SSL / TLS
Valid HTTPS · 997ms
x402 discovery
No x402 discovery found
Agent discovery
No agent.json found
llms.txt
HTTP 500 · 1002ms
security.txt
Not found · 1098ms
CORS headers
No CORS header (OK if server-to-server only) · 1290ms
Security headers
3/5 — missing: content-security-policy · 1300ms
Response time
1206ms avg — slow · 1206ms
MCP server
No MCP endpoint found
API endpoints
No standard endpoints
Error handling
Returns 500 for unknown paths · 1593ms
x402 compliance
No x402 payment gates found · 1496ms
Rate limiting
No rate-limit headers (may still be rate-limited server-side) · 1592ms
Documentation
No documentation endpoint
robots.txt AI crawlers
HTTP 500 · 2292ms
AI plugin manifest
No ai-plugin.json (optional for ChatGPT/LLM integration)
OpenAPI spec
No OpenAPI/Swagger spec found
Privacy / GDPR
No privacy policy or GDPR endpoint
Status / Health
No status or health endpoint
EU AI Act disclosure
No AI model card or disclosure endpoint
Travel Rule (FATF)
No Travel Rule endpoint or VASP disclosure
A2A Protocol (Google)
No agent.json for A2A discovery
DNSSEC
No DNSSEC — domain is vulnerable to DNS spoofing
CAA Records
1 CAA record(s) found
DMARC / SPF
No DMARC or SPF records found
Auth maturity
No authentication detected — open API or check failed
API versioning
/v1
Human oversight
No human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service
No Terms of Service endpoint found
Content-Type
No application/json responses (1 paths tested)
Wallet trust
No wallet address found in x402 or agent.json
ERC-8004 on-chain
No EVM wallet found to verify on-chain registration
Critical — 3x402 discovery failedNo x402 discovery found
Agent discovery failedNo agent.json found
Warning — 26security.txt needs attentionNot found
CORS headers needs attentionNo CORS header (OK if server-to-server only)
Security headers needs attention3/5 — missing: content-security-policy
Response time needs attention1206ms avg — slow
MCP server needs attentionNo MCP endpoint found
API endpoints needs attentionNo standard endpoints
Error handling needs attentionReturns 500 for unknown paths
x402 compliance needs attentionNo x402 payment gates found
Rate limiting needs attentionNo rate-limit headers (may still be rate-limited server-side)
Documentation needs attentionNo documentation endpoint
robots.txt AI crawlers needs attentionHTTP 500
AI plugin manifest needs attentionNo ai-plugin.json (optional for ChatGPT/LLM integration)
OpenAPI spec needs attentionNo OpenAPI/Swagger spec found
Privacy / GDPR needs attentionNo privacy policy or GDPR endpoint
Status / Health needs attentionNo status or health endpoint
EU AI Act disclosure needs attentionNo AI model card or disclosure endpoint
Travel Rule (FATF) needs attentionNo Travel Rule endpoint or VASP disclosure
A2A Protocol (Google) needs attentionNo agent.json for A2A discovery
DNSSEC needs attentionNo DNSSEC — domain is vulnerable to DNS spoofing
DMARC / SPF needs attentionNo DMARC or SPF records found
Auth maturity needs attentionNo authentication detected — open API or check failed
Human oversight needs attentionNo human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service needs attentionNo Terms of Service endpoint found
Content-Type needs attentionNo application/json responses (1 paths tested)
Wallet trust needs attentionNo wallet address found in x402 or agent.json
ERC-8004 on-chain needs attentionNo EVM wallet found to verify on-chain registration