api.helixa.xyz D · 58/100
16 passed 16 warnings 0 failed audit-mnf59na6
SSL / TLS Valid HTTPS · 235ms
x402 discovery /.well-known/x402.json found · base · payTo declared · 235ms
Agent discovery /.well-known/agent.json found but missing name · 229ms
llms.txt Found (1097 chars) · 232ms
security.txt Found · 234ms
CORS headers No CORS header (OK if server-to-server only) · 267ms
Security headers 5/5 present (all critical headers set) · 270ms
Response time 202ms avg · 202ms
MCP server /.well-known/mcp.json — 4 tools · 112ms
API endpoints 2 endpoints found
Error handling 404 JSON response · 274ms
x402 compliance No x402 payment gates found · 307ms
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 310ms
Documentation /docs found · 313ms
robots.txt AI crawlers 3 AI crawlers configured: GPTBot, ClaudeBot, Google-Extended · 498ms
AI plugin manifest No ai-plugin.json (optional for ChatGPT/LLM integration)
OpenAPI spec /openapi.json — 3.0.3, 12 paths, servers defined, auth documented · 314ms
Privacy / GDPR /privacy found (918 chars) · 348ms
Status / Health /health — status: ok · 184ms
EU AI Act disclosure No AI model card or disclosure endpoint
Travel Rule (FATF) No Travel Rule endpoint or VASP disclosure
A2A Protocol (Google) Agent Card — v1.0 · 354ms
DNSSEC No DNSSEC — domain is vulnerable to DNS spoofing
CAA Records No CAA records — any CA can issue certificates
DMARC / SPF No DMARC or SPF records found
Auth maturity No authentication detected — open API or check failed
API versioning No versioned paths or version headers found
Human oversight No human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service /terms found (859 chars) · 455ms
Content-Type JSON on 2/2 tested paths
Wallet trust 0x27E3...91Ea — trust 20/100 (verified) — EVM, no sanctions · 1820ms
ERC-8004 on-chain Could not verify 0x27E3...91Ea on-chain
58
16 issues to fix
Warning — 16
Agent discovery needs attention

/.well-known/agent.json found but missing name

CORS headers needs attention

No CORS header (OK if server-to-server only)

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

AI plugin manifest needs attention

No ai-plugin.json (optional for ChatGPT/LLM integration)

EU AI Act disclosure needs attention

No AI model card or disclosure endpoint

Travel Rule (FATF) needs attention

No Travel Rule endpoint or VASP disclosure

A2A Protocol (Google) needs attention

Agent Card — v1.0

DNSSEC needs attention

No DNSSEC — domain is vulnerable to DNS spoofing

CAA Records needs attention

No CAA records — any CA can issue certificates

DMARC / SPF needs attention

No DMARC or SPF records found

Auth maturity needs attention

No authentication detected — open API or check failed

API versioning needs attention

No versioned paths or version headers found

Human oversight needs attention

No human oversight / kill switch endpoint (EU AI Act Art. 14)

Wallet trust needs attention

0x27E3...91Ea — trust 20/100 (verified) — EVM, no sanctions

ERC-8004 on-chain needs attention

Could not verify 0x27E3...91Ea on-chain

Share on X Run new audit
🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Fix my API — $29 Current score: 58/100 → need 60+
Badge preview Shield preview
2026-03-31 21:44:04 UTC · getprobe.xyz