SSL / TLS
Valid HTTPS · 1039ms
x402 discovery
/.well-known/x402.json (non-JSON) · 996ms
Agent discovery
/.well-known/agent.json not valid JSON · 1052ms
llms.txt
Found (450886 chars) · 1852ms
security.txt
Not found · 2307ms
CORS headers
No CORS header (OK if server-to-server only) · 1143ms
Security headers
3/5 — missing: content-security-policy · 1180ms
Response time
1172ms avg — slow · 1172ms
MCP server
n/a
API endpoints
1 endpoints found
Error handling
Returns 401 for unknown paths · 2447ms
x402 compliance
No x402 payment gates found · 1327ms
Rate limiting
No rate-limit headers (may still be rate-limited server-side) · 1350ms
Documentation
No documentation endpoint
robots.txt AI crawlers
robots.txt exists but no AI crawler rules · 1876ms
AI plugin manifest
/.well-known/ai-plugin.json not valid JSON · 1438ms
OpenAPI spec
No OpenAPI/Swagger spec found
Privacy / GDPR
No privacy policy or GDPR endpoint
Status / Health
No status or health endpoint
EU AI Act disclosure
/.well-known/model-card.json found (1629 chars) · 1588ms
Travel Rule (FATF)
/.well-known/travel-rule.json found (non-JSON, 1629 chars) · 1621ms
A2A Protocol (Google)
agent.json found but invalid JSON · 1645ms
DNSSEC
DNSSEC check failed
CAA Records
CAA check failed
DMARC / SPF
No DMARC or SPF records found
Auth maturity
No authentication detected — open API or check failed
API versioning
No versioned paths or version headers found
Human oversight
No human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service
No Terms of Service endpoint found
Content-Type
No application/json responses (1 paths tested)
OASF Classification
/.well-known/oasf.json exists · 1939ms
MCP Transport Security
n/a
Voice AI Disclosure
/.well-known/voice-agent.json found but not valid JSON · 2004ms
Synthetic Voice Labeling
No synthetic voice labeling declaration found (EU AI Act Article 50)
Synthetic Content Labeling
No machine-readable synthetic content label (EU AI Act Article 50 requires marking AI-generated audio)
Emotion Recognition Declaration
No emotion recognition declaration (EU AI Act requires explicit opt-in/out)
Call Recording Consent
No call recording disclosure or consent mechanism found (required in two-party consent states & GDPR)
FCC/TCPA Compliance
No FCC/TCPA compliance declaration (required for US voice AI calls)
Operator Identity & KYB
No operator identity or KYB status declared
Opt-out & Human Escalation
No opt-out mechanism or human escalation path found (required by FCC + EU AI Act)
Voice Call Policy
No voice call policy (calling hours, frequency limits, recording disclosure)
Caller Identity Declaration
No caller identity declaration (who is calling, is it AI, callback number)
Wallet trust
No wallet address found in x402 or agent.json
ERC-8004 on-chain
No EVM wallet found to verify on-chain registration
Critical — 7Synthetic Voice Labeling failedNo synthetic voice labeling declaration found (EU AI Act Article 50)
Call Recording Consent failedNo call recording disclosure or consent mechanism found (required in two-party consent states & GDPR)
FCC/TCPA Compliance failedNo FCC/TCPA compliance declaration (required for US voice AI calls)
Operator Identity & KYB failedNo operator identity or KYB status declared
Opt-out & Human Escalation failedNo opt-out mechanism or human escalation path found (required by FCC + EU AI Act)
Voice Call Policy failedNo voice call policy (calling hours, frequency limits, recording disclosure)
Caller Identity Declaration failedNo caller identity declaration (who is calling, is it AI, callback number)
Warning — 29Agent discovery needs attention/.well-known/agent.json not valid JSON
security.txt needs attentionNot found
CORS headers needs attentionNo CORS header (OK if server-to-server only)
Security headers needs attention3/5 — missing: content-security-policy
Response time needs attention1172ms avg — slow
Error handling needs attentionReturns 401 for unknown paths
x402 compliance needs attentionNo x402 payment gates found
Rate limiting needs attentionNo rate-limit headers (may still be rate-limited server-side)
Documentation needs attentionNo documentation endpoint
robots.txt AI crawlers needs attentionrobots.txt exists but no AI crawler rules
AI plugin manifest needs attention/.well-known/ai-plugin.json not valid JSON
OpenAPI spec needs attentionNo OpenAPI/Swagger spec found
Privacy / GDPR needs attentionNo privacy policy or GDPR endpoint
Status / Health needs attentionNo status or health endpoint
Travel Rule (FATF) needs attention/.well-known/travel-rule.json found (non-JSON, 1629 chars)
A2A Protocol (Google) needs attentionagent.json found but invalid JSON
DNSSEC needs attentionDNSSEC check failed
CAA Records needs attentionCAA check failed
DMARC / SPF needs attentionNo DMARC or SPF records found
Auth maturity needs attentionNo authentication detected — open API or check failed
API versioning needs attentionNo versioned paths or version headers found
Human oversight needs attentionNo human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service needs attentionNo Terms of Service endpoint found
Content-Type needs attentionNo application/json responses (1 paths tested)
Voice AI Disclosure needs attention/.well-known/voice-agent.json found but not valid JSON
Synthetic Content Labeling needs attentionNo machine-readable synthetic content label (EU AI Act Article 50 requires marking AI-generated audio)
Emotion Recognition Declaration needs attentionNo emotion recognition declaration (EU AI Act requires explicit opt-in/out)
Wallet trust needs attentionNo wallet address found in x402 or agent.json
ERC-8004 on-chain needs attentionNo EVM wallet found to verify on-chain registration