Is Your Site Agent-Ready? The Audit Checklist and What the Tools Miss

Published 2026-06-05 · Last reviewed 2026-06-05

In April 2026, Cloudflare published the first widely cited agent-readiness rubric and shipped a public scorecard at isitagentready.com. Within weeks the rubric became the de facto template every other audit tool, vendor pitch, and tracking-radar copy quietly traces. Independent scans built on that rubric, like the third-party scanner AgentGrade’s, put the top-100 average around 55% readiness in May. The number is honest and useful, and like most single numbers it leaves something important uncounted.

This article runs the same audit a site owner would run today, plain English, no vendor framing, with the published evidence behind each bucket. It is aimed at owners and operators who want to know what their score means, which fixes are worth paying for, and which line items the public scorers do not yet include.

The short version. The five-bucket audit is real and worth running. The fix list it produces is real and mostly cheap. And the row most owners actually want graded, who is behind the site and how an agent acting on behalf of a person finds and qualifies them, is not in any of the published rubrics yet. That gap is what the rest of the piece is about.

What “agent-ready” actually means

The phrase “agent-ready” first showed up in 2025 vendor copy as a catch-all for any site doing something for AI crawlers. By 2026 the meaning narrowed under pressure from one concrete tool. In April, Cloudflare published an Agent Readiness post and shipped a public score at isitagentready.com (since folded into Cloudflare’s URL Scanner) that grades a domain across five buckets: Discoverability, Content, Bot Access Control, Capabilities, and Commerce. AgentReady.org, an MIT-licensed community spec, codifies roughly the same surface in code, with explicit requirement codes per area. Most audit copy you will see today maps cleanly onto one of these two rubrics, whether it credits them or not.

Underneath the rubric, a useful distinction is worth pinning down before any checkbox gets ticked. There are two related but separate concepts that “agent-ready” routinely conflates.

The first is agent-readable: the site is machine-parsable and exposes the right artifacts so an agent reading the page can answer questions, follow links, and act without hand-rolled scraping. llms.txt as a clean Markdown index, structured data on key pages, a robots.txt that distinguishes search crawlers from AI assistants, an Agent Card at /.well-known/agent-card.json per the A2A v1.0.x discovery convention, and, in early preview behind a flag, a WebMCP surface that exposes structured tools to agents. The five Cloudflare buckets sit almost entirely on this side of the line.

The second is agent-addressable: the entity behind the site has a name an agent can address, a way to be qualified by other agents, and a path for two agents acting on behalf of two real people to exchange identity safely. The A2A AgentCard is partial coverage here, but it is a machine identity for the agent itself, not a human-readable identity for the person or company the agent represents. ANP (Agent Network Protocol) carries a name field on each agent description, which is the closest protocol-level analog, but ANP is one peer proposal in an open space.

Both concepts matter. The current rubrics largely grade the first one. The honest audit, in 2026, is the five buckets plus a clear note on where the second one is not yet measured. The rest of this article runs each bucket and then names the missing row.

The DIY audit, one bucket at a time

Each bucket maps to two or three concrete artifacts a site can ship today. Below is the audit a competent operator can run in an afternoon, with the source spec or product attached so the work is checkable.

Discoverability. Standard SEO plumbing first: a clean URL structure, a current sitemap.xml, and Link headers (RFC 8288 Web Linking) on key endpoints so agents can follow relationships without scraping HTML. Beyond that, the two emerging artifacts to consider are an A2A Agent Card at /.well-known/agent-card.json (a JSON file describing the agent’s name, skills, and endpoints under A2A v1.0.x, donated to the Linux Foundation in June 2025) and a DNS-AID record for sites that want a DNS-level discovery hint. Sitemap and robots.txt are non-negotiable; the agent-card is worth shipping if your site exposes any kind of programmatic surface.

Content. Server-rendered HTML on the pages that carry the substance, real alt text, JSON-LD structured data on Articles, Products, FAQs, and the pages an agent is likely to land on. An llms.txt at the root, by hand, with accurate summaries, costs an hour and is fine to ship as long as nobody bills it as the AI visibility lever. AGENTS.md is a separate convention from the Agentic AI Foundation under the Linux Foundation, used by 60,000-plus code repositories, and it is a README for coding agents working inside a repo. It is not a site-wide discovery file; do not ship one for a marketing site.

Bot Access Control. A robots.txt that names AI user-agents explicitly (GPTBot, ClaudeBot, PerplexityBot, Google-Extended, and the Cloudflare AI Audit list) is the table-stakes layer. The Cloudflare Content Signals Policy, introduced 24 September 2025, adds a Content-Signal directive token (search, ai-input, ai-train) for owners who want to express usage rules at the file level rather than block-or-allow. If you sell content, the Content-Signal directive is the cheapest first move; if you do not, an honest allow list for AI bots is enough.

Capabilities. Agent-callable tools beyond plain HTML. Cloudflare’s Agent Skills Discovery RFC v0.2.0 (first published 17 January 2026, still Draft) defines a JSON manifest at /.well-known/agent-skills/index.json listing the skills a site exposes. WebMCP is the browser-level surface (a JavaScript API the page registers tools against) that lets a page expose structured tools to an agent in the browser; it is a W3C Web Machine Learning Community Group Draft, not a W3C Standard, and is in early preview behind chrome://flags/#enable-webmcp-testing. The official Chrome 149 origin trial opened in early June 2026. Today this bucket is mostly an aspirational checkbox for sites that have a real agent-callable surface to expose.

Commerce. Payment paths an agent can complete on behalf of a user. AP2 (Agent Payments Protocol, launched by Google and 60-plus partners in September 2025 and later donated to the FIDO Alliance in spring 2026) and Stripe’s Machine Payments Protocol (18 March 2026) are the two cleanly primary-sourced rails. x402 is the Coinbase rail you will see referenced; live volume figures are tracked by Artemis Analytics, not a clean primary source, so hedge any number you cite. For most sites the action item is: machine-readable pricing on the product or service page, a public Stripe Checkout or equivalent endpoint, and, if you are forward-leaning, a clear AP2 intent surface.

The third-party scorers, briefly

Two scorers are worth knowing by name in 2026. They overlap heavily on what they grade and take different positions on who owns the score.

Cloudflare Agent Readiness (isitagentready.com). A first-party Cloudflare tool, launched during Agents Week (13 to 17 April 2026). The scorer is now folded into Cloudflare’s URL Scanner, and the company’s Radar product tracks aggregate adoption across the web. The grade is a percentage built from the same five buckets the previous section walked: Discoverability, Content, Bot Access Control, Capabilities, Commerce. Cloudflare’s own published findings are adoption rates across the web (most measured sites have a robots.txt; only a few percent declare AI-usage preferences). For a single readiness average, the third-party scanner AgentGrade reported the top-100 sites it measured averaged about 55% in May 2026. Either way the directional read is the same: most prominent sites are roughly halfway agent-ready, and the gap is in the parts of the rubric that involve shipping something new (Agent Cards, Skills Discovery, agent-recognizable payments) rather than tightening what is already there.

AgentReady.org. A community open spec, MIT-licensed, mapped to GitHub. It defines requirement codes per area (the discoverability codes start at AR-DISC, content at AR-CONT, and so on) and provides an open repository where contributors can propose new line items. The codes give AgentReady.org a useful property the first-party scorer does not: anyone can fork the spec, add a row their site hits, and propose it back. In an area where the rubric is still being argued out, that openness matters.

The two scorers do not contradict each other. They are different surfaces on the same emerging consensus, with the first-party tool optimized for “what is my site’s grade today” and the community spec optimized for “what should be on the rubric next.” Most owners will run the Cloudflare scan once, take the breakdown, and use AgentReady.org’s spec as the deeper reference when they actually start fixing things.

What the scorers measure well, and what they miss

Both scorers do the readable side genuinely well. Two specific things they get right.

First, they grade what is actually verifiable from outside the site. A score that depends on a vendor’s word does not generalize; a score that depends on whether a file exists at a path, a robots.txt allows a known user-agent, and a JSON manifest parses cleanly is the kind of thing other people can replicate. The Cloudflare scorer can be re-run by anyone, and the AgentReady.org checks are described in code anyone can fork. That methodological discipline is the reason the rubrics caught on in the first place.

Second, they pull the conversation away from the “is your site future-proof” hand-wave that dominated 2025 vendor copy. Five named buckets, with specific artifacts per bucket, is a more useful conversation than “are you ready for AI.” The buckets force a fix list. The fix list is where a site owner can actually decide what to invest in.

What both rubrics miss is the same thing, and it is the row most owners actually want graded. Neither asks: when an agent acting on behalf of a real person lands on this site, can it find a human-readable name for whoever is behind the site, qualify that entity against the agent’s user, and exchange identity safely? AgentReady.org carries identity codes in its spec (AR-IDEN-01 through 06), but those are about the agent’s own identity (OAuth, Web Bot Auth, MCP card signatures), not about the human or company the agent is representing or the human or company behind the website. The Cloudflare buckets do not include an identity row at all.

That gap is not a bug in the rubrics. It is a category they were not designed to cover. The published scorers measure how machines read and act on your site. They do not measure how humans, and the agents acting on behalf of humans, address each other across sites. The latter is a second layer of work, and a useful audit names it explicitly rather than pretending the first layer covers both.

How to act on a low score without overpaying

Most sites do not need to chase 100% on the published rubrics, and a couple of buckets are aspirational enough that buying them in 2026 is paying for early-preview work. A reasonable target for a competent operator is the high 60s to mid 70s, and there is a defensible order to climb to it.

Start with what is cheap and verifiably consumed. Tighten robots.txt to name the AI user-agents you care about, and confirm the sitemap.xml is accurate. Add JSON-LD on Articles, Products, and the pages an agent will actually land on. These are the items every scorer marks and the items multiple consumers (search crawlers, AI assistants, audit tools) read today. The work is hours, not weeks, and it lifts the score immediately.

Then ship the artifacts that are real but light. An llms.txt at the root, by hand, with accurate summaries. A Content-Signal directive on robots.txt if you publish content. An A2A Agent Card at /.well-known/agent-card.json if your site exposes any kind of programmatic surface; do not ship a card that describes a surface you do not actually serve, because the failure mode is worse than the missing checkbox.

Defer the previews and the speculative ones. WebMCP is in early preview behind chrome://flags/#enable-webmcp-testing and the official Chrome 149 origin trial opened in early June 2026. Until that trial closes with usage data worth pointing at, it is honest to leave that bucket unticked and say so on the audit report. Same for x402 payment hooks if your business does not transact with agents yet; an audit can name the gap without inventing a surface to fill it.

Be explicit about the row the scorers do not check. A finished audit should produce two numbers, not one. The first is the rubric score (the public percentage). The second is a one-line note that the rubric does not measure the human-readable identity and discovery layer. That note is the difference between an audit that informs a decision and a score that hides one.

How this connects to Tobira

The five-bucket audit grades how your site reads and acts. It does not grade who is at the other end. That second layer is the one Tobira is building.

A Tobira @handle is a human-readable address for an agent acting on behalf of a person or a company, plus a public profile other agents can qualify against, plus a mutual-reveal consent step before either side learns who the other is. It is the addressability and identity row none of the published rubrics check yet. It is not a substitute for a clean sitemap, a parsable robots.txt, an Agent Card, or any of the other readable artifacts the audit covers; it is a complement to them.

Concretely, a site that scores well on Cloudflare’s rubric makes itself easy for an agent to read and act on. A site that also publishes a Tobira @handle makes the human or company behind that site addressable by another agent on a network, with a name, a profile, and a consent gate before contact details cross the line. The two pieces of work answer different questions: the first asks “can an agent use my site,” the second asks “can an agent representing a real person find and qualify the people behind my site.” Both questions are worth a row on the audit. Today only one of them is graded.

For the longer version of this distinction, see Why your AI agent needs a name, not a wallet address and the honest read of whether llms.txt actually moves AI citations.

Takeaways

• “Agent-ready” in 2026 means two distinct concepts: agent-readable (machine-parsable artifacts) and agent-addressable (a name and consent path for agents acting on behalf of humans).
• Cloudflare’s scorer at isitagentready.com grades five buckets: Discoverability, Content, Bot Access Control, Capabilities, Commerce. Independent scans (AgentGrade) put the top-100 average around 55% readiness in May 2026; Cloudflare itself publishes adoption rates, not one average.
• AgentReady.org is the MIT-licensed community spec covering the same surface in code. Its AR-IDEN identity codes cover the agent’s own machine identity, not the human or company behind the site.
• A useful DIY audit starts with sitemap and robots.txt, adds JSON-LD on key pages, then ships llms.txt and an A2A Agent Card if a real surface backs them. WebMCP and x402 stay aspirational for most sites until Chrome 149 and clean primary-source figures catch up.
• The published rubrics measure agent-readable well. None of them grade agent-addressable, which is the row most owners actually want answered.
• A finished audit should produce two numbers: the rubric score and an explicit note on the identity row none of the public rubrics check.
• A Tobira @handle plus mutual-reveal UX adds the addressable and identity layer. It complements the readable layers; it does not replace them.

FAQ

What does “agent-ready” actually mean?

Two distinct things the trade press routinely conflates. Agent-readable is whether your site exposes the right artifacts (clean HTML, structured data, llms.txt, an Agent Card, recognizable payment hooks) for a machine to parse and act on. Agent-addressable is whether the entity behind the site has a name an agent can address and a consent path for two agents acting on behalf of two real people to exchange identity. The published rubrics grade the first; the second is a separate layer of work.

Where do I run an agent-readiness audit today?

Cloudflare’s first-party tool at isitagentready.com is the cheapest and most cited starting point. It is now folded into Cloudflare’s URL Scanner and reports a percentage across five buckets. AgentReady.org is the MIT-licensed community spec mapped to GitHub if you want the deeper line items in code. Most operators run the Cloudflare scan once for the baseline, then use AgentReady.org as the reference when actually fixing things.

Should I ship WebMCP today?

Only if your site genuinely has agent-callable tools to expose. WebMCP is a W3C Web Machine Learning Community Group Draft (not a W3C Standard), and it is in early preview behind chrome://flags/#enable-webmcp-testing. The official Chrome 149 origin trial opened in early June 2026. For most sites the honest answer is not yet, and an audit report that leaves the Capabilities bucket partially unticked with that note is more credible than one that ticks the box on aspirational work.

Is AGENTS.md part of an agent-readiness audit for a marketing site?

No. AGENTS.md is a README for coding agents working inside a code repository, stewarded by the Agentic AI Foundation under the Linux Foundation, with 60,000-plus repos using it. It is not a site-wide discovery file for browsing agents and is not formally paired with llms.txt. Ship AGENTS.md if you maintain a code repo; do not ship it as a marketing-site discovery artifact.

What is the average agent-readiness score for top sites?

The third-party scanner AgentGrade reported the top-100 sites it measured averaged about 55% readiness across the five buckets in May 2026; Cloudflare itself publishes adoption rates rather than a single average. The gap tends to sit in the buckets that require shipping new artifacts (Agent Cards, Skills Discovery manifests) rather than tightening existing files.

Does a Tobira @handle make my site agent-ready?

No. A Tobira @handle adds a human-readable identity and discovery layer that the public rubrics do not check; it does not replace the readable artifacts (sitemap, robots.txt, JSON-LD, Agent Card) those rubrics do check. The honest claim is complementary: a clean five-bucket score plus a Tobira @handle covers both the readable and the addressable side of an agent-ready site, where today only the readable side is graded.

Sources

• Cloudflare, “Agents Week 2026” and Agent Readiness post: https://blog.cloudflare.com/agent-readiness/
• Cloudflare, “Is It Agent Ready?” (URL Scanner): https://isitagentready.com/
• AgentReady.org community open spec (MIT): https://agentready.org/
• A2A protocol specification (v1.0.x, Linux Foundation): https://a2a-protocol.org/latest/specification/
• Cloudflare Agent Skills Discovery RFC v0.2.0: https://github.com/cloudflare/agent-skills-discovery
• W3C Web Machine Learning Community Group, WebMCP Draft: https://webmachinelearning.github.io/webmcp/
• developer.chrome.com, WebMCP origin trial preview: https://developer.chrome.com/docs/ai/webmcp
• Agentic AI Foundation (Linux Foundation directed fund): https://aaif.foundation/
• AGENTS.md specification: https://agents.md/
• Cloudflare, Content Signals Policy (24 September 2025): https://blog.cloudflare.com/content-signals-policy/
• Google, Agent Payments Protocol (AP2): https://ap2-protocol.org/
• Stripe, Machine Payments Protocol (18 March 2026): https://stripe.com/blog/machine-payments-protocol
• Cloudflare, Introducing the Agent Readiness score (isitagentready.com, adoption findings): https://blog.cloudflare.com/agent-readiness/
• AgentGrade, agent-readiness scan (third-party source of the top-100 ~55% figure, May 2026): https://agentgrade.com/agent-readiness
• SE Ranking, llms.txt analysis (~300,000-domain study): https://seranking.com/blog/llms-txt/