Probe Report — octomil.com

octomil.com C · 60/100

18 passed 16 warnings 0 failed audit-mnfxn1k2

SSL / TLS Valid HTTPS · 69d until expiry · 130ms

x402 discovery /.well-known/x402.json (non-JSON) · 129ms

Agent discovery /.well-known/agent.json not valid JSON · 130ms

llms.txt Found (1408 chars) · 124ms

security.txt Found · 125ms

CORS headers origin: * (open — OK for public APIs) · 146ms

Security headers 2/5 — missing critical: strict-transport-security, content-security-policy · 146ms

Response time 95ms avg · 95ms

MCP server /mcp/info responds · 154ms

API endpoints 3 endpoints found

Error handling Returns 200 for unknown paths · 155ms

x402 compliance No x402 payment gates found · 163ms

Rate limiting No rate-limit headers (may still be rate-limited server-side) · 164ms

Documentation /docs found · 168ms

robots.txt AI crawlers 4 AI crawlers configured: GPTBot, ClaudeBot, Google-Extended, Bytespider · 221ms

AI plugin manifest /.well-known/ai-plugin.json not valid JSON · 176ms

OpenAPI spec /openapi.json found but invalid JSON · 178ms

Privacy / GDPR /privacy found (26061 chars) · 212ms

Status / Health /status found · 186ms

EU AI Act disclosure /.well-known/model-card.json found (48387 chars) · 195ms

Travel Rule (FATF) /.well-known/travel-rule.json found (non-JSON, 48387 chars) · 200ms

A2A Protocol (Google) agent.json found but invalid JSON · 201ms

DNSSEC No DNSSEC — domain is vulnerable to DNS spoofing

CAA Records No CAA records — any CA can issue certificates

DMARC / SPF SPF ~all (softfail)

Auth maturity No authentication detected — open API or check failed

API versioning /v1

Human oversight /agent/stop — active (EU AI Act Art. 14) · 233ms

Content-Type API paths return HTML: /v1/ returns HTML

OASF Classification /.well-known/oasf.json exists · 242ms

MCP Transport Security /mcp active · CORS · 243ms

Wallet trust No wallet address found in x402 or agent.json

ERC-8004 on-chain No EVM wallet found to verify on-chain registration

16 issues to fix

Warning — 16

Agent discovery needs attention

/.well-known/agent.json not valid JSON

Security headers needs attention

2/5 — missing critical: strict-transport-security, content-security-policy

Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

AI plugin manifest needs attention

/.well-known/ai-plugin.json not valid JSON

OpenAPI spec needs attention

/openapi.json found but invalid JSON

Travel Rule (FATF) needs attention

/.well-known/travel-rule.json found (non-JSON, 48387 chars)

A2A Protocol (Google) needs attention

agent.json found but invalid JSON

DNSSEC needs attention

No DNSSEC — domain is vulnerable to DNS spoofing

CAA Records needs attention

No CAA records — any CA can issue certificates

DMARC / SPF needs attention

SPF ~all (softfail)

Auth maturity needs attention

No authentication detected — open API or check failed

Content-Type needs attention

API paths return HTML: /v1/ returns HTML

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

Share on X Run new audit

🎖️ Your API qualifies for the Probe trust badge

Footer seal

README badge

Footer HTML — paste in your site footer:

<a href="https://getprobe.xyz/report/audit-mnfxn1k2" target="_blank" rel="noopener"><img src="https://getprobe.xyz/api/badge?domain=octomil.com&style=seal" alt="Verified by Probe" width="120" height="140"></a>

README Markdown:

[![Probe](https://getprobe.xyz/api/badge?domain=octomil.com)](https://getprobe.xyz/report/audit-mnfxn1k2)

2026-04-01 10:58:18 UTC · getprobe.xyz