1. Crawl Summary

• fail

  Fetched 0 of 1 pages successfully

  Target: https://t.co/uejuu5r5Kw

  Evidence

  {
    "pages": [
      {
        "url": "https://t.co/uejuu5r5Kw",
        "bytes": 0,
        "status": 0,
        "fetchMs": 15001
      }
    ],
    "origin": "https://t.co",
    "target": "https://t.co/uejuu5r5Kw"
  }

  P1

2. Data Found

3. Homepage Audit

• fail

  Homepage could not be fetched

  This operation was aborted

  P1

4. Content Quality

No findings.

5. Schema / Structured Data Audit

No findings.

6. Links & Images

No findings.

7. Performance

No findings.

8. Security

• warn

  HSTS missing

  Add `Strict-Transport-Security: max-age=31536000; includeSubDomains` once you're confident in https.

  P3
• warn

  Content-Security-Policy missing

  Define a CSP to limit script sources — large reduction in XSS surface.

  P3
• warn

  X-Frame-Options missing

  Add `X-Frame-Options: SAMEORIGIN` (or use CSP frame-ancestors) to prevent clickjacking.

  P4
• warn

  X-Content-Type-Options missing

  Add `X-Content-Type-Options: nosniff` to block MIME-type sniffing.

  P4
• warn

  Referrer-Policy missing

  Add `Referrer-Policy: strict-origin-when-cross-origin` for safer referrers.

  P4
• warn

  Permissions-Policy missing

  Restrict browser features (camera, mic, geolocation) you don't use.

  P4
• pass

  Served over HTTPS

  Evidence

  {
    "finalUrl": "https://t.co/uejuu5r5Kw"
  }

  P5

9. robots.txt and sitemap.xml Audit

• fail

  sitemap.xml not found

  Add /sitemap.xml — required for reliable AI/SERP discovery.

  P1
• warn

  robots.txt does not reference a Sitemap

  Add `Sitemap: https://yoursite.com/sitemap.xml` to robots.txt.

  P3
• pass

  robots.txt present

  152 chars

  Evidence

  {
    "snippet": "User-agent: twitterbot\nDisallow:\n\n#Google Search Engine Robot\nUser-agent: Googlebot\nDisallow:\n\nUser-agent: Bingbot\nDisallow:\n\nUser-agent: *\nDisallow: /\n"
  }

  P5

10. LLM / AI Crawler Accessibility

• fail

  GPTBot blocked via wildcard

  User-agent: * is disallowed from / and no explicit rule for GPTBot overrides it.

  P1
• fail

  ClaudeBot blocked via wildcard

  User-agent: * is disallowed from / and no explicit rule for ClaudeBot overrides it.

  P1
• fail

  PerplexityBot blocked via wildcard

  User-agent: * is disallowed from / and no explicit rule for PerplexityBot overrides it.

  P1
• fail

  Google-Extended blocked via wildcard

  User-agent: * is disallowed from / and no explicit rule for Google-Extended overrides it.

  P1
• fail

  OAI-SearchBot blocked via wildcard

  User-agent: * is disallowed from / and no explicit rule for OAI-SearchBot overrides it.

  P1
• fail

  Applebot-Extended blocked via wildcard

  User-agent: * is disallowed from / and no explicit rule for Applebot-Extended overrides it.

  P1
• fail

  CCBot blocked via wildcard

  User-agent: * is disallowed from / and no explicit rule for CCBot overrides it.

  P1
• warn

  llms.txt missing

  Add /llms.txt — a concise, link-rich summary that helps LLMs orient on your site.

  P2
• warn

  skill.md missing

  Add /skill.md describing what your site lets agents do — speeds up agent task routing.

  P3
• warn

  /.well-known/security.txt missing

  Publish a /.well-known/security.txt with at least a Contact: line. Crawlers and security researchers expect it; AI systems use it as a trust signal.

  P3

11. Positioning Clarity

No findings.

12. Missing or Hard-to-Find Information

• fail

  12 data point(s) could not be found from public pages

  · Pricing · Customer logos · Social proof · Recent launches · Blog post activity · New hires · Headline copy · Positioning · Executive team · Product/service descriptions · Case studies or testimonials · Contact/demo/signup paths

  Evidence

  {
    "missing": [
      "Pricing",
      "Customer logos",
      "Social proof",
      "Recent launches",
      "Blog post activity",
      "New hires",
      "Headline copy",
      "Positioning",
      "Executive team",
      "Product/service descriptions",
      "Case studies or testimonials",
      "Contact/demo/signup paths"
    ]
  }

  P1

13. Recommended Fixes

• warn

  Allow GPTBot in robots.txt

  Add an explicit User-agent: GPTBot Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "for": "aibot.GPTBot"
  }

  P1
• warn

  Allow ClaudeBot in robots.txt

  Add an explicit User-agent: ClaudeBot Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "for": "aibot.ClaudeBot"
  }

  P1
• warn

  Allow PerplexityBot in robots.txt

  Add an explicit User-agent: PerplexityBot Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "for": "aibot.PerplexityBot"
  }

  P1
• warn

  Allow Google-Extended in robots.txt

  Add an explicit User-agent: Google-Extended Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "for": "aibot.Google-Extended"
  }

  P1
• warn

  Allow OAI-SearchBot in robots.txt

  Add an explicit User-agent: OAI-SearchBot Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "for": "aibot.OAI-SearchBot"
  }

  P1
• warn

  Allow Applebot-Extended in robots.txt

  Add an explicit User-agent: Applebot-Extended Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "for": "aibot.Applebot-Extended"
  }

  P1
• warn

  Allow CCBot in robots.txt

  Add an explicit User-agent: CCBot Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "for": "aibot.CCBot"
  }

  P1
• warn

  Publish a sitemap.xml

  Generate /sitemap.xml automatically (Next.js: app/sitemap.ts). Include every canonical URL.

  Evidence

  {
    "for": "sitemap.exists"
  }

  P1
• warn

  Add /llms.txt

  A short Markdown-flavored summary at the root. Include your H1, value prop, top 5–10 links, and pricing summary.

  Evidence

  {
    "for": "llms_txt"
  }

  P2
• warn

  Add /skill.md

  Describe what an agent can do with your site (e.g., 'Search docs', 'Look up pricing'). Useful for agentic flows.

  Evidence

  {
    "for": "skill_md"
  }

  P3
• warn

  Publish /.well-known/security.txt

  A security contact builds trust with crawlers and researchers. Minimal example: ``` Contact: mailto:security@yourdomain.com Expires: 2027-01-01T00:00:00.000Z Preferred-Languages: en ```

  Evidence

  {
    "for": "security_txt"
  }

  P3
• warn

  Reference your sitemap in robots.txt

  Add `Sitemap: https://yoursite.com/sitemap.xml` so crawlers don't have to guess.

  Evidence

  {
    "for": "robots.sitemap_ref"
  }

  P3
• warn

  Enable HSTS

  Add `Strict-Transport-Security: max-age=31536000; includeSubDomains` once you're confident every subdomain is https-ready.

  Evidence

  {
    "for": "security.hsts"
  }

  P3
• warn

  Define a Content-Security-Policy

  Start with `Content-Security-Policy-Report-Only` to learn safe sources, then enforce. Cuts XSS blast radius.

  Evidence

  {
    "for": "security.csp"
  }

  P3
• warn

  Add X-Frame-Options

  `X-Frame-Options: SAMEORIGIN` (or CSP `frame-ancestors`) blocks clickjacking via iframe embeds.

  Evidence

  {
    "for": "security.xfo"
  }

  P4
• warn

  Add X-Content-Type-Options

  `X-Content-Type-Options: nosniff` prevents browsers from MIME-sniffing responses.

  Evidence

  {
    "for": "security.xcto"
  }

  P4
• warn

  Set a Referrer-Policy

  `Referrer-Policy: strict-origin-when-cross-origin` is a safe default.

  Evidence

  {
    "for": "security.referrer"
  }

  P4
• warn

  Set a Permissions-Policy

  Restrict browser features you don't use, e.g. `Permissions-Policy: camera=(), microphone=(), geolocation=()`.

  Evidence

  {
    "for": "security.permissions"
  }

  P4

14. Priority To-Do List

• warn

  [ ] Allow GPTBot in robots.txt

  Add an explicit User-agent: GPTBot Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "priority": 1
  }

  P1
• warn

  [ ] Allow ClaudeBot in robots.txt

  Add an explicit User-agent: ClaudeBot Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "priority": 1
  }

  P1
• warn

  [ ] Allow PerplexityBot in robots.txt

  Add an explicit User-agent: PerplexityBot Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "priority": 1
  }

  P1
• warn

  [ ] Allow Google-Extended in robots.txt

  Add an explicit User-agent: Google-Extended Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "priority": 1
  }

  P1
• warn

  [ ] Allow OAI-SearchBot in robots.txt

  Add an explicit User-agent: OAI-SearchBot Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "priority": 1
  }

  P1
• warn

  [ ] Allow Applebot-Extended in robots.txt

  Add an explicit User-agent: Applebot-Extended Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "priority": 1
  }

  P1
• warn

  [ ] Allow CCBot in robots.txt

  Add an explicit User-agent: CCBot Allow: / block so this AI crawler can read your site.

  Evidence

  {
    "priority": 1
  }

  P1
• warn

  [ ] Publish a sitemap.xml

  Generate /sitemap.xml automatically (Next.js: app/sitemap.ts). Include every canonical URL.

  Evidence

  {
    "priority": 1
  }

  P1
• warn

  [ ] Add /llms.txt

  A short Markdown-flavored summary at the root. Include your H1, value prop, top 5–10 links, and pricing summary.

  Evidence

  {
    "priority": 2
  }

  P2
• warn

  [ ] Add /skill.md

  Describe what an agent can do with your site (e.g., 'Search docs', 'Look up pricing'). Useful for agentic flows.

  Evidence

  {
    "priority": 3
  }

  P3
• warn

  [ ] Publish /.well-known/security.txt

  A security contact builds trust with crawlers and researchers. Minimal example: ``` Contact: mailto:security@yourdomain.com Expires: 2027-01-01T00:00:00.000Z Preferred-Languages: en ```

  Evidence

  {
    "priority": 3
  }

  P3
• warn

  [ ] Reference your sitemap in robots.txt

  Add `Sitemap: https://yoursite.com/sitemap.xml` so crawlers don't have to guess.

  Evidence

  {
    "priority": 3
  }

  P3
• warn

  [ ] Enable HSTS

  Add `Strict-Transport-Security: max-age=31536000; includeSubDomains` once you're confident every subdomain is https-ready.

  Evidence

  {
    "priority": 3
  }

  P3
• warn

  [ ] Define a Content-Security-Policy

  Start with `Content-Security-Policy-Report-Only` to learn safe sources, then enforce. Cuts XSS blast radius.

  Evidence

  {
    "priority": 3
  }

  P3
• warn

  [ ] Add X-Frame-Options

  `X-Frame-Options: SAMEORIGIN` (or CSP `frame-ancestors`) blocks clickjacking via iframe embeds.

  Evidence

  {
    "priority": 4
  }

  P4
• warn

  [ ] Add X-Content-Type-Options

  `X-Content-Type-Options: nosniff` prevents browsers from MIME-sniffing responses.

  Evidence

  {
    "priority": 4
  }

  P4
• warn

  [ ] Set a Referrer-Policy

  `Referrer-Policy: strict-origin-when-cross-origin` is a safe default.

  Evidence

  {
    "priority": 4
  }

  P4
• warn

  [ ] Set a Permissions-Policy

  Restrict browser features you don't use, e.g. `Permissions-Policy: camera=(), microphone=(), geolocation=()`.

  Evidence

  {
    "priority": 4
  }

  P4