri=https%3A%2F%2Fcan-agent-use.invalid%2Foauth%2Fcallback&scope=openid&state=can-agent-use-probe" method="GET" statusCode=200 location=null contentType="text/html; charset=utf-8" excerpt="<!DOCTYPE html><html lang=\"en\" class=\"font-sans __variable_246ccd\"><head><meta charSet=\"utf-8\"/><meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=5\"/><link rel=\"preload\" href=\"/_next/static/media/1f3fe8c6df3d47c1-s.p.woff2\" as=\"font\" crossorigin=\"\" type=\"font/woff2\"/>"FAILCheck authorization endpoint responds with protocol-shaped result actual=200 expected="redirect or OAuth error response"FAILProbe authorization endpoint failed issue="authorization_endpoint did not behave like an operational OAuth authorization endpoint."Validate JWKS when required [fail]! jwks_uri did not return usable JWK entries for the advertised signing algorithms.INFOValidate JWKS when requiredINFOValidating advertised JWKS signing-key document jwksUri="https://www.yourmocktest.com/.well-known/http-message-signatures-directory" statusCode=200 contentType="application/http-message-signatures-directory+json; charset=utf-8" keyCount=1 keysCount=1 keyWarningsCount=0 corsPresent=trueFAILCheck valid JWK count actual=0 expected="> 0 when jwks_uri is advertised" warnings=[]FAILValidate JWKS when required failed issue="jwks_uri did not return usable JWK entries for the advertised signing algorithms."

Schema.org attribution [warning]! Schema.org attribution is incomplete or relies only on publisher/fallback evidence.INFOSchema.org attributionINFOChecking structured data for author, creator, and publisher contributorsWARNCheck named Schema.org author count actual=0 expected="> 0" authorCount=1 publisherCount=2 namedContributors=0 authors=[{"role":"author","id":"https://www.yourmocktest.com/#organization","sameAs":[],"format":"json-ld","mergedName":false}] publishers=[{"role":"publisher","id":"https://www.yourmocktest.com/#organization","sameAs":[],"format":"json-ld","mergedName":false},{"role":"publisher","id":"https://www.yourmocktest.com/#organization","sameAs":[],"format":"json-ld","mergedName":false}] formats=["json-ld"]WARNSchema.org attribution is incomplete or fallback-only authorCount=1 publisherCount=2 authors=[{"role":"author","id":"https://www.yourmocktest.com/#organization","sameAs":[],"format":"json-ld","mergedName":false}] publishers=[{"role":"publisher","id":"https://www.yourmocktest.com/#organization","sameAs":[],"format":"json-ld","mergedName":false},{"role":"publisher","id":"https://www.yourmocktest.com/#organization","sameAs":[],"format":"json-ld","mergedName":false}]Author identity quality [fail]! No named author or publisher identity could be extracted.INFOAuthor identity qualityINFOChecking contributors for stable identity signalsFAILCheck identified contributor count actual=0 expected="> 0" namedContributors=0 identifiedContributors=[] unidentifiedContributors=[{"role":"author","id":"https://www.yourmocktest.com/#organization","sameAs":[],"format":"json-ld","mergedName":false},{"role":"publisher","id":"https://www.yourmocktest.com/#organization","sameAs":[],"format":"json-ld","mergedName":false},{"role":"publisher","id":"https://www.yourmocktest.com/#organization","sameAs":[],"format":"json-ld","mergedName":false}]FAILNo named contributor identity could be extracted

Validate Wildcard schema shape [warning]! agents.json uses a lightweight directory shape, not the Wildcard OpenAPI workflow contract.INFOValidate Wildcard schema shapeINFOParse agents.json and classify contract shape shape="legacy-directory"WARNCompare contract shape actual="legacy-directory" expected="wildcard"WARNCompare missing required schema fields actual="none" expected="none"WARNCompare Content-Type with JSON expectation actual=true expected=trueINFORecorded remote OpenAPI/schema reference reference="https://www.yourmocktest.com/.well-known/agent-card.json"WARNSchema-shape warning warning="file uses the old lightweight agents directory shape, not Wildcard agents.json"WARNagents.json uses a lightweight directory shape, not the Wildcard OpenAPI workflow contract.Validate API actions [warning]! Legacy lightweight agents directory files do not contain Wildcard action definitions.INFOValidate API actionsFAILCompare API action count actual=0 expected="> 0"WARNCompare invalid action definitions actual=0 expected=0WARNLegacy lightweight agents directory files do not contain Wildcard action definitions.Validate flows and links [warning]! Legacy lightweight agents directory files do not contain Wildcard flows and links.INFOValidate flows and linksFAILCompare workflow flow count actual=0 expected="> 0"WARNCompare operation link issues actual=0 expected=0WARNLegacy lightweight agents directory files do not contain Wildcard flows and links.Review examples and LLM usability [warning]! Examples or descriptions are too thin for reliable agent argument generation.INFOReview examples and LLM usabilityWARNCompare usable example count actual=0 expected="> 0 when actions are present"WARNExamples or descriptions are too thin for reliable agent argument generation.

Detect WebMCP runtime API [warning]! WebMCP-like strings were found, but rendered browser evidence did not confirm a usable runtime API.INFODetect WebMCP runtime API status="warning"INFOProbe rendered browser for WebMCP runtime objects WARNCheck current W3C runtime API actual="not detected" expected="document.modelContext/registerTool available"WARNWebMCP-like strings were found, but rendered browser evidence did not confirm a usable runtime API.Validate declarative WebMCP form tools [informational]! No W3C-style declarative WebMCP form attributes were found.INFOValidate declarative WebMCP form tools status="informational"INFOInspect visible forms and controls for current declarative WebMCP attributes annotatedElements=0 formsWithAttributes=0 controlsWithAttributes=0SKIPValidate declarative WebMCP attribute quality actual=0 expected=0INFONo W3C-style declarative WebMCP form attributes were found. status="informational"Validate WebMCP tool metadata quality [warning]! WebMCP tool metadata has quality issues or profile warnings.INFOValidate WebMCP tool metadata quality status="warning"INFOInspect WebMCP tool names, descriptions, schemas, and safety hints toolCount=6WARNCheck tool metadata findings actual={"issueCount":3,"warningCount":0} expected="0 issues and 0 warnings"WARNTool metadata issue issue="<input name=\"q\"> tool is missing a name."WARNTool metadata issue issue="<input name=\"exam-search\"> tool is missing a name."WARNTool metadata issue issue="<input name=\"email\"> tool is missing a name."WARNWebMCP tool metadata has quality issues or profile warnings.

Validate version-specific card shape [warning]! A2A Agent Card has compatibility warnings.INFOValidate version-specific card shapeWARNCompare missing required card fields actual="none" expected="none"WARNCheck every declared A2A skill has required name, description, and endpoint fields actual=0 expected=0 invalidSkills=[]INFOReview declared endpoint interfaces interfaces=[{"url":"https://www.yourmocktest.com/openapi.json","protocolBinding":"JSONRPC","issues":[]},{"url":"https://www.yourmocktest.com/.well-known/webmcp.json","protocolBinding":"JSONRPC","issues":[]}]WARNA2A Agent Card has compatibility warnings.Probe same-origin A2A endpoint [fail]! The same-origin A2A endpoint did not return a valid A2A Message, Task, or authentication challenge.INFOProbe same-origin A2A endpointINFOProbe same-origin A2A endpoint when scanner policy allows itFAILA2A endpoint probe did not validate url="https://www.yourmocktest.com/openapi.json" statusCode=405FAILThe same-origin A2A endpoint did not return a valid A2A Message, Task, or authentication challenge.

Validate CSP frame-ancestors [warning]! Frame protection relies only on X-Frame-Options; CSP frame-ancestors is the modern control.INFOValidate CSP frame-ancestorsINFORead CSP frame-ancestors signals enforcingHeaderPresent=true reportOnlyHeaderPresent=false metaFrameAncestors=false policyCount=1 duplicateDirectives=[]WARNCompare effective frame-ancestors directive actual="missing" expected="valid restrictive enforcing frame-ancestors" issue="Frame protection relies only on X-Frame-Options; CSP frame-ancestors is the modern control."WARNFrame protection relies only on X-Frame-Options; CSP frame-ancestors is the modern control.

Score llms.txt structure and usefulness [warning]! llms.txt is present, but its structure or link curation is weaker than the emerging proposal and production examples.INFOScore llms.txt structure and usefulnessINFOChecking recommended summary, sections, link labels, agent-friendly links, duplicates, and unsafe targetsPASSCheck blockquote summary is present actual=true expected=truePASSCheck H2 section count actual=6 expected="> 0"WARNCheck Markdown-formatted links actual=0 expected="> 0"PASSCheck unsafe/private link count actual=0 expected=0WARNllms.txt structure-quality validation completed with warnings reason="llms.txt is present, but its structure or link curation is weaker than the emerging proposal and production examples."Probe sampled linked resources [warning]! Some sampled llms.txt links were broken, redirected unexpectedly, or did not return clearly agent-readable content.INFOProbe sampled linked resourcesINFOSelecting safe, useful links for bounded probing selectedCount=11PASSCheck probed links were attempted actual=11 expected="> 0"WARNCheck broken probed link count actual=1 expected=0PASSCheck agent-readable probed links actual=10 expected="> 0"WARNLinked resource probe validation completed with warnings reason="Some sampled llms.txt links were broken, redirected unexpectedly, or did not return clearly agent-readable content."Inspect optional llms-full.txt [informational]INFOInspect optional llms-full.txtINFOTrying to fetch /llms-full.txt url="https://www.yourmocktest.com/llms-full.txt"PASS/llms-full.txt returned HTTP 2xx statusCode=200 contentType="text/plain; charset=utf-8" length=79494PASSCheck llms-full.txt content type is Markdown-compatible text actual="text/plain; charset=utf-8" expected="text/markdown, text/x-markdown, text/plain, or another Markdown text type"PASSCheck llms-full.txt looks like supplemental full corpus content actual=true expected=truePASSOptional llms-full.txt inspection recorded

Check API catalog HEAD Link header [warning]! HEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog".INFOCheck API catalog HEAD Link headerINFOSend HEAD request to API catalog path attempted=true statusCode=200 contentType="application/linkset+json; charset=utf-8"WARNCompare HEAD Link rel=api-catalog count actual=0 expected="> 0"WARNHEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog". status="warning"Validate API catalog media type [warning]! The API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter.INFOValidate API catalog media typeWARNCompare API catalog media type actual="application/linkset+json; charset=utf-8" expected="application/linkset+json"WARNCompare RFC 9727 profile parameter actual=false expected=trueWARNThe API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter. status="warning"

Evaluate script execution [warning]! script-src allows unsafe-inline without nonce or hash controls.INFOEvaluate script executionINFOInspect effective script directive effectiveDirective="script-src" sources=["'self'","'unsafe-inline'","'unsafe-eval'","https://checkout.razorpay.com","https://accounts.google.com","https://www.googletagmanager.com","https://*.google-analytics.com","https://www.youtube.com","https://fundingchoicesmessages.google.com","https://www.yourmocktest.com"]WARNCompare script execution posture actual={"hasNonce":false,"hasHash":false,"hasStrictDynamic":false,"hasUnsafeInline":true,"hasUnsafeEval":true,"hasWildcardHost":false,"hasBroadScheme":false,"dangerousSchemes":[]} expected="constrained script sources without unsafe execution allowances" issue="script-src allows unsafe-inline without nonce or hash controls."WARNscript-src allows unsafe-inline without nonce or hash controls.Review CSP reporting [warning]! CSP does not define a reporting endpoint.INFOReview CSP reportingINFOInspect CSP reporting directives reportOnlyHeaderPresent=false reportOnlyDirectives=[]WARNCompare violation reporting configuration actual="no reporting endpoint" expected="report-to or report-uri present" issue="CSP does not define a reporting endpoint."WARNCSP does not define a reporting endpoint.

Validate metadata shape [warning]! Access-Control-Allow-Origin is absent; browser-based clients may not be able to read metadata.INFOValidate metadata shapeINFOParsing and validating RFC 9728 protected-resource metadata valid=true compatibleContentType=true warningsCount=1 resource="https://www.yourmocktest.com" resourceIssuesCount=0 authorizationServersCount=1 authorizationServerIssuesCount=0 scopesSupportedCount=1 bearerMethodsSupportedCount=1PASSCheck metadata resource field is present actual="https://www.yourmocktest.com" expected="absolute protected resource identifier"PASSCheck required metadata field failures actual=0 expected=0 missing=[]WARNCheck protected-resource metadata is browser-readable and complete for OAuth clients actual="1 client-usage warning(s)" expected="no CORS, authorization-server, or compatibility warnings" warnings=["Access-Control-Allow-Origin is absent; browser-based clients may not be able to read metadata."]WARNProtected-resource metadata client-usage warning warning="Access-Control-Allow-Origin is absent; browser-based clients may not be able to read metadata."WARNValidate metadata shape completed with warnings issue="Access-Control-Allow-Origin is absent; browser-based clients may not be able to read metadata."Validate protected resource challenge [warning]! No protected route with a 401 resource_metadata challenge was detected; metadata shape is valid but route linkage was not proven.INFOValidate protected resource challengeINFOProbing protected routes for WWW-Authenticate resource_metadata linkage checkedCount=4INFOChecked protected route challenge url="https://www.yourmocktest.com/api/scans" statusCode=404 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://www.yourmocktest.com/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://www.yourmocktest.com" metadataResource="https://www.yourmocktest.com" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://www.yourmocktest.com/api/admin/scans" statusCode=404 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://www.yourmocktest.com/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://www.yourmocktest.com" metadataResource="https://www.yourmocktest.com" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://www.yourmocktest.com/api/admin/summary" statusCode=404 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://www.yourmocktest.com/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://www.yourmocktest.com" metadataResource="https://www.yourmocktest.com" resourceMatches=true scopePresent=falseINFOChecked protected route challenge url="https://www.yourmocktest.com/mcp" statusCode=404 wwwAuthenticate={"valid":false,"present":false,"params":{}} expectedMetadataUrl="https://www.yourmocktest.com/.well-known/oauth-protected-resource" metadataUrlMatches=true expectedResource="https://www.yourmocktest.com" metadataResource="https://www.yourmocktest.com" resourceMatches=true scopePresent=falseWARNCheck challenge includes resource_metadata linkage actual=4 expected="> 0 matching protected route challenges"WARNValidate protected resource challenge completed with warnings issue="No protected route with a 401 resource_metadata challenge was detected; metadata shape is valid but route linkage was not proven."

Page landmarks [fail]! Expected exactly one visible main landmark; found 2.INFOPage landmarksFAILCheck page landmarks evidence actual={"counts":{"main":2,"roleMain":0,"nav":1,"roleNavigation":0,"header":1,"roleBanner":0,"footer":1,"pageFooter":0,"roleContentinfo":0},"main":false} expected="semantic HTML evidence for this step"FAILPage landmarks failed issue="Expected exactly one visible main landmark; found 2."

Check machine-usable details [warning]! OpenAPI is valid, but missing schemas, parameters, servers, auth, operation IDs, tags, or examples reduces machine usability.INFOCheck machine-usable details status="warning"INFOInspect machine-usable operation details hasServers=true hasSecuritySchemes=false hasExplicitNoAuth=true requestBodyOperationCount=0 parameterOperationCount=2 responseSchemaOperationCount=6 operationIdCount=6 taggedOperationCount=0 exampleOperationCount=1WARNCheck OpenAPI operations include enough detail for agents to call them safely actual="3 machine-usability warning(s)" expected="servers, auth/no-auth signals, operationIds, parameters, request bodies, responses, tags, and examples where relevant"WARNMachine-usability warning warning="One or more operations are missing parameters or request bodies."WARNMachine-usability warning warning="One or more operations are missing tags."WARNMachine-usability warning warning="One or more operations do not include examples."WARNOpenAPI is valid, but missing schemas, parameters, servers, auth, operation IDs, tags, or examples reduces machine usability.

Inspect directory response signature binding [warning]! The directory response is not signed with RFC 9421 Signature and Signature-Input headers.INFOInspect directory response signature binding status="warning"INFOInspect RFC 9421 response signature headers signatureHeaderPresent=false signatureInputHeaderPresent=false labels=[]WARNCheck required signature binding parameters actual={} expected="Signature, Signature-Input, directory tag, keyid, created, and expires"WARNThe directory response is not signed with RFC 9421 Signature and Signature-Input headers.

Review preload opt-in [warning]! preload is present; verify hstspreload.org operational requirements before submission.INFOReview preload opt-inINFOInspect preload opt-in preload=true includeSubDomains=true maxAge=63072000WARNCompare header-level preload requirements actual="eligible by header" expected="preload + includeSubDomains + max-age >= 31536000" issue="preload is present; verify hstspreload.org operational requirements before submission."WARNpreload is present; verify hstspreload.org operational requirements before submission.

Check date validity and consistency [warning]! Sitemap lastmod dates and structured modified/upload dates do not appear to agree.INFOCheck date validity and consistencyINFOChecking collected freshness dates for invalid values, future dates, and inconsistent orderingWARNCheck critical freshness issue count actual=0 expected=0 warningIssueCount=1 issues=[{"severity":"warning","message":"Sitemap lastmod dates and structured modified/upload dates do not appear to agree.","details":{"left":[{"source":"sitemap","channel":"sitemap","property":"lastmod","value":"2026-06-14T17:08:26.724Z","parsed":"2026-06-14T17:08:26.724Z","where":"matching sitemap <lastmod> entry for this page URL"}],"right":[{"source":"json-ld","channel":"structured","property":"dateModified","value":"2026-05-20T00:00:00+05:30","parsed":"2026-05-19T18:30:00.000Z","location":"script[type=\"application/ld+json\"] > WebSite.dateModified","where":"JSON-LD structured data <script type=\"application/ld+json\"> property WebSite.dateModified","schemaTypes":["WebSite"]},{"source":"json-ld","channel":"structured","property":"dateModified","value":"2026-05-20T00:00:00+05:30","parsed":"2026-05-19T18:30:00.000Z","location":"script[type=\"application/ld+json\"] > SoftwareApplication.dateModified","where":"JSON-LD structured data <script type=\"application/ld+json\"> property SoftwareApplication.dateModified","schemaTypes":["SoftwareApplication"]}]}}]WARNFreshness dates have consistency warnings issues=["Sitemap lastmod dates and structured modified/upload dates do not appear to agree."] comparisons=[{"left":[{"source":"sitemap","channel":"sitemap","property":"lastmod","value":"2026-06-14T17:08:26.724Z","parsed":"2026-06-14T17:08:26.724Z","where":"matching sitemap <lastmod> entry for this page URL"}],"right":[{"source":"json-ld","channel":"structured","property":"dateModified","value":"2026-05-20T00:00:00+05:30","parsed":"2026-05-19T18:30:00.000Z","location":"script[type=\"application/ld+json\"] > WebSite.dateModified","where":"JSON-LD structured data <script type=\"application/ld+json\"> property WebSite.dateModified","schemaTypes":["WebSite"]},{"source":"json-ld","channel":"structured","property":"dateModified","value":"2026-05-20T00:00:00+05:30","parsed":"2026-05-19T18:30:00.000Z","location":"script[type=\"application/ld+json\"] > SoftwareApplication.dateModified","where":"JSON-LD structured data <script type=\"application/ld+json\"> property SoftwareApplication.dateModified","schemaTypes":["SoftwareApplication"]}]}]

Find advertised IndexNow key location [informational]! No IndexNow key location was advertised in HTML, Link headers, or robots.txt.INFOFind advertised IndexNow key locationINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"WARNNo IndexNow key location was advertised in HTML, Link headers, or robots.txt.Fetch and validate IndexNow key file [informational]! No discoverable IndexNow key file was found.INFOFetch and validate IndexNow key fileINFOLook for IndexNow key hints in HTML, Link headers, and robots.txt supportedHints=["robots.txt IndexNow-Key","rel=indexnow-key","meta name=indexnow-key-location"]PASSCompare advertised key location count actual=0 expected="> 0"INFOFetch each advertised same-origin key file and validate filename/body matchFAILCompare valid IndexNow key file count actual=0 expected="> 0"WARNNo discoverable IndexNow key file was found.