Probe Report — 0xarchive.xyz

0xarchive.xyz D · 57/100

11 passed 17 warnings 0 failed audit-mndk41vb

SSL / TLS Valid HTTPS · 900ms

x402 discovery /.well-known/x402.json (non-JSON) · 901ms

Agent discovery /.well-known/agent.json not valid JSON · 894ms

llms.txt Found (1796 chars) · 890ms

security.txt Found · 894ms

CORS headers No CORS header (OK if server-to-server only) · 1249ms

Security headers 0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy · 1016ms

Response time 567ms avg · 567ms

MCP server /mcp/info responds · 1015ms

API endpoints 6 endpoints found

Error handling Returns 200 for unknown paths · 1023ms

x402 compliance No x402 payment gates found · 1372ms

Rate limiting No rate-limit headers (may still be rate-limited server-side) · 1133ms

Documentation /docs found · 1371ms

robots.txt AI crawlers robots.txt exists but no AI crawler rules · 1378ms

AI plugin manifest /.well-known/ai-plugin.json not valid JSON · 1145ms

OpenAPI spec /openapi.json found but invalid JSON · 1251ms

Privacy / GDPR /privacy found (114 chars) · 1266ms

Status / Health /status found · 1368ms

EU AI Act disclosure /.well-known/model-card.json found (114 chars) · 1369ms

Travel Rule (FATF) /.well-known/travel-rule.json found (non-JSON, 114 chars) · 1383ms

A2A Protocol (Google) agent.json found but invalid JSON · 1486ms

DNSSEC No DNSSEC — domain is vulnerable to DNS spoofing

CAA Records No CAA records — any CA can issue certificates

DMARC / SPF SPF -all (strict)

Auth maturity OpenID Connect + x402 payment gate

Wallet trust No wallet address found in x402 or agent.json

ERC-8004 on-chain No EVM wallet found to verify on-chain registration

17 issues to fix

Warning — 17

Agent discovery needs attention

/.well-known/agent.json not valid JSON

CORS headers needs attention

No CORS header (OK if server-to-server only)

Security headers needs attention

0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy

Response time needs attention

567ms avg

Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

robots.txt AI crawlers needs attention

robots.txt exists but no AI crawler rules

AI plugin manifest needs attention

/.well-known/ai-plugin.json not valid JSON

OpenAPI spec needs attention

/openapi.json found but invalid JSON

Travel Rule (FATF) needs attention

/.well-known/travel-rule.json found (non-JSON, 114 chars)

A2A Protocol (Google) needs attention

agent.json found but invalid JSON

DNSSEC needs attention

No DNSSEC — domain is vulnerable to DNS spoofing

CAA Records needs attention

No CAA records — any CA can issue certificates

DMARC / SPF needs attention

SPF -all (strict)

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

Share on X Run new audit

🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Fix my API — $29 Current score: 57/100 → need 60+

2026-03-30 19:04:05 UTC · getprobe.xyz