invy.xyz D · 54/100
13 passed 19 warnings 0 failed audit-mnen7lpk
SSL / TLS Valid HTTPS · 68d until expiry · 525ms
x402 discovery /.well-known/x402.json (non-JSON) · 524ms
Agent discovery /.well-known/agent.json not valid JSON · 526ms
llms.txt Found (1776 chars) · 534ms
security.txt Found · 533ms
CORS headers No CORS header (OK if server-to-server only) · 884ms
Security headers 0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy · 644ms
Response time 492ms avg · 492ms
MCP server /mcp/info responds · 887ms
API endpoints 4 endpoints found
Error handling Returns 200 for unknown paths · 890ms
x402 compliance No x402 payment gates found · 762ms
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 763ms
Documentation /docs found · 770ms
robots.txt AI crawlers robots.txt exists but no AI crawler rules · 1238ms
AI plugin manifest /.well-known/ai-plugin.json not valid JSON · 885ms
OpenAPI spec /openapi.json found but invalid JSON · 889ms
Privacy / GDPR /privacy found (114 chars) · 1002ms
Status / Health /status found · 1004ms
EU AI Act disclosure /.well-known/model-card.json found (114 chars) · 1006ms
Travel Rule (FATF) /.well-known/travel-rule.json found (non-JSON, 114 chars) · 1007ms
A2A Protocol (Google) agent.json found but invalid JSON · 1009ms
DNSSEC No DNSSEC — domain is vulnerable to DNS spoofing
CAA Records No CAA records — any CA can issue certificates
DMARC / SPF No DMARC or SPF records found
Auth maturity No authentication detected — open API or check failed
API versioning /v1
Human oversight /agent/stop — active (EU AI Act Art. 14) · 1217ms
Terms of Service /terms exists but very short · 1238ms
Content-Type API paths return HTML: /v1/ returns HTML, /api/ returns HTML
Wallet trust No wallet address found in x402 or agent.json
ERC-8004 on-chain No EVM wallet found to verify on-chain registration
54
19 issues to fix
Warning — 19
Agent discovery needs attention

/.well-known/agent.json not valid JSON

CORS headers needs attention

No CORS header (OK if server-to-server only)

Security headers needs attention

0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy

Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

robots.txt AI crawlers needs attention

robots.txt exists but no AI crawler rules

AI plugin manifest needs attention

/.well-known/ai-plugin.json not valid JSON

OpenAPI spec needs attention

/openapi.json found but invalid JSON

Travel Rule (FATF) needs attention

/.well-known/travel-rule.json found (non-JSON, 114 chars)

A2A Protocol (Google) needs attention

agent.json found but invalid JSON

DNSSEC needs attention

No DNSSEC — domain is vulnerable to DNS spoofing

CAA Records needs attention

No CAA records — any CA can issue certificates

DMARC / SPF needs attention

No DMARC or SPF records found

Auth maturity needs attention

No authentication detected — open API or check failed

Terms of Service needs attention

/terms exists but very short

Content-Type needs attention

API paths return HTML: /v1/ returns HTML, /api/ returns HTML

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

Share on X Run new audit
🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Fix my API — $29 Current score: 54/100 → need 60+
Badge preview Shield preview
2026-03-31 13:18:36 UTC · getprobe.xyz