minipop.dk
Audited 5 days ago· shopify
Agent-readiness across all five AI commerce surfaces.
Surfaces — click to filter
16 failing · 35 not checked · 51 shown
35 checks couldn't run on this store — each is listed below with the reason. Your score reflects only what we could verify.
Enforce HTTPS sitewide and ship a Strict-Transport-Security header with max-age ≥ 6 months
Why this matters: AI agents and payment flows refuse plain HTTP; weak HSTS is treated as effectively no HSTS by trust-and-safety scanners.
Findings (1)
Confirmed the homepage is HTTPS (status 200), probed http://minipop.dk/ for redirect behaviour, and parsed the Strict-Transport-Security header (value: "max-age=7889238").
How: URL scheme + homepage status check, an http://host/ redirect probe through politeFetch, and a Strict-Transport-Security max-age parse (RFC 6797; ≥ 180-day threshold).
- HSTS max-age is below the 6-month minimumCRITICAL
/parsed max-age = 7889238s (need ≥ 15552000s = 180 days)
What we found
max-age=7889238What we expected
Strict-Transport-Security: max-age=31536000; includeSubDomainsBump
max-ageto at least 15552000 (180 days). 31536000 (1 year) is required for preload-list inclusion.
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Agents need a price with a currency to show and compare your product.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Make product pages discoverable without JavaScript
Why this matters: AI shopping crawlers do not run JavaScript; without server-rendered product pages, agents can't see your catalog.
Findings (1)
Counted product pages discovered by the non-JavaScript crawl. None were found — JS-only storefront, products missing from sitemap, or the crawl was blocked.
How: Count the product pages a non-JavaScript crawl could discover via the sitemap or initial HTML (no JS execution). The fetcher already attempted discovery; we read ctx.pdpSample.
- No product pages discoverable from a non-JavaScript crawlHIGH
/0 products in pdpSample after sitemap + HTML link discovery
Server-render product pages and list every product URL in the sitemap.
Publish a privacy policy page and link it from your site nav/footer
Why this matters: A privacy policy is required by GDPR/CCPA and is a baseline trust signal for AI agents, ad networks, and most merchant-listing programs.
Findings (1)
Probed 3 candidate privacy-policy paths (nav-discovered + platform-conventional) and none returned a 2xx body.
How: Discover candidate URLs by scoring homepage nav/footer anchors for privacy/gdpr/cookie keywords, then append platform-conventional paths; probe each with politeFetch and pass on the first 2xx with ≥200 stripped-body chars.
- No privacy policy page reachable at any candidate URLHIGH
statuses: /policies/privacy-policy=404, /privacy=404, /privacy-policy=404
Publish a privacy policy page at
/privacy-policy(or your platform's standard slug) with ≥200 chars of body text.
Publish a terms of service page and link it from your site nav/footer
Why this matters: A published ToS is a baseline trust signal AI agents and ad networks use to decide whether to surface or accept a merchant.
Findings (1)
Probed 3 candidate ToS paths (nav-discovered + platform-conventional) and none returned a 2xx body.
How: Discover candidate URLs by scoring homepage nav/footer anchors for terms/tos/legal/conditions keywords, then append platform-conventional paths; probe each with politeFetch and pass on the first 2xx with ≥200 stripped-body chars.
- No terms-of-service page reachable at any candidate URLHIGH
statuses: /policies/terms-of-service=404, /terms=404, /terms-of-service=404
Publish a ToS page at
/terms(or your platform's standard slug) with ≥200 chars of body text.
Publish a product feed or a crawlable product sitemap
Why this matters: Agents build their catalog from a feed or by crawling product pages; if neither yields products, your store is invisible.
Findings (1)
Ran the discovery cascade (feed → platform catalog → typed sitemap → content-verified crawl). Method: none; verified 0 product pages of 5 sampled.
How: Read the product-discovery cascade result from ctx.discovery. Score by discovery method (feed / platform_api / sitemap_typed → pass when verifiedProductCount ≥ MIN_CONFIDENT_PRODUCTS; content_verified → partial; none or under-threshold → fail).
- No reliable way for agents to discover your productsHIGH
/method=none, verified=0
Publish a product feed (Google Merchant XML or ACP) and declare it in /.well-known/ucp and /llms.txt, or ensure every product page carries Product JSON-LD and is listed in the sitemap.
Add every required top-level key to the UCP profile
Why this matters: A profile missing one of the four required keys is treated as non-conformant — agent runtimes fall back to default behaviour and may skip the merchant.
Findings (1)
Profile is missing required key(s): signing_keys.
How: Read the profile root (or top-level ucp wrapper) and verify the presence of version, services, capabilities, and signing_keys keys.
- Required top-level key
signing_keysis missingHIGHWhat we expected
Add a top-level "signing_keys" field to the JSON document (empty array/object is fine).Set
signing_keysat the root of the JSON document.
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: AI agents quote your concrete return window in shopping cards. Without `merchantReturnDays`, your policy renders as 'has a return policy' without the headline number.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: A policy node missing both shapes is invisible to agents — they can't render it, link to it, or quote your return terms.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Without the entry-point return-policy node, agents can't render or quote your return terms — they fall back to platform defaults or skip your store.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Agents suppress out-of-stock or ambiguous items; a valid availability URL keeps you eligible.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Without shippingDetails, AI agents fall back to vague defaults — they can't quote your rates, destinations, or delivery windows in shopping cards.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: PDPs behind a login wall are silently dropped from Google's merchant listing and from every AI agent surface.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: A noindex on the PDP makes it invisible to Google and ineligible for the merchant listing program.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Duplicate Product nodes on a single PDP cause Google's merchant scraper to drop the listing or pick the wrong variant.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Brand on every product is a primary agent filter and a required feed field.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: GTINs let agents match your product to the same item elsewhere; without them you lose cross-catalog matching.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Agents show your product image in shopping cards; a missing image weakens or drops the listing.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Product JSON-LD is how agents identify the canonical product entity without running JavaScript.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: A product's name is the minimum an agent needs to list it.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Without an Offer, agents can't see that the product is for sale.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — the runner did not surface transport metadata
Context: If your UCP profile says `no-cache`, agent runtimes re-fetch on every interaction — brittle at scale and prone to rate-limit failures.
Why this was skipped
Wanted to inspect the UCP profile's Cache-Control header, but the runner did not surface transport metadata.
How: Parse the Cache-Control header on the /.well-known/ucp response; require public, max-age ≥ 60, and no no-store/no-cache/private.
- Transport metadata not available — runner update pendingLOW
This check activates once the runner (Task I1) populates ctx.wellKnownUcp.cacheControl.
Skipped — Profile declares no signing_keys; JWK validation has no entries to evaluate.
Context: Malformed JWK entries are rejected silently by agents — signed payloads cannot be verified and the merchant loses trust signal.
Why this was skipped
Profile declares no signing_keys; JWK validation has no entries to evaluate.
How: Walk signing_keys[] and validate each entry per RFC 7517 §4.1 (kty required) + RFC 7518 §6 (kty-specific required parameters). kid is OPTIONAL per RFC 7517 §4.5 and not enforced here.
Add includeSubDomains to your Strict-Transport-Security header
Why this matters: Without includeSubDomains, an HTTP subdomain (staging, mail, …) can be used to attack the apex's cookies.
Findings (1)
Inspected the homepage Strict-Transport-Security header ("max-age=7889238") and the includeSubDomains directive is absent.
How: Parse the homepage Strict-Transport-Security header for the includeSubDomains directive (RFC 6797 §6.1.2).
- HSTS header is missing the includeSubDomains directiveMEDIUM
What we found
max-age=7889238What we expected
Strict-Transport-Security: max-age=31536000; includeSubDomainsAppend
; includeSubDomainsto your STS header once every subdomain you operate supports HTTPS.
Add an Organization (or OnlineStore) JSON-LD block to your homepage with a contactPoint
Why this matters: Organization markup with a contactPoint tells AI agents who you are and how a shopper can reach you for support.
Findings (1)
Found a homepage Organization node but its contactPoint is missing both email and telephone.
How: Parse homepage <script type="application/ld+json"> blocks, flatten @graph, and look for an Organization/OnlineStore/Store node with a contactPoint carrying email or telephone.
- Homepage Organization node has no contactPoint with email or telephoneMEDIUM
What we expected
"contactPoint": [{"@type":"ContactPoint","contactType":"customer service","email":"support@example.com","telephone":"+1-555-123-4567"}]Add a contactPoint object with at least one of
emailortelephone.
Install a third-party review platform so agents see syndicated reviews on your storefront
Why this matters: Third-party review widgets feed the ratings AI agents trust when ranking merchants.
Findings (1)
Scanned the homepage and 0 sampled PDPs for 8 review-platform asset fingerprints; none matched.
How: Substring scan of homepage and sampled PDP HTML for known review-platform asset fingerprints (judge.me, yotpo, stamped.io, reviews.io, okendo, loox, trustpilot, bazaarvoice).
- No third-party review-platform integration detectedMEDIUM
none of 8 fingerprints matched across 1 source
Install a Judge.me / Yotpo / Loox / Okendo / Stamped / Reviews.io / Trustpilot / Bazaarvoice widget on your storefront.
Publish a returns policy page and link it from your site nav/footer
Why this matters: AI agents quote return terms to shoppers; missing returns pages are a baseline trust failure that suppresses you from agentic shopping cards.
Findings (1)
Probed 5 candidate returns-policy paths (nav-discovered + platform-conventional) and none returned a 2xx body.
How: Discover candidate URLs by scoring homepage nav/footer anchors for return/refund/exchange keywords, then append platform-conventional paths; probe each with politeFetch and pass on the first 2xx with ≥200 stripped-body chars.
- No returns/refund policy page reachable at any candidate URLMEDIUM
statuses: /policies/refund-policy=404, /policies/return-policy=404, /returns=404, /refund-policy=404, /return-policy=404
Publish a returns/refund policy page at
/returns(or your platform's standard slug) with ≥200 chars of body text.
Publish a shipping policy page and link it from your site nav/footer
Why this matters: Agents quote shipping terms to shoppers; without a reachable shipping policy they fall back to vague defaults or skip your store.
Findings (1)
Probed 4 candidate shipping-policy paths (nav-discovered + platform-conventional) and none returned a 2xx body.
How: Discover candidate URLs by scoring homepage nav/footer anchors for shipping/delivery/dispatch keywords, then append platform-conventional paths; probe each with politeFetch and pass on the first 2xx with ≥200 stripped-body chars.
- No shipping policy page reachable at any candidate URLMEDIUM
statuses: /policies/shipping-policy=404, /shipping=404, /shipping-policy=404, /pages/shipping=404
Publish a shipping policy page at
/shipping-policy(or your platform's standard slug) with ≥200 chars of body text and link it from your footer.
Publish a sitemap containing product URLs
Why this matters: A sitemap that omits product URLs forces every crawler into slower, less complete frontier discovery.
Findings (1)
Resolved an XML sitemap with 5 <loc> entries, but none look like product URLs.
How: Parse <loc> entries from the resolved sitemap (or sitemap index) and classify each against product-URL patterns (/products/..., /product/..., /p/<id>, etc.).
Coverage
0/5 · 0%
- Sitemap reachable but contains no product URLsMEDIUM
/sitemap.xml5 total <loc> entries, 0 product-shaped (0%)
Add product URLs (e.g., /products/<handle>) to the sitemap or include the product-section sitemap in your sitemap index.
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: A broken return-link makes Option B policies invisible — agents can't render or follow the link.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: A non-ISO country is dropped silently; the policy looks present but never reaches the merchant-listing rich result.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: An invalid category is silently dropped — your policy looks present in the source but never renders in Google's return-policy rich result.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Without a valid destination region, your shipping rate has no scope — Google can't decide whether to render it for a given shopper's country.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: An invalid rate object is silently dropped; agents can't quote your shipping cost in shopping cards.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Brand on every product is a primary agent filter and a required feed field.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Agents quote your description to answer shopper questions; an empty description gives them nothing to work with.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: A stable SKU lets agents track and re-identify your product across catalogs.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Placeholder titles like Default Title make products look broken to agents.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Profile declares no capabilities; required-field checks have nothing to evaluate.
Context: Capabilities missing version/spec/schema can't be matched against agent support tables — agents skip them silently.
Why this was skipped
Profile declares no capabilities; required-field checks have nothing to evaluate.
How: For each capabilities[] entry, require non-empty string values for version, spec, and schema.
Add preload to your Strict-Transport-Security header and submit to hstspreload.org
Why this matters: HSTS preload-list inclusion is the strongest downgrade protection available — first-time visits are protected too.
Findings (1)
Inspected the homepage Strict-Transport-Security header ("max-age=7889238") and the preload directive is absent.
How: Parse the homepage Strict-Transport-Security header for the preload directive (hstspreload.org vendor extension to RFC 6797).
- HSTS header is missing the preload directiveLOW
What we found
max-age=7889238What we expected
Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadAppend
; preloadafterincludeSubDomainsand submit your domain at https://hstspreload.org/.
Publish a substantive About page at a standard URL
Why this matters: Perplexity and ChatGPT use About-page text to summarise your brand to shoppers in answer responses.
Findings (1)
Probed 4 candidate About-page paths and none returned a 2xx body.
How: URL probe of platform-specific about-page paths via politeFetch; the first 2xx response whose HTML-stripped body length is ≥ 200 chars counts as a pass.
- No About page reachable at any standard URLLOW
statuses: /pages/about=404, /pages/about-us=404, /about=404, /about-us=404
Publish an About page at /about (or your platform's standard path) with ≥ 200 chars of body text.
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Breadcrumbs help agents understand where a product sits in your catalog.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Alt text is the only text description AI agents and screen readers have for your product imagery.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Tiny product images get dropped from Google’s shopping rich-result modules and are unhelpful to AI agents quoting your product visually.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Invalid enrichment values are dropped silently, leaving merchants confused about why their rendered policy is missing fields they configured.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: When you declare itemCondition, agents and Google require a canonical Schema.org IRI; free-text values get ignored.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Without populated handling/transit times, agents can't quote a delivery window in shopping cards.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Review ratings are a trust signal agents use to rank and filter products.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Skipped — Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
Context: Empty or all-caps product titles signal low quality to agents and trigger Google Merchant Center policy flags.
Why this was skipped
Couldn't confidently identify product pages — only 0 of 5 sampled URLs carried product structured data, so product-level checks aren't applicable.
How: n/a
Enable Apple Pay through your payment processor (informational only)
Why this matters: Apple Pay is a checkout-quality signal for human shoppers — informational only, does not affect the agent-readiness score.
Findings (1)
Scanned the homepage and 0 sampled PDPs for Apple Pay markers; none matched.
How: Substring match on known Apple Pay SDK/markup signatures (ApplePaySession, apple-pay-button, /apple-developer-merchantid-domain-association) across the homepage and every sampled PDP HTML.
- No Apple Pay markers detected on the homepage or PDPsINFO
Enable Apple Pay in your payment processor's dashboard (Stripe / Adyen / Braintree). Informational only — does not affect the score.
Enable Google Pay through your payment processor (informational only)
Why this matters: Google Pay is a checkout-quality signal for human shoppers — informational only, does not affect the agent-readiness score.
Findings (1)
Scanned the homepage and 0 sampled PDPs for Google Pay markers; none matched.
How: Substring match on known Google Pay SDK/markup signatures (pay.google.com/gp/p/js/pay.js, google.payments.api, <google-pay-button) across the homepage and every sampled PDP HTML.
- No Google Pay markers detected on the homepage or PDPsINFO
Enable Google Pay in your payment processor's dashboard (Stripe / Adyen / Braintree). Informational only — does not affect the score.