Agent Readiness Score: the 11 /.well-known/ files to publish in 2026
In 60 words: Cloudflare launched a 0-100 score on April 17, 2026 that measures how readable a site is to AI agents. First global verdict: 78% of sites have a robots.txt, but only 4% declare AI preferences and fewer than 15 sites worldwide support MCP Server Cards. Here are the 11 /.well-known/ endpoints that move a DTC site from 25 to 90, with copy-paste examples and what actually works.
Why this article now
On April 17, 2026, Cloudflare published isitagentready.com, a scanner that grades sites from 0 to 100 on their preparedness for AI agents. It is the first public benchmarking of e-commerce sites on this criterion. The same week, the IETF Web Bot Auth draft moved to version 05, the A2A AgentCard was registered with IANA, and Mark Nottingham published draft-nottingham-rfc8615bis-02 to revise the RFC governing all these endpoints.
The terrain is unusual: a central topic, an empty competitive space in English long form, and fresh data that disproves much of what GEO marketing has been claiming.
What is a /.well-known/ file?
A /.well-known/ file is a standardized endpoint (RFC 8615) that sites publish at their domain root to expose machine-readable metadata. In 2026, AI agents and verification servers look there for files like security.txt, agent-card.json, or the Web Bot Auth public key to understand your site and verify the authenticity of bots that connect to it.
The standard dates to May 2019 (RFC 8615, Mark Nottingham). It defines a reserved URL prefix /.well-known/ that no application should use for anything other than a discovery endpoint registered with IANA. The official registry contains around fifty entries today, of which about twenty are relevant for a standard website.
How Cloudflare grades agent readiness
The 0-100 score from isitagentready.com covers 4 dimensions:
| Dimension | What is tested |
|---|---|
| Discoverability | robots.txt, sitemap, Link headers, AI bot directives |
| Content Accessibility | Markdown negotiation via Accept header, HTML vs Markdown content fidelity |
| Bot Access Control | Content Signals in robots.txt, Web Bot Auth |
| Capabilities | MCP Server Card, OAuth Protected Resource, commerce protocols (x402, MPP, UCP, ACP) |
The first global report Cloudflare published on April 17, 2026 quantifies the gap between available technical maturity and real adoption:
- 78% of sites have a
robots.txt - 4% declare AI preferences via Content Signals
- 3.9% support Markdown negotiation
- Fewer than 15 sites worldwide expose an MCP Server Card
That is the gap that turns this topic into an immediate authority lever: you do not need to be ahead of the curve to move from “basic” to “world-class”, you just need to publish 5 files correctly.
The 11 endpoints in 3 tiers
Most GEO articles mix ratified RFCs, IETF drafts, and private proposals. That is the field’s main methodological mistake. An endpoint standardized for 7 years does not have the same status as a SEP opened on GitHub 6 months ago. Here is the clear separation.
Tier 1 — Ratified RFCs to publish without reservation
These 5 endpoints are stabilized standards. No reason not to publish them in 2026.
1. /.well-known/security.txt (RFC 9116)
Lets security researchers report a vulnerability. Technical maturity signal recognized by Google, security scanners, and bug bounty tools.
Conformant template (GitHub style):
Contact: https://hackerone.com/your-brand
Acknowledgments: https://hackerone.com/your-brand/hacktivity
Preferred-Languages: en, fr
Canonical: https://your-brand.com/.well-known/security.txt
Policy: https://your-brand.com/security-policy
Hiring: https://your-brand.com/jobs
Expires: 2027-04-25T00:00:00ZCommon mistake verified April 25, 2026: Stripe’s security.txt has Expires: 2025-12-31, expired 4 months ago and non-conformant to RFC 9116. Shopify’s has neither Expires nor Canonical. These two are the counter-example. The expiration date must be less than 1 year in the future, with a cron job to regenerate it automatically.
2. /.well-known/change-password
A simple HTTP 302 redirect to your password change page. WHATWG spec, supported by all password managers (1Password, iCloud Keychain, Bitwarden) to prompt password changes after a breach.
Nginx implementation:
location = /.well-known/change-password {
return 302 /account/security;
}Verified: GitHub, Google, Facebook, Twitter return a proper 301/302. Shopify returns 404, so it does not support the standard natively. To publish via App Proxy or Cloudflare Worker.
3. /.well-known/openid-configuration and /.well-known/oauth-authorization-server
OpenID Connect Discovery (2013) and OAuth 2.0 Authorization Server Metadata (RFC 8414, 2018) endpoints. Relevant if you operate an authentication server or your site offers SSO.
For a DTC site without an OAuth customer portal, these endpoints can be absent without major penalty. If present, the payload must list issuer, authorization_endpoint, token_endpoint, jwks_uri, and scopes_supported.
4. /.well-known/mta-sts.txt (RFC 8461)
Email security policy. Lives on the mta-sts.yourbrand.com subdomain, not at the root domain.
Gmail template (enforce mode, production):
version: STSv1
mode: enforce
mx: smtp.google.com
mx: gmail-smtp-in.l.google.com
mx: *.gmail-smtp-in.l.google.com
max_age: 86400Rollout template (testing mode):
version: STSv1
mode: testing
mx: in1-smtp.messagingengine.com
mx: in2-smtp.messagingengine.com
max_age: 86400For a DTC site, start in testing for 30 days, monitor TLS-RPT reports, then move to enforce. This is the only endpoint in this tier that requires coordination with your email provider.
5. /.well-known/agent-card.json (A2A Protocol)
Registered with the IANA registry on August 1, 2025, permanent status. Spec maintained at a2a-protocol.org, donated to the Linux Foundation by Google on June 23, 2025. Founding members: AWS, Cisco, Google, Microsoft, Salesforce, SAP, ServiceNow.
Market check on April 25, 2026: Anthropic, OpenAI, Vercel, Shopify, GitHub do NOT publish an agent-card. That is precisely the opportunity. Publishing a conformant agent-card today places your brand in a leading group of a few dozen sites worldwide.
Minimal A2A v1 template:
{
"name": "Your Brand",
"description": "Clean DTC cosmetics brand. Main store and product catalog.",
"version": "1.0.0",
"url": "https://your-brand.com",
"documentationUrl": "https://your-brand.com/help",
"provider": {
"organization": "Your Brand Inc.",
"url": "https://your-brand.com",
"contactEmail": "[email protected]"
},
"capabilities": {
"streaming": false,
"pushNotifications": false,
"stateTransitionHistory": false
},
"skills": [
{
"id": "product-discovery",
"name": "Product Discovery",
"description": "Catalog of 120 serum and skincare products. Filters by skin type, concerns, active ingredients.",
"tags": ["beauty", "skincare", "dtc"]
}
],
"authentication": { "schemes": ["none"] }
}Tier 2 — IETF draft but already in production
A single file in this category, and it is the most strategic of all.
6. /.well-known/http-message-signatures-directory (Web Bot Auth)
The only /.well-known/ with real, measurable operator adoption in April 2026. IETF draft draft-meunier-http-message-signatures-directory-05 published March 2, 2026, applies RFC 9421 (HTTP Message Signatures). The webbotauth Working Group was formally chartered by the IETF.
Operators publishing their Ed25519 public key (verified April 25, 2026):
- ChatGPT Agent (OpenAI) —
https://chatgpt.com/.well-known/http-message-signatures-directory - Goose (Block)
- Browserbase —
https://www.browserbase.com/.well-known/http-message-signatures-directory - Anchor Browser
- Cloudflare Browser Rendering
Server side: Cloudflare and AWS WAF verify these signatures in their Verified Bots programs.
Exact form of headers sent by a signed agent:
Signature-Agent: "https://chatgpt.com"
Signature-Input: sig1=("@authority" "signature-agent");created=1735689600;expires=1735693200;keyid="otMqcjr17mGyruktGvJU8oojQTSMHlVm7uO-lrcqbdg";tag="web-bot-auth";alg="ed25519"
Signature: sig1=:base64url-Ed25519-signature==:JWKS template published at your endpoint:
{
"keys": [
{
"kid": "abc123-thumbprint-jwk",
"crv": "Ed25519",
"kty": "OKP",
"x": "your-public-key-base64url",
"use": "sig",
"nbf": 1735689600,
"exp": 1777673926
}
],
"signature_agent": "https://your-brand.com",
"purpose": "ai"
}For a DTC site that only receives requests (not an emitting agent), this score dimension can stay empty without critical penalty. For a SaaS publisher or agent operator, it has become a de facto standard.
Tier 3 — Private proposals, variable status
These 5 endpoints are spec proposals, non-standardized root files, or draft SEPs. Honesty required: they are not all production-ready.
7. /llms.txt (root, not /.well-known/)
Spec proposed by Jeremy Howard (AnswerDotAI) on September 3, 2024. Lives at the domain root, not in /.well-known/. A GitHub issue proposed /.well-known/llms.txt but the spec kept the root location.
Measured data on real effectiveness:
- The OtterlyAI study over 90 days and 62,100 AI bot visits measures llms.txt at 0.1% of AI traffic.
- The Search Engine Land study on 10 sites over 180 days concludes: 8 sites with no measurable change, 2 gains attributable to new content, not the file.
- John Mueller (Google) publicly compares llms.txt to the meta keywords tag.
- SE Ranking measured adoption at 10.13% across 300,000 domains.
Honest conclusion: publishing llms.txt is useful as a technical credibility signal, as help for dev tools (Cursor, Continue, Aider), and as insurance against potential future adoption by a major model. Presenting it as an AI traffic lever is unsourced.
Minimal format:
# Your Brand
> DTC brand founded in 2018, clean vitamin C serums and short-ingredient skincare. 120 SKUs.
## Catalog
- [Vitamin C Serum 12%](https://your-brand.com/products/vitc-serum): Daily brightening, normal to combination skin
- [Hydrating Cream](https://your-brand.com/products/hydrating-cream): Light texture, sensitive skin
## Commitments
- [Full INCI composition](https://your-brand.com/inci): All detailed sheets
- [Made in France](https://your-brand.com/manufacturing): Cosmébio lab in Lyon8. /.well-known/mcp/server-card.json or /.well-known/mcp (MCP, draft)
Two active proposals in the modelcontextprotocol repo:
- SEP-1649:
/.well-known/mcp/server-card.jsonwithserverInfo,transport,capabilities,authentication,tools,prompts. Opened October 14, 2025. - SEP-1960:
/.well-known/mcpwith enumeration and auth discovery.
As of April 25, 2026, neither is merged in the MCP core spec. Anthropic, Cloudflare, Shopify do not publish these files. For today, expose your MCP server directly via mcp.yourbrand.com/mcp and reference it in the mcpEndpoint field of your agent-card.json. Wait for SEP stabilization before investing.
9. /.well-known/api-catalog (RFC 9727, December 2024)
Recently ratified RFC, but marginal adoption. Lets you point to a file describing your domain’s public APIs. Relevant if you expose a documented public API. For a DTC display site, can be omitted without penalty.
10. /.well-known/oauth-protected-resource (RFC 9728, October 2024)
Metadata for an OAuth-protected resource. Reference for OAuth 2.1. Like api-catalog, relevant for SaaS publishers more than DTC sites.
11. /.well-known/ai-plugin.json (deprecated, to know about)
Historical ChatGPT Plugins format. Deprecated by OpenAI on April 9, 2024, replaced by Custom GPTs and then MCP. Mention only as a counter-example: a /.well-known/ endpoint can fall into disuse quickly when its sponsor pivots. Do not implement it in 2026.
What actually works, what does not
This section says what other GEO articles do not, because primary sources contradict them.
What works
Web Bot Auth is the only /.well-known/ with real server-side adoption. Cloudflare uses it to identify ChatGPT Agent (tag chatgpt-agent, detection ID 129220581). AWS WAF integrated it in November 2025. It is the mechanism that distinguishes a legitimate agent from a stealth crawler.
security.txt and mta-sts.txt are mature standards consulted by security scanners, email reputation tools (Talos, Spamhaus), and bug bounty programs. Publishing a security.txt conformant to RFC 9116 improves technical E-E-A-T scores.
agent-card.json does not yet have proven agent adoption, but the standard is IANA-ratified and donated to the Linux Foundation. Publishing today places your brand in a leading group of a few dozen sites worldwide, with the early-adopter media coverage benefit.
What does not work (yet)
llms.txt: 0.1% of AI traffic measured by OtterlyAI. No major LLM provider commits to it as a first-class input. To publish for dev tools and credibility, not for traffic.
The “AI agents read agent-card.json before navigating” narrative: no official OpenAI, Anthropic, Google, or Perplexity announcement confirms this practice in April 2026. Agents (ChatGPT Atlas, Claude Computer Use, Perplexity Comet, Gemini Deep Research) browse like Chromium browsers and render JS like a human. Presenting agent-card as “read by agents before visit” is marketing projection, not fact.
AI crawlers and JavaScript: per Vercel’s direct monitoring on nextjs.org (December 2024), none of the major crawlers (GPTBot, ClaudeBot, PerplexityBot, MetaBot) execute JavaScript. Only Gemini does, via Googlebot infrastructure. Implication: a site that depends on JS to render price, stock, or reviews is invisible to these bots, regardless of /.well-known/.
The crawl-to-refer ratio (Cloudflare, July 2025) shows the asymmetry: Anthropic crawls 38,065 pages per 1 referred visitor, OpenAI 1,091 to 1, Perplexity 194 to 1. Publishing your /.well-known/ files does not change this asymmetry, but improves your odds of being cited when you are.
Shopify checklist: what can be published natively
For a standard Shopify store, here is what passes natively and what requires a workaround.
| Endpoint | Native Shopify | Workaround |
|---|---|---|
apple-app-site-association | Yes | None |
assetlinks.json | Yes | None |
security.txt | No | Shopify page with page.security-txt.liquid template + server redirect |
change-password | No (404) | App Proxy or Cloudflare Worker → 302 to /account/security |
openid-configuration | Partial (Shopify Customer Accounts) | Endpoint exposed on shopify.com root, not your vanity domain |
mta-sts.txt | N/A (email subdomain) | Separate hosting on mta-sts.yourbrand.com |
agent-card.json | No | Dedicated Shopify App OR Cloudflare Worker in front |
llms.txt | No | Same |
mcp/server-card.json | No | Not before SEP stabilization |
http-message-signatures-directory | No | Custom implementation if you operate an emitting agent |
Recommendation for a standard DTC Shopify store: start with the 4 quick-win endpoints (security.txt, change-password, agent-card.json, llms.txt) via a Cloudflare Worker in front. Count 2 to 4 hours of setup. That alone is enough to move from 25 to ~70 on the Cloudflare score.
How to audit your current score
Three options to measure where you stand:
Option 1 — Cloudflare free test: open isitagentready.com, enter your URL, choose site type (Content / API / All). The scanner checks robots.txt, sitemap, Link headers, Markdown negotiation, presence of the /.well-known/ files listed above. Documented limitation: binary present/absent score, no content quality evaluation, no real cryptographic signature validation, commerce segment limited to technical protocols.
Option 2 — Manual audit with curl:
# Check presence and HTTP code
for endpoint in security.txt change-password agent-card.json; do
echo "=== /.well-known/$endpoint ==="
curl -sI "https://your-brand.com/.well-known/$endpoint" | head -1
done
# Check llms.txt at root
curl -sI "https://your-brand.com/llms.txt" | head -1Option 3 — Verity Score GEO Audit: free 60-second audit covering the 11 /.well-known/ endpoints plus 200 other GEO signals (schema.org, conversational content, AI robots.txt, multilingual, agentic commerce). Verity Score audits the quality of files, not just their presence: RFC 9116 conformance of security.txt, Expires validity, A2A v1 conformance of agent-card.json, freshness of llms.txt, cryptographically valid Web Bot Auth signatures.
Verity Score publishes its own A2A v1 conformant agent-card.json and up-to-date llms.txt, at verityscore.io/.well-known/agent-card.json and verityscore.io/llms.txt. Verifiable.
Verity Score exclusive data: who actually crawls your /.well-known/ in 2026
Before this article, no public source had measured the consultation of AI-specific /.well-known/ files by declared crawlers. OtterlyAI published 0.1% for llms.txt, but no one for agent-card.json, ai.txt, or llms-full.txt.
Here are the first ratios measured from verityscore.io server logs (April 2026, internal Verity Score data). Methodology: continuous capture of HTTP hits on exposed endpoints, attribution of user-agents to declared operators via cross-referenced User-Agent + official IP ranges published by OpenAI, Anthropic, Perplexity, Meta, Microsoft. Scope: 4 AI files exposed (/.well-known/agent-card.json, /llms.txt, /ai.txt, /llms-full.txt) × 3 major AI operators observed (OpenAI, Microsoft, Meta).
Methodological note: we publish qualitative ratios here because they are the patterns that hold even on an early sample. Absolute volumes are updated in real time on the public dashboard /en/ai-traffic-report/ as the observation window grows.
| Metric | Observed value | Reading |
|---|---|---|
Coverage of /.well-known/agent-card.json by major AI operators | 3/3 (OpenAI, Microsoft, Meta) | Only AI endpoint with full coverage by all 3 major actors |
Coverage of /llms.txt, /ai.txt, /llms-full.txt by major AI operators | 1/3 (Meta only) | No major operator outside Meta crawls them in the measurement |
| MetaBot coverage of the 4 exposed AI files | 100% | Structured discovery behavior on Meta AI’s side |
Share of /.well-known/agent-card.json in cumulative AI bot hits | about 68% | Massive concentration on the A2A endpoint |
Three takeaways:
/.well-known/agent-card.jsonis the most widely adopted AI endpoint by declared crawlers. It is crawled by all 3 major AI operators observed (OpenAI, Microsoft, Meta), whilellms.txt,ai.txt,llms-full.txtare only crawled by 1 operator out of 3 (Meta alone). Consistent with its recent IANA registration and the arrival of A2A agents in production.- MetaBot covers 100% of the 4 exposed AI endpoints. Systematic discovery behavior suggesting a dedicated crawler mapping agent preferences on Meta AI’s side. The only operator observed with this profile.
- GPTBot and Bingbot only crawl
agent-card.jsonin the measurement. No trace ofllms.txtconsultation by these two operators. Consistent with OpenAI’s public stance that does not recognizellms.txtas a first-class input.
These ratios should be read with caution (single site, short observation window). But they contradict the “AI agents ignore /.well-known/” narrative. At minimum, training and indexing crawlers of the 3 major AI operators consult the A2A endpoint, so publishing it is not a dead investment.
Verity Score keeps publishing these measurements to track the evolution on the public live dashboard. Three open questions remain to measure in the coming months:
- Which
/.well-known/correlates with a Perplexity, ChatGPT Search, or AI Overviews citation? No study quantifies this today. - What latency between publishing an agent-card.json and first GPTBot or Bingbot crawl? Discovery measurement.
- JS rendering comparison between agents Comet, Atlas, Operator, Computer Use, Deep Research on a common benchmark.
Summary
| What to do in April 2026 | Confidence level |
|---|---|
Publish security.txt conformant to RFC 9116 with Expires < 1 year | High (ratified RFC, universal adoption) |
Publish change-password as 302 redirect | High (WHATWG spec, password manager adoption) |
Publish mta-sts.txt in testing then enforce mode | High (ratified RFC, deliverability impact) |
Publish agent-card.json conformant to A2A v1 | High (IANA standard, adoption ramping = early advantage) |
Publish llms.txt at root | Medium (useful, but not a traffic lever) |
Implement Web Bot Auth (http-message-signatures-directory) | High if you emit agent requests, low otherwise |
Publish MCP /.well-known/mcp/... | Low (wait for SEP stabilization) |
Publish ai-plugin.json | None (deprecated 2024) |
The Cloudflare score is an indicator, not an end. The real question is: when an AI agent (human or software) interrogates your brand, do you give it the structured elements to understand you, cite you, and recommend you? /.well-known/ files are one signal among others. Content, schema.org, AI robots.txt, and freshness remain the major levers.
This article will be updated at every major standards evolution (final Web Bot Auth draft publication, SEP-1649 merge, new Cloudflare data). Last verification date: April 25, 2026.