UCP profile Cache-Control is shared-cacheable with max-age ≥ 60s

`/.well-known/ucp` Cache-Control is `public, max-age=N` with N ≥ 60 and no `no-store`/`no-cache`/`private`. If your UCP profile says `no-cache`, agent runtimes re-fetch on every interaction — brittle at scale and prone to rate-limit failures.

What this check looks for

Agent runtimes cache UCP profiles by URL and re-fetch on TTL expiry. Profiles served with no shared-cache directives force every agent to round-trip on every interaction, which is brittle at scale and trips rate limits. We require `public` + `max-age ≥ 60` and the absence of `no-store`, `no-cache`, and `private`. The transport metadata for this check is populated by the v2 runner (Task I1); until then the check returns `na`.

Which AI surfaces it affects

• Google AI Mode (UCP)100
• Microsoft Copilot70
• ChatGPT (ACP)20
• Perplexity20
• Meta AI10

Weighted against the live specs — ACP 2026-04-17, UCP 2026-04-08.

How to fix it

Serve `/.well-known/ucp` with `Cache-Control: public, max-age=…`

HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: public, max-age=3600

{ "version": "2026-04-08", ... }

The spec it's pinned to

• UCP overview — profile caching

  The UCP overview expects profiles to be cacheable at shared caches so agents can rely on them between negotiations. Profiles served with `no-store`, `no-cache`, or `private` force per-request re-fetches that break agent discovery at scale.

MDN — Cache-Control ↗

Related protocol checks

• Each capability has version + spec + schema
• UCP MCP-transport entries have valid HTTPS endpoints
• /.well-known/ucp response Content-Type is application/json
• /.well-known/ucp is publicly fetchable with no auth

← All 82 checks