walletiq.xyz D · 55/100
13 passed 19 warnings 0 failed audit-mnf0h8g5
SSL / TLS Valid HTTPS · 479ms
x402 discovery /.well-known/x402.json (non-JSON) · 488ms
Agent discovery /.well-known/agent.json not valid JSON · 482ms
llms.txt Found (68 chars) · 482ms
security.txt Found · 484ms
CORS headers No CORS header (OK if server-to-server only) · 837ms
Security headers 0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy · 600ms
Response time 437ms avg · 437ms
MCP server /mcp/info responds · 602ms
API endpoints 4 endpoints found
Error handling Returns 200 for unknown paths · 605ms
x402 compliance No x402 payment gates found · 719ms
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 719ms
Documentation /docs found · 721ms
robots.txt AI crawlers robots.txt exists but no AI crawler rules · 966ms
AI plugin manifest /.well-known/ai-plugin.json not valid JSON · 724ms
OpenAPI spec /openapi.json found but invalid JSON · 837ms
Privacy / GDPR /privacy found (114 chars) · 838ms
Status / Health /status found · 839ms
EU AI Act disclosure /.well-known/model-card.json found (114 chars) · 843ms
Travel Rule (FATF) /.well-known/travel-rule.json found (non-JSON, 114 chars) · 955ms
A2A Protocol (Google) agent.json found but invalid JSON · 955ms
DNSSEC No DNSSEC — domain is vulnerable to DNS spoofing
CAA Records No CAA records — any CA can issue certificates
DMARC / SPF DMARC p=quarantine
Auth maturity No authentication detected — open API or check failed
API versioning /v1
Human oversight /agent/stop — active (EU AI Act Art. 14) · 1073ms
Terms of Service /terms exists but very short · 1074ms
Content-Type API paths return HTML: /v1/ returns HTML, /api/ returns HTML
Wallet trust No wallet address found in x402 or agent.json
ERC-8004 on-chain No EVM wallet found to verify on-chain registration
55
19 issues to fix
Warning — 19
Agent discovery needs attention

/.well-known/agent.json not valid JSON

CORS headers needs attention

No CORS header (OK if server-to-server only)

Security headers needs attention

0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy

Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

robots.txt AI crawlers needs attention

robots.txt exists but no AI crawler rules

AI plugin manifest needs attention

/.well-known/ai-plugin.json not valid JSON

OpenAPI spec needs attention

/openapi.json found but invalid JSON

Travel Rule (FATF) needs attention

/.well-known/travel-rule.json found (non-JSON, 114 chars)

A2A Protocol (Google) needs attention

agent.json found but invalid JSON

DNSSEC needs attention

No DNSSEC — domain is vulnerable to DNS spoofing

CAA Records needs attention

No CAA records — any CA can issue certificates

DMARC / SPF needs attention

DMARC p=quarantine

Auth maturity needs attention

No authentication detected — open API or check failed

Terms of Service needs attention

/terms exists but very short

Content-Type needs attention

API paths return HTML: /v1/ returns HTML, /api/ returns HTML

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

Share on X Run new audit
🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Fix my API — $29 Current score: 55/100 → need 60+
Badge preview Shield preview
2026-03-31 19:30:00 UTC · getprobe.xyz