5 layers · 100 points

How scoring works

Every orank score is computed from dozens of automated checks across 5 layers. Each layer tests a different dimension of agent readiness.

Grading Scale

A
90–100
Agent-Ready
B
70–89
Competitive
C
50–69
Needs Work
D
30–49
At Risk
F
0–29
Invisible
1

Discovery

20 pts

Can agents find you

3

Sitemap exists

GET /sitemap.xml. Valid XML with <urlset> or <sitemapindex>

2

Content without JS

Raw HTML has meaningful text (>500 chars), <h1> present

2

Not blocked by bot detection

Fetch with GPTBot, ClaudeBot, ChatGPT-User, PerplexityBot UAs

3

robots.txt AI policy

Parse for GPTBot, ClaudeBot, ChatGPT-User, Google-Extended, PerplexityBot directives

1

llms.txt exists

Probe /llms.txt and /.well-known/llms.txt for existence

2

llms.txt quality

Validate format, check for markdown links, structured content

2

Agent discovery file

Probe /.well-known/agent-skills, /agents.md, /skills.sh

2

A2A Agent Card

Probe /.well-known/agent-card.json, validate JSON schema

3

Listed in MCP registries

Query Smithery, mcp.so, Glama, PulseMCP for domain match

2

Identity

20 pts

Do agents understand you

4

llms.txt content quality

Check for structured product description, use cases, constraints in llms.txt

4

JSON-LD structured data

Parse JSON-LD for SoftwareApplication or Product schema types

3

Consistent description

Check consistency across meta, og tags, and JSON-LD descriptions

3

Pricing info accessible

Check /pricing, /plans, schema.org/Offer in JSON-LD, links

3

Public API/docs linked from homepage

Check homepage anchor tags for docs/API links, verify they resolve

3

Agent instruction / when-to-use

Check for explicit when-to-use guidance in agent files or llms.txt

3

Access & Auth

20 pts

Can agents authenticate and act

4

Public API with reachable endpoints

Check /api, /docs/api, /api-reference. Probe for 200 response

4

OpenAPI spec published

Check /openapi.json, /swagger.json, validate schema version

3

OAuth 2.0 support

/.well-known/openid-configuration, scan docs for "OAuth"

3

Scoped permissions

Scan docs for "scope", "permission"; check OpenAPI securitySchemes

3

Agent auth documentation

Scan docs for M2M, client credentials, agent-specific auth flows

3

Developer portal

Check /developers, /console, /dashboard for self-serve key management

4

Agent Integration

20 pts

Have you built the plumbing

5

MCP server/manifest

Check /.well-known/mcp paths, MCP registries, provided mcpUrl

3

Webhook support

Scan docs for "webhook", check /webhooks path

3

Markdown content negotiation

GET / with Accept: text/markdown. Check for markdown response

3

Streaming support

Check docs for SSE, server-sent events, chunked transfer

3

Rate limits documented

Scan docs for "rate limit", check OpenAPI for 429 responses

3

JSON error responses

Probe invalid API path, check response is JSON not HTML

5

In-agent Experience

20 pts

Can users interact through agents

5

MCP app registry listing

Query MCP registries (Smithery, mcp.so, Glama) for UI-enabled entry

3

ChatGPT app listed

Check ai-plugin.json, homepage for GPT store / ChatGPT references

2

OpenAI plugin manifest

GET /.well-known/ai-plugin.json. Validate plugin format

3

A2UI / generative UI support

Scan docs/integrations for A2UI, generative UI, agent UI references

4

Verified integration in AI platforms

Check for Claude.ai, Goose, VS Code, Cursor integration mentions

3

Registry branding

Check MCP/plugin manifest for display name, icon, description

How Scanning Works

Every scan begins by fetching your homepage and immediately fanning out into 33 independent checks across all five layers, running in parallel on the server. Each check has its own 10-second timeout. The full scan completes in under 30 seconds.

We probe dozens of well-known paths (/llms.txt, /.well-known/agent-card.json, /sitemap.xml, /openapi.json, /.well-known/ai-plugin.json, /.well-known/openid-configuration), parse raw HTML for JSON-LD structured data and meta consistency, send requests with AI-specific user agents (ChatGPT, Claude, OpenClaw, etc.) to test bot policies, attempt content negotiation with Accept: text/markdown, and query four major MCP registries (Smithery, mcp.so, Glama, PulseMCP) to verify real-world agent discoverability.

OpenAPI specs are validated against schema standards. OAuth flows are detected through OIDC discovery endpoints and documentation scanning. Developer portals, webhook support, rate limiting, and streaming capabilities are each verified through a combination of path probing, response analysis, and documentation keyword extraction.

Scan your site →