blockrun.ai F · 40/100
10 passed 21 warnings 1 failed audit-mnfmt6eq
SSL / TLS Valid HTTPS · 316ms
x402 discovery /.well-known/x402 found · v2 · 739ms
Agent discovery No agent.json found
llms.txt Found (2450 chars) · 332ms
security.txt Not found · 321ms
CORS headers No CORS header (OK if server-to-server only) · 466ms
Security headers 0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy · 477ms
Response time 553ms avg · 553ms
MCP server No MCP endpoint found
API endpoints 2 endpoints found
Error handling 404 returned · 589ms
x402 compliance No x402 payment gates found · 629ms
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 655ms
Documentation /docs found · 630ms
robots.txt AI crawlers 8 AI crawlers configured: GPTBot, ClaudeBot, Claude-Web, ChatGPT-User, Anthropic, Google-Extended, PerplexityBot, Bytespider · 699ms
AI plugin manifest No ai-plugin.json (optional for ChatGPT/LLM integration)
OpenAPI spec /openapi.json — 3.1.0, 16 paths, servers defined · 795ms
Privacy / GDPR /privacy found (60915 chars) · 779ms
Status / Health No status or health endpoint
EU AI Act disclosure No AI model card or disclosure endpoint
Travel Rule (FATF) No Travel Rule endpoint or VASP disclosure
A2A Protocol (Google) No agent.json for A2A discovery
DNSSEC DNSSEC check failed
CAA Records No CAA records — any CA can issue certificates
DMARC / SPF No DMARC or SPF records found
Auth maturity No authentication detected — open API or check failed
API versioning No versioned paths or version headers found
Human oversight No human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service /terms found (37039 chars) · 959ms
Content-Type API paths return HTML: /v1/ returns HTML
Wallet trust No wallet address found in x402 or agent.json
ERC-8004 on-chain No EVM wallet found to verify on-chain registration
40
22 issues to fix
Critical — 1
Agent discovery failed

No agent.json found

Warning — 21
security.txt needs attention

Not found

CORS headers needs attention

No CORS header (OK if server-to-server only)

Security headers needs attention

0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy

Response time needs attention

553ms avg

MCP server needs attention

No MCP endpoint found

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

AI plugin manifest needs attention

No ai-plugin.json (optional for ChatGPT/LLM integration)

Status / Health needs attention

No status or health endpoint

EU AI Act disclosure needs attention

No AI model card or disclosure endpoint

Travel Rule (FATF) needs attention

No Travel Rule endpoint or VASP disclosure

A2A Protocol (Google) needs attention

No agent.json for A2A discovery

DNSSEC needs attention

DNSSEC check failed

CAA Records needs attention

No CAA records — any CA can issue certificates

DMARC / SPF needs attention

No DMARC or SPF records found

Auth maturity needs attention

No authentication detected — open API or check failed

API versioning needs attention

No versioned paths or version headers found

Human oversight needs attention

No human oversight / kill switch endpoint (EU AI Act Art. 14)

Content-Type needs attention

API paths return HTML: /v1/ returns HTML

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

🔧 Fix 1 failing checks automatically

Probe Autofix connects to your GitHub repo and creates a PR with all the fixes. DNS fixes are applied directly via Cloudflare API. No manual coding needed.

⚡ Fix my API — $29 or included in Pro plan
Share on X Run new audit
🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Fix my API — $29 Current score: 40/100 → need 60+
Badge preview Shield preview
2026-04-01 05:55:09 UTC · getprobe.xyz