azardisplays.com
Audited 6 days ago· bigcommerce
Agent-readiness across all five AI commerce surfaces.
Surfaces — click to filter
17 failing · 6 not checked · 23 shown
6 checks couldn't run on this store — each is listed below with the reason. Your score reflects only what we could verify.
Enforce HTTPS sitewide and ship a Strict-Transport-Security header with max-age ≥ 6 months
Why this matters: AI agents and payment flows refuse plain HTTP; weak HSTS is treated as effectively no HSTS by trust-and-safety scanners.
Findings (1)
Confirmed the homepage is HTTPS (status 200), probed http://azardisplays.com/ for redirect behaviour, and parsed the Strict-Transport-Security header (value: "max-age=0").
How: URL scheme + homepage status check, an http://host/ redirect probe through politeFetch, and a Strict-Transport-Security max-age parse (RFC 6797; ≥ 180-day threshold).
- HSTS max-age is below the 6-month minimumCRITICAL
/parsed max-age = 0s (need ≥ 15552000s = 180 days)
What we found
max-age=0What we expected
Strict-Transport-Security: max-age=31536000; includeSubDomainsBump
max-ageto at least 15552000 (180 days). 31536000 (1 year) is required for preload-list inclusion.
Emit a single Product JSON-LD node per PDP
Why this matters: Duplicate Product nodes on a single PDP cause Google's merchant scraper to drop the listing or pick the wrong variant.
Findings (2)
Sampled 20 PDP(s); 2 carried multiple Product JSON-LD nodes.
How: For each sampled PDP, count JSON-LD nodes whose @type is Product or whose @type array contains Product. Each PDP must expose at most one.
Coverage
18/20 · 90%
- PDP exposes 2 Product JSON-LD nodesHIGH
/5-5w-x-8-5h-three-sided-revolving-sign-holder2 Product nodes detected
Emit exactly one Product JSON-LD block per PDP; model variants via
hasVariantor multiple Offer children. - PDP exposes 3 Product JSON-LD nodesHIGH
/acrylic-glove-dispenser-holder3 Product nodes detected
Emit exactly one Product JSON-LD block per PDP; model variants via
hasVariantor multiple Offer children.
Publish a terms of service page and link it from your site nav/footer
Why this matters: A published ToS is a baseline trust signal AI agents and ad networks use to decide whether to surface or accept a merchant.
Findings (1)
Probed 5 candidate ToS paths (nav-discovered + platform-conventional) and none returned a 2xx body.
How: Discover candidate URLs by scoring homepage nav/footer anchors for terms/tos/legal/conditions keywords, then append platform-conventional paths; probe each with politeFetch and pass on the first 2xx with ≥200 stripped-body chars.
- No terms-of-service page reachable at any candidate URLHIGH
statuses: /terms-conditions/=404, /terms/=404, /terms=404, /terms-of-service=404, /policies/terms-of-service=404
Publish a ToS page at
/terms(or your platform's standard slug) with ≥200 chars of body text.
Populate gtin on every branded Product node
Why this matters: GTINs let agents match your product to the same item elsewhere; without them you lose cross-catalog matching.
Findings (11)
Checked 20 sampled product pages for a GTIN in the Product JSON-LD (0 carry a valid GTIN, 0%).
How: Extract gtin / gtin8 / gtin12 / gtin13 / gtin14 from the first Product JSON-LD node on each PDP; validate digit length.
Coverage
0/20 · 0%
- No valid GTIN on this product pageHIGH× 10
Populate gtin/gtin8/gtin12/gtin13/gtin14 with the manufacturer's barcode.
Affected (10)
- /5-5w-x-2-5h-sign-holder-w-magnetic-strips
- /8-5w-x-3h-adhesive-back-nameplate
- /modular-adjustable-cosmetic-tray-clear-12-wide
- /5-5w-x-8-5h-three-sided-revolving-sign-holder
- /large-black-slide-in-a-frame-sign
- /3-metal-wire-loop-hook-0-148-dia
- /8-5w-x-2-5h-sign-holder-w-magnetic-strips
- /72l-x-1w-x-0-5h-clear-t-sign-holder-w-grips
- /1-875w-x-3-5d-x-2-5h-easel-display-front-lip-1h
- /slim-tray-desk-organizer
…and 1 more
Add every required top-level key to the UCP profile
Why this matters: A profile missing one of the four required keys is treated as non-conformant — agent runtimes fall back to default behaviour and may skip the merchant.
Findings (1)
Profile is missing required key(s): signing_keys.
How: Read the profile root (or top-level ucp wrapper) and verify the presence of version, services, capabilities, and signing_keys keys.
- Required top-level key
signing_keysis missingHIGHWhat we expected
Add a top-level "signing_keys" field to the JSON document (empty array/object is fine).Set
signing_keysat the root of the JSON document.
Populate the conditional fields required by each service's transport
Why this matters: A service declared with the right transport but missing endpoint/schema is unreachable — agents can't negotiate or connect.
Findings (1)
Validated 1 services with recognised transports (0 satisfy their transport's required fields).
How: For each services[] entry with a recognised transport, require the transport-conditional fields: rest/mcp → endpoint+schema; a2a → endpoint; embedded → schema.
Coverage
0/1 · 0%
- Service is missing transport-conditional field(s)HIGH
/.well-known/ucpnamespace=dev.ucp.shopping; transport=rest
What we found
missing: schemaWhat we expected
`endpoint` + `schema`Add schema to this services[] entry.
Emit hasMerchantReturnPolicy on Product or Offer JSON-LD
Why this matters: Without the entry-point return-policy node, agents can't render or quote your return terms — they fall back to platform defaults or skip your store.
Findings (5)
Inspected hasMerchantReturnPolicy on Product/Offer JSON-LD across 20 sampled product pages (15 present, 75%).
How: On each PDP, locate the Product JSON-LD node and check for a hasMerchantReturnPolicy object/array at Product level OR Offer level. Pass band ≥ 85% coverage, partial ≥ 50%.
Coverage
15/20 · 75%
- Product JSON-LD missing
hasMerchantReturnPolicyHIGH× 5Add a MerchantReturnPolicy node to Product or Offer with category + applicableCountry (or merchantReturnLink).
Emit shippingDetails (OfferShippingDetails) on Offer JSON-LD
Why this matters: Without shippingDetails, AI agents fall back to vague defaults — they can't quote your rates, destinations, or delivery windows in shopping cards.
Findings (5)
Inspected shippingDetails on Product/Offer JSON-LD across 20 sampled PDPs (15 present, 75%).
How: On each PDP, locate the Product JSON-LD node and check for shippingDetails (single object or array) at Product or Offer level. Pass band ≥ 85% coverage.
Coverage
15/20 · 75%
- Offer JSON-LD missing
shippingDetailsHIGH× 5Add OfferShippingDetails with shippingRate, shippingDestination, and deliveryTime.
Skipped — Profile declares no signing_keys; JWK validation has no entries to evaluate.
Context: Malformed JWK entries are rejected silently by agents — signed payloads cannot be verified and the merchant loses trust signal.
Why this was skipped
Profile declares no signing_keys; JWK validation has no entries to evaluate.
How: Walk signing_keys[] and validate each entry per RFC 7517 §4.1 (kty required) + RFC 7518 §6 (kty-specific required parameters). kid is OPTIONAL per RFC 7517 §4.5 and not enforced here.
Add includeSubDomains to your Strict-Transport-Security header
Why this matters: Without includeSubDomains, an HTTP subdomain (staging, mail, …) can be used to attack the apex's cookies.
Findings (1)
Inspected the homepage Strict-Transport-Security header ("max-age=0") and the includeSubDomains directive is absent.
How: Parse the homepage Strict-Transport-Security header for the includeSubDomains directive (RFC 6797 §6.1.2).
- HSTS header is missing the includeSubDomains directiveMEDIUM
What we found
max-age=0What we expected
Strict-Transport-Security: max-age=31536000; includeSubDomainsAppend
; includeSubDomainsto your STS header once every subdomain you operate supports HTTPS.
Keep every sitemap entry on the sitemap's own host
Why this matters: Cross-host sitemap entries are silently dropped, so the off-host product URLs effectively don't exist for the crawler.
Findings (5)
Compared 1606 <loc> entries against their sitemap host across 2 resource(s); 5 cross-host entries found.
How: For each resolved sitemap resource, parse the sitemap URL's host and compare it against every parsed <loc> URL's host.
- Cross-host <loc> — sitemap host is www.azardisplays.com but entry is on azardisplays.comMEDIUM
/xmlsitemap.phpsitemap host: www.azardisplays.com; entry host: azardisplays.com
What we found
https://azardisplays.com/xmlsitemap.php?type=pages&page=1Remove the cross-host entry from this sitemap, or publish a separate sitemap on that host.
- Cross-host <loc> — sitemap host is www.azardisplays.com but entry is on azardisplays.comMEDIUM
/xmlsitemap.phpsitemap host: www.azardisplays.com; entry host: azardisplays.com
What we found
https://azardisplays.com/xmlsitemap.php?type=products&page=1Remove the cross-host entry from this sitemap, or publish a separate sitemap on that host.
- Cross-host <loc> — sitemap host is www.azardisplays.com but entry is on azardisplays.comMEDIUM
/xmlsitemap.phpsitemap host: www.azardisplays.com; entry host: azardisplays.com
What we found
https://azardisplays.com/xmlsitemap.php?type=categories&page=1Remove the cross-host entry from this sitemap, or publish a separate sitemap on that host.
- Cross-host <loc> — sitemap host is www.azardisplays.com but entry is on azardisplays.comMEDIUM
/xmlsitemap.phpsitemap host: www.azardisplays.com; entry host: azardisplays.com
What we found
https://azardisplays.com/xmlsitemap.php?type=brands&page=1Remove the cross-host entry from this sitemap, or publish a separate sitemap on that host.
- Cross-host <loc> — sitemap host is www.azardisplays.com but entry is on azardisplays.comMEDIUM
/xmlsitemap.phpsitemap host: www.azardisplays.com; entry host: azardisplays.com
What we found
https://azardisplays.com/xmlsitemap.php?type=news&page=1Remove the cross-host entry from this sitemap, or publish a separate sitemap on that host.
Populate description on every Product JSON-LD node
Why this matters: Agents quote your description to answer shopper questions; an empty description gives them nothing to work with.
Findings (5)
Read description on Product JSON-LD across 20 sampled product pages (15 non-empty after HTML strip, 75%).
How: Read description on each Product node; strip HTML tags and collapse whitespace; require length > 0.
Coverage
15/20 · 75%
- Product JSON-LD has no
description(empty after HTML strip)MEDIUM× 5Fill in the product description in your store admin; the JSON-LD template typically binds to that field.
Skipped — No MerchantReturnPolicy node carried a `merchantReturnLink` URL, so reachability has nothing to evaluate.
Context: A broken return-link makes Option B policies invisible — agents can't render or follow the link.
Why this was skipped
No MerchantReturnPolicy node carried a merchantReturnLink URL, so reachability has nothing to evaluate.
How: Collect every unique merchantReturnLink URL across all MerchantReturnPolicy nodes; probe each once via politeFetch (failSoft). 2xx counts as reachable.
Skipped — Profile declares no capabilities; required-field checks have nothing to evaluate.
Context: Capabilities missing version/spec/schema can't be matched against agent support tables — agents skip them silently.
Why this was skipped
Profile declares no capabilities; required-field checks have nothing to evaluate.
How: For each capabilities[] entry, require non-empty string values for version, spec, and schema.
Skipped — No services declared a `spec` URL; origin matching has nothing to evaluate.
Context: A spec URL on an unrelated authority signals the service was copy-pasted from stale documentation — agents can't trust the conformance claim.
Why this was skipped
No services declared a spec URL; origin matching has nothing to evaluate.
How: For each service with a spec URL, require the URL origin to be a canonical UCP authority OR the host/path to include the namespace token.
Upload higher-resolution product images (area ≥ 50,000 pixels)
Why this matters: Tiny product images get dropped from Google’s shopping rich-result modules and are unhelpful to AI agents quoting your product visually.
Findings (11)
Inspected <img width=… height=…> attributes on 20 sampled product pages (0 have at least one image with area ≥ 50,000 px; dimensions absent from HTML are not HEAD-probed and count as indeterminate).
How: For every sampled PDP, parse <img> tags and read explicit width and height attributes; a PDP passes when at least one image has width × height ≥ 50,000. PDPs without any explicit-dimension <img> are marked indeterminate (this check does not HEAD image URLs).
Coverage
0/20 · 0%
- All images on this PDP are below the 50,000-pixel thresholdLOW× 10
Upload an image whose width × height ≥ 50,000 (e.g., 400 × 300 = 120,000).
Affected (10)
- /5-5w-x-2-5h-sign-holder-w-magnetic-stripslargest image area observed: 1 px
- /8-5w-x-3h-adhesive-back-nameplatelargest image area observed: 1 px
- /modular-adjustable-cosmetic-tray-clear-12-widelargest image area observed: 1 px
- /5-5w-x-8-5h-three-sided-revolving-sign-holderlargest image area observed: 1 px
- /large-black-slide-in-a-frame-signlargest image area observed: 1 px
- /3-metal-wire-loop-hook-0-148-dialargest image area observed: 1 px
- /8-5w-x-2-5h-sign-holder-w-magnetic-stripslargest image area observed: 1 px
- /72l-x-1w-x-0-5h-clear-t-sign-holder-w-gripslargest image area observed: 1 px
- /1-875w-x-3-5d-x-2-5h-easel-display-front-lip-1hlargest image area observed: 1 px
- /slim-tray-desk-organizerlargest image area observed: 1 px
…and 1 more
Add preload to your Strict-Transport-Security header and submit to hstspreload.org
Why this matters: HSTS preload-list inclusion is the strongest downgrade protection available — first-time visits are protected too.
Findings (1)
Inspected the homepage Strict-Transport-Security header ("max-age=0") and the preload directive is absent.
How: Parse the homepage Strict-Transport-Security header for the preload directive (hstspreload.org vendor extension to RFC 6797).
- HSTS header is missing the preload directiveLOW
What we found
max-age=0What we expected
Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadAppend
; preloadafterincludeSubDomainsand submit your domain at https://hstspreload.org/.
Add an AggregateRating to Product nodes when you have real reviews
Why this matters: Review ratings are a trust signal agents use to rank and filter products.
Findings (11)
Looked for a valid aggregateRating on Product JSON-LD across 20 sampled product pages (0 valid, 0%).
How: On each Product node, parse aggregateRating (or the first element if it's an array) and require ratingValue in [0,5] AND reviewCount or ratingCount ≥ 1.
Coverage
0/20 · 0%
- Product has no valid AggregateRating (ratingValue 0-5 + reviewCount/ratingCount ≥ 1)LOW× 10
Render
aggregateRatingfrom real review totals — never fabricate.Affected (10)
- /5-5w-x-2-5h-sign-holder-w-magnetic-strips
- /8-5w-x-3h-adhesive-back-nameplate
- /modular-adjustable-cosmetic-tray-clear-12-wide
- /5-5w-x-8-5h-three-sided-revolving-sign-holder
- /large-black-slide-in-a-frame-sign
- /3-metal-wire-loop-hook-0-148-dia
- /8-5w-x-2-5h-sign-holder-w-magnetic-strips
- /72l-x-1w-x-0-5h-clear-t-sign-holder-w-grips
- /1-875w-x-3-5d-x-2-5h-easel-display-front-lip-1h
- /slim-tray-desk-organizer
…and 1 more
Use sentence-case product titles
Why this matters: Empty or all-caps product titles signal low quality to agents and trigger Google Merchant Center policy flags.
Findings (3)
Inspected the Product JSON-LD title on 20 sampled product pages (17 non-empty and not all-caps, 85%).
How: Read name on the first Product JSON-LD node. Fail if missing/empty after trimming OR if the string contains letters and they're all upper-case.
Coverage
17/20 · 85%
- Product title is entirely upper-caseLOW
/5-5w-x-8-5h-three-sided-revolving-sign-holder
What we found
193730-BLKUse sentence-case or title-case capitalisation.
- Product title is entirely upper-caseLOW
/acrylic-glove-dispenser-holder
What we found
255631-1PKUse sentence-case or title-case capitalisation.
- Product title is entirely upper-caseLOW
/two-pocket-letter-wall-mount-brochure-holder-o…
What we found
105586-GLDUse sentence-case or title-case capitalisation.
Skipped — Walked services[] for `transport: "mcp"` entries; none advertised.
Context: If you advertise MCP transport, agents will try to connect — broken or non-HTTPS endpoints fail silently and lose the integration.
Why this was skipped
Walked services[] for transport: "mcp" entries; none advertised.
How: Filter services[] to entries where transport=mcp and validate that endpoint is an absolute https:// URL.
Enable Apple Pay through your payment processor (informational only)
Why this matters: Apple Pay is a checkout-quality signal for human shoppers — informational only, does not affect the agent-readiness score.
Findings (1)
Scanned the homepage and 20 sampled PDPs for Apple Pay markers; none matched.
How: Substring match on known Apple Pay SDK/markup signatures (ApplePaySession, apple-pay-button, /apple-developer-merchantid-domain-association) across the homepage and every sampled PDP HTML.
- No Apple Pay markers detected on the homepage or PDPsINFO
Enable Apple Pay in your payment processor's dashboard (Stripe / Adyen / Braintree). Informational only — does not affect the score.
Enable Google Pay through your payment processor (informational only)
Why this matters: Google Pay is a checkout-quality signal for human shoppers — informational only, does not affect the agent-readiness score.
Findings (1)
Scanned the homepage and 20 sampled PDPs for Google Pay markers; none matched.
How: Substring match on known Google Pay SDK/markup signatures (pay.google.com/gp/p/js/pay.js, google.payments.api, <google-pay-button) across the homepage and every sampled PDP HTML.
- No Google Pay markers detected on the homepage or PDPsINFO
Enable Google Pay in your payment processor's dashboard (Stripe / Adyen / Braintree). Informational only — does not affect the score.
Skipped — Looked for /llms.txt at the site root; the fetcher returned no file.
Context: An /llms.txt manifest points agents at your feed and key pages without them having to guess.
Why this was skipped
Looked for /llms.txt at the site root; the fetcher returned no file.
How: Check whether the fetcher reached an /llms.txt at the site root. Informational only — no failure path per llmstxt.org being a voluntary community convention.