Terms of Service

These terms govern your use of get-headless.ai (the "Site") and the Agent Usability Report scanner (the "Scanner"). By using either, you agree to everything below. If you don't agree, don't use them.

1. Who can run a scan

You may use the Scanner only against URLs that satisfy at least one of:

• You own the website.
• You have explicit written authorization from the website owner.
• The website's published policy (e.g., a public bug-bounty scope or a permissive robots.txt for active scanning) clearly authorizes third-party scanning.

Scanning a site without one of the above is unauthorized access. You are solely responsible for the legal consequences of submitting URLs you are not authorized to scan. We will cooperate with valid law-enforcement requests and may disclose the IP address and timing of any scan we ran on your behalf.

2. What the Scanner does

• Issues a small number of GET requests (typically < 25) against the target's HTTP surface using a clearly-labeled User-Agent (AgentUsabilityScanner/1.0).
• Honors robots.txt via the Protego parser. If the scanner is disallowed, the scan stops and the disallow is reported.
• Never performs writes (no POST to non-form endpoints, no auth attempts, no destructive HTTP verbs).
• Renders the homepage once with a headless browser to compute an SSR / CSR diff.
• Submits the response summary to a third-party language model (via OpenRouter) which performs additional public-web search to enrich the report.

3. Limits

• 10 scans per IP per hour.
• 60 seconds between scans of the same domain (rapid-fire throttle).
• One scan per domain per year. After a successful scan, the domain is locked from re-scanning for 365 days. This applies to everyone, not just you. The lock keeps repeated probing of the same target from looking like a denial-of-service to the operator.
• Targets resolving to private, loopback, link-local, multicast, or reserved IP ranges are rejected.
• Per-scan model spend is capped at $5; scans may return a "partial report" if the cap is hit.

4. Acceptable use

You agree not to:

• Use the Scanner to perform load tests, denial-of-service attacks, or any kind of stress-testing against a site you do not own.
• Attempt to bypass the per-IP, per-domain, or annual rate limits — including via multiple IPs, VPN rotation, automated scripts, or distributed orchestration.
• Probe credentials, keys, internal-only paths, or anything not explicitly part of a public agent-discovery surface.
• Use scan results to harass, defame, or coerce a website operator.
• Resell or republish raw scan reports without explicit written consent. Reports are produced privately for the requesting party.
• Use the Scanner to evaluate a competing product's API or website for the purpose of reverse-engineering protected interfaces.
• Submit URLs that point to illegal content, content infringing third-party rights, or content that violates the policies of the third-party LLM providers we route through.
• Probe get-headless.ai itself with this Scanner, with other scanners, or with any tool whose effect is to enumerate, fuzz, or systematically map our infrastructure, without our prior written permission.

5. Privacy of scan results

• Reports are private by default. We don't publish them or list scanned domains anywhere public unless you opt in.
• Report artifacts (private mode) are served only via signed, expiring links (default TTL: 1 hour).
• We retain the report and probe summary for operational reasons (debugging, abuse investigation) for up to 90 days, then delete.
• The fact that a domain was scanned (not the report content) is recorded in our annual-lock store for 1 year so that the per-domain limit can be enforced.
• If you provided an email address for delivery, we use it solely to send you the report and delete it after 90 days unless you've also subscribed to the get-headless newsletter.

5.1 Public reports (opt-in)

When you submit a scan, you may check the "Make this report public" option. By doing so you agree that:

• The report becomes accessible at a stable, shareable URL (e.g. get-headless.ai/scan/?d=<your-domain>) that anyone with the link can view.
• We may list public scans on a leaderboard, comparison view, or directory in the future. The contents of the public report (score, per-check signals, recommendations, the URL navigation log) are visible to anyone with the link.
• Search engines, AI crawlers, and third-party services may index, cache, or republish snippets of public scan pages. We cannot control or revoke external caches once a page is indexed.
• You confirm you have the right to publish a usability assessment of the scanned URL. Do not select public for a site you do not own or have explicit authorization to publicly assess.
• You can flip a public report back to private from your records at any time. We will stop serving it at the public URL within minutes; external caches may persist longer.

If you don't opt in, the report stays private and follows the rules in §5 above.

6. Site content (articles, knowledge base, APIs)

• The articles, knowledge base, RSS, JSON, and llms.txt endpoints we publish are made available for both human reading and machine ingestion. You may fetch and process them programmatically.
• Republishing significant portions of our content requires attribution and a link to the original page on get-headless.ai.
• Crawling our site at > 1 request/second sustained without prior contact will be treated as abuse and the source IP may be blocked.

7. Abuse handling

We may, at our sole discretion and without notice, block IPs, ban domains from being scanned, invalidate signed report links, refuse service, and refer suspected unauthorized-access activity to the relevant hosting providers and law-enforcement bodies. Operating the Scanner against your own infrastructure does not exempt you from rate limits.

8. No warranty

The Scanner and the Site are provided "as is". Scan results are produced by a language model interpreting partial public evidence and may contain errors, inferences, misclassifications, or omissions. Do not use scan results as the sole basis for any operational, commercial, or legal decision. We disclaim all warranties — express, implied, and statutory — including merchantability, fitness for purpose, and non-infringement.

9. Limitation of liability

To the maximum extent permitted by law, our total liability for any claim arising from your use of the Site or the Scanner is capped at USD $50 or the amount you paid us in the preceding 12 months, whichever is greater. We are not liable for indirect, incidental, consequential, or punitive damages, including lost profits, lost data, or business interruption, even if we were advised of the possibility.

10. Changes to these terms

We may update these terms at any time. The "Last updated" date at the top reflects the current version. Continued use after a change means you accept the new terms. Material changes will also be noted on the homepage for at least 14 days.

11. Contact

Abuse reports, takedown requests, authorization questions, and legal notices: legal@get-headless.ai.

---

Plain summary: only scan sites you're allowed to scan. Don't try to abuse the tool. We delete most things after 90 days. Reports are inferences, not gospel. We're not on the hook if you misuse them.