CanAgentUse tools

UCP Suite

Validate Universal Commerce Protocol discovery, then test product search, carts, checkout links, and merchant handoff flows.

MCP Playground

Connect to remote MCP servers, inspect tools and resources, test prompts, auth, headers, notifications, and JSON-RPC responses.

A2A Playground

Inspect Agent Cards, validate advertised endpoints, and prepare safe requests for agent-to-agent workflows.

Agent Website Viewer

Enter a public URL and see the roles, names, landmarks, controls, and blockers that shape how AI agents understand the page.

SCANNED
Jun 16, 2026, 4:38 AM
VISIBILITY
Public
Rescan Report
Share Report
Copy Report Link
Export Report
77/100

OVERALL SCORE

Level 4, Mostly Ready

Good readiness for AI agents
AIDiscoverability78%Agent Easeof Use56%Security& Trust95%GEO, AIO, AEO68%SEO100%Performance92%Accessibility100%
  • AI Discoverability 78 out of 100
  • Agent Ease of Use 56 out of 100
  • Security & Trust 95 out of 100
  • GEO, AIO and AEO 68 out of 100
  • SEO 100 out of 100
  • Performance 92 out of 100
  • Accessibility 100 out of 100

CAPTURED SCREENSHOT

Captured website desktop screenshot

What AI sees of your website

Incident Management, On-Call & Status Pages | Runframe favicon

Incident Management, On-Call & Status Pages | Runframe

Incident management, on-call scheduling, postmortems, escalation policies, and status pages with custom domains. Built for engineering teams.

Open Agent View

Next step

Turn this report into a fix workflow

3 failed checks are ready to move into MCP or CLI remediation. Generate a repair prompt, connect the scanner to your coding agent, or open the integration docs before your next rescan.

Fix with MCP / CLI
Detailed report scores grouped by capability area
MetricScoreStatusPassedFailedWarningEvidence
AI Discoverability
78
Mostly ready3800
Discoverability
80
Mostly ready800
Content Readiness
81
Mostly ready2500
Bot Access Control
75
Mostly ready500
Agent Ease of Use
56
Needs work1742View details
API
83
Mostly ready1112View details
Auth
37
Priority fix130View details
MCP
43
Priority fix100
Skill Discovery
59
Needs work400
GEO, AIO and AEO
68
Needs work1000
GEO Readiness
Not Applicable
Not Applicable200
AIO Readiness
Not Applicable
Not Applicable500
AEO Readiness
Not Applicable
Not Applicable300
SEO
100
Strong1000
SEO
100
Strong1000
Security & Trust
95
Strong2711View details
Security & Trust
95
Strong2711View details
Performance
92
Strong1100
Performance
92
Strong1100
Accessibility
100
Strong900
Accessibility
100
Strong900

Prioritized recommendations

Issues ranked by score impact

3 items need attention

Agent Ease of UseAuthEmerging recommendation

Auth.md Agent Registration

Auth.md Agent Registration failed at "Fetch and validate /auth.md".

90 Fail

Needs attention

Auth.md Agent Registration

Failed check
01

Issue

auth.md response did not match Auth.md v1 agent registration guidance. missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance.

02

Why it matters

Human login and signup flows are often opaque to agents. Auth.md gives automated clients a stable registration contract instead of forcing them to scrape docs, automate browser forms, or guess credential flows.

Check name

Auth.md Agent Registration

Score

10/100

Status

fail

Category

Auth

Maturity

Emerging recommendation

Goal

Publish Auth.md v1 metadata so agents can discover how to register, claim a user, and obtain credentials.

Result

Auth.md Agent Registration failed at "Fetch and validate /auth.md".

Validation steps

  1. Fetch and validate /auth.md

    auth.md response did not match Auth.md v1 agent registration guidance. missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance.

  2. Validate protected resource metadata

    OAuth Protected Resource Metadata could not be fetched.

  3. Validate Auth.md authorization metadata

    OAuth authorization-server metadata could not be fetched.

Evidence log3 steps · 20 lines
Fetch and validate /auth.md [fail]! auth.md response did not match Auth.md v1 agent registration guidance. missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance.INFOFetch and validate /auth.mdINFOFetch Auth.md-related resource path="/auth.md" statusCode=200 contentType="text/markdown; charset=UTF-8" bytes=1408FAILCompare response Content-Type with expected Auth.md media type actual=true expected=trueFAILCompare Auth.md/OAuth metadata validation result actual=false expected=trueFAILCompare Auth.md content length actual=1309 expected=">= 80 characters"WARNAuth.md validation warning warning="missing agent_verified/user_claimed or claim ceremony guidance"FAILAuth.md validation issue issue="auth.md response did not match Auth.md v1 agent registration guidance. missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance."FAILauth.md response did not match Auth.md v1 agent registration guidance. missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance.Validate protected resource metadata [fail]! OAuth Protected Resource Metadata could not be fetched.INFOValidate protected resource metadataINFOFetch Auth.md-related resource path="/.well-known/oauth-protected-resource" statusCode=404 contentType="text/html; charset=utf-8" bytes=32108FAILCompare response Content-Type with expected Auth.md media type actual=false expected=trueFAILCompare Auth.md/OAuth metadata validation result actual=false expected=trueFAILAuth.md validation issue issue="OAuth Protected Resource Metadata could not be fetched."FAILOAuth Protected Resource Metadata could not be fetched.Validate Auth.md authorization metadata [fail]! OAuth authorization-server metadata could not be fetched.INFOValidate Auth.md authorization metadataINFOFetch Auth.md-related resource path="/.well-known/oauth-authorization-server" statusCode=404 contentType="text/html; charset=utf-8" bytes=32108FAILCompare response Content-Type with expected Auth.md media type actual=false expected=trueFAILCompare Auth.md/OAuth metadata validation result actual=false expected=trueFAILAuth.md validation issue issue="OAuth authorization-server metadata could not be fetched."FAILOAuth authorization-server metadata could not be fetched.

Agent Ease of UseAPIEstablished

API Catalog

API Catalog failed at "Validate API catalog targets".

27 Fail

Needs attention

API Catalog

Failed check
01

Issue

API catalog target https://runframe.io/openapi.json (service-desc) advertised application/vnd.oai.openapi+json;version=3.1 but returned application/json; charset=utf-8.

02

Why it matters

API catalogs help agents find API endpoints, service descriptions, documentation, status resources, auth metadata, and related machine-readable contracts without guessing entry points.

Check name

API Catalog

Score

73/100

Status

fail

Category

API

Maturity

Established

Goal

Publish an API catalog for automated public API discovery using RFC 9727 when this origin exposes public APIs.

Result

API Catalog failed at "Validate API catalog targets".

Validation steps

  1. Check API catalog HEAD Link header

    HEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog".

  2. Validate API catalog media type

    The API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter.

  3. Validate API catalog targets

    API catalog target https://runframe.io/openapi.json (service-desc) advertised application/vnd.oai.openapi+json;version=3.1 but returned application/json; charset=utf-8.

Evidence log3 steps · 15 lines
Check API catalog HEAD Link header [warning]! HEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog".INFOCheck API catalog HEAD Link headerINFOSend HEAD request to API catalog path attempted=true statusCode=200 contentType="application/linkset+json; charset=utf-8"WARNCompare HEAD Link rel=api-catalog count actual=0 expected="> 0"WARNHEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog". status="warning"Validate API catalog media type [warning]! The API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter.INFOValidate API catalog media typeWARNCompare API catalog media type actual="application/linkset+json; charset=utf-8" expected="application/linkset+json"WARNCompare RFC 9727 profile parameter actual=false expected=trueWARNThe API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter. status="warning"Validate API catalog targets [fail]! API catalog target https://runframe.io/openapi.json (service-desc) advertised application/vnd.oai.openapi+json;version=3.1 but returned application/json; charset=utf-8.INFOValidate API catalog targetsINFOFetch same-origin API catalog targets and record same-site/external skipsFAILAPI catalog target failed validation rel="service-desc" href="https://runframe.io/openapi.json" statusCode=200 contentType="application/json; charset=utf-8" advertisedType="application/vnd.oai.openapi+json;version=3.1" typeMatches=falsePASSAPI catalog target is reachable rel="service-doc" href="https://runframe.io/docs/api-reference" statusCode=200 contentType="text/html; charset=utf-8" advertisedType="text/html"PASSAPI catalog target is reachable rel="status" href="https://runframe.io/api/health" statusCode=200 contentType="application/json" advertisedType="application/json"FAILCompare API catalog target failure count actual=1 expected=0FAILAPI catalog target https://runframe.io/openapi.json (service-desc) advertised application/vnd.oai.openapi+json;version=3.1 but returned application/json; charset=utf-8.

Security & TrustSecurity & TrustEstablished

Content-Security-Policy

Content-Security-Policy failed at "Evaluate script execution".

27 Fail

Needs attention

Content-Security-Policy

Failed check
01

Issue

script-src allows dangerous script schemes: blob:.

02

Why it matters

Content Security Policy reduces the impact of injection bugs by limiting where scripts, styles, frames, forms, and other browser resources can load or execute.

Check name

Content-Security-Policy

Score

73/100

Status

fail

Category

Security & Trust

Maturity

Established

Goal

Constrain browser resource loading and script execution with an enforcing Content-Security-Policy header.

Result

Content-Security-Policy failed at "Evaluate script execution".

Validation steps

  1. Evaluate script execution

    script-src allows dangerous script schemes: blob:.

  2. Review CSP reporting

    CSP does not define a reporting endpoint.

Evidence log2 steps · 8 lines
Evaluate script execution [fail]! script-src allows dangerous script schemes: blob:.INFOEvaluate script executionINFOInspect effective script directive effectiveDirective="script-src" sources=["'self'","'unsafe-inline'","https://clerk.accounts.dev","https://clerk.runframe.io","https://checkout.dodopayments.com","https://*.dodopayments.com","https://challenges.cloudflare.com","https://www.googletagmanager.com","https://static.cloudflareinsights.com","https://us-assets.i.posthog.com","https://client.crisp.chat","blob:"]FAILCompare script execution posture actual={"hasNonce":false,"hasHash":false,"hasStrictDynamic":false,"hasUnsafeInline":true,"hasUnsafeEval":false,"hasWildcardHost":false,"hasBroadScheme":false,"dangerousSchemes":["blob:"]} expected="constrained script sources without unsafe execution allowances" issue="script-src allows dangerous script schemes: blob:."FAILscript-src allows dangerous script schemes: blob:.Review CSP reporting [warning]! CSP does not define a reporting endpoint.INFOReview CSP reportingINFOInspect CSP reporting directives reportOnlyHeaderPresent=true reportOnlyDirectives=["default-src","script-src","style-src","img-src","font-src","connect-src","frame-src","media-src","worker-src","object-src","base-uri","form-action","frame-ancestors","report-uri"]WARNCompare violation reporting configuration actual="no reporting endpoint" expected="report-to or report-uri present" issue="CSP does not define a reporting endpoint."WARNCSP does not define a reporting endpoint.

Sign in to see 27 other issues and the full report

Create a free account to unlock every issue, evidence details, exports, and higher free limits.

Fix with MCP or CLI

Use this report as the handoff into remediation. Generate a coding-agent prompt with the failing checks attached, or jump to the MCP and CLI setup docs before your next rescan.

Fix with MCP / CLI

Score history