grove.city F · 49/100
12 passed 19 warnings 1 failed audit-mnfns87q
SSL / TLS Valid HTTPS · 261ms
x402 discovery No x402 discovery found
Agent discovery /agent.json not valid JSON · 1264ms
llms.txt Found (5827 chars) · 728ms
security.txt Found · 686ms
CORS headers No CORS header (OK if server-to-server only) · 450ms
Security headers 4/5 — missing: content-security-policy · 455ms
Response time 1086ms avg — slow · 1086ms
MCP server /mcp responds · 1201ms
API endpoints 1 endpoints found
Error handling Returns 200 for unknown paths · 912ms
x402 compliance No x402 payment gates found · 931ms
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 1068ms
Documentation /docs found · 2709ms
robots.txt AI crawlers 8 AI crawlers configured: GPTBot, ClaudeBot, Claude-Web, ChatGPT-User, Anthropic, Google-Extended, PerplexityBot, Bytespider · 1958ms
AI plugin manifest /ai-plugin.json not valid JSON · 1178ms
OpenAPI spec /openapi.json found but invalid JSON · 1265ms
Privacy / GDPR /privacy found (122731 chars) · 1370ms
Status / Health /status found · 1370ms
EU AI Act disclosure /model-card.json found (61841 chars) · 1276ms
Travel Rule (FATF) /travel-rule found (non-JSON, 61833 chars) · 1254ms
A2A Protocol (Google) No agent.json for A2A discovery
DNSSEC DNSSEC check failed
CAA Records No CAA records — any CA can issue certificates
DMARC / SPF DMARC p=quarantine · SPF ~all (softfail)
Auth maturity No authentication detected — open API or check failed
API versioning /v1
Human oversight No human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service /terms found (140850 chars) · 1675ms
Content-Type No application/json responses (1 paths tested)
Wallet trust No wallet address found in x402 or agent.json
ERC-8004 on-chain No EVM wallet found to verify on-chain registration
49
20 issues to fix
Critical — 1
x402 discovery failed

No x402 discovery found

Warning — 19
Agent discovery needs attention

/agent.json not valid JSON

CORS headers needs attention

No CORS header (OK if server-to-server only)

Security headers needs attention

4/5 — missing: content-security-policy

Response time needs attention

1086ms avg — slow

Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

AI plugin manifest needs attention

/ai-plugin.json not valid JSON

OpenAPI spec needs attention

/openapi.json found but invalid JSON

Travel Rule (FATF) needs attention

/travel-rule found (non-JSON, 61833 chars)

A2A Protocol (Google) needs attention

No agent.json for A2A discovery

DNSSEC needs attention

DNSSEC check failed

CAA Records needs attention

No CAA records — any CA can issue certificates

DMARC / SPF needs attention

DMARC p=quarantine · SPF ~all (softfail)

Auth maturity needs attention

No authentication detected — open API or check failed

Human oversight needs attention

No human oversight / kill switch endpoint (EU AI Act Art. 14)

Content-Type needs attention

No application/json responses (1 paths tested)

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

🔧 Fix 1 failing checks automatically

Probe Autofix connects to your GitHub repo and creates a PR with all the fixes. DNS fixes are applied directly via Cloudflare API. No manual coding needed.

⚡ Fix my API — $29 or included in Pro plan
Share on X Run new audit
🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Fix my API — $29 Current score: 49/100 → need 60+
Badge preview Shield preview
2026-04-01 06:22:24 UTC · getprobe.xyz