mosscatstudios.xyz

Return a markdown version of HTML pages when agents request it via Accept: text/markdown so LLMs ingest your content cleanly.

No markdown response for Accept: text/markdown

Enable Markdown for Agents so requests with `Accept: text/markdown` return a markdown version of your HTML response while HTML stays the default for browsers. Set `Content-Type: text/markdown` on the markdown variant and add `Vary: Accept` so caches differentiate the two representations. Verify with `curl -H "Accept: text/markdown" https://yoursite.com/`.

robots.txt, sitemap.xml, and llms.txt are reachable at the canonical origin with usable content types so crawlers and AI agents trust the site’s machine-readable metadata.

1 required site-file issue(s) and 0 optional warning(s) were detected.

Publish `/robots.txt`, `/sitemap.xml`, and `/llms.txt` at the canonical origin with public 200 responses and appropriate text/XML content types. Keep `/llms-full.txt` optional, but if present serve it as plain text or markdown and keep its links aligned with the short llms.txt index.

Set robots.txt rules for AI search, user-triggered browsing, and training crawlers that match your content policy.

AI search/user crawlers are allowed, while one or more training/data-use crawlers are blocked as a policy choice

Add explicit User-agent entries for AI crawlers — GPTBot, OAI-SearchBot, ClaudeBot, Claude-Web, Google-Extended, PerplexityBot, CCBot — with Allow/Disallow rules that reflect your policy. Decide per-bot whether you want training access, search indexing, or both, and document the choice in source so it doesn't silently drift in future edits.

Publish an A2A Agent Card so other agents can discover your agent-to-agent capabilities and supported interfaces.

No agent-to-agent surface was detected, so A2A agent-card discovery may not apply

Publish /.well-known/agent-card.json describing your agent: `name`, `description`, `endpoints`, `version`, and a complete `supportedInterfaces` array with the protocols and message types you accept. Include a `capabilities` block so calling agents can negotiate, and keep the URL stable across deploys — agents cache discovery responses.

Publish a discoverable agent-skills index so AI agents can find and load your structured skill bundles.

No agent skill surface was detected, so agent-skills discovery may not apply

Publish a skills discovery index at /.well-known/agent-skills/index.json (per the Agent Skills Discovery RFC v0.2.0) with a `$schema` field and a `skills` array. Each entry should have `name`, `type`, `description`, `url`, and a `sha256` digest of the SKILL.md so agents can verify integrity. Make sure each `url` resolves to a reachable SKILL.md.

Publish an API catalog at /.well-known/api-catalog so agents can discover your API documentation and schemas without crawling.

No public API surface was detected, so API catalog discovery may not apply

Create /.well-known/api-catalog returning `application/linkset+json` with a `linkset` array. Each entry should include an `anchor` URL for the API and link relations like `service-desc` (OpenAPI spec), `service-doc` (human docs), and `status` (health endpoint). See RFC 9727 Appendix A for examples and RFC 9264 for the linkset format.

No llms.txt file was detected; this emerging convention is optional and does not reduce the base score.

If you publish `/llms.txt`, serve it as plain text or markdown and link only to important public docs/resources. Treat it as an optional discovery aid, not a guaranteed ranking factor, and do not expose private/internal URLs.

Serve an MCP Server Card so agents can discover your Model Context Protocol surface and connect with the right capabilities.

No MCP server surface was detected, so MCP server-card discovery may not apply

Serve an MCP Server Card at /.well-known/mcp/server-card.json with `serverInfo` (name, version), the transport endpoint URL, and the `capabilities` you support. Accept /.well-known/mcp.json as a fallback for clients on the legacy path. The schema is being standardized — track the active proposal at github.com/modelcontextprotocol/modelcontextprotocol/pull/2127.

Expose OAuth/OIDC discovery metadata so agents can authenticate against your APIs programmatically.

No public login, signup, or protected API surface was detected, so OAuth/OIDC discovery may not apply

If your site has protected APIs, publish /.well-known/openid-configuration (for OpenID Connect) or /.well-known/oauth-authorization-server (for OAuth 2.0) with `issuer`, `authorization_endpoint`, `token_endpoint`, `jwks_uri`, and `grant_types_supported`. This lets agents discover how to authenticate without parsing your docs.

Publish OAuth Protected Resource metadata so agents know which auth servers issue valid tokens for your APIs.

No protected API surface was detected, so OAuth protected-resource metadata may not apply

Publish /.well-known/oauth-protected-resource (per RFC 9728) with your `resource` identifier, `authorization_servers` (the list of OAuth/OIDC issuer URLs that can issue tokens for this resource), and `scopes_supported`. This tells agents which auth server to obtain access tokens from and which scopes to request.

Publish a discoverable OpenAPI 3.x document so agents and developers can understand your public HTTP API without scraping docs.

No public API surface was detected, so OpenAPI discovery may not apply

Publish a valid OpenAPI 3.x document at /openapi.json or /.well-known/openapi.json, and advertise it with a `Link: <...>; rel="service-desc"` header or from /.well-known/api-catalog. Include `openapi`, `info.title`, `info.version`, `servers`, and `paths`; give operations stable `operationId` and `summary` values so agents can choose the right endpoint safely.

Expose in-page tools to AI agents via the WebMCP browser API so agents can act on your site directly.

No in-page agent tool surface was detected, so WebMCP may not apply

Implement the WebMCP API by calling `navigator.modelContext.provideContext()` with tool definitions exposing your site's key actions to AI agents. Each tool needs `name`, `description`, `inputSchema` (JSON Schema), and an `execute` callback. Register tools at the points an agent could meaningfully use them — after page hydration, on route changes, or when permission state changes.

Every indexable page has a single meta description (50-160 chars) that previews the page accurately for search and social.

1 sampled page(s) have missing or multiple meta descriptions; 0 description quality warning(s) were detected.

Add one `<meta name="description">` tag to each important indexable page — 50–180 characters of distinct, human-readable copy that previews the page accurately. Avoid copying the title, padding with keywords, or duplicating descriptions across pages; search engines either rewrite duplicates or skip them entirely.

• mosscatstudios.xyz

Maintain a sitemap of canonical URLs and reference it from robots.txt so crawlers find new and changed pages.

No valid sitemap was discovered

Generate /sitemap.xml listing your canonical URLs (split into a sitemap index if you exceed 50,000 URLs or 50 MB). Refresh it whenever you publish, retire, or rename a page, and reference it from /robots.txt with a Sitemap: directive so crawlers find it without guessing.

Expose Link response headers so agents can discover related resources (API catalog, skills, agent card) without parsing HTML.

No discovery-oriented Link headers were detected on the homepage response

Add Link response headers on your homepage and key API endpoints pointing agents to discovery documents. For example: `Link: </.well-known/api-catalog>; rel="api-catalog"` for your API catalog, or `Link: </docs/api>; rel="service-doc"` for documentation. See RFC 8288 for the format and the IANA Link Relations registry for valid `rel` values.

Internal links use descriptive anchor text and form a reachable graph so crawlers, readers, and AI agents can navigate context.

1 link crawlability or anchor-text warning(s) were detected.

Use real `<a href="...">` elements for navigation — never `<div onclick>` or button-styled spans, which crawlers can't follow. Write descriptive anchor text that summarizes the destination (avoid "click here", "read more", or naked URLs). Keep important pages within ~3 clicks of the homepage so crawl depth doesn't starve them.

• mosscatstudios.xyz

Article-like and substantial pages expose reliable freshness signals so answer engines know whether the content is current.

1 content page(s) have no reliable date signal and 0 have a newest signal older than six months.

Add truthful freshness metadata only where it reflects a real content update: JSON-LD dateModified/datePublished, article modified-time meta tags, a visible updated or reviewed date, or sitemap lastmod. Do not stamp every page with build time unless the visible content actually changed.

• mosscatstudios.xyz

Each indexable page carries enough unique, substantive content to merit indexing on its own without overlapping siblings.

0 page(s) are under 100 words; 1 page(s) are between 100 and 300 words; 0 duplicate-content fingerprint group(s) were detected.

Audit indexable pages for substantive, unique content — at minimum a few hundred words of original copy that delivers on the title and description. Consolidate near-duplicate pages with canonical tags or merge them into a single richer page. Don't ship placeholder "Coming soon" pages to production indexable URLs.

• mosscatstudios.xyz

Each indexable page declares one canonical URL pointing to itself or the definitive original, so search engines consolidate ranking signals.

0 canonical error(s) and 1 canonical warning(s) were detected in the sample.

Add exactly one `<link rel="canonical" href="...">` per indexable page in the document head, with an absolute URL pointing to the preferred version (after redirects, with the right protocol and trailing-slash policy). Self-canonical is fine for the original; cross-canonical only when consolidating duplicates. Never canonicalize to a noindexed or 404 page.

No article-like content pages requiring external citations were detected in the sample.

Add outbound citations only where the page makes claims that benefit from primary sources, standards, or official documentation.

No visible FAQ-style questions or FAQPage JSON-LD were detected.

Add visible question-and-answer sections only where they genuinely help users make a decision or complete a task.

The site declares a favicon (and ideally apple-touch-icon variants) via standard <link> tags so browsers, bookmarks, and previews show the right brand mark.

No favicon link was detected on the sampled homepage.

Add a `<link rel="icon" href="/favicon.ico">` (or a versioned `.png`/`.svg`) to the homepage head, plus an optional `<link rel="apple-touch-icon" href="/apple-touch-icon.png">` (180×180) for iOS bookmarks. Keep the URL stable across deploys so browsers and bookmarks don't lose the icon to cache busts.

Pages declare language and region alternates with hreflang annotations when content varies by locale, so search engines route the right version to the right reader.

No hreflang annotations were detected in the sampled pages.

On each localized page, add `<link rel="alternate" hreflang="...">` tags pointing to every language/region variant (including a self-reference). Use valid IANA language-region codes (e.g. `en-US`, `fr-FR`), absolute `href` URLs, and one `hreflang="x-default"` entry pointing to the version for unspecified locales. Each variant must reciprocally link back.

Lightweight server and document metrics from the sampled homepage are captured every scan so drift in HTML size, server stack, or DOM complexity is observable across reports.

Captured lightweight server and document metrics from the sampled homepage.

Sitemap entries match the live canonical URLs and stay consistent with what the site actually publishes.

No sitemap URL metadata was available from the already-fetched sitemap sample.

Make sure sitemap entries match what the site actually publishes: only canonical URLs, only indexable pages (no noindex), and `<lastmod>` values in valid W3C datetime format. Remove redirects, 404s, and non-canonical URLs from the sitemap so crawlers don't spend budget chasing them.

Pages expose Open Graph and Twitter Card metadata so they preview cleanly when shared on social, in chat, or by AI assistants.

No Open Graph or Twitter card metadata was detected in the sampled pages.

On shareable pages, add Open Graph and Twitter Card metadata in the head: `og:title`, `og:description`, `og:image` (1200×630 minimum), `og:url`, `og:type`, plus `twitter:card` set to `summary_large_image`. Make the OG content match the visible page so previews aren't misleading, and use a real image URL with stable dimensions so social platforms cache reliably.

Pages publish JSON-LD structured data so search engines and AI agents can extract entities, products, FAQs, and offers reliably.

No JSON-LD structured data was detected in the sampled pages.

Embed JSON-LD `<script type="application/ld+json">` blocks in the head describing the page's primary entity — Article, Product, FAQPage, Organization, etc. — using schema.org types and required fields per Google's structured data guidelines. Validate with the Rich Results Test before shipping, and keep the JSON strictly parseable (no trailing commas, no comments).

Content-Security-Policy is missing

Publish a baseline Content-Security-Policy for the site shell.

HTTP Observatory grade F with score 10.

Tighten response headers and HTTP posture where Observatory reports gaps.

HSTS is missing

Add a Strict-Transport-Security header on HTTPS responses.

Identify your own bot traffic with Web Bot Auth signed requests so receiving sites can verify and trust them.

Web Bot Auth HTTP Message Signatures directory is missing

Publish a JWKS at /.well-known/http-message-signatures-directory containing the public keys you use to sign outgoing bot requests, so receiving sites can verify those requests via HTTP Message Signatures (RFC 9421). Rotate keys on a regular cadence and keep the previous key in the JWKS until in-flight requests have aged out.

X-Content-Type-Options is not set to nosniff

Set X-Content-Type-Options: nosniff.

No Cloudflare Challenge Page marker was detected on the homepage response.

No DNSSEC DS or DNSKEY records were detected for the DNS zone.

Cloudflare reported cache status DYNAMIC.

Homepage Link headers do not advertise agent-useful discovery artifacts

Expose Link headers for api-catalog, service-desc, agent-skills, or related discovery artifacts.

Scanned every discovered page (1).

Publish Agentic Commerce Protocol discovery so agents can transact with your commerce surfaces without scraping.

No payable API surface was detected, so ACP discovery may not apply

Serve /.well-known/acp.json at the origin root with `protocol.name` set to `"acp"`, the `protocol.version`, `api_base_url`, supported transports, and `capabilities.services`. Agents can then discover your ACP implementation without first creating a checkout session.

No Cloudflare-generated error diagnostics were detected on the homepage response.

No Cloudflare product beacons were detected in the homepage response.

Detected 1 public DNS/service signal(s).

Publish Machine Payment Protocol metadata so agents can discover paid endpoints in your API.

No payable API surface was detected, so MPP discovery may not apply

Publish an OpenAPI document at /openapi.json with `x-payment-info` extensions on payable operations. Each operation should declare `intent` (charge or session), `method` (tempo, stripe, lightning, card), `amount`, and `currency`. Use the MPP SDK (`mppx` for TypeScript, `pympp` for Python) with framework middleware for Hono, Express, Next.js, or Elysia to handle the payment flow.

Expose Universal Commerce Protocol metadata so agents can transact for content or services through a standard interface.

No payable API surface was detected, so UCP discovery may not apply

Serve /.well-known/ucp with your protocol version, declared `services`, supported `capabilities`, and reachable `endpoints`. Make sure any spec URLs and referenced JSON Schemas resolve so agents can validate against them at discovery time.

Support x402-style HTTP 402 payment flows so agents can pay for API access machine-to-machine.

No payable API surface was detected, so x402 discovery may not apply

Add x402 payment middleware to your API routes so AI agents can pay for access via HTTP. Use `@x402/express`, `@x402/hono`, or `@x402/next` middleware with a facilitator URL and wallet address. Protected routes will return HTTP 402 with payment requirements that agents can fulfill automatically.

HTML validation is temporarily unavailable.