What is the maximum Cloudflare isitagentready score for a non-commerce site?

The maximum Cloudflare isitagentready.com score for a non-commerce site is 75% (12 of 16 checks). Four checks are commerce-specific protocols (ACP, UCP, x402, MPP) that require transactional payment processing. Cloudflare labels 75% as Advanced tier.

How long does it take to go from baseline to full agent readiness?

AEOForged deployed all seven components in approximately 6 hours of engineering time. The agents.json, MCP Server Card, and A2A Agent Card were generated automatically using AEOForge's tools. Manual configuration covered robots.txt, auto-discovery links, content negotiation middleware, agent instructions, and OAuth discovery.

Can you verify AEOForged's agent readiness results independently?

Yes. Run aeo_agent_ready on aeoforged.com (free, no account required) to see the current 33-signal report. You can also check the site on isitagentready.com for the Cloudflare score. All results in this case study are reproducible.

By Ryan Kings, Founder & CTO at AEOForged · Published June 2026 · 8 min read

How AEOForged Went from 11 to 28/28 Agent Readiness Signals: First-Party Case Study

AEOForged used its own agent readiness tools to measure and fix its own site. The starting point was 11 detected signals out of 33 checked, with 21 missing. After deploying seven protocol components, the result was 28 of 28 applicable signals live, with the remaining 4 classified as not applicable (commerce-only protocols on a SaaS site). This is first-party data from AEOForge's 33-signal audit, independently verifiable by running the same scan on aeoforged.com.

What did the baseline audit reveal?

The baseline scan in June 2026 showed that AEOForged's site had strong content readiness (94% overall AEO score) but weak agent infrastructure. Only 11 of 33 protocol signals were present:

AEOForged AI Readiness dashboard before optimization — Cloudflare 25%, Lighthouse 50%, FORKOFF 46%

Cloudflare isitagentready.com: 25% (Basic tier, 4 of 16 checks passing)
Google Lighthouse Agentic Browsing: 50% (4 of 8 audits passing)
FORKOFF: 46% (Tier D)

The detected signals were the ones that existed by default: MCP Transport (the site already had an MCP server), API Catalog, NLWeb, Sitemap XML, Schema.org Density, Token Budget, SSR Content, llms.txt, and llms.txt (valid). Everything else was missing.

Which signals were missing?

Protocol signals before — 11 detected, 21 missing across Discovery, Content, Authentication, and Agent Protocols

The 21 missing signals fell into four categories:

Discovery (5 missing): A2A Agent Card, agents.json, agent-permissions.json, AGENTS.md, and Auto-Discovery Links were all absent. The site had an MCP Server Card and llms.txt but no way for agents to discover them without direct URL knowledge.

Content (3 missing): Content Negotiation (no markdown response to Accept: text/markdown), Content-Signal Header (no declaration in robots.txt), and Heading Structure (inconsistent heading hierarchy on some pages). Link Headers were also missing from HTTP responses.

Authentication (5 missing): Web Bot Auth, OAuth Discovery, and OAuth Protected Resource were not configured. The commerce-specific protocols (x402 Payment, Machine Payment Protocol) were also absent but not applicable to this site type.

Agent Protocols (8 missing): Agent Communication Protocol, Universal Communication Protocol, OpenAPI/Swagger, Agent Skills Index, Agent Instructions, and WebMCP were all absent. Only MCP Transport and API Catalog were already present.

What was deployed to fix the gaps?

Seven components were deployed in a single sprint, following the prioritised order from the audit report:

robots.txt update with Content-Signal directive and explicit AI bot rules for GPTBot, ClaudeBot, PerplexityBot, Google-Extended, Bytespider, and CCBot
Auto-discovery link tags added to the root layout: <link rel="describedby"> for llms.txt, agents.json, and agent-instructions.md
Content negotiation middleware returning text/markdown when agents request it via the Accept header
agents.json and agent-permissions.json generated from the live site using AEOForge's Action Schema generator, describing available actions (search, audit, score) with typed parameters
A2A Agent Card at /.well-known/agent-card.json (v1.0) and /.well-known/agent.json (v0.3 compatibility)
Agent Instructions at /agent-instructions.md with brand voice, escalation contacts, and pricing guidance
OAuth discovery at /.well-known/openid-configuration and OAuth Protected Resource headers for authenticated API endpoints

The deployment took approximately 6 hours of engineering time. The Action Schema, MCP Server Card, and A2A Agent Card were generated using AEOForge's own tools (8 credits total for the aeo_make_agent_ready bundle); the remaining files were manual configuration.

What were the after-deployment results?

The re-scan after deployment showed 28 of 28 applicable signals detected:

AEOForged AI Readiness dashboard after optimization — Cloudflare 75%, Lighthouse 100%, FORKOFF 100%

Cloudflare isitagentready.com: 75% (Advanced tier, 12 of 16 checks passing, up from 25%)
Google Lighthouse Agentic Browsing: 100% (8 of 8 audits passing, up from 50%)
FORKOFF: 100% (Tier A, up from Tier D at 46%)

Protocol signals after — 28 detected, 4 N/A. All Discovery, Content, Authentication, and Agent Protocol signals live.

The 4 signals marked N/A are commerce-only protocols that do not apply to SaaS sites: x402 Payment, Machine Payment Protocol, Agent Communication Protocol (ACP, Shopify-specific), and Universal Communication Protocol (UCP, Google Commerce-specific). These are excluded from the score rather than counted as failures.

Signal summary — 28 of 28 applicable signals live, 0 auto-fixable, 0 manual, 4 not applicable

Per-category results:

Category	Before	After
Discovery & Manifests	3/11	11/11 live
Content & Structure	6/10	10/10 live
Authentication & Payments	0/3 applicable	3/3 live (2 N/A)
Agent Protocols	2/4 applicable	4/4 live (2 N/A)

Why does Cloudflare cap at 75% instead of 100%?

Cloudflare's isitagentready.com uses 16 checks, and 4 of those are commerce-specific protocols (ACP, UCP, x402, MPP) that require a transactional site with payment processing. A SaaS platform without checkout pages cannot pass these checks. The maximum achievable score for a non-commerce site is 75% (12 of 16), which is what AEOForged achieved. Cloudflare labels this as "Advanced" tier.

What should you learn from this case study?

This case study demonstrates three things about agent readiness in 2026:

Content readiness and agent readiness are independent. AEOForged scored 94% on content AEO scoring while scoring 25% on Cloudflare's agent readiness checks. A high AEO score does not mean agents can operate your site.
Most missing signals are configuration, not code. Of the 21 missing signals, 15 were resolved by deploying static files (JSON manifests, markdown documents) or adding HTTP headers. Only content negotiation middleware required actual application code.
The N/A category matters. Commerce protocols (x402, UCP, ACP, MPP) are excluded from scoring when they do not apply to your site type. Grey badges in the report are not failures. Four of AEOForged's 33 checks are correctly N/A, giving a perfect 28/28 on applicable signals.

Key takeaways

AEOForged went from 11 detected agent signals to 28/28 applicable signals in a single deployment sprint.
Cloudflare isitagentready.com score improved from 25% (Basic) to 75% (Advanced), which is the maximum for non-commerce sites.
Google Lighthouse Agentic Browsing improved from 50% (4/8) to 100% (8/8).
FORKOFF score improved from 46% (Tier D) to 100% (Tier A).
The seven deployed components were: robots.txt Content-Signal, auto-discovery links, content negotiation middleware, agents.json, A2A Agent Card, agent instructions, and OAuth discovery.
Total engineering time was approximately 6 hours. AEOForge's generators created the agents.json, MCP Server Card, and A2A Agent Card automatically.
Every result in this case study is reproducible by running aeo_agent_ready on aeoforged.com. The same free scan is available for any site.

How AEOForged Went from 11 to 28/28 Agent Readiness Signals: First-Party Case Study

How AEOForged Went from 11 to 28/28 Agent Readiness Signals: First-Party Case Study

What did the baseline audit reveal?

Which signals were missing?

What was deployed to fix the gaps?

What were the after-deployment results?

Why does Cloudflare cap at 75% instead of 100%?

What should you learn from this case study?

Key takeaways

Continue reading

Case Study: AEOForged 8/100 to 81/100

What Is Agent Readiness?

How to Make Your Site Agent-Operable

Want to know where your content stands?