SSL / TLS
Valid HTTPS · 688ms
x402 discovery
/.well-known/x402.json (non-JSON) · 464ms
Agent discovery
/.well-known/agent.json not valid JSON · 465ms
llms.txt
HTTP 525 · 557ms
security.txt
Found · 455ms
CORS headers
No CORS header (OK if server-to-server only) · 821ms
Security headers
0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy · 823ms
Response time
529ms avg · 529ms
MCP server
/mcp/info responds · 813ms
API endpoints
3 endpoints found
Error handling
Returns 200 for unknown paths · 1044ms
x402 compliance
No x402 payment gates found · 932ms
Rate limiting
No rate-limit headers (may still be rate-limited server-side) · 940ms
Documentation
/docs found · 1182ms
robots.txt AI crawlers
robots.txt exists but no AI crawler rules · 1215ms
AI plugin manifest
/.well-known/ai-plugin.json not valid JSON · 1032ms
OpenAPI spec
/openapi.json found but invalid JSON · 1051ms
Privacy / GDPR
/privacy found (114 chars) · 1060ms
Status / Health
/status found · 1151ms
EU AI Act disclosure
/.well-known/model-card.json found (114 chars) · 1163ms
Travel Rule (FATF)
/.well-known/travel-rule.json found (non-JSON, 114 chars) · 1170ms
A2A Protocol (Google)
agent.json found but invalid JSON · 1180ms
DNSSEC
No DNSSEC — domain is vulnerable to DNS spoofing
CAA Records
No CAA records — any CA can issue certificates
DMARC / SPF
SPF -all (strict)
Auth maturity
No authentication detected — open API or check failed
API versioning
/v1
Human oversight
/agent/stop — active (EU AI Act Art. 14) · 1333ms
Terms of Service
/terms exists but very short · 1341ms
Content-Type
API paths return HTML: /v1/ returns HTML
OASF Classification
/.well-known/oasf.json exists · 1349ms
MCP Transport Security
/mcp active · 1416ms
Wallet trust
No wallet address found in x402 or agent.json
ERC-8004 on-chain
No EVM wallet found to verify on-chain registration
Critical — 1Warning — 21Agent discovery needs attention/.well-known/agent.json not valid JSON
CORS headers needs attentionNo CORS header (OK if server-to-server only)
Security headers needs attention0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy
Response time needs attention529ms avg
Error handling needs attentionReturns 200 for unknown paths
x402 compliance needs attentionNo x402 payment gates found
Rate limiting needs attentionNo rate-limit headers (may still be rate-limited server-side)
robots.txt AI crawlers needs attentionrobots.txt exists but no AI crawler rules
AI plugin manifest needs attention/.well-known/ai-plugin.json not valid JSON
OpenAPI spec needs attention/openapi.json found but invalid JSON
Travel Rule (FATF) needs attention/.well-known/travel-rule.json found (non-JSON, 114 chars)
A2A Protocol (Google) needs attentionagent.json found but invalid JSON
DNSSEC needs attentionNo DNSSEC — domain is vulnerable to DNS spoofing
CAA Records needs attentionNo CAA records — any CA can issue certificates
DMARC / SPF needs attentionSPF -all (strict)
Auth maturity needs attentionNo authentication detected — open API or check failed
Terms of Service needs attention/terms exists but very short
Content-Type needs attentionAPI paths return HTML: /v1/ returns HTML
MCP Transport Security needs attention/mcp active
Wallet trust needs attentionNo wallet address found in x402 or agent.json
ERC-8004 on-chain needs attentionNo EVM wallet found to verify on-chain registration