Export Report
OVERALL SCORE
Level 4, Mostly Ready
- AI Discoverability 78 out of 100
- Agent Ease of Use 56 out of 100
- Security & Trust 95 out of 100
- GEO, AIO and AEO 68 out of 100
- SEO 100 out of 100
- Performance 92 out of 100
- Accessibility 100 out of 100
What AI sees of your website
Incident Management, On-Call & Status Pages | Runframe
Incident management, on-call scheduling, postmortems, escalation policies, and status pages with custom domains. Built for engineering teams.
Next step
Turn this report into a fix workflow
3 failed checks are ready to move into MCP or CLI remediation. Generate a repair prompt, connect the scanner to your coding agent, or open the integration docs before your next rescan.
| Metric | Score | Status | Passed | Failed | Warning | Evidence |
|---|---|---|---|---|---|---|
| AI Discoverability | 78 | Mostly ready | 38 | 0 | 0 | |
| Discoverability | 80 | Mostly ready | 8 | 0 | 0 | |
| Content Readiness | 81 | Mostly ready | 25 | 0 | 0 | |
| Bot Access Control | 75 | Mostly ready | 5 | 0 | 0 | |
| Agent Ease of Use | 56 | Needs work | 17 | 4 | 2 | View details |
| API | 83 | Mostly ready | 11 | 1 | 2 | View details |
| Auth | 37 | Priority fix | 1 | 3 | 0 | View details |
| MCP | 43 | Priority fix | 1 | 0 | 0 | |
| Skill Discovery | 59 | Needs work | 4 | 0 | 0 | |
| GEO, AIO and AEO | 68 | Needs work | 10 | 0 | 0 | |
| GEO Readiness | Not Applicable | Not Applicable | 2 | 0 | 0 | |
| AIO Readiness | Not Applicable | Not Applicable | 5 | 0 | 0 | |
| AEO Readiness | Not Applicable | Not Applicable | 3 | 0 | 0 | |
| SEO | 100 | Strong | 10 | 0 | 0 | |
| SEO | 100 | Strong | 10 | 0 | 0 | |
| Security & Trust | 95 | Strong | 27 | 1 | 1 | View details |
| Security & Trust | 95 | Strong | 27 | 1 | 1 | View details |
| Performance | 92 | Strong | 11 | 0 | 0 | |
| Performance | 92 | Strong | 11 | 0 | 0 | |
| Accessibility | 100 | Strong | 9 | 0 | 0 | |
| Accessibility | 100 | Strong | 9 | 0 | 0 |
Prioritized recommendations
Issues ranked by score impact
3 items need attention
Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration failed at "Fetch and validate /auth.md".
90 Fail
Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration failed at "Fetch and validate /auth.md".
Needs attention
Auth.md Agent Registration
Issue
auth.md response did not match Auth.md v1 agent registration guidance. missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance.
Why it matters
Human login and signup flows are often opaque to agents. Auth.md gives automated clients a stable registration contract instead of forcing them to scrape docs, automate browser forms, or guess credential flows.
Check name
Auth.md Agent Registration
Score
10/100
Status
fail
Category
Auth
Maturity
Emerging recommendation
Goal
Publish Auth.md v1 metadata so agents can discover how to register, claim a user, and obtain credentials.
Result
Auth.md Agent Registration failed at "Fetch and validate /auth.md".
Validation steps
Fetch and validate /auth.md
auth.md response did not match Auth.md v1 agent registration guidance. missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance.
Validate protected resource metadata
OAuth Protected Resource Metadata could not be fetched.
Validate Auth.md authorization metadata
OAuth authorization-server metadata could not be fetched.
Evidence log3 steps · 20 lines
Fetch and validate /auth.md [fail]! auth.md response did not match Auth.md v1 agent registration guidance. missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance.INFOFetch and validate /auth.mdINFOFetch Auth.md-related resource path="/auth.md" statusCode=200 contentType="text/markdown; charset=UTF-8" bytes=1408FAILCompare response Content-Type with expected Auth.md media type actual=true expected=trueFAILCompare Auth.md/OAuth metadata validation result actual=false expected=trueFAILCompare Auth.md content length actual=1309 expected=">= 80 characters"WARNAuth.md validation warning warning="missing agent_verified/user_claimed or claim ceremony guidance"FAILAuth.md validation issue issue="auth.md response did not match Auth.md v1 agent registration guidance. missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance."FAILauth.md response did not match Auth.md v1 agent registration guidance. missing OAuth Protected Resource Metadata discovery guidance; missing OAuth authorization-server metadata guidance; missing agent_verified/user_claimed or claim ceremony guidance.Validate protected resource metadata [fail]! OAuth Protected Resource Metadata could not be fetched.INFOValidate protected resource metadataINFOFetch Auth.md-related resource path="/.well-known/oauth-protected-resource" statusCode=404 contentType="text/html; charset=utf-8" bytes=32108FAILCompare response Content-Type with expected Auth.md media type actual=false expected=trueFAILCompare Auth.md/OAuth metadata validation result actual=false expected=trueFAILAuth.md validation issue issue="OAuth Protected Resource Metadata could not be fetched."FAILOAuth Protected Resource Metadata could not be fetched.Validate Auth.md authorization metadata [fail]! OAuth authorization-server metadata could not be fetched.INFOValidate Auth.md authorization metadataINFOFetch Auth.md-related resource path="/.well-known/oauth-authorization-server" statusCode=404 contentType="text/html; charset=utf-8" bytes=32108FAILCompare response Content-Type with expected Auth.md media type actual=false expected=trueFAILCompare Auth.md/OAuth metadata validation result actual=false expected=trueFAILAuth.md validation issue issue="OAuth authorization-server metadata could not be fetched."FAILOAuth authorization-server metadata could not be fetched.
Agent Ease of UseAPIEstablished
API Catalog
API Catalog failed at "Validate API catalog targets".
27 Fail
Agent Ease of UseAPIEstablished
API Catalog
API Catalog failed at "Validate API catalog targets".
Needs attention
API Catalog
Issue
API catalog target https://runframe.io/openapi.json (service-desc) advertised application/vnd.oai.openapi+json;version=3.1 but returned application/json; charset=utf-8.
Why it matters
API catalogs help agents find API endpoints, service descriptions, documentation, status resources, auth metadata, and related machine-readable contracts without guessing entry points.
Check name
API Catalog
Score
73/100
Status
fail
Category
API
Maturity
Established
Goal
Publish an API catalog for automated public API discovery using RFC 9727 when this origin exposes public APIs.
Result
API Catalog failed at "Validate API catalog targets".
Validation steps
Check API catalog HEAD Link header
HEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog".
Validate API catalog media type
The API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter.
Validate API catalog targets
API catalog target https://runframe.io/openapi.json (service-desc) advertised application/vnd.oai.openapi+json;version=3.1 but returned application/json; charset=utf-8.
Evidence log3 steps · 15 lines
Check API catalog HEAD Link header [warning]! HEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog".INFOCheck API catalog HEAD Link headerINFOSend HEAD request to API catalog path attempted=true statusCode=200 contentType="application/linkset+json; charset=utf-8"WARNCompare HEAD Link rel=api-catalog count actual=0 expected="> 0"WARNHEAD /.well-known/api-catalog did not expose a Link header with rel="api-catalog". status="warning"Validate API catalog media type [warning]! The API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter.INFOValidate API catalog media typeWARNCompare API catalog media type actual="application/linkset+json; charset=utf-8" expected="application/linkset+json"WARNCompare RFC 9727 profile parameter actual=false expected=trueWARNThe API catalog uses application/linkset+json but does not include the recommended RFC 9727 profile parameter. status="warning"Validate API catalog targets [fail]! API catalog target https://runframe.io/openapi.json (service-desc) advertised application/vnd.oai.openapi+json;version=3.1 but returned application/json; charset=utf-8.INFOValidate API catalog targetsINFOFetch same-origin API catalog targets and record same-site/external skipsFAILAPI catalog target failed validation rel="service-desc" href="https://runframe.io/openapi.json" statusCode=200 contentType="application/json; charset=utf-8" advertisedType="application/vnd.oai.openapi+json;version=3.1" typeMatches=falsePASSAPI catalog target is reachable rel="service-doc" href="https://runframe.io/docs/api-reference" statusCode=200 contentType="text/html; charset=utf-8" advertisedType="text/html"PASSAPI catalog target is reachable rel="status" href="https://runframe.io/api/health" statusCode=200 contentType="application/json" advertisedType="application/json"FAILCompare API catalog target failure count actual=1 expected=0FAILAPI catalog target https://runframe.io/openapi.json (service-desc) advertised application/vnd.oai.openapi+json;version=3.1 but returned application/json; charset=utf-8.
Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy failed at "Evaluate script execution".
27 Fail
Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy failed at "Evaluate script execution".
Needs attention
Content-Security-Policy
Issue
script-src allows dangerous script schemes: blob:.
Why it matters
Content Security Policy reduces the impact of injection bugs by limiting where scripts, styles, frames, forms, and other browser resources can load or execute.
Check name
Content-Security-Policy
Score
73/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Constrain browser resource loading and script execution with an enforcing Content-Security-Policy header.
Result
Content-Security-Policy failed at "Evaluate script execution".
Validation steps
Evaluate script execution
script-src allows dangerous script schemes: blob:.
Review CSP reporting
CSP does not define a reporting endpoint.
Evidence log2 steps · 8 lines
Evaluate script execution [fail]! script-src allows dangerous script schemes: blob:.INFOEvaluate script executionINFOInspect effective script directive effectiveDirective="script-src" sources=["'self'","'unsafe-inline'","https://clerk.accounts.dev","https://clerk.runframe.io","https://checkout.dodopayments.com","https://*.dodopayments.com","https://challenges.cloudflare.com","https://www.googletagmanager.com","https://static.cloudflareinsights.com","https://us-assets.i.posthog.com","https://client.crisp.chat","blob:"]FAILCompare script execution posture actual={"hasNonce":false,"hasHash":false,"hasStrictDynamic":false,"hasUnsafeInline":true,"hasUnsafeEval":false,"hasWildcardHost":false,"hasBroadScheme":false,"dangerousSchemes":["blob:"]} expected="constrained script sources without unsafe execution allowances" issue="script-src allows dangerous script schemes: blob:."FAILscript-src allows dangerous script schemes: blob:.Review CSP reporting [warning]! CSP does not define a reporting endpoint.INFOReview CSP reportingINFOInspect CSP reporting directives reportOnlyHeaderPresent=true reportOnlyDirectives=["default-src","script-src","style-src","img-src","font-src","connect-src","frame-src","media-src","worker-src","object-src","base-uri","form-action","frame-ancestors","report-uri"]WARNCompare violation reporting configuration actual="no reporting endpoint" expected="report-to or report-uri present" issue="CSP does not define a reporting endpoint."WARNCSP does not define a reporting endpoint.
Sign in to see 27 other issues and the full report
Create a free account to unlock every issue, evidence details, exports, and higher free limits.
Fix with MCP or CLI
Use this report as the handoff into remediation. Generate a coding-agent prompt with the failing checks attached, or jump to the MCP and CLI setup docs before your next rescan.
Score history