isitready.dev
Sign inStart free scan

FAQ

Questions teams ask before they scan.

Short answers about public website scans, AI readiness, llms.txt, and the evidence model behind isitready.dev.

Run a free auditReview methodology
What does isitready.dev scan?

A read-only public pass across five surfaces: AI readiness (llms.txt, markdown, agent protocols), technical SEO (metadata, canonical, sitemap, structured data), security (HSTS, CSP, headers), performance (Core Web Vitals via PageSpeed Insights when available), and production quality (cache policy, consistency, broken public signals).

Does the scanner need an account or private access?

No. The scanner uses public HTTP evidence only — the same signals a browser, a search crawler, or an AI assistant would see. No credentials, no site ownership verification, no server-side install.

How long does a scan take?

Roughly 30–90 seconds for a small site. The scan fetches a handful of discovery files, samples a few HTML pages, and calls public APIs (PageSpeed Insights, certificate transparency) in parallel. Heavier sites with large sitemaps finish closer to 90 seconds.

Why does llms.txt matter?

llms.txt gives compatible assistants a small, agent-readable map of the pages, docs, tools, and policies you want them to inspect first. Without it, agents and crawlers rely on HTML, sitemaps, robots.txt, and other discovery heuristics, which can make canonical sources easier to miss.

Is this a replacement for a full SEO audit?

No. It is a fast technical readiness pass that surfaces public evidence and priority fixes for developers and operators. It does not model content quality, keyword strategy, or link graphs — that is still editorial and competitive work.

Can I rescan after I ship a fix?

Yes — rescanning is free and the scanner bypasses any cached evidence by default. The new report is a separate link, so you can share the before and after without losing the original diagnosis.

What happens to my scan data?

Reports are stored at a 32-character unguessable URL and expire automatically. We do not publish a directory of scans, we do not sell data, and the scanner does not collect any credentials, forms, or authenticated content by design.

Can I scan localhost, staging, or internal hosts?

No. The scanner refuses any target that resolves to a private, loopback, link-local, or multicast address range to prevent SSRF and keep scans limited to the public web. Stand up a preview on a public hostname if you need to audit pre-launch.

Does scanning cost money?

No — free reports are unlimited and public. Kordu offers paid tooling for teams that want persistent monitoring, cross-site dashboards, and PR-based regression checks on top of the underlying scanner.