A

bereli.com

Audited 5 days ago· bigcommerce

PDFShareSign in to re-audit
87
Grade B

Agent-readiness across all five AI commerce surfaces.

Surfaces — click to filter

13 failing · 14 not checked · 27 shown

14 checks couldn't run on this store — each is listed below with the reason. Your score reflects only what we could verify.

FAILHIGH
Terms of service page reachableterms-of-service-page-reachableMerchant

Publish a terms of service page and link it from your site nav/footer

Why this matters: A published ToS is a baseline trust signal AI agents and ad networks use to decide whether to surface or accept a merchant.

Google merchant listing — terms of service
Findings (1)

Probed 5 candidate ToS paths (nav-discovered + platform-conventional) and none returned a 2xx body.

How: Discover candidate URLs by scoring homepage nav/footer anchors for terms/tos/legal/conditions keywords, then append platform-conventional paths; probe each with politeFetch and pass on the first 2xx with ≥200 stripped-body chars.

  • No terms-of-service page reachable at any candidate URLHIGH

    statuses: /terms-conditions/=404, /terms/=404, /terms=404, /terms-of-service=404, /policies/terms-of-service=404

    Publish a ToS page at /terms (or your platform's standard slug) with ≥200 chars of body text.

How to fix · 2 steps · create a free account to viewCreate a free account →
FAILHIGH
GTIN coverage on PDPsproduct-gtin-populatedSchema.orgMerchant

Populate gtin on every branded Product node

Why this matters: GTINs let agents match your product to the same item elsewhere; without them you lose cross-catalog matching.

schema.org/Product.gtin
Findings (11)

Checked 20 sampled product pages for a GTIN in the Product JSON-LD (3 carry a valid GTIN, 15%).

How: Extract gtin / gtin8 / gtin12 / gtin13 / gtin14 from the first Product JSON-LD node on each PDP; validate digit length.

Coverage

3/20 · 15%

…and 1 more

How to fix · 2 steps · create a free account to viewCreate a free account →
FAILHIGH
MerchantReturnPolicy node present on Product or Offermerchant-return-policy-presentReturnsSchema.org

Emit hasMerchantReturnPolicy on Product or Offer JSON-LD

Why this matters: Without the entry-point return-policy node, agents can't render or quote your return terms — they fall back to platform defaults or skip your store.

Google return-policy structured data — entry-point field
Findings (11)

Inspected hasMerchantReturnPolicy on Product/Offer JSON-LD across 20 sampled product pages (0 present, 0%).

How: On each PDP, locate the Product JSON-LD node and check for a hasMerchantReturnPolicy object/array at Product level OR Offer level. Pass band ≥ 85% coverage, partial ≥ 50%.

Coverage

0/20 · 0%

…and 1 more

How to fix · 2 steps · create a free account to viewCreate a free account →
FAILHIGH
Offer JSON-LD carries shippingDetails (OfferShippingDetails)offer-shipping-details-presentSchema.orgShipping

Emit shippingDetails (OfferShippingDetails) on Offer JSON-LD

Why this matters: Without shippingDetails, AI agents fall back to vague defaults — they can't quote your rates, destinations, or delivery windows in shopping cards.

schema.org/OfferShippingDetails
Findings (11)

Inspected shippingDetails on Product/Offer JSON-LD across 20 sampled PDPs (0 present, 0%).

How: On each PDP, locate the Product JSON-LD node and check for shippingDetails (single object or array) at Product or Offer level. Pass band ≥ 85% coverage.

Coverage

0/20 · 0%

…and 1 more

How to fix · 2 steps · create a free account to viewCreate a free account →
FAILHIGH
UCP profile carries all four required top-level keysucp-profile-required-keysUCP

Add every required top-level key to the UCP profile

Why this matters: A profile missing one of the four required keys is treated as non-conformant — agent runtimes fall back to default behaviour and may skip the merchant.

UCP overview — required profile keys
Findings (1)

Profile is missing required key(s): signing_keys.

How: Read the profile root (or top-level ucp wrapper) and verify the presence of version, services, capabilities, and signing_keys keys.

  • Required top-level key signing_keys is missingHIGH

    /.well-known/ucp

    What we expected

    Add a top-level "signing_keys" field to the JSON document (empty array/object is fine).

    Set signing_keys at the root of the JSON document.

How to fix · 2 steps · create a free account to viewCreate a free account →
FAILHIGH
Each service satisfies the transport-conditional field requirementsucp-service-transport-conditional-fieldsUCP

Populate the conditional fields required by each service's transport

Why this matters: A service declared with the right transport but missing endpoint/schema is unreachable — agents can't negotiate or connect.

UCP overview — transport-conditional fields
Findings (1)

Validated 1 services with recognised transports (0 satisfy their transport's required fields).

How: For each services[] entry with a recognised transport, require the transport-conditional fields: rest/mcp → endpoint+schema; a2a → endpoint; embedded → schema.

Coverage

0/1 · 0%

  • Service is missing transport-conditional field(s)HIGH

    /.well-known/ucpnamespace=dev.ucp.shopping; transport=rest

    What we found

    missing: schema

    What we expected

    `endpoint` + `schema`

    Add schema to this services[] entry.

How to fix · 2 steps · create a free account to viewCreate a free account →
NAHIGH
MerchantReturnPolicy finite-window has positive merchantReturnDaysmerchant-return-policy-finite-daysReturns

Skipped — No MerchantReturnPolicy node used the MerchantReturnFiniteReturnWindow category, so the `merchantReturnDays` check has nothing to evaluate.

Context: AI agents quote your concrete return window in shopping cards. Without `merchantReturnDays`, your policy renders as 'has a return policy' without the headline number.

Google return-policy SD — merchantReturnDays required for finite windows
Why this was skipped

No MerchantReturnPolicy node used the MerchantReturnFiniteReturnWindow category, so the merchantReturnDays check has nothing to evaluate.

How: For each MerchantReturnPolicy node whose returnPolicyCategory normalizes to MerchantReturnFiniteReturnWindow, require merchantReturnDays to be a positive number (or a numeric string > 0).

NAHIGH
MerchantReturnPolicy satisfies Option A (country+category) or B (returnLink)merchant-return-policy-option-a-or-bReturnsSchema.org

Skipped — No PDP carried a `hasMerchantReturnPolicy` node, so Option A/B shape cannot be evaluated.

Context: A policy node missing both shapes is invisible to agents — they can't render it, link to it, or quote your return terms.

Google return-policy SD — required-shape MUSTs
Why this was skipped

No PDP carried a hasMerchantReturnPolicy node, so Option A/B shape cannot be evaluated.

How: For each PDP, walk every hasMerchantReturnPolicy node (Product or Offer level) and require either (applicableCountry + returnPolicyCategory) OR a syntactically-valid merchantReturnLink URL.

NAHIGH
Every signing_keys[] entry is a valid JWKucp-signing-keys-validJWKS

Skipped — Profile declares no signing_keys; JWK validation has no entries to evaluate.

Context: Malformed JWK entries are rejected silently by agents — signed payloads cannot be verified and the merchant loses trust signal.

RFC 7517 — JSON Web Key (JWK)
Why this was skipped

Profile declares no signing_keys; JWK validation has no entries to evaluate.

How: Walk signing_keys[] and validate each entry per RFC 7517 §4.1 (kty required) + RFC 7518 §6 (kty-specific required parameters). kid is OPTIONAL per RFC 7517 §4.5 and not enforced here.

FAILMEDIUM
HSTS policy carries the includeSubDomains directivehsts-include-subdomainsHSTS

Add includeSubDomains to your Strict-Transport-Security header

Why this matters: Without includeSubDomains, an HTTP subdomain (staging, mail, …) can be used to attack the apex's cookies.

RFC 6797 — HSTS `includeSubDomains` directive
Findings (1)

Inspected the homepage Strict-Transport-Security header ("max-age=31536000") and the includeSubDomains directive is absent.

How: Parse the homepage Strict-Transport-Security header for the includeSubDomains directive (RFC 6797 §6.1.2).

  • HSTS header is missing the includeSubDomains directiveMEDIUM

    /

    What we found

    max-age=31536000

    What we expected

    Strict-Transport-Security: max-age=31536000; includeSubDomains

    Append ; includeSubDomains to your STS header once every subdomain you operate supports HTTPS.

How to fix · 2 steps · create a free account to viewCreate a free account →
NAMEDIUM
MerchantReturnPolicy merchantReturnLink URL is reachablemerchant-return-link-reachableReturns

Skipped — No MerchantReturnPolicy node carried a `merchantReturnLink` URL, so reachability has nothing to evaluate.

Context: A broken return-link makes Option B policies invisible — agents can't render or follow the link.

Google return-policy SD — merchantReturnLink reachability
Why this was skipped

No MerchantReturnPolicy node carried a merchantReturnLink URL, so reachability has nothing to evaluate.

How: Collect every unique merchantReturnLink URL across all MerchantReturnPolicy nodes; probe each once via politeFetch (failSoft). 2xx counts as reachable.

NAMEDIUM
MerchantReturnPolicy applicableCountry uses ISO 3166-1 alpha-2 codesmerchant-return-policy-applicable-country-isoReturns

Skipped — No MerchantReturnPolicy node carried `applicableCountry`, so the ISO-code check has nothing to evaluate.

Context: A non-ISO country is dropped silently; the policy looks present but never reaches the merchant-listing rich result.

Google return-policy SD — applicableCountry MUST be ISO alpha-2
Why this was skipped

No MerchantReturnPolicy node carried applicableCountry, so the ISO-code check has nothing to evaluate.

How: On each MerchantReturnPolicy node where applicableCountry is set, extract every candidate string and require every one to match /^[A-Z]{2}$/i.

NAMEDIUM
MerchantReturnPolicy returnPolicyCategory uses valid Schema.org enummerchant-return-policy-category-enumReturns

Skipped — No MerchantReturnPolicy node carried `returnPolicyCategory`, so the enum check has nothing to evaluate.

Context: An invalid category is silently dropped — your policy looks present in the source but never renders in Google's return-policy rich result.

Google return-policy SD — returnPolicyCategory enum
Why this was skipped

No MerchantReturnPolicy node carried returnPolicyCategory, so the enum check has nothing to evaluate.

How: On each MerchantReturnPolicy node where returnPolicyCategory is set, accept the bare enum name or the schema.org URL form; reject any other string.

NAMEDIUM
OfferShippingDetails shippingDestination is a valid DefinedRegionoffer-shipping-destination-validShipping

Skipped — No OfferShippingDetails node carried `shippingDestination`, so the DefinedRegion check has nothing to evaluate.

Context: Without a valid destination region, your shipping rate has no scope — Google can't decide whether to render it for a given shopper's country.

Google shipping-policy SD — shippingDestination as DefinedRegion
Why this was skipped

No OfferShippingDetails node carried shippingDestination, so the DefinedRegion check has nothing to evaluate.

How: On each OfferShippingDetails node where shippingDestination is set, require it to be a DefinedRegion (or array) and every entry to carry addressCountry matching /^[A-Z]{2}$/i.

NAMEDIUM
OfferShippingDetails shippingRate is a valid MonetaryAmountoffer-shipping-rate-validShipping

Skipped — No OfferShippingDetails node carried `shippingRate`, so the MonetaryAmount check has nothing to evaluate.

Context: An invalid rate object is silently dropped; agents can't quote your shipping cost in shopping cards.

Google shipping-policy SD — shippingRate as MonetaryAmount
Why this was skipped

No OfferShippingDetails node carried shippingRate, so the MonetaryAmount check has nothing to evaluate.

How: On each OfferShippingDetails node where shippingRate is set, require an object with numeric value/maxValue (typed or numeric string) and a 3-letter ISO 4217 currency.

NAMEDIUM
Each capability has version + spec + schemaucp-capability-required-fieldsUCP

Skipped — Profile declares no capabilities; required-field checks have nothing to evaluate.

Context: Capabilities missing version/spec/schema can't be matched against agent support tables — agents skip them silently.

UCP overview — capabilities
Why this was skipped

Profile declares no capabilities; required-field checks have nothing to evaluate.

How: For each capabilities[] entry, require non-empty string values for version, spec, and schema.

NAMEDIUM
Each service's `spec` URL origin matches its namespace authorityucp-service-spec-url-origin-matchesUCP

Skipped — No services declared a `spec` URL; origin matching has nothing to evaluate.

Context: A spec URL on an unrelated authority signals the service was copy-pasted from stale documentation — agents can't trust the conformance claim.

UCP overview — service specs
Why this was skipped

No services declared a spec URL; origin matching has nothing to evaluate.

How: For each service with a spec URL, require the URL origin to be a canonical UCP authority OR the host/path to include the namespace token.

FAILLOW
Product images meet Google’s 50,000-pixel area thresholdimage-area-50k-pixelsMerchant

Upload higher-resolution product images (area ≥ 50,000 pixels)

Why this matters: Tiny product images get dropped from Google’s shopping rich-result modules and are unhelpful to AI agents quoting your product visually.

Image quality (≥50K pixels area)
Findings (11)

Inspected <img width=… height=…> attributes on 20 sampled product pages (0 have at least one image with area ≥ 50,000 px; dimensions absent from HTML are not HEAD-probed and count as indeterminate).

How: For every sampled PDP, parse <img> tags and read explicit width and height attributes; a PDP passes when at least one image has width × height ≥ 50,000. PDPs without any explicit-dimension <img> are marked indeterminate (this check does not HEAD image URLs).

Coverage

0/20 · 0%

…and 1 more

How to fix · 2 steps · create a free account to viewCreate a free account →
FAILLOW
HSTS policy carries the preload directivehsts-preload-directiveHSTS

Add preload to your Strict-Transport-Security header and submit to hstspreload.org

Why this matters: HSTS preload-list inclusion is the strongest downgrade protection available — first-time visits are protected too.

RFC 6797 — HSTS `preload` directive (vendor extension)
Findings (1)

Inspected the homepage Strict-Transport-Security header ("max-age=31536000") and the preload directive is absent.

How: Parse the homepage Strict-Transport-Security header for the preload directive (hstspreload.org vendor extension to RFC 6797).

  • HSTS header is missing the preload directiveLOW

    /

    What we found

    max-age=31536000

    What we expected

    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

    Append ; preload after includeSubDomains and submit your domain at https://hstspreload.org/.

How to fix · 3 steps · create a free account to viewCreate a free account →
FAILLOW
Product `aggregateRating` presentproduct-aggregate-rating-presentSchema.org

Add an AggregateRating to Product nodes when you have real reviews

Why this matters: Review ratings are a trust signal agents use to rank and filter products.

schema.org/AggregateRating
Findings (11)

Looked for a valid aggregateRating on Product JSON-LD across 20 sampled product pages (0 valid, 0%).

How: On each Product node, parse aggregateRating (or the first element if it's an array) and require ratingValue in [0,5] AND reviewCount or ratingCount ≥ 1.

Coverage

0/20 · 0%

…and 1 more

How to fix · 2 steps · create a free account to viewCreate a free account →
HALFLOW
Alt text on at least 80% of PDP imagesimage-alt-text-coverageWCAG

Add descriptive alt text to product images (WCAG 2.x SC 1.1.1)

Why this matters: Alt text is the only text description AI agents and screen readers have for your product imagery.

WCAG 2.x SC 1.1.1 — Non-text Content
Findings (5)

Parsed <img> alt attributes across 20 sampled product pages (15 have alt text on at least 80% of images).

How: Per PDP, count <img> tags via regex; a tag 'has alt text' when its alt attribute is present AND non-empty after trim. A PDP passes when it carries no <img> at all OR ≥80% of its <img> tags have non-empty alt.

Coverage

15/20 · 75%

How to fix · 3 steps · create a free account to viewCreate a free account →
NALOW
MerchantReturnPolicy enrichment enums use valid Schema.org valuesmerchant-return-policy-enums-validReturns

Skipped — No MerchantReturnPolicy node carried returnFees, returnMethod, or refundType, so the enum check has nothing to evaluate.

Context: Invalid enrichment values are dropped silently, leaving merchants confused about why their rendered policy is missing fields they configured.

Google return-policy SD — enum field constraints
Why this was skipped

No MerchantReturnPolicy node carried returnFees, returnMethod, or refundType, so the enum check has nothing to evaluate.

How: On each MerchantReturnPolicy node, inspect returnFees/returnMethod/refundType if set; require the bare name or schema.org URL form of a value in the corresponding Schema.org enum.

NALOW
OfferShippingDetails deliveryTime is a valid ShippingDeliveryTimeoffer-shipping-delivery-time-validShipping

Skipped — No OfferShippingDetails node carried `deliveryTime`, so the ShippingDeliveryTime check has nothing to evaluate.

Context: Without populated handling/transit times, agents can't quote a delivery window in shopping cards.

Google shipping-policy SD — deliveryTime as ShippingDeliveryTime
Why this was skipped

No OfferShippingDetails node carried deliveryTime, so the ShippingDeliveryTime check has nothing to evaluate.

How: On each OfferShippingDetails node where deliveryTime is set, require an object with at least one of handlingTime / transitTime populated as a QuantitativeValue.

NALOW
UCP MCP-transport entries have valid HTTPS endpointsucp-mcp-transport-validUCP

Skipped — Walked services[] for `transport: "mcp"` entries; none advertised.

Context: If you advertise MCP transport, agents will try to connect — broken or non-HTTPS endpoints fail silently and lose the integration.

UCP overview — transport declarations
Why this was skipped

Walked services[] for transport: "mcp" entries; none advertised.

How: Filter services[] to entries where transport=mcp and validate that endpoint is an absolute https:// URL.

FAILINFO
Apple Pay markers detected (informational)apple-pay-detectedSchema.org

Enable Apple Pay through your payment processor (informational only)

Why this matters: Apple Pay is a checkout-quality signal for human shoppers — informational only, does not affect the agent-readiness score.

Apple Pay availability — payment options observed
Findings (1)

Scanned the homepage and 20 sampled PDPs for Apple Pay markers; none matched.

How: Substring match on known Apple Pay SDK/markup signatures (ApplePaySession, apple-pay-button, /apple-developer-merchantid-domain-association) across the homepage and every sampled PDP HTML.

  • No Apple Pay markers detected on the homepage or PDPsINFO

    /

    Enable Apple Pay in your payment processor's dashboard (Stripe / Adyen / Braintree). Informational only — does not affect the score.

How to fix · 3 steps · create a free account to viewCreate a free account →
FAILINFO
Google Pay markers detected (informational)google-pay-detectedSchema.org

Enable Google Pay through your payment processor (informational only)

Why this matters: Google Pay is a checkout-quality signal for human shoppers — informational only, does not affect the agent-readiness score.

Google Pay availability — payment options observed
Findings (1)

Scanned the homepage and 20 sampled PDPs for Google Pay markers; none matched.

How: Substring match on known Google Pay SDK/markup signatures (pay.google.com/gp/p/js/pay.js, google.payments.api, <google-pay-button) across the homepage and every sampled PDP HTML.

  • No Google Pay markers detected on the homepage or PDPsINFO

    /

    Enable Google Pay in your payment processor's dashboard (Stripe / Adyen / Braintree). Informational only — does not affect the score.

How to fix · 3 steps · create a free account to viewCreate a free account →
NAINFO
llms.txt present (informational)llms-txt-presentllms.txt

Skipped — Looked for /llms.txt at the site root; the fetcher returned no file.

Context: An /llms.txt manifest points agents at your feed and key pages without them having to guess.

llmstxt.org — /llms.txt manifest
Why this was skipped

Looked for /llms.txt at the site root; the fetcher returned no file.

How: Check whether the fetcher reached an /llms.txt at the site root. Informational only — no failure path per llmstxt.org being a voluntary community convention.

Engine 2.0.0 · ACP 2026-04-17 · UCP 2026-04-08

Get notified when this score drops.

Paid plans auto-rescan your store weekly and email you when anything changes — incl. when ACP/UCP ships a new spec.

See plans · from $29/mo →