Fix: Web Bot Auth signature directory present (informational)
Web-audit fix skill for the
web-bot-authcheck (Bot & crawl policy, MAY).
Goal
Publish an HTTP Message Signatures directory if your site sends signed bot traffic.
Fix
Informational only. If your site sends authenticated bot traffic, publish an HTTP Message Signatures JWKS directory at /.well-known/http-message-signatures-directory so recipients can verify your bot's signatures. Skip it if you do not send signed bot requests.
Resources
Copy-paste prompt
Paste this into your coding agent, replacing the Issue line with the Result line from your audit:
Verify
Re-run the audit at https://anc.dev/web-audit or call the audit_website MCP tool; the web-bot-auth check should report pass.