SSL / TLS
Valid HTTPS · 855ms
x402 discovery
n/a
Agent discovery
No agent.json found
llms.txt
HTTP 404 · 311ms
security.txt
Not found · 312ms
CORS headers
No CORS header (OK if server-to-server only) · 488ms
Security headers
1/5 — missing critical: x-content-type-options, content-security-policy · 988ms
Response time
1047ms avg — slow · 1047ms
MCP server
n/a
API endpoints
2 endpoints found
Error handling
404 returned · 1338ms
x402 compliance
n/a
Rate limiting
No rate-limit headers (may still be rate-limited server-side) · 968ms
Documentation
No documentation endpoint
robots.txt AI crawlers
No AI crawler directives (GPTBot, ClaudeBot, etc.) · 1124ms
AI plugin manifest
No ai-plugin.json (optional for ChatGPT/LLM integration)
OpenAPI spec
No OpenAPI/Swagger spec found
Privacy / GDPR
No privacy policy or GDPR endpoint
Status / Health
No status or health endpoint
EU AI Act disclosure
No AI model card or disclosure endpoint
Travel Rule (FATF)
n/a
A2A Protocol (Google)
No agent.json for A2A discovery
DNSSEC
DNSSEC validated (AD flag)
CAA Records
1 CAA record(s) found on api.paypal.com
DMARC / SPF
No DMARC or SPF records found
Auth maturity
No authentication detected — open API or check failed
API versioning
No versioned paths or version headers found
Human oversight
No human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service
No Terms of Service endpoint found
Content-Type
No application/json responses (1 paths tested)
OASF Classification
No OASF or agent service classification found
MCP Transport Security
n/a
Voice AI Disclosure
n/a
Synthetic Voice Labeling
n/a
Synthetic Content Labeling
n/a
Emotion Recognition Declaration
n/a
Call Recording Consent
n/a
FCC/TCPA Compliance
n/a
Operator Identity & KYB
n/a
Opt-out & Human Escalation
n/a
Voice Call Policy
n/a
Caller Identity Declaration
n/a
Wallet trust
n/a
ERC-8004 on-chain
n/a
Critical — 2Agent discovery failedNo agent.json found
Warning — 20security.txt needs attentionNot found
CORS headers needs attentionNo CORS header (OK if server-to-server only)
Security headers needs attention1/5 — missing critical: x-content-type-options, content-security-policy
Response time needs attention1047ms avg — slow
Rate limiting needs attentionNo rate-limit headers (may still be rate-limited server-side)
Documentation needs attentionNo documentation endpoint
robots.txt AI crawlers needs attentionNo AI crawler directives (GPTBot, ClaudeBot, etc.)
AI plugin manifest needs attentionNo ai-plugin.json (optional for ChatGPT/LLM integration)
OpenAPI spec needs attentionNo OpenAPI/Swagger spec found
Privacy / GDPR needs attentionNo privacy policy or GDPR endpoint
Status / Health needs attentionNo status or health endpoint
EU AI Act disclosure needs attentionNo AI model card or disclosure endpoint
A2A Protocol (Google) needs attentionNo agent.json for A2A discovery
DMARC / SPF needs attentionNo DMARC or SPF records found
Auth maturity needs attentionNo authentication detected — open API or check failed
API versioning needs attentionNo versioned paths or version headers found
Human oversight needs attentionNo human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service needs attentionNo Terms of Service endpoint found
Content-Type needs attentionNo application/json responses (1 paths tested)
OASF Classification needs attentionNo OASF or agent service classification found