api.marqeta.com F · 40/100
10 passed 22 warnings 0 failed audit-mnfo8405
SSL / TLS Valid HTTPS · 1107ms
x402 discovery /.well-known/x402.json (non-JSON) · 752ms
Agent discovery /.well-known/agent.json not valid JSON · 1227ms
llms.txt Found (176101 chars) · 1000ms
security.txt Found · 788ms
CORS headers No CORS header (OK if server-to-server only) · 1632ms
Security headers 2/5 — missing: content-security-policy · 1958ms
Response time 1016ms avg — slow · 1016ms
MCP server /mcp/info responds · 1261ms
API endpoints 1 endpoints found
Error handling Returns 200 for unknown paths · 1287ms
x402 compliance No x402 payment gates found · 1685ms
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 1552ms
Documentation /docs found · 1678ms
robots.txt AI crawlers Not reachable · 133ms
AI plugin manifest /.well-known/ai-plugin.json not valid JSON · 2217ms
OpenAPI spec /openapi.json found but invalid JSON · 1796ms
Privacy / GDPR No privacy policy or GDPR endpoint
Status / Health /status found · 2041ms
EU AI Act disclosure /.well-known/model-card.json found (176101 chars) · 2218ms
Travel Rule (FATF) No Travel Rule endpoint or VASP disclosure
A2A Protocol (Google) No agent.json for A2A discovery
DNSSEC DNSSEC check failed
CAA Records 2 CAA record(s) found on api.marqeta.com
DMARC / SPF No DMARC or SPF records found
Auth maturity No authentication detected — open API or check failed
API versioning No versioned paths or version headers found
Human oversight No human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service No Terms of Service endpoint found
Content-Type Could not test endpoints
Wallet trust No wallet address found in x402 or agent.json
ERC-8004 on-chain No EVM wallet found to verify on-chain registration
40
22 issues to fix
Warning — 22
Agent discovery needs attention

/.well-known/agent.json not valid JSON

CORS headers needs attention

No CORS header (OK if server-to-server only)

Security headers needs attention

2/5 — missing: content-security-policy

Response time needs attention

1016ms avg — slow

Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

robots.txt AI crawlers needs attention

Not reachable

AI plugin manifest needs attention

/.well-known/ai-plugin.json not valid JSON

OpenAPI spec needs attention

/openapi.json found but invalid JSON

Privacy / GDPR needs attention

No privacy policy or GDPR endpoint

Travel Rule (FATF) needs attention

No Travel Rule endpoint or VASP disclosure

A2A Protocol (Google) needs attention

No agent.json for A2A discovery

DNSSEC needs attention

DNSSEC check failed

DMARC / SPF needs attention

No DMARC or SPF records found

Auth maturity needs attention

No authentication detected — open API or check failed

API versioning needs attention

No versioned paths or version headers found

Human oversight needs attention

No human oversight / kill switch endpoint (EU AI Act Art. 14)

Terms of Service needs attention

No Terms of Service endpoint found

Content-Type needs attention

Could not test endpoints

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

Share on X Run new audit
🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Fix my API — $29 Current score: 40/100 → need 60+
Badge preview Shield preview
2026-04-01 06:34:45 UTC · getprobe.xyz