en.ofinto.ch
Audited 6 days ago· bigcommerce
Agent-readiness across all five AI commerce surfaces.
Surfaces — click to filter
17 failing · 13 not checked · 30 shown
13 checks couldn't run on this store — each is listed below with the reason. Your score reflects only what we could verify.
Use a canonical Schema.org availability IRI on every Offer
Why this matters: Agents suppress out-of-stock or ambiguous items; a valid availability URL keeps you eligible.
Findings (11)
Checked Offer availability on 13 sampled product pages with an Offer (0 use a canonical Schema.org URL, 0%).
How: On each Offer, accept availability only if it matches one of the canonical Schema.org ItemAvailability IRIs (http or https, trailing slash optional).
Coverage
0/13 · 0%
- Offer
availabilityis missing or not a canonical Schema.org URLHIGH× 10Use https://schema.org/InStock (or OutOfStock / PreOrder / BackOrder).
Affected (10)
- /cabinetvalue: InStock
- /cubox-2b-2h-2dvalue: InStock
- /ergonomic-chair-activevalue: InStock
- /cubox-doorvalue: InStock
- /chair-flex-officevalue: InStock
- /desk-elevatevalue: InStock
- /standing-matvalue: InStock
- /cubox-1b-3h-2d-extendedvalue: InStock
- /cablemanagement-system-elevatevalue: InStock
- /cubox-1b-3h-2dvalue: InStock
…and 1 more
Surface brand attribution on every PDP
Why this matters: Brand on every product is a primary agent filter and a required feed field.
Findings (6)
Checked 19 sampled product pages for brand attribution via Product JSON-LD or visible HTML signals (13 attributed, 68%).
How: On each PDP, accept brand attribution from either (a) extractBrand on the first Product JSON-LD node OR (b) an HTML brand signal (OG product:brand, brand meta, og:brand, Microdata itemprop="brand").
Coverage
13/19 · 68%
- No brand attribution on this PDP (neither JSON-LD
brandnor OG/Microdata)HIGH× 6Add
brandto the Product JSON-LD or a<meta property="product:brand">tag.
Make every MerchantReturnPolicy node satisfy Option A or Option B
Why this matters: A policy node missing both shapes is invisible to agents — they can't render it, link to it, or quote your return terms.
Findings (11)
Inspected 13 MerchantReturnPolicy nodes across 13 PDPs (0 satisfy Option A or B, 0%).
How: For each PDP, walk every hasMerchantReturnPolicy node (Product or Offer level) and require either (applicableCountry + returnPolicyCategory) OR a syntactically-valid merchantReturnLink URL.
Coverage
0/13 · 0%
- MerchantReturnPolicy node fails Option A and Option BHIGH× 10
Add (applicableCountry + returnPolicyCategory) or merchantReturnLink to this policy node.
Affected (10)
- /cabinetnode missing Option A or B (lacks: returnPolicyCategory, applicableCountry (ISO alpha-2), merchantReturnLink (URL))
- /cubox-2b-2h-2dnode missing Option A or B (lacks: returnPolicyCategory, applicableCountry (ISO alpha-2), merchantReturnLink (URL))
- /ergonomic-chair-activenode missing Option A or B (lacks: returnPolicyCategory, applicableCountry (ISO alpha-2), merchantReturnLink (URL))
- /cubox-doornode missing Option A or B (lacks: returnPolicyCategory, applicableCountry (ISO alpha-2), merchantReturnLink (URL))
- /chair-flex-officenode missing Option A or B (lacks: returnPolicyCategory, applicableCountry (ISO alpha-2), merchantReturnLink (URL))
- /desk-elevatenode missing Option A or B (lacks: returnPolicyCategory, applicableCountry (ISO alpha-2), merchantReturnLink (URL))
- /standing-matnode missing Option A or B (lacks: returnPolicyCategory, applicableCountry (ISO alpha-2), merchantReturnLink (URL))
- /cubox-1b-3h-2d-extendednode missing Option A or B (lacks: returnPolicyCategory, applicableCountry (ISO alpha-2), merchantReturnLink (URL))
- /cablemanagement-system-elevatenode missing Option A or B (lacks: returnPolicyCategory, applicableCountry (ISO alpha-2), merchantReturnLink (URL))
- /cubox-1b-3h-2dnode missing Option A or B (lacks: returnPolicyCategory, applicableCountry (ISO alpha-2), merchantReturnLink (URL))
…and 1 more
Emit shippingDetails (OfferShippingDetails) on Offer JSON-LD
Why this matters: Without shippingDetails, AI agents fall back to vague defaults — they can't quote your rates, destinations, or delivery windows in shopping cards.
Findings (11)
Inspected shippingDetails on Product/Offer JSON-LD across 13 sampled PDPs (0 present, 0%).
How: On each PDP, locate the Product JSON-LD node and check for shippingDetails (single object or array) at Product or Offer level. Pass band ≥ 85% coverage.
Coverage
0/13 · 0%
- Offer JSON-LD missing
shippingDetailsHIGH× 10Add OfferShippingDetails with shippingRate, shippingDestination, and deliveryTime.
…and 1 more
Add every required top-level key to the UCP profile
Why this matters: A profile missing one of the four required keys is treated as non-conformant — agent runtimes fall back to default behaviour and may skip the merchant.
Findings (1)
Profile is missing required key(s): signing_keys.
How: Read the profile root (or top-level ucp wrapper) and verify the presence of version, services, capabilities, and signing_keys keys.
- Required top-level key
signing_keysis missingHIGHWhat we expected
Add a top-level "signing_keys" field to the JSON document (empty array/object is fine).Set
signing_keysat the root of the JSON document.
Populate the conditional fields required by each service's transport
Why this matters: A service declared with the right transport but missing endpoint/schema is unreachable — agents can't negotiate or connect.
Findings (1)
Validated 1 services with recognised transports (0 satisfy their transport's required fields).
How: For each services[] entry with a recognised transport, require the transport-conditional fields: rest/mcp → endpoint+schema; a2a → endpoint; embedded → schema.
Coverage
0/1 · 0%
- Service is missing transport-conditional field(s)HIGH
/.well-known/ucpnamespace=dev.ucp.shopping; transport=rest
What we found
missing: schemaWhat we expected
`endpoint` + `schema`Add schema to this services[] entry.
Publish a Product JSON-LD block on every PDP
Why this matters: Product JSON-LD is how agents identify the canonical product entity without running JavaScript.
Findings (6)
Parsed JSON-LD on 19 sampled product pages for a Product node (13 found, 68%).
How: Walk each sampled PDP's parsed jsonLdBlocks, flatten @graph containers, and count the page as passing if any node has @type Product / ProductGroup / IndividualProduct / ProductModel.
Coverage
13/19 · 68%
- No Product JSON-LD on this PDPHIGH× 6
Add a
<script type="application/ld+json">block with@type: Productto the PDP<head>.
Populate gtin on every branded Product node
Why this matters: GTINs let agents match your product to the same item elsewhere; without them you lose cross-catalog matching.
Findings (6)
Checked 19 sampled product pages for a GTIN in the Product JSON-LD (13 carry a valid GTIN, 68%).
How: Extract gtin / gtin8 / gtin12 / gtin13 / gtin14 from the first Product JSON-LD node on each PDP; validate digit length.
Coverage
13/19 · 68%
- No valid GTIN on this product pageHIGH× 6
Populate gtin/gtin8/gtin12/gtin13/gtin14 with the manufacturer's barcode.
Skipped — No MerchantReturnPolicy node used the MerchantReturnFiniteReturnWindow category, so the `merchantReturnDays` check has nothing to evaluate.
Context: AI agents quote your concrete return window in shopping cards. Without `merchantReturnDays`, your policy renders as 'has a return policy' without the headline number.
Why this was skipped
No MerchantReturnPolicy node used the MerchantReturnFiniteReturnWindow category, so the merchantReturnDays check has nothing to evaluate.
How: For each MerchantReturnPolicy node whose returnPolicyCategory normalizes to MerchantReturnFiniteReturnWindow, require merchantReturnDays to be a positive number (or a numeric string > 0).
Skipped — Profile declares no signing_keys; JWK validation has no entries to evaluate.
Context: Malformed JWK entries are rejected silently by agents — signed payloads cannot be verified and the merchant loses trust signal.
Why this was skipped
Profile declares no signing_keys; JWK validation has no entries to evaluate.
How: Walk signing_keys[] and validate each entry per RFC 7517 §4.1 (kty required) + RFC 7518 §6 (kty-specific required parameters). kid is OPTIONAL per RFC 7517 §4.5 and not enforced here.
Add includeSubDomains to your Strict-Transport-Security header
Why this matters: Without includeSubDomains, an HTTP subdomain (staging, mail, …) can be used to attack the apex's cookies.
Findings (1)
Inspected the homepage Strict-Transport-Security header ("max-age=31536000") and the includeSubDomains directive is absent.
How: Parse the homepage Strict-Transport-Security header for the includeSubDomains directive (RFC 6797 §6.1.2).
- HSTS header is missing the includeSubDomains directiveMEDIUM
What we found
max-age=31536000What we expected
Strict-Transport-Security: max-age=31536000; includeSubDomainsAppend
; includeSubDomainsto your STS header once every subdomain you operate supports HTTPS.
Skipped — No MerchantReturnPolicy node carried a `merchantReturnLink` URL, so reachability has nothing to evaluate.
Context: A broken return-link makes Option B policies invisible — agents can't render or follow the link.
Why this was skipped
No MerchantReturnPolicy node carried a merchantReturnLink URL, so reachability has nothing to evaluate.
How: Collect every unique merchantReturnLink URL across all MerchantReturnPolicy nodes; probe each once via politeFetch (failSoft). 2xx counts as reachable.
Skipped — No MerchantReturnPolicy node carried `applicableCountry`, so the ISO-code check has nothing to evaluate.
Context: A non-ISO country is dropped silently; the policy looks present but never reaches the merchant-listing rich result.
Why this was skipped
No MerchantReturnPolicy node carried applicableCountry, so the ISO-code check has nothing to evaluate.
How: On each MerchantReturnPolicy node where applicableCountry is set, extract every candidate string and require every one to match /^[A-Z]{2}$/i.
Skipped — No MerchantReturnPolicy node carried `returnPolicyCategory`, so the enum check has nothing to evaluate.
Context: An invalid category is silently dropped — your policy looks present in the source but never renders in Google's return-policy rich result.
Why this was skipped
No MerchantReturnPolicy node carried returnPolicyCategory, so the enum check has nothing to evaluate.
How: On each MerchantReturnPolicy node where returnPolicyCategory is set, accept the bare enum name or the schema.org URL form; reject any other string.
Skipped — No OfferShippingDetails node carried `shippingDestination`, so the DefinedRegion check has nothing to evaluate.
Context: Without a valid destination region, your shipping rate has no scope — Google can't decide whether to render it for a given shopper's country.
Why this was skipped
No OfferShippingDetails node carried shippingDestination, so the DefinedRegion check has nothing to evaluate.
How: On each OfferShippingDetails node where shippingDestination is set, require it to be a DefinedRegion (or array) and every entry to carry addressCountry matching /^[A-Z]{2}$/i.
Skipped — No OfferShippingDetails node carried `shippingRate`, so the MonetaryAmount check has nothing to evaluate.
Context: An invalid rate object is silently dropped; agents can't quote your shipping cost in shopping cards.
Why this was skipped
No OfferShippingDetails node carried shippingRate, so the MonetaryAmount check has nothing to evaluate.
How: On each OfferShippingDetails node where shippingRate is set, require an object with numeric value/maxValue (typed or numeric string) and a 3-letter ISO 4217 currency.
Skipped — Profile declares no capabilities; required-field checks have nothing to evaluate.
Context: Capabilities missing version/spec/schema can't be matched against agent support tables — agents skip them silently.
Why this was skipped
Profile declares no capabilities; required-field checks have nothing to evaluate.
How: For each capabilities[] entry, require non-empty string values for version, spec, and schema.
Skipped — No services declared a `spec` URL; origin matching has nothing to evaluate.
Context: A spec URL on an unrelated authority signals the service was copy-pasted from stale documentation — agents can't trust the conformance claim.
Why this was skipped
No services declared a spec URL; origin matching has nothing to evaluate.
How: For each service with a spec URL, require the URL origin to be a canonical UCP authority OR the host/path to include the namespace token.
Upload higher-resolution product images (area ≥ 50,000 pixels)
Why this matters: Tiny product images get dropped from Google’s shopping rich-result modules and are unhelpful to AI agents quoting your product visually.
Findings (11)
Inspected <img width=… height=…> attributes on 19 sampled product pages (0 have at least one image with area ≥ 50,000 px; dimensions absent from HTML are not HEAD-probed and count as indeterminate).
How: For every sampled PDP, parse <img> tags and read explicit width and height attributes; a PDP passes when at least one image has width × height ≥ 50,000. PDPs without any explicit-dimension <img> are marked indeterminate (this check does not HEAD image URLs).
Coverage
0/19 · 0%
- No <img> on this PDP carries explicit width+height attributesLOW× 10
Server-render explicit width and height attributes so crawlers can verify image area without fetching.
Affected (10)
- /cabinet91 <img> tags found, none with width+height
- /lamp-lumino-renew71 <img> tags found, none with width+height
- /cubox-2b-2h-2d101 <img> tags found, none with width+height
- /ergonomic-chair-active108 <img> tags found, none with width+height
- /acoustic-panel-renew71 <img> tags found, none with width+height
- /cubox-door75 <img> tags found, none with width+height
- /chair-active-renew71 <img> tags found, none with width+height
- /chair-flex-office114 <img> tags found, none with width+height
- /desk-elevate187 <img> tags found, none with width+height
- /standing-mat49 <img> tags found, none with width+height
…and 1 more
Add preload to your Strict-Transport-Security header and submit to hstspreload.org
Why this matters: HSTS preload-list inclusion is the strongest downgrade protection available — first-time visits are protected too.
Findings (1)
Inspected the homepage Strict-Transport-Security header ("max-age=31536000") and the preload directive is absent.
How: Parse the homepage Strict-Transport-Security header for the preload directive (hstspreload.org vendor extension to RFC 6797).
- HSTS header is missing the preload directiveLOW
What we found
max-age=31536000What we expected
Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadAppend
; preloadafterincludeSubDomainsand submit your domain at https://hstspreload.org/.
Add an AggregateRating to Product nodes when you have real reviews
Why this matters: Review ratings are a trust signal agents use to rank and filter products.
Findings (11)
Looked for a valid aggregateRating on Product JSON-LD across 13 sampled product pages (0 valid, 0%).
How: On each Product node, parse aggregateRating (or the first element if it's an array) and require ratingValue in [0,5] AND reviewCount or ratingCount ≥ 1.
Coverage
0/13 · 0%
- Product has no valid AggregateRating (ratingValue 0-5 + reviewCount/ratingCount ≥ 1)LOW× 10
Render
aggregateRatingfrom real review totals — never fabricate.
…and 1 more
Add a BreadcrumbList JSON-LD block to every PDP
Why this matters: Breadcrumbs help agents understand where a product sits in your catalog.
Findings (11)
Searched JSON-LD on 13 sampled product pages for a BreadcrumbList (0 found, 0%).
How: Search every JSON-LD block on each PDP for @type: BreadcrumbList with a non-empty itemListElement.
Coverage
0/13 · 0%
- No BreadcrumbList JSON-LD with a populated itemListElementLOW× 10
Add a BreadcrumbList JSON-LD block walking Home → Category → Product.
…and 1 more
Either omit itemCondition (defaults to NewCondition) or set it to a canonical IRI
Why this matters: When you declare itemCondition, agents and Google require a canonical Schema.org IRI; free-text values get ignored.
Findings (11)
Checked Offer itemCondition on 13 sampled product pages with an Offer (0 either omit or use a canonical Schema.org URL, 0%).
How: On each Offer: if itemCondition is omitted, count as pass (Google defaults to NewCondition). If present, accept only when it matches a canonical Schema.org ItemCondition IRI.
Coverage
0/13 · 0%
- Offer
itemConditionis set but isn't a canonical Schema.org URLLOW× 10Use https://schema.org/NewCondition / UsedCondition / RefurbishedCondition / DamagedCondition.
Affected (10)
- /cabinetvalue: NewCondition
- /cubox-2b-2h-2dvalue: NewCondition
- /ergonomic-chair-activevalue: NewCondition
- /cubox-doorvalue: NewCondition
- /chair-flex-officevalue: NewCondition
- /desk-elevatevalue: NewCondition
- /standing-matvalue: NewCondition
- /cubox-1b-3h-2d-extendedvalue: NewCondition
- /cablemanagement-system-elevatevalue: NewCondition
- /cubox-1b-3h-2dvalue: NewCondition
…and 1 more
Add descriptive alt text to product images (WCAG 2.x SC 1.1.1)
Why this matters: Alt text is the only text description AI agents and screen readers have for your product imagery.
Findings (4)
Parsed <img> alt attributes across 19 sampled product pages (15 have alt text on at least 80% of images).
How: Per PDP, count <img> tags via regex; a tag 'has alt text' when its alt attribute is present AND non-empty after trim. A PDP passes when it carries no <img> at all OR ≥80% of its <img> tags have non-empty alt.
Coverage
15/19 · 79%
- Most images on this product page lack alt textLOW× 4
What we expected
<img src="/img/sneaker.webp" alt="Red leather running shoe, side view" />Populate the alt attribute on each <img> with a description of what the image shows; use alt="" only for decorative images.
Affected (4)
- /cubox-2b-2h-2d57/101 <img> tags have non-empty alt (56%)
- /cubox-door46/75 <img> tags have non-empty alt (61%)
- /cubox-1b-3h-2d-extended45/77 <img> tags have non-empty alt (58%)
- /cubox-1b-3h-2d57/98 <img> tags have non-empty alt (58%)
Skipped — No MerchantReturnPolicy node carried returnFees, returnMethod, or refundType, so the enum check has nothing to evaluate.
Context: Invalid enrichment values are dropped silently, leaving merchants confused about why their rendered policy is missing fields they configured.
Why this was skipped
No MerchantReturnPolicy node carried returnFees, returnMethod, or refundType, so the enum check has nothing to evaluate.
How: On each MerchantReturnPolicy node, inspect returnFees/returnMethod/refundType if set; require the bare name or schema.org URL form of a value in the corresponding Schema.org enum.
Skipped — No OfferShippingDetails node carried `deliveryTime`, so the ShippingDeliveryTime check has nothing to evaluate.
Context: Without populated handling/transit times, agents can't quote a delivery window in shopping cards.
Why this was skipped
No OfferShippingDetails node carried deliveryTime, so the ShippingDeliveryTime check has nothing to evaluate.
How: On each OfferShippingDetails node where deliveryTime is set, require an object with at least one of handlingTime / transitTime populated as a QuantitativeValue.
Skipped — Walked services[] for `transport: "mcp"` entries; none advertised.
Context: If you advertise MCP transport, agents will try to connect — broken or non-HTTPS endpoints fail silently and lose the integration.
Why this was skipped
Walked services[] for transport: "mcp" entries; none advertised.
How: Filter services[] to entries where transport=mcp and validate that endpoint is an absolute https:// URL.
Enable Apple Pay through your payment processor (informational only)
Why this matters: Apple Pay is a checkout-quality signal for human shoppers — informational only, does not affect the agent-readiness score.
Findings (1)
Scanned the homepage and 19 sampled PDPs for Apple Pay markers; none matched.
How: Substring match on known Apple Pay SDK/markup signatures (ApplePaySession, apple-pay-button, /apple-developer-merchantid-domain-association) across the homepage and every sampled PDP HTML.
- No Apple Pay markers detected on the homepage or PDPsINFO
Enable Apple Pay in your payment processor's dashboard (Stripe / Adyen / Braintree). Informational only — does not affect the score.
Enable Google Pay through your payment processor (informational only)
Why this matters: Google Pay is a checkout-quality signal for human shoppers — informational only, does not affect the agent-readiness score.
Findings (1)
Scanned the homepage and 19 sampled PDPs for Google Pay markers; none matched.
How: Substring match on known Google Pay SDK/markup signatures (pay.google.com/gp/p/js/pay.js, google.payments.api, <google-pay-button) across the homepage and every sampled PDP HTML.
- No Google Pay markers detected on the homepage or PDPsINFO
Enable Google Pay in your payment processor's dashboard (Stripe / Adyen / Braintree). Informational only — does not affect the score.
Skipped — Looked for /llms.txt at the site root; the fetcher returned no file.
Context: An /llms.txt manifest points agents at your feed and key pages without them having to guess.
Why this was skipped
Looked for /llms.txt at the site root; the fetcher returned no file.
How: Check whether the fetcher reached an /llms.txt at the site root. Informational only — no failure path per llmstxt.org being a voluntary community convention.