https://kordu.tools

Return a markdown version of HTML pages when agents request it via Accept: text/markdown so LLMs ingest your content cleanly.

No markdown response for Accept: text/markdown

Enable Markdown for Agents so requests with `Accept: text/markdown` return a markdown version of your HTML response while HTML stays the default for browsers. Set `Content-Type: text/markdown` on the markdown variant and add `Vary: Accept` so caches differentiate the two representations. Verify with `curl -H "Accept: text/markdown" https://yoursite.com/`.

Publish a discoverable agent-skills index so AI agents can find and load your structured skill bundles.

Agent Skills index exists but does not list any SKILL.md paths

Publish a skills discovery index at /.well-known/agent-skills/index.json (per the Agent Skills Discovery RFC v0.2.0) with a `$schema` field and a `skills` array. Each entry should have `name`, `type`, `description`, `url`, and a `sha256` digest of the SKILL.md so agents can verify integrity. Make sure each `url` resolves to a reachable SKILL.md.

Serve an MCP Server Card so agents can discover your Model Context Protocol surface and connect with the right capabilities.

MCP server card is missing

Serve an MCP Server Card at /.well-known/mcp/server-card.json with `serverInfo` (name, version), the transport endpoint URL, and the `capabilities` you support. Accept /.well-known/mcp.json as a fallback for clients on the legacy path. The schema is being standardized — track the active proposal at github.com/modelcontextprotocol/modelcontextprotocol/pull/2127.

Expose OAuth/OIDC discovery metadata so agents can authenticate against your APIs programmatically.

OAuth or OIDC discovery metadata is missing or incomplete

If your site has protected APIs, publish /.well-known/openid-configuration (for OpenID Connect) or /.well-known/oauth-authorization-server (for OAuth 2.0) with `issuer`, `authorization_endpoint`, `token_endpoint`, `jwks_uri`, and `grant_types_supported`. This lets agents discover how to authenticate without parsing your docs.

Publish OAuth Protected Resource metadata so agents know which auth servers issue valid tokens for your APIs.

OAuth protected resource metadata is missing

Publish /.well-known/oauth-protected-resource (per RFC 9728) with your `resource` identifier, `authorization_servers` (the list of OAuth/OIDC issuer URLs that can issue tokens for this resource), and `scopes_supported`. This tells agents which auth server to obtain access tokens from and which scopes to request.

Expose in-page tools to AI agents via the WebMCP browser API so agents can act on your site directly.

No WebMCP registration markers were detected

Implement the WebMCP API by calling `navigator.modelContext.provideContext()` with tool definitions exposing your site's key actions to AI agents. Each tool needs `name`, `description`, `inputSchema` (JSON Schema), and an `execute` callback. Register tools at the points an agent could meaningfully use them — after page hydration, on route changes, or when permission state changes.

Every indexable page has exactly one descriptive, unique title that summarizes the page in 50-60 characters.

1 sampled page(s) have missing or multiple titles; 0 title quality warning(s) were detected.

Add exactly one `<title>` tag to every indexable page, ideally 50–60 characters. Make each title descriptive and unique across the site so search engines can disambiguate them. For sectional pages, include the brand as a suffix (`Page Topic | Brand`) so social previews still attribute correctly.

• /blog/api-authentication-methods-compared/

Each page has a clear heading hierarchy with one h1 and properly nested h2/h3 sections so structure conveys meaning to readers and crawlers.

0 H1 issue(s) and 2 skipped heading hierarchy warning(s) were detected.

Use exactly one `<h1>` per page that conveys the page's subject, then nest `<h2>` sections beneath it and `<h3>` for sub-sections — never skip levels (h1 → h3) or wrap headings in `<div>` for styling. Headings communicate document structure to assistive tech and crawlers; write them as outline entries, not as styled text.

• /blog/
• /blog/authors/iyda/

Internal links use descriptive anchor text and form a reachable graph so crawlers, readers, and AI agents can navigate context.

25 link crawlability or anchor-text warning(s) were detected.

Use real `<a href="...">` elements for navigation — never `<div onclick>` or button-styled spans, which crawlers can't follow. Write descriptive anchor text that summarizes the destination (avoid "click here", "read more", or naked URLs). Keep important pages within ~3 clicks of the homepage so crawl depth doesn't starve them.

• /blog/api-authentication-methods-compared/
• /blog/average-reaction-time-by-age/
• /blog/base64-encoding-explained-how-it-works/
• /blog/best-crosshair-settings-competitive-fps/

Pages declare language and region alternates with hreflang annotations when content varies by locale, so search engines route the right version to the right reader.

No hreflang annotations were detected in the sampled pages.

On each localized page, add `<link rel="alternate" hreflang="...">` tags pointing to every language/region variant (including a self-reference). Use valid IANA language-region codes (e.g. `en-US`, `fr-FR`), absolute `href` URLs, and one `hreflang="x-default"` entry pointing to the version for unspecified locales. Each variant must reciprocally link back.

Identify your own bot traffic with Web Bot Auth signed requests so receiving sites can verify and trust them.

Web Bot Auth HTTP Message Signatures directory is missing

Publish a JWKS at /.well-known/http-message-signatures-directory containing the public keys you use to sign outgoing bot requests, so receiving sites can verify those requests via HTTP Message Signatures (RFC 9421). Rotate keys on a regular cadence and keep the previous key in the JWKS until in-flight requests have aged out.

HTTP Observatory grade B+ with score 80.

Tighten response headers and HTTP posture where Observatory reports gaps.

No Cloudflare Challenge Page marker was detected on the homepage response.

No DNSSEC DS or DNSKEY records were detected for the DNS zone.

PSI mobile performance score is 91.

Improve mobile Lighthouse performance issues highlighted by PageSpeed Insights.

Publish Agentic Commerce Protocol discovery so agents can transact with your commerce surfaces without scraping.

No ACP discovery markers were detected

Serve /.well-known/acp.json at the origin root with `protocol.name` set to `"acp"`, the `protocol.version`, `api_base_url`, supported transports, and `capabilities.services`. Agents can then discover your ACP implementation without first creating a checkout session.

Publish Machine Payment Protocol metadata so agents can discover paid endpoints in your API.

No MPP discovery markers were detected

Publish an OpenAPI document at /openapi.json with `x-payment-info` extensions on payable operations. Each operation should declare `intent` (charge or session), `method` (tempo, stripe, lightning, card), `amount`, and `currency`. Use the MPP SDK (`mppx` for TypeScript, `pympp` for Python) with framework middleware for Hono, Express, Next.js, or Elysia to handle the payment flow.

Expose Universal Commerce Protocol metadata so agents can transact for content or services through a standard interface.

No UCP discovery markers were detected

Serve /.well-known/ucp with your protocol version, declared `services`, supported `capabilities`, and reachable `endpoints`. Make sure any spec URLs and referenced JSON Schemas resolve so agents can validate against them at discovery time.

Support x402-style HTTP 402 payment flows so agents can pay for API access machine-to-machine.

No x402 discovery markers were detected

Add x402 payment middleware to your API routes so AI agents can pay for access via HTTP. Use `@x402/express`, `@x402/hono`, or `@x402/next` middleware with a facilitator URL and wallet address. Protected routes will return HTTP 402 with payment requirements that agents can fulfill automatically.

Scanned 12 representative pages out of 224.

No Cloudflare-generated error diagnostics were detected on the homepage response.

No Cloudflare product beacons were detected in the homepage response.

Detected 3 public DNS/service signal(s).