SSL / TLS
Valid HTTPS · 301ms
x402 discovery
/.well-known/x402.json (non-JSON) · 309ms
Agent discovery
/.well-known/agent.json returns 200 but not valid JSON · 305ms
llms.txt
structured · API info · auth docs · 3300 chars · 306ms
security.txt
Found · 305ms
CORS headers
No CORS header (OK if server-to-server only) · 360ms
Security headers
0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy · 360ms
Response time
387ms avg · 387ms
MCP server
/mcp returns 200 (not JSON) · 363ms
API endpoints
2 endpoints found
Error handling
Returns 200 for unknown paths · 368ms
x402 compliance
No x402 payment gates found · 420ms
Rate limiting
No rate-limit headers (may still be rate-limited server-side) · 422ms
Documentation
/docs found · 420ms
robots.txt AI crawlers
8 AI crawlers configured: GPTBot, ClaudeBot, Claude-Web, ChatGPT-User, Anthropic, Google-Extended, PerplexityBot, Bytespider · 623ms
AI plugin manifest
/.well-known/ai-plugin.json not valid JSON · 428ms
OpenAPI spec
/openapi.json found but invalid JSON · 431ms
Privacy / GDPR
/privacy found (43961 chars) · 482ms
Status / Health
/status found · 481ms
EU AI Act disclosure
/.well-known/model-card.json found (43961 chars) · 538ms
Travel Rule (FATF)
/.well-known/travel-rule.json found (non-JSON, 43961 chars) · 490ms
A2A Protocol (Google)
agent.json found but invalid JSON · 578ms
DNSSEC
DNSSEC check failed
CAA Records
No CAA records — any CA can issue certificates
DMARC / SPF
No DMARC or SPF records found
Auth maturity
No authentication detected — open API or check failed
API versioning
/v1
Human oversight
/agent/stop — active (EU AI Act Art. 14) · 594ms
Terms of Service
/terms found (43961 chars) · 597ms
Content-Type
No application/json responses (1 paths tested)
OASF Classification
/.well-known/oasf.json exists · 653ms
MCP Transport Security
/mcp active · 654ms
Voice AI Disclosure
/.well-known/voice-agent.json found but not valid JSON · 654ms
Synthetic Voice Labeling
No synthetic voice labeling declaration found (EU AI Act Article 50)
Synthetic Content Labeling
No machine-readable synthetic content label (EU AI Act Article 50 requires marking AI-generated audio)
Emotion Recognition Declaration
No emotion recognition declaration (EU AI Act requires explicit opt-in/out)
Call Recording Consent
No call recording disclosure or consent mechanism found (required in two-party consent states & GDPR)
FCC/TCPA Compliance
No FCC/TCPA compliance declaration (required for US voice AI calls)
Operator Identity & KYB
No operator identity or KYB status declared
Opt-out & Human Escalation
No opt-out mechanism or human escalation path found (required by FCC + EU AI Act)
Voice Call Policy
No voice call policy (calling hours, frequency limits, recording disclosure)
Caller Identity Declaration
No caller identity declaration (who is calling, is it AI, callback number)
Wallet trust
0xbf81...88Fb — trust 25/100 (verified) — EVM, no sanctions · 2448ms
ERC-8004 on-chain
Could not verify 0xbf81...88Fb on-chain
Critical — 7Synthetic Voice Labeling failedNo synthetic voice labeling declaration found (EU AI Act Article 50)
Call Recording Consent failedNo call recording disclosure or consent mechanism found (required in two-party consent states & GDPR)
FCC/TCPA Compliance failedNo FCC/TCPA compliance declaration (required for US voice AI calls)
Operator Identity & KYB failedNo operator identity or KYB status declared
Opt-out & Human Escalation failedNo opt-out mechanism or human escalation path found (required by FCC + EU AI Act)
Voice Call Policy failedNo voice call policy (calling hours, frequency limits, recording disclosure)
Caller Identity Declaration failedNo caller identity declaration (who is calling, is it AI, callback number)
Warning — 21Agent discovery needs attention/.well-known/agent.json returns 200 but not valid JSON
CORS headers needs attentionNo CORS header (OK if server-to-server only)
Security headers needs attention0/5 — missing critical: x-content-type-options, strict-transport-security, content-security-policy
Error handling needs attentionReturns 200 for unknown paths
x402 compliance needs attentionNo x402 payment gates found
Rate limiting needs attentionNo rate-limit headers (may still be rate-limited server-side)
AI plugin manifest needs attention/.well-known/ai-plugin.json not valid JSON
OpenAPI spec needs attention/openapi.json found but invalid JSON
Travel Rule (FATF) needs attention/.well-known/travel-rule.json found (non-JSON, 43961 chars)
A2A Protocol (Google) needs attentionagent.json found but invalid JSON
DNSSEC needs attentionDNSSEC check failed
CAA Records needs attentionNo CAA records — any CA can issue certificates
DMARC / SPF needs attentionNo DMARC or SPF records found
Auth maturity needs attentionNo authentication detected — open API or check failed
Content-Type needs attentionNo application/json responses (1 paths tested)
MCP Transport Security needs attention/mcp active
Voice AI Disclosure needs attention/.well-known/voice-agent.json found but not valid JSON
Synthetic Content Labeling needs attentionNo machine-readable synthetic content label (EU AI Act Article 50 requires marking AI-generated audio)
Emotion Recognition Declaration needs attentionNo emotion recognition declaration (EU AI Act requires explicit opt-in/out)
Wallet trust needs attention0xbf81...88Fb — trust 25/100 (verified) — EVM, no sanctions
ERC-8004 on-chain needs attentionCould not verify 0xbf81...88Fb on-chain