How AI-ready is your website? Cloudflare built a scanner to find out

Cloudflare's new 'Is It Agent Ready' tool does exactly what it sounds like. Plug in a URL and it scores how well AI agents can interact with your site. It checks five categories: discoverability (robots.txt, sitemaps, link headers), content accessibility (Markdown negotiation), bot access control (AI bot rules), protocol discovery (MCP, OAuth, Agent Skills), and commerce protocols. Then it spits out copy-paste instructions for coding agents like Cursor, Claude Code, or Copilot to fix whatever's missing.

The commerce layer is where things get messy. Three competing protocols are fighting over how agents should pay for things online. Cloudflare's own x402 revives the long-dormant HTTP 402 'Payment Required' status code, pushing payment negotiation down to the web infrastructure layer. UCP comes from traditional e-commerce players adapting existing shopping cart APIs for agent consumption. ACP takes an AI-native approach, building for semantic product understanding and autonomous transactions instead of traditional checkout flows.

None of these have won yet, and website owners could end up supporting all three with conflicting headers just so agents from different ecosystems can actually pay them. That's a real cost with unclear payoff.

Hacker News commenters caught the irony: the same industry claiming AI agents will soon handle any white-collar job also expects every website to reconfigure itself for agent access. Some users said they'd rather have tools to block AI agents than enable them. The split between agent optimization and agent protection is already here, and it's probably permanent.