About Our Scanner
Bot Identification
Our scanner identifies itself with the following User-Agent:
AgentReadyScanner/1.0 (+https://agentsready.io/scanner) The link in the User-Agent (+https://agentsready.io/scanner) leads to this documentation — standard practice for well-behaved bots.
IP Addresses
The scanner runs from a dedicated VDS server (hostvds). The IP range will be published after the production deploy.
If you'd like to whitelist our scanner in advance — contact us (below) and we'll send the current CIDR.
Whitelist Instructions
If your WAF or CDN blocks our scanner, add the User-Agent to your allowlist:
AgentReadyScanner/1.0We follow these principles:
- Only GET requests to public endpoints
- We follow robots.txt directives
- We never send POST requests, authenticate, or write data
- 10-second timeout per request, no more than 5 concurrent requests per domain
- Maximum downloaded response body — 5 MB
- Minimum 60-second interval between scans of one domain
Web Bot Auth (RFC 9421)
Our scanner signs outgoing requests using RFC 9421 HTTP Message Signatures (Ed25519). This lets site owners verify the authenticity of our scanner.
How to verify us
JWKS directory with the public key:
GET https://agentsready.io/.well-known/http-message-signatures-directory Each scanner request includes the Signature and Signature-Input headers with an Ed25519 signature.
Whitelist by signature (nginx)
# Allow AgentReadyScanner by the Signature header
if ($http_signature ~* "keyid=\"agent-ready-scanner") {
# allow
}Reverse DNS
A PTR record for our IP will be published after the production deploy. The CIDR IP range will be published after the deploy.
Contact
For scanner questions (false positives, whitelist, bug reports, partnership):