AI Readiness
AI Readiness
Measures how well a domain is prepared for autonomous AI agents — LLM crawlers, ChatGPT plugins, MCP clients, and agentic browsers. The scan probes ~12 well-known files, protocol endpoints, and HTTP behaviors that together signal whether software (not just humans) can discover, navigate, transact with, and reliably consume your site.
Common Uses
- Auditing your own domain before launching an agent-facing product
- Comparing competitors' agent readiness
- Triaging which agentic-web signals are quickest to add for the biggest score lift
Why It Matters
As LLMs move from chat windows to active agents that fetch URLs, call APIs, and pay for services, sites that don't expose machine-readable affordances become invisible. AI readiness is the SEO of the agentic web: a site that scores well today is reachable by tomorrow's autonomous tooling.
History
The category emerged in 2023–2024 as OpenAI's plugin manifest, Anthropic's MCP protocol, the llms.txt convention, and Coinbase's x402 payment standard converged into a loose set of 'agent-readable' web conventions. Public scorers like AgentGrade popularized treating these as a single graded measure.
How well prepared is dnsape.com for AI agents and the agentic web?
AI Specs
5/5llms.txt
A markdown-style overview file served at the site root that summarizes your site's purpose, key pages, and content priorities specifically for large language models. It complements robots.txt and sitemap.xml by giving LLMs human-curated structure instead of forcing them to crawl and infer.
Common Uses
- Telling an LLM what your product does in 2–3 paragraphs without it having to read your homepage
- Listing canonical URLs for docs, pricing, API reference, status page
- Highlighting which content is authoritative when multiple sources exist
Why It Matters
LLM context windows are limited; serving a llms.txt lets an agent decide which of your URLs are worth fetching instead of spending its budget on navigation HTML. Without it, agents either ignore the site or fetch low-value pages.
History
Proposed by Jeremy Howard at Answer.AI in September 2024 (llmstxt.org). It draws inspiration from robots.txt and humans.txt, but is markdown-formatted so the file itself is directly consumable by an LLM.
# DNSApe > Free DNS and network diagnostic tools for humans and AI agents — DNS, WHOIS, SSL, HTTP headers, TCP ping, email authentication, SEO, and AI-readiness checks via the browser, a REST API, or an MCP server. ## Tools - DNS lookup, delegation traversal, resolver-cache comparison, and change history - WHOIS for domains and IP addresses - SSL/TLS certificate inspection - HTTP security-header analysis - TCP ping / latency - Email security (SPF, DKIM, DMARC, MTA-STS, TLS-RPT) - DNS leak test and DNS speed test - SEO health and AI-readiness scoring ## For AI agents - MCP server: https://dnsape.com/mcp - REST API: https://dnsape.com/api/v1 - OpenAPI spec: https://dnsape.com/openapi.json - Payments (x402): https://dnsape.com/.well-known/x402.json - Agent discovery: https://dnsape.com/.well-known/agents.txt ## Links - Home: https://dnsape.com
agents.txt
A discovery file at /.well-known/agents.txt listing the AI agents you operate, their capabilities, and how to reach them. Analogous to security.txt for security contacts — it tells visiting agents which sibling agents they can collaborate with.
Common Uses
- Publishing the URL of your customer-support agent or chat assistant
- Listing MCP/A2A endpoints with a short capability description
- Helping multi-agent systems discover peer agents during a task
Why It Matters
As agent-to-agent (A2A) collaboration becomes common, sites need a predictable place to advertise which agents they expose. Without agents.txt, peer discovery falls back to guessing or hardcoded directories.
History
Convention emerged in 2024 alongside the A2A protocol and the broader push for .well-known files (RFC 8615) to describe agent capabilities. Not yet a formal standard but widely scanned by agent readiness tools.
# DNSApe — agent discovery # DNS and network diagnostics for AI agents. MCP: https://dnsape.com/mcp OpenAPI: https://dnsape.com/openapi.json Plugin: https://dnsape.com/.well-known/ai-plugin.json x402: https://dnsape.com/.well-known/x402.json # Pricing: free up to a small per-window allowance, then x402 micropayments in USDC.
ai-plugin.json
A JSON manifest at /.well-known/ai-plugin.json describing a plugin or tool that an LLM can call. It declares the plugin's name, description, authentication scheme, and a pointer to an OpenAPI spec defining the actual endpoints.
Common Uses
- Exposing your API to ChatGPT, Claude, or another LLM as a callable tool
- Letting an LLM consume your service without bespoke integration code
- Bundling auth metadata (none, bearer, OAuth) so the agent knows how to authenticate
Valid Settings
Required fields: schema_version, name_for_human, name_for_model, description_for_human, description_for_model, auth, api (with type and url pointing to an OpenAPI spec). Optional: logo_url, contact_email, legal_info_url.
Why It Matters
While OpenAI deprecated its first-party plugin store in 2024, the ai-plugin.json shape became the de facto manifest format reused across multiple agent platforms. It is the cheapest way to make an existing REST API LLM-callable.
History
Introduced by OpenAI in March 2023 with the original ChatGPT Plugins beta. The store closed in April 2024, but the manifest format persists as a portable way to describe LLM-callable APIs.
{
"schema_version": "v1",
"name_for_human": "DNSApe",
"name_for_model": "dnsape",
"description_for_human": "DNS and network diagnostics: DNS, WHOIS, SSL, HTTP headers, ping, email security, SEO, and AI readiness.",
"description_for_model": "Run DNS lookups, WHOIS, SSL/TLS checks, HTTP header analysis, TCP ping, email-authentication audits, and SEO / AI-readiness scans for any domain or IP. Free up to a small per-window allowance, then x402 micropayments in USDC.",
"auth": {
"type": "none"
},
"api": {
"type": "openapi",
"url": "https://dnsape.com/openapi.json"
},
"logo_url": "https://dnsape.com/ape.png",
"contact_email": "[email protected]",
"legal_info_url": "https://dnsape.com"
}
OpenAPI spec
A machine-readable description of your HTTP API — endpoints, parameters, request/response schemas, and authentication. When published at a predictable URL like /openapi.json, agents can read it and call your API without any custom code.
Common Uses
- Pairing with ai-plugin.json to fully describe an LLM-callable tool
- Letting an agent generate typed client code on the fly
- Enabling automated API consumers to discover new endpoints as you ship them
Valid Settings
Must include 'openapi' (3.x) or 'swagger' (2.x) version field, plus 'info' and 'paths' objects. Public APIs should publish at /openapi.json or /openapi.yaml; the path is conventional rather than mandated.
Why It Matters
OpenAPI is the lingua franca between human documentation and agent execution. Without it, every agent integration is a one-off scraping or hand-coded job.
History
Originally Swagger (2010, SmartBear). Donated to the Linux Foundation in 2015 and renamed OpenAPI. Versions 2.0, 3.0, and 3.1 are all in active use; 3.1 added full JSON Schema 2020-12 alignment.
{
"openapi": "3.1.0",
"info": {
"title": "DNSApe API",
"description": "DNS and network diagnostic tools. Every endpoint is free up to a small per-minute allowance, then requires an x402 micropayment (HTTP 402). Payment catalog: https://dnsape.com/.well-known/x402.json.",
"version": "1.0.0",
"contact": {
"name": "DNSApe",
"url": "https://dnsape.com"
}
},
"servers": [
{
"url": "https://dnsape.com/api/v1",
"description": "DNSApe API v1"
}
],
"paths": {
"/dns/records": {
"get": {
"summary": "Look up DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA).",
"parameters": [
{
"name": "host",
"in": "query",
"required": true,
"description": "Domain or IP address to inspect.",
"schema": {
"type": "string"
}
},
{
"name": "type",
"in": "query",
"required": false,
"description": "DNS record type (default ALL).",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful diagnostic result (JSON)."
},
"402": {
"description": "Payment required — free allowance exceeded; attach an x402 payment."
},
"422": {
"description": "Validation error (e.g. missing host)."
},
"429": {
"description": "Rate limit excee
… (truncated)
Markdown content negotiation
Whether the homepage returns text/markdown when an agent sends 'Accept: text/markdown'. Markdown is dramatically more token-efficient than HTML for LLM consumption — same content, fraction of the tokens — and Cloudflare's Agent Readiness Score singles it out as the entire 'Content' category.
Common Uses
- Letting agents fetch the markdown source of a page instead of paying tokens to parse HTML
- Serving the same URL to both browsers and agents via HTTP content negotiation
- Reducing context-window usage by 5–10× per page for agent workflows
Valid Settings
When the request includes 'Accept: text/markdown' (or 'text/x-markdown'), respond with Content-Type 'text/markdown; charset=utf-8' and the markdown source of the page. Implemented in nginx via map directives, in Cloudflare Workers, or in application code.
Why It Matters
As of 2026 only ~3.9% of sites support markdown negotiation, but the adopters tend to be the ones agents prefer to cite. Cheap to implement and a big win for agent compatibility.
History
HTTP content negotiation was standardized in RFC 2616 (1999); 'text/markdown' was registered as a MIME type via RFC 7763 in 2016. Cloudflare popularized the agent-readiness angle in 2025 with its Agent Readiness Score.
# DNSApe > Free DNS and network diagnostic tools for humans and AI agents — DNS, WHOIS, SSL, HTTP headers, TCP ping, email authentication, SEO, and AI-readiness checks via the browser, a REST API, or an MCP server. ## Tools - DNS lookup, delegation traversal, resolver-cache comparison, and change history - WHOIS for domains and IP addresses - SSL/TLS certificate inspection - HTTP security-header analysis - TCP ping / latency - Email security (SPF, DKIM, DMARC, MTA-STS, TLS-RPT) - DNS leak test and DNS speed test - SEO health and AI-readiness scoring ## For AI agents - MCP server: https://dnsape.com/mcp - REST API: https://dnsape.com/api/v1 - OpenAPI spec: https://dnsape.com/openapi.json - Payments (x402): https://dnsape.com/.well-known/x402.json - Agent discovery: https://dnsape.com/.well-known/agents.txt ## Links - Home: https://dnsape.com
Discovery
3/3MCP endpoint
Model Context Protocol — an open standard from Anthropic that lets LLMs call tools, read resources, and fetch prompts from a server over JSON-RPC. The scan prefers a Server Card at /.well-known/mcp/server-card.json (the spec-conformant discovery path) and falls back to probing /.well-known/mcp, /mcp, or /api/mcp directly.
Common Uses
- Making your data sources callable as 'tools' from Claude Desktop, ChatGPT, or any MCP client
- Exposing live read-only resources (logs, dashboards, internal docs) to agents
- Building a remote agent backend that several LLM clients can share
Valid Settings
Best case: publish a Server Card JSON at /.well-known/mcp/server-card.json describing the server's name, version, and transports (streamable-http, sse). Otherwise the live endpoint should return SSE events at /mcp or /api/mcp, or respond with HTTP 405 to a GET (signaling POST is expected).
Why It Matters
MCP is rapidly becoming the dominant way LLMs consume third-party tools. The Server Card lets agents discover capability metadata without making a request — Cloudflare's Agent Readiness Score weights this as a high-signal capability.
History
Released as an open spec by Anthropic in November 2024. Adopted by Claude Desktop, then by OpenAI, Google, Microsoft, and dozens of independent clients within months. The Server Card discovery file emerged in 2025 as the canonical pre-flight discovery path.
{
"name": "DNSApe",
"version": "1.0.0",
"description": "DNS and network diagnostic tools for AI agents.",
"transports": [
"streamable-http"
],
"url": "https://dnsape.com/mcp",
"capabilities": {
"tools": true
},
"tools": [
{
"name": "dns_lookup",
"description": "Query DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA)."
},
{
"name": "dns_history",
"description": "DNS record change history for a domain."
},
{
"name": "whois_lookup",
"description": "WHOIS information for domains and IP addresses."
},
{
"name": "http_headers",
"description": "Fetch HTTP headers and analyze security headers."
},
{
"name": "ssl_check",
"description": "Check SSL/TLS certificates and expiration."
},
{
"name": "tcp_ping",
"description": "Test connectivity and measure latency."
},
{
"name": "email_security",
"description": "Validate SPF, DKIM, DMARC, MTA-STS, and TLS-RPT."
},
{
"name": "seo",
"description": "Score a domain's SEO health."
},
{
"name": "ai_readiness",
"description": "Score a domain's readiness for AI agents."
}
],
"pricing": {
"model": "x402",
"free_calls_per_hour": 6,
"catalog": "https://dnsape.com/.well-known/x402.json"
}
}
x402 payments
An open payment protocol that uses the long-dormant HTTP 402 Payment Required status code so agents can pay for API calls inline. A site advertises x402 support by publishing /.well-known/x402.json describing its paid endpoints, accepted networks, and recipient wallet.
Common Uses
- Charging an agent a few cents per API call without an account or API key handshake
- Letting autonomous agents transact across services using stablecoins
- Monetizing premium endpoints (data feeds, premium docs, AI inference) per-request
Valid Settings
The discovery manifest must include x402Version (1 or 2), payTo (wallet address), and a non-empty services[] array describing paid endpoints. Paid endpoints themselves should return HTTP 402 with a PAYMENT-REQUIRED header for unauthenticated requests.
Why It Matters
Agent commerce is one of the biggest open problems in the agentic web. x402 collapses signup + key issuance + invoicing into a single HTTP exchange, removing the friction that today blocks most agent-to-API transactions.
History
Introduced by Coinbase in 2024 as an open standard. The HTTP 402 status code itself has existed since RFC 1945 (1996) but was reserved 'for future use' — x402 finally puts it to work.
{
"x402Version": 1,
"network": "base",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"payTo": "0x973213abC4C53AC696e20D42F3eCDF9920e64CC7",
"services": [
{
"resource": "https://dnsape.com/api/v1/dns/records",
"method": "GET",
"description": "DNSApe: DNS records lookup",
"maxAmountRequired": "10000",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"network": "base"
},
{
"resource": "https://dnsape.com/api/v1/dns/traversal",
"method": "GET",
"description": "DNSApe: DNS delegation traversal",
"maxAmountRequired": "10000",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"network": "base"
},
{
"resource": "https://dnsape.com/api/v1/dns/cache",
"method": "GET",
"description": "DNSApe: Resolver cache comparison",
"maxAmountRequired": "10000",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"network": "base"
},
{
"resource": "https://dnsape.com/api/v1/dns/history",
"method": "GET",
"description": "DNSApe: DNS record change history",
"maxAmountRequired": "50000",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"network": "base"
},
{
"resource": "https://dnsape.com/api/v1/whois/domain",
"method": "GET",
"description": "DNSApe: WHOIS domain lookup",
"maxAmountRequired": "20000",
"asset": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"network": "base"
},
{
"resource": "https://dnsape.com/api/v1/whois/ip",
"method": "GET",
"description": "DNSApe: WHOIS IP lookup",
"maxAmountRequired": "20000",
"asset": "0x833589fCD6eDb6E08f4
… (truncated)
robots.txt AI bots
Explicit User-agent stanzas in your robots.txt for AI crawlers — GPTBot, ClaudeBot, Google-Extended, PerplexityBot, CCBot, anthropic-ai, Applebot-Extended, OAI-SearchBot. Even an 'Allow: /' line counts because it shows the crawler is on your radar.
Common Uses
- Letting your content be indexed by AI search products like ChatGPT search and Perplexity
- Blocking AI training crawlers while still allowing AI search crawlers (or vice versa)
- Signaling crawl rate limits to specific AI bots
Valid Settings
Each bot needs its own 'User-agent:' stanza followed by Allow/Disallow rules. The scan looks for at least one of the known AI-bot user agents. A wildcard 'User-agent: *' alone does not pass — it's too generic to count as an explicit AI policy.
Why It Matters
AI crawlers default to either crawling everything or nothing depending on the operator. An explicit policy is the difference between intentional inclusion and accidental scraping, and a clear signal to AI products that you have an opinion about agent access.
History
GPTBot launched in August 2023, ClaudeBot in 2024, followed by Google-Extended and others. By 2025, leading sites publish explicit AI-bot policies in addition to the original 1994 robots.txt rules for traditional search.
User-agent: * Disallow: # AI crawlers and agents are explicitly welcome. User-agent: GPTBot Allow: / User-agent: OAI-SearchBot Allow: / User-agent: ChatGPT-User Allow: / User-agent: ClaudeBot Allow: / User-agent: anthropic-ai Allow: / User-agent: Claude-Web Allow: / User-agent: Google-Extended Allow: / User-agent: PerplexityBot Allow: / User-agent: CCBot Allow: / User-agent: Applebot-Extended Allow: /
{
"host": "dnsape.com",
"score": 100,
"grade": "A",
"passed": 8,
"total": 8,
"groups": {
"AI Specs": [
{
"id": "llms_txt",
"group": "AI Specs",
"label": "llms.txt",
"description": "Plain-text site summary aimed at LLM consumers.",
"status": "pass",
"detail": "Found (861 bytes)",
"remediation": "Publish /llms.txt with a markdown-style site overview (see llmstxt.org).",
"evidence": [
{
"url": "https://dnsape.com/llms.txt",
"status": 200,
"content_type": "text/plain; charset=UTF-8",
"body": "# DNSApe\n\n> Free DNS and network diagnostic tools for humans and AI agents \u2014 DNS, WHOIS, SSL, HTTP headers, TCP ping, email authentication, SEO, and AI-readiness checks via the browser, a REST API, or an MCP server.\n\n## Tools\n\n- DNS lookup, delegation traversal, resolver-cache comparison, and change history\n- WHOIS for domains and IP addresses\n- SSL/TLS certificate inspection\n- HTTP security-header analysis\n- TCP ping / latency\n- Email security (SPF, DKIM, DMARC, MTA-STS, TLS-RPT)\n- DNS leak test and DNS speed test\n- SEO health and AI-readiness scoring\n\n## For AI agents\n\n- MCP server: https://dnsape.com/mcp\n- REST API: https://dnsape.com/api/v1\n- OpenAPI spec: https://dnsape.com/openapi.json\n- Payments (x402): https://dnsape.com/.well-known/x402.json\n- Agent discovery: https://dnsape.com/.well-known/agents.txt\n\n## Links\n\n- Home: https://dnsape.com",
"truncated": false
}
]
},
{
"id": "agents_txt",
"group": "AI Specs",
"label": "agents.txt",
"description": "Discovery file listing AI agents and capabilities.",
"status": "pass",
"detail": "Found",
"remediation": "Publish /.well-known/agents.txt listing agent endpoints.",
"evidence": [
{
"url": "https://dnsape.com/.well-known/agents.txt",
"status": 200,
"content_type": "text/plain; charset=UTF-8",
"body": "# DNSApe \u2014 agent discovery\n# DNS and network diagnostics for AI agents.\n\nMCP: https://dnsape.com/mcp\nOpenAPI: https://dnsape.com/openapi.json\nPlugin: https://dnsape.com/.well-known/ai-plugin.json\nx402: https://dnsape.com/.well-known/x402.json\n\n# Pricing: free up to a small per-window allowance, then x402 micropayments in USDC.\n",
"truncated": false
}
]
},
{
"id": "ai_plugin",
"group": "AI Specs",
"label": "ai-plugin.json",
"description": "OpenAI/ChatGPT plugin manifest.",
"status": "pass",
"detail": "Valid plugin manifest",
"remediation": "Publish /.well-known/ai-plugin.json describing your plugin (schema_version, name_for_human, etc.).",
"evidence": [
{
"url": "https://dnsape.com/.well-known/ai-plugin.json",
"status": 200,
"content_type": "application/json; charset=utf-8",
"body": "{\n \"schema_version\": \"v1\",\n \"name_for_human\": \"DNSApe\",\n \"name_for_model\": \"dnsape\",\n \"description_for_human\": \"DNS and network diagnostics: DNS, WHOIS, SSL, HTTP headers, ping, email security, SEO, and AI readiness.\",\n \"description_for_model\": \"Run DNS lookups, WHOIS, SSL/TLS checks, HTTP header analysis, TCP ping, email-authentication audits, and SEO / AI-readiness scans for any domain or IP. Free up to a small per-window allowance, then x402 micropayments in USDC.\",\n \"auth\": {\n \"type\": \"none\"\n },\n \"api\": {\n \"type\": \"openapi\",\n \"url\": \"https://dnsape.com/openapi.json\"\n },\n \"logo_url\": \"https://dnsape.com/ape.png\",\n \"contact_email\": \"[email protected]\",\n \"legal_info_url\": \"https://dnsape.com\"\n}",
"truncated": false
}
]
},
{
"id": "openapi",
"group": "AI Specs",
"label": "OpenAPI spec",
"description": "Machine-readable API specification.",
"status": "pass",
"detail": "OpenAPI 3.1.0",
"remediation": "Publish your OpenAPI spec at /openapi.json so agents can discover your API surface.",
"evidence": [
{
"url": "https://dnsape.com/openapi.json",
"status": 200,
"content_type": "application/json; charset=utf-8",
"body": "{\n \"openapi\": \"3.1.0\",\n \"info\": {\n \"title\": \"DNSApe API\",\n \"description\": \"DNS and network diagnostic tools. Every endpoint is free up to a small per-minute allowance, then requires an x402 micropayment (HTTP 402). Payment catalog: https://dnsape.com/.well-known/x402.json.\",\n \"version\": \"1.0.0\",\n \"contact\": {\n \"name\": \"DNSApe\",\n \"url\": \"https://dnsape.com\"\n }\n },\n \"servers\": [\n {\n \"url\": \"https://dnsape.com/api/v1\",\n \"description\": \"DNSApe API v1\"\n }\n ],\n \"paths\": {\n \"/dns/records\": {\n \"get\": {\n \"summary\": \"Look up DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA).\",\n \"parameters\": [\n {\n \"name\": \"host\",\n \"in\": \"query\",\n \"required\": true,\n \"description\": \"Domain or IP address to inspect.\",\n \"schema\": {\n \"type\": \"string\"\n }\n },\n {\n \"name\": \"type\",\n \"in\": \"query\",\n \"required\": false,\n \"description\": \"DNS record type (default ALL).\",\n \"schema\": {\n \"type\": \"string\"\n }\n }\n ],\n \"responses\": {\n \"200\": {\n \"description\": \"Successful diagnostic result (JSON).\"\n },\n \"402\": {\n \"description\": \"Payment required \u2014 free allowance exceeded; attach an x402 payment.\"\n },\n \"422\": {\n \"description\": \"Validation error (e.g. missing host).\"\n },\n \"429\": {\n \"description\": \"Rate limit excee",
"truncated": true
}
]
},
{
"id": "markdown_negotiation",
"group": "AI Specs",
"label": "Markdown content negotiation",
"description": "Serves text/markdown when an agent requests Accept: text/markdown.",
"status": "pass",
"detail": "Served markdown: text/markdown; charset=utf-8",
"remediation": "Return text/markdown for the root URL when the client sends Accept: text/markdown (per RFC 7231 content negotiation).",
"evidence": [
{
"url": "https://dnsape.com/",
"status": 200,
"content_type": "text/markdown; charset=UTF-8",
"body": "# DNSApe\n\n> Free DNS and network diagnostic tools for humans and AI agents \u2014 DNS, WHOIS, SSL, HTTP headers, TCP ping, email authentication, SEO, and AI-readiness checks via the browser, a REST API, or an MCP server.\n\n## Tools\n\n- DNS lookup, delegation traversal, resolver-cache comparison, and change history\n- WHOIS for domains and IP addresses\n- SSL/TLS certificate inspection\n- HTTP security-header analysis\n- TCP ping / latency\n- Email security (SPF, DKIM, DMARC, MTA-STS, TLS-RPT)\n- DNS leak test and DNS speed test\n- SEO health and AI-readiness scoring\n\n## For AI agents\n\n- MCP server: https://dnsape.com/mcp\n- REST API: https://dnsape.com/api/v1\n- OpenAPI spec: https://dnsape.com/openapi.json\n- Payments (x402): https://dnsape.com/.well-known/x402.json\n- Agent discovery: https://dnsape.com/.well-known/agents.txt\n\n## Links\n\n- Home: https://dnsape.com",
"truncated": false
}
]
}
],
"Discovery": [
{
"id": "mcp",
"group": "Discovery",
"label": "MCP endpoint",
"description": "Model Context Protocol server for AI agents.",
"status": "pass",
"detail": "Server Card at /.well-known/mcp/server-card.json",
"remediation": "Expose an MCP server (e.g. via the laravel/mcp package).",
"evidence": [
{
"url": "https://dnsape.com/.well-known/mcp/server-card.json",
"status": 200,
"content_type": "application/json; charset=utf-8",
"body": "{\n \"name\": \"DNSApe\",\n \"version\": \"1.0.0\",\n \"description\": \"DNS and network diagnostic tools for AI agents.\",\n \"transports\": [\n \"streamable-http\"\n ],\n \"url\": \"https://dnsape.com/mcp\",\n \"capabilities\": {\n \"tools\": true\n },\n \"tools\": [\n {\n \"name\": \"dns_lookup\",\n \"description\": \"Query DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA).\"\n },\n {\n \"name\": \"dns_history\",\n \"description\": \"DNS record change history for a domain.\"\n },\n {\n \"name\": \"whois_lookup\",\n \"description\": \"WHOIS information for domains and IP addresses.\"\n },\n {\n \"name\": \"http_headers\",\n \"description\": \"Fetch HTTP headers and analyze security headers.\"\n },\n {\n \"name\": \"ssl_check\",\n \"description\": \"Check SSL/TLS certificates and expiration.\"\n },\n {\n \"name\": \"tcp_ping\",\n \"description\": \"Test connectivity and measure latency.\"\n },\n {\n \"name\": \"email_security\",\n \"description\": \"Validate SPF, DKIM, DMARC, MTA-STS, and TLS-RPT.\"\n },\n {\n \"name\": \"seo\",\n \"description\": \"Score a domain's SEO health.\"\n },\n {\n \"name\": \"ai_readiness\",\n \"description\": \"Score a domain's readiness for AI agents.\"\n }\n ],\n \"pricing\": {\n \"model\": \"x402\",\n \"free_calls_per_hour\": 6,\n \"catalog\": \"https://dnsape.com/.well-known/x402.json\"\n }\n}",
"truncated": false
},
{
"url": "https://dnsape.com/.well-known/mcp",
"status": 404,
"content_type": "text/html; charset=utf-8",
"body": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n\n <title>Not Found</title>\n\n <style>\n /*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}a{background-color:transparent}code{font-family:monospace,monospace;font-size:1em}[hidden]{display:none}html{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;line-height:1.5}*,:after,:before{box-sizing:border-box;border:0 solid #e2e8f0}a{color:inherit;text-decoration:inherit}code{font-family:Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace}svg,video{display:block;vertical-align:middle}video{max-width:100%;height:auto}.bg-white{--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opacity))}.bg-gray-100{--bg-opacity:1;background-color:#f7fafc;background-color:rgba(247,250,252,var(--bg-opacity))}.border-gray-200{--border-opacity:1;border-color:#edf2f7;border-color:rgba(237,242,247,var(--border-opacity))}.border-gray-400{--border-opacity:1;border-color:#cbd5e0;border-color:rgba(203,213,224,var(--border-opacity))}.border-t{border-top-width:1px}.border-r{border-right-width:1px}.flex{display:flex}.grid{display:grid}.hidden{display:none}.items-center{align-items:center}.justify-center{justify-content:center}.font-semibold{font-weight:600}.h-5{height:1.25rem}.h-8{height:2rem}.h-16{height:4rem}.text-sm{font-size:.875rem}.text-lg{font-size:1.125rem}.leading-7{line-height:1.75rem}.mx-auto{margin-left:auto;margin-right:auto}.ml-1{margin-left:.25rem}.mt-2{margin-top:.5rem}.mr-2{margin-right:.5rem}.ml-2{margin-left:.5rem}.mt-4{margin-top:1rem}.ml-4{margin-left:1rem}.mt-8{margin-top:2rem}.ml-12{margin-left:3rem}.-mt-px{margin-top:-1px}.max-w-xl{max-width:36rem}.max-w",
"truncated": true
},
{
"url": "https://dnsape.com/mcp",
"status": 405,
"content_type": "text/html; charset=utf-8",
"body": "",
"truncated": false
},
{
"url": "https://dnsape.com/api/mcp",
"status": 404,
"content_type": "text/html; charset=utf-8",
"body": "<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n\n <title>Not Found</title>\n\n <style>\n /*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}a{background-color:transparent}code{font-family:monospace,monospace;font-size:1em}[hidden]{display:none}html{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;line-height:1.5}*,:after,:before{box-sizing:border-box;border:0 solid #e2e8f0}a{color:inherit;text-decoration:inherit}code{font-family:Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace}svg,video{display:block;vertical-align:middle}video{max-width:100%;height:auto}.bg-white{--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opacity))}.bg-gray-100{--bg-opacity:1;background-color:#f7fafc;background-color:rgba(247,250,252,var(--bg-opacity))}.border-gray-200{--border-opacity:1;border-color:#edf2f7;border-color:rgba(237,242,247,var(--border-opacity))}.border-gray-400{--border-opacity:1;border-color:#cbd5e0;border-color:rgba(203,213,224,var(--border-opacity))}.border-t{border-top-width:1px}.border-r{border-right-width:1px}.flex{display:flex}.grid{display:grid}.hidden{display:none}.items-center{align-items:center}.justify-center{justify-content:center}.font-semibold{font-weight:600}.h-5{height:1.25rem}.h-8{height:2rem}.h-16{height:4rem}.text-sm{font-size:.875rem}.text-lg{font-size:1.125rem}.leading-7{line-height:1.75rem}.mx-auto{margin-left:auto;margin-right:auto}.ml-1{margin-left:.25rem}.mt-2{margin-top:.5rem}.mr-2{margin-right:.5rem}.ml-2{margin-left:.5rem}.mt-4{margin-top:1rem}.ml-4{margin-left:1rem}.mt-8{margin-top:2rem}.ml-12{margin-left:3rem}.-mt-px{margin-top:-1px}.max-w-xl{max-width:36rem}.max-w",
"truncated": true
}
]
},
{
"id": "x402",
"group": "Discovery",
"label": "x402 payments",
"description": "Agentic micropayments via HTTP 402 (see x402.org).",
"status": "pass",
"detail": "x402 v1, 18 service(s)",
"remediation": "Publish /.well-known/x402.json with x402Version, payTo, and a non-empty services[] array.",
"evidence": [
{
"url": "https://dnsape.com/.well-known/x402.json",
"status": 200,
"content_type": "application/json; charset=utf-8",
"body": "{\n \"x402Version\": 1,\n \"network\": \"base\",\n \"asset\": \"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913\",\n \"payTo\": \"0x973213abC4C53AC696e20D42F3eCDF9920e64CC7\",\n \"services\": [\n {\n \"resource\": \"https://dnsape.com/api/v1/dns/records\",\n \"method\": \"GET\",\n \"description\": \"DNSApe: DNS records lookup\",\n \"maxAmountRequired\": \"10000\",\n \"asset\": \"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913\",\n \"network\": \"base\"\n },\n {\n \"resource\": \"https://dnsape.com/api/v1/dns/traversal\",\n \"method\": \"GET\",\n \"description\": \"DNSApe: DNS delegation traversal\",\n \"maxAmountRequired\": \"10000\",\n \"asset\": \"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913\",\n \"network\": \"base\"\n },\n {\n \"resource\": \"https://dnsape.com/api/v1/dns/cache\",\n \"method\": \"GET\",\n \"description\": \"DNSApe: Resolver cache comparison\",\n \"maxAmountRequired\": \"10000\",\n \"asset\": \"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913\",\n \"network\": \"base\"\n },\n {\n \"resource\": \"https://dnsape.com/api/v1/dns/history\",\n \"method\": \"GET\",\n \"description\": \"DNSApe: DNS record change history\",\n \"maxAmountRequired\": \"50000\",\n \"asset\": \"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913\",\n \"network\": \"base\"\n },\n {\n \"resource\": \"https://dnsape.com/api/v1/whois/domain\",\n \"method\": \"GET\",\n \"description\": \"DNSApe: WHOIS domain lookup\",\n \"maxAmountRequired\": \"20000\",\n \"asset\": \"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913\",\n \"network\": \"base\"\n },\n {\n \"resource\": \"https://dnsape.com/api/v1/whois/ip\",\n \"method\": \"GET\",\n \"description\": \"DNSApe: WHOIS IP lookup\",\n \"maxAmountRequired\": \"20000\",\n \"asset\": \"0x833589fCD6eDb6E08f4",
"truncated": true
}
]
},
{
"id": "robots_ai",
"group": "Discovery",
"label": "robots.txt AI bots",
"description": "Explicit User-agent rules for AI crawlers.",
"status": "pass",
"detail": "Rules for: GPTBot, ClaudeBot, anthropic-ai, Google-Extended, PerplexityBot, CCBot, Applebot-Extended, OAI-SearchBot",
"remediation": "Add User-agent stanzas for GPTBot, ClaudeBot, Google-Extended, PerplexityBot to /robots.txt.",
"evidence": [
{
"url": "https://dnsape.com/robots.txt",
"status": 200,
"content_type": "text/plain; charset=utf-8",
"body": "User-agent: *\nDisallow:\n\n# AI crawlers and agents are explicitly welcome.\nUser-agent: GPTBot\nAllow: /\n\nUser-agent: OAI-SearchBot\nAllow: /\n\nUser-agent: ChatGPT-User\nAllow: /\n\nUser-agent: ClaudeBot\nAllow: /\n\nUser-agent: anthropic-ai\nAllow: /\n\nUser-agent: Claude-Web\nAllow: /\n\nUser-agent: Google-Extended\nAllow: /\n\nUser-agent: PerplexityBot\nAllow: /\n\nUser-agent: CCBot\nAllow: /\n\nUser-agent: Applebot-Extended\nAllow: /\n",
"truncated": false
}
]
}
]
},
"scanned_at": "2026-06-24T00:19:37+00:00"
}