SSL / TLS
HTTPS failed · 425ms
x402 discovery
No x402 discovery found
Agent discovery
/.well-known/agent.json not valid JSON · 1120ms
llms.txt
Not reachable · 138ms
security.txt
Not found · 149ms
CORS headers
No CORS header (OK if server-to-server only) · 1181ms
Security headers
3/5 — missing: strict-transport-security · 1022ms
Response time
988ms avg · 988ms
MCP server
/mcp/info responds · 1063ms
API endpoints
1 endpoints found
Error handling
Returns 200 for unknown paths · 1761ms
x402 compliance
No x402 payment gates found · 1318ms
Rate limiting
No rate-limit headers (may still be rate-limited server-side) · 1340ms
Documentation
No documentation endpoint
robots.txt AI crawlers
No AI crawler directives (GPTBot, ClaudeBot, etc.) · 1932ms
AI plugin manifest
/.well-known/ai-plugin.json not valid JSON · 1970ms
OpenAPI spec
/openapi.json found but invalid JSON · 1931ms
Privacy / GDPR
/privacy found (12229 chars) · 1961ms
Status / Health
/status found · 2597ms
EU AI Act disclosure
/.well-known/model-card.json found (12229 chars) · 2466ms
Travel Rule (FATF)
/.well-known/travel-rule.json found (non-JSON, 12229 chars) · 2729ms
A2A Protocol (Google)
agent.json found but invalid JSON · 2240ms
DNSSEC
DNSSEC check failed
CAA Records
No CAA records — any CA can issue certificates
DMARC / SPF
SPF -all (strict)
Auth maturity
No authentication detected — open API or check failed
API versioning
No versioned paths or version headers found
Human oversight
No human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service
No Terms of Service endpoint found
Content-Type
Could not test endpoints
Wallet trust
No wallet address found in x402 or agent.json
ERC-8004 on-chain
No EVM wallet found to verify on-chain registration
Critical — 3SSL / TLS failedHTTPS failed
x402 discovery failedNo x402 discovery found
llms.txt failedNot reachable
Warning — 24Agent discovery needs attention/.well-known/agent.json not valid JSON
security.txt needs attentionNot found
CORS headers needs attentionNo CORS header (OK if server-to-server only)
Security headers needs attention3/5 — missing: strict-transport-security
Response time needs attention988ms avg
Error handling needs attentionReturns 200 for unknown paths
x402 compliance needs attentionNo x402 payment gates found
Rate limiting needs attentionNo rate-limit headers (may still be rate-limited server-side)
Documentation needs attentionNo documentation endpoint
robots.txt AI crawlers needs attentionNo AI crawler directives (GPTBot, ClaudeBot, etc.)
AI plugin manifest needs attention/.well-known/ai-plugin.json not valid JSON
OpenAPI spec needs attention/openapi.json found but invalid JSON
Travel Rule (FATF) needs attention/.well-known/travel-rule.json found (non-JSON, 12229 chars)
A2A Protocol (Google) needs attentionagent.json found but invalid JSON
DNSSEC needs attentionDNSSEC check failed
CAA Records needs attentionNo CAA records — any CA can issue certificates
DMARC / SPF needs attentionSPF -all (strict)
Auth maturity needs attentionNo authentication detected — open API or check failed
API versioning needs attentionNo versioned paths or version headers found
Human oversight needs attentionNo human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service needs attentionNo Terms of Service endpoint found
Content-Type needs attentionCould not test endpoints
Wallet trust needs attentionNo wallet address found in x402 or agent.json
ERC-8004 on-chain needs attentionNo EVM wallet found to verify on-chain registration