api.sap.com F · 41/100
16 passed 21 warnings 7 failed audit-mnka7fwm
✓ Voice AI✓ x402 / Crypto✓ MCP
SSL / TLS Valid HTTPS · 857ms
x402 discovery /.well-known/x402.json (non-JSON) · 824ms
Agent discovery /.well-known/agent.json not valid JSON · 839ms
llms.txt Found (648 chars) · 976ms
security.txt Found · 848ms
CORS headers No CORS header (OK if server-to-server only) · 893ms
Security headers 2/5 — missing critical: x-content-type-options, content-security-policy · 991ms
Response time 705ms avg · 705ms
MCP server /mcp/info responds · 901ms
API endpoints 2 endpoints found
Error handling Returns 200 for unknown paths · 940ms
x402 compliance No x402 payment gates found · 1074ms
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 977ms
Documentation /docs found · 1006ms
robots.txt AI crawlers No AI crawler directives (GPTBot, ClaudeBot, etc.) · 1181ms
AI plugin manifest /.well-known/ai-plugin.json not valid JSON · 1027ms
OpenAPI spec /openapi.json found but invalid JSON · 1032ms
Privacy / GDPR /privacy found (646 chars) · 1034ms
Status / Health /status found · 1048ms
EU AI Act disclosure /.well-known/model-card.json found (646 chars) · 1068ms
Travel Rule (FATF) /.well-known/travel-rule.json found (non-JSON, 646 chars) · 1074ms
A2A Protocol (Google) agent.json found but invalid JSON · 1074ms
DNSSEC DNSSEC check failed
CAA Records 2 CAA record(s) found on api.sap.com
DMARC / SPF No DMARC or SPF records found
Auth maturity No authentication detected — open API or check failed
API versioning /v1
Human oversight /agent/stop — active (EU AI Act Art. 14) · 1172ms
Terms of Service /terms found (646 chars) · 1207ms
Content-Type No application/json responses (1 paths tested)
OASF Classification /.well-known/oasf.json exists · 1223ms
MCP Transport Security /mcp active · HSTS · 1247ms
Voice AI Disclosure /.well-known/voice-agent.json found but not valid JSON · 1264ms
Synthetic Voice Labeling No synthetic voice labeling declaration found (EU AI Act Article 50)
Synthetic Content Labeling No machine-readable synthetic content label (EU AI Act Article 50 requires marking AI-generated audio)
Emotion Recognition Declaration No emotion recognition declaration (EU AI Act requires explicit opt-in/out)
Call Recording Consent No call recording disclosure or consent mechanism found (required in two-party consent states & GDPR)
FCC/TCPA Compliance No FCC/TCPA compliance declaration (required for US voice AI calls)
Operator Identity & KYB No operator identity or KYB status declared
Opt-out & Human Escalation No opt-out mechanism or human escalation path found (required by FCC + EU AI Act)
Voice Call Policy No voice call policy (calling hours, frequency limits, recording disclosure)
Caller Identity Declaration No caller identity declaration (who is calling, is it AI, callback number)
Wallet trust No wallet address found in x402 or agent.json
ERC-8004 on-chain No EVM wallet found to verify on-chain registration
41
28 issues to fix
Critical — 7
Synthetic Voice Labeling failed

No synthetic voice labeling declaration found (EU AI Act Article 50)

Call Recording Consent failed

No call recording disclosure or consent mechanism found (required in two-party consent states & GDPR)

FCC/TCPA Compliance failed

No FCC/TCPA compliance declaration (required for US voice AI calls)

Operator Identity & KYB failed

No operator identity or KYB status declared

Opt-out & Human Escalation failed

No opt-out mechanism or human escalation path found (required by FCC + EU AI Act)

Voice Call Policy failed

No voice call policy (calling hours, frequency limits, recording disclosure)

Caller Identity Declaration failed

No caller identity declaration (who is calling, is it AI, callback number)

Warning — 21
Agent discovery needs attention

/.well-known/agent.json not valid JSON

CORS headers needs attention

No CORS header (OK if server-to-server only)

Security headers needs attention

2/5 — missing critical: x-content-type-options, content-security-policy

Response time needs attention

705ms avg

Error handling needs attention

Returns 200 for unknown paths

x402 compliance needs attention

No x402 payment gates found

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

robots.txt AI crawlers needs attention

No AI crawler directives (GPTBot, ClaudeBot, etc.)

AI plugin manifest needs attention

/.well-known/ai-plugin.json not valid JSON

OpenAPI spec needs attention

/openapi.json found but invalid JSON

Travel Rule (FATF) needs attention

/.well-known/travel-rule.json found (non-JSON, 646 chars)

A2A Protocol (Google) needs attention

agent.json found but invalid JSON

DNSSEC needs attention

DNSSEC check failed

DMARC / SPF needs attention

No DMARC or SPF records found

Auth maturity needs attention

No authentication detected — open API or check failed

Content-Type needs attention

No application/json responses (1 paths tested)

Voice AI Disclosure needs attention

/.well-known/voice-agent.json found but not valid JSON

Synthetic Content Labeling needs attention

No machine-readable synthetic content label (EU AI Act Article 50 requires marking AI-generated audio)

Emotion Recognition Declaration needs attention

No emotion recognition declaration (EU AI Act requires explicit opt-in/out)

Wallet trust needs attention

No wallet address found in x402 or agent.json

ERC-8004 on-chain needs attention

No EVM wallet found to verify on-chain registration

🔧 Fix 7 failing checks automatically

Probe Autofix connects to your GitHub repo and creates a PR with all the fixes. DNS fixes are applied directly via Cloudflare API. No manual coding needed.

⚡ Autofix — Free GitHub PR + DNS fixes included
Share on X Run new audit
🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Autofix — Free Current score: 41/100 → need 60+
Badge preview Shield preview
2026-04-04 12:01:10 UTC · getprobe.xyz