SSL / TLS
Valid HTTPS · 653ms
x402 discovery
/.well-known/x402.json (non-JSON) · 650ms
Agent discovery
/.well-known/agent.json not valid JSON · 586ms
llms.txt
Found (453091 chars) · 812ms
security.txt
Not found · 1404ms
CORS headers
No CORS header (OK if server-to-server only) · 724ms
Security headers
3/5 — missing: content-security-policy · 773ms
Response time
701ms avg · 701ms
MCP server
No MCP endpoint found
API endpoints
1 endpoints found
Error handling
Returns 401 for unknown paths · 1542ms
x402 compliance
No x402 payment gates found · 913ms
Rate limiting
No rate-limit headers (may still be rate-limited server-side) · 939ms
Documentation
No documentation endpoint
robots.txt AI crawlers
robots.txt exists but no AI crawler rules · 1405ms
AI plugin manifest
/.well-known/ai-plugin.json not valid JSON · 961ms
OpenAPI spec
No OpenAPI/Swagger spec found
Privacy / GDPR
No privacy policy or GDPR endpoint
Status / Health
No status or health endpoint
EU AI Act disclosure
/.well-known/model-card.json found (1629 chars) · 1088ms
Travel Rule (FATF)
/.well-known/travel-rule.json found (non-JSON, 1629 chars) · 1107ms
A2A Protocol (Google)
agent.json found but invalid JSON · 1170ms
DNSSEC
No DNSSEC — domain is vulnerable to DNS spoofing
CAA Records
No CAA records — any CA can issue certificates
DMARC / SPF
No DMARC or SPF records found
Auth maturity
No authentication detected — open API or check failed
API versioning
/v1
Human oversight
/agent/stop — auth-protected (EU AI Act Art. 14) · 1744ms
Terms of Service
No Terms of Service endpoint found
Content-Type
No application/json responses (1 paths tested)
Wallet trust
No wallet address found in x402 or agent.json
ERC-8004 on-chain
No EVM wallet found to verify on-chain registration
Warning — 25Agent discovery needs attention/.well-known/agent.json not valid JSON
security.txt needs attentionNot found
CORS headers needs attentionNo CORS header (OK if server-to-server only)
Security headers needs attention3/5 — missing: content-security-policy
Response time needs attention701ms avg
MCP server needs attentionNo MCP endpoint found
Error handling needs attentionReturns 401 for unknown paths
x402 compliance needs attentionNo x402 payment gates found
Rate limiting needs attentionNo rate-limit headers (may still be rate-limited server-side)
Documentation needs attentionNo documentation endpoint
robots.txt AI crawlers needs attentionrobots.txt exists but no AI crawler rules
AI plugin manifest needs attention/.well-known/ai-plugin.json not valid JSON
OpenAPI spec needs attentionNo OpenAPI/Swagger spec found
Privacy / GDPR needs attentionNo privacy policy or GDPR endpoint
Status / Health needs attentionNo status or health endpoint
Travel Rule (FATF) needs attention/.well-known/travel-rule.json found (non-JSON, 1629 chars)
A2A Protocol (Google) needs attentionagent.json found but invalid JSON
DNSSEC needs attentionNo DNSSEC — domain is vulnerable to DNS spoofing
CAA Records needs attentionNo CAA records — any CA can issue certificates
DMARC / SPF needs attentionNo DMARC or SPF records found
Auth maturity needs attentionNo authentication detected — open API or check failed
Terms of Service needs attentionNo Terms of Service endpoint found
Content-Type needs attentionNo application/json responses (1 paths tested)
Wallet trust needs attentionNo wallet address found in x402 or agent.json
ERC-8004 on-chain needs attentionNo EVM wallet found to verify on-chain registration