whatfix.com F · 33/100
5 passed 24 warnings 0 failed 15 n/a audit-mo1pk4be
— Voice AI— x402 / Crypto✓ MCP
SSL / TLS Valid HTTPS · 260ms
x402 discovery n/a
Agent discovery /.well-known/agent.json returned HTTP 404 (should be 200) · 437ms
llms.txt structured · 11562 chars · 380ms
security.txt Not found · 524ms
CORS headers No CORS header (OK if server-to-server only) · 1777ms
Security headers 4/5 present (all critical headers set) · 895ms
Response time 983ms avg · 983ms
MCP server /mcp returns 200 (not JSON) · 1949ms
API endpoints 2 endpoints found
Error handling Returns 200 for unknown paths · 1969ms
x402 compliance n/a
Rate limiting No rate-limit headers (may still be rate-limited server-side) · 884ms
Documentation No documentation endpoint
robots.txt AI crawlers robots.txt exists but no AI crawler rules · 816ms
AI plugin manifest No ai-plugin.json (optional for ChatGPT/LLM integration)
OpenAPI spec No OpenAPI/Swagger spec found
Privacy / GDPR No privacy policy or GDPR endpoint
Status / Health No status or health endpoint
EU AI Act disclosure No AI model card or disclosure endpoint
Travel Rule (FATF) n/a
A2A Protocol (Google) No agent.json for A2A discovery
DNSSEC DNSSEC validated (AD flag)
CAA Records CAA check failed
DMARC / SPF DMARC p=reject
Auth maturity No authentication detected — open API or check failed
API versioning No versioned paths or version headers found
Human oversight No human oversight / kill switch endpoint (EU AI Act Art. 14)
Terms of Service No Terms of Service endpoint found
Content-Type No application/json responses (1 paths tested)
OASF Classification No OASF or agent service classification found
MCP Transport Security No MCP endpoint found
Voice AI Disclosure n/a
Synthetic Voice Labeling n/a
Synthetic Content Labeling n/a
Emotion Recognition Declaration n/a
Call Recording Consent n/a
FCC/TCPA Compliance n/a
Operator Identity & KYB n/a
Opt-out & Human Escalation n/a
Voice Call Policy n/a
Caller Identity Declaration n/a
Wallet trust n/a
ERC-8004 on-chain n/a
33
24 issues to fix
Warning — 24
Agent discovery needs attention

/.well-known/agent.json returned HTTP 404 (should be 200)

llms.txt needs attention

structured · 11562 chars

security.txt needs attention

Not found

CORS headers needs attention

No CORS header (OK if server-to-server only)

Response time needs attention

983ms avg

Error handling needs attention

Returns 200 for unknown paths

Rate limiting needs attention

No rate-limit headers (may still be rate-limited server-side)

Documentation needs attention

No documentation endpoint

robots.txt AI crawlers needs attention

robots.txt exists but no AI crawler rules

AI plugin manifest needs attention

No ai-plugin.json (optional for ChatGPT/LLM integration)

OpenAPI spec needs attention

No OpenAPI/Swagger spec found

Privacy / GDPR needs attention

No privacy policy or GDPR endpoint

Status / Health needs attention

No status or health endpoint

EU AI Act disclosure needs attention

No AI model card or disclosure endpoint

A2A Protocol (Google) needs attention

No agent.json for A2A discovery

CAA Records needs attention

CAA check failed

DMARC / SPF needs attention

DMARC p=reject

Auth maturity needs attention

No authentication detected — open API or check failed

API versioning needs attention

No versioned paths or version headers found

Human oversight needs attention

No human oversight / kill switch endpoint (EU AI Act Art. 14)

Terms of Service needs attention

No Terms of Service endpoint found

Content-Type needs attention

No application/json responses (1 paths tested)

OASF Classification needs attention

No OASF or agent service classification found

MCP Transport Security needs attention

No MCP endpoint found

Share on X Run new audit
🔒 Probe trust badge — unlock at score 60+

Fix your failing checks to earn the Probe verified badge. Display it on your site footer and README to show compliance.

⚡ Autofix — Free Current score: 33/100 → need 60+
Badge preview Shield preview
2026-04-16 16:43:01 UTC · getprobe.xyz