BridgeToAgent
Get the kit — $49
All posts
Comparison11 min read

Cloudflare's Agent Readiness Score vs Chrome Lighthouse — what each one actually measures

Cloudflare's new free score and Chrome's Lighthouse Agentic Browsing audit both tell you if your site is AI-agent-ready. They measure different things. Here's the difference, which one actually affects whether agents transact on your site, and what to act on first.

BridgeToAgentEditorial team

Cloudflare's Agent Readiness Score vs Chrome Lighthouse

Cloudflare shipped isitagentready.com in mid-April. Chrome shipped Lighthouse Agentic Browsing late last year. Both score your site. Both come from companies you already trust. Both hand you a number that — depending on the day and the framework — ranges from "looks fine" to "fix everything immediately."

If you've run one of them and not the other, your two scores almost certainly don't match. The reason isn't that one tool is wrong.

We'll work through this one framework at a time: what each one actually measures, why the two diverge on the same site, which one matters more for whether agents transact on your pages, and what to do this week if you're staring at a Cloudflare score wondering whether it actually predicts anything.

The 30-second version

What Cloudflare measures. Four dimensions of vendor-curated readiness, anchored to Cloudflare's own product stack (Agent Skills, MCP Server Cards) alongside open standards (robots.txt, sitemap.xml, llms.txt). Designed to surface gaps you can hand to a coding agent.

What Lighthouse measures. Nine specific audits Chrome looks for when an agent visits a page in a browser. Anchored to Google's Lighthouse standard — same audit pipeline that Performance, Accessibility, Best Practices, and SEO live in.

Where they diverge. Cloudflare scores you on standards you may or may not implement. Lighthouse scores you on what agents actually find on your page during a real browser-driven audit. A site can pass one and fail the other.

What to do. If you sell anything online, prioritize Lighthouse — it's the audit that gates whether agents complete transactions on your site. Lighthouse is the standard you actually want to fix, and the audit-by-audit fix reference is at that link. Cloudflare is the better second-look check. Both can be passed with the same handful of files.

Why two scores exist now

Think about a building inspection.

Fire codes are one framework. They check for specific things — sprinkler density, exit-sign placement, the rating on doors between commercial spaces. The code is published, the inspector follows it line by line, and the building either passes each item or it doesn't. The framework is standardized: a fire inspector in one city looks at roughly the same checklist as one in another city.

Insurance inspections are a different framework. The insurance company has its own concerns — water-damage risk, theft exposure, the age of the electrical panel, what's stored in the basement. The inspector still walks the building, but they're scoring against a vendor-specific concern set. A building can pass its fire-code inspection and still get flagged by the insurance inspector, because the two frameworks are looking for different categories of risk.

Both inspections are useful. Neither replaces the other. And if you only ever ran one, you'd miss what the other was looking at.

That's the situation site owners are in right now with Cloudflare's Agent Readiness Score and Chrome's Lighthouse Agentic Browsing category. They're both serious frameworks. They both surface real gaps. They overlap in places and they diverge in others. The job of this post is to make the divergence specific enough that you can decide which one to act on first.

What Cloudflare's Agent Readiness Score actually measures

Cloudflare's isitagentready.com (launched ~April 17, 2026) scores any URL on four dimensions. You enter a domain, Cloudflare hits it from their edge, and you get a per-dimension breakdown.

Dimension 1 — Discoverability

How easily an agent can find your site's content surface. The checks include:

  • robots.txt present and well-formed (RFC 9309)
  • sitemap.xml referenced from robots.txt
  • HTTP Link headers exposing key resources (RFC 8288)
  • General "can a crawler enumerate your URLs without rendering JavaScript" hygiene

Dimension 2 — Content

How the agent receives the content once it's discovered. Checks include:

  • llms.txt present at the root
  • Markdown-for-agents fallback URLs (the convention of serving .md variants of HTML pages for agent consumption)
  • Plain-text accessibility of primary content

Dimension 3 — Bot Access Control

How explicitly your site declares what AI systems may do with your data. Checks include:

  • Per-bot rules in robots.txt (GPTBot, ClaudeBot, PerplexityBot, Google-Extended, CCBot)
  • Content Signals — the emerging convention of declaring training-data vs inference-grounding vs search-indexing permissions separately
  • Web Bot Auth signals

Dimension 4 — Capabilities

What programmatic capabilities your site exposes for agents. Checks include:

  • MCP Server Card at /.well-known/mcp/server-card.json
  • API Catalog discoverability
  • OAuth server discovery
  • Agent Skills declarations

The honest read. Cloudflare's score is anchored heavily to their own product stack alongside open standards. MCP Server Cards and Agent Skills are real specs, but they're Cloudflare-stewarded and not yet broadly adopted outside Cloudflare's ecosystem. If you're a small site that doesn't run an MCP server, scoring poorly on the Capabilities dimension may or may not reflect a meaningful gap in your actual agent-readiness — it reflects a gap in Cloudflare-flavored agent-readiness.

The score is also designed for a specific user: a buyer who has a coding agent (Claude Code, Cursor, similar) and can paste a prompt to fix what's missing. For each failing check, Cloudflare ships a prompt you can hand to your coding agent. That's a real value-add for technical users. It's an empty hand for the SMB who doesn't have a coding agent at all.

What Lighthouse Agentic Browsing actually measures

Chrome shipped Lighthouse Agentic Browsing in late 2025 as a fifth audit category alongside Performance, Accessibility, Best Practices, and SEO. The spec is public at developer.chrome.com/docs/lighthouse/agentic-browsing/scoring. The audits are weighted, the methodology is open, and the category is shipping into every Chromium-based browser globally.

There are nine audits, currently. They group naturally into four families.

The file-presence family — does your site ship the agent-readable files at all?

  • llms-txt-present — Is /llms.txt reachable with a plain-text content type?
  • agents-json-present — Is /agents.json reachable as valid JSON?
  • agent-runbook-present — Is /agent-instructions.md reachable?

The file-correctness family — when the files exist, are they correctly written?

  • llms-txt-well-formed — Does /llms.txt parse against the llmstxt.org reference parser?
  • agents-json-actions-typed — Does every action in /agents.json have typed parameters (no null, no missing fields)?

The discovery family — can an agent find the files and pages without round-tripping?

  • sitemap-discoverable — Is /sitemap.xml valid and referenced from /robots.txt?
  • auto-discovery-links — Does the homepage <head> contain three <link rel="alternate"> tags pointing at the kit files?

The content-structure family — when the agent lands on a page, can it understand what it's looking at?

  • schema-org-density — Are there Schema.org JSON-LD blocks at minimum density on the homepage and on primary product / article pages?

The emerging family — anchored to a spec still moving:

  • webmcp-annotations — Are there WebMCP per-element annotations on interactive <button>, <form>, <input> elements?

This last one is weighted low. The WebMCP spec is stable enough that Chrome 146 ships a browser-level API, but mass annotation patterns aren't settled yet. Lighthouse audits for it; nobody is expected to pass it cleanly in 2026.

The honest read. Lighthouse Agentic Browsing is the open standard. It's stewarded by Google and shipping into ~71% of global browser sessions (Chromium-based browsers per StatCounter, April 2026), plus another 5% on Edge. It's anchored to public specs (llmstxt.org, the agents.json reference, Schema.org's open vocabulary) rather than vendor-curated frameworks.

What it doesn't do: tell you anything about bot access control, training-data permissions, or vendor-specific protocols like MCP Server Cards. The Lighthouse category is opinionated about the agent transaction surface — can an agent read your content, understand it, take typed actions on it — and not about the broader governance surface Cloudflare's score also covers.

Where the two frameworks diverge (and why)

Side-by-side on the same hypothetical SMB site — an independent shop running on Shopify, no MCP server, no AI bot rules in robots.txt, no llms.txt or agents.json, but with Schema.org Product markup on every product page (which Shopify themes ship by default):

What's on the siteCloudflare scoreLighthouse score
robots.txt (default Shopify)✓ Discoverability✓ Discoverability family (partial)
sitemap.xml (default Shopify)✓ Discoverabilitysitemap-discoverable
No llms.txt✗ Contentllms-txt-present
No agents.json✗ Capabilities (partial)agents-json-present, ✗ agents-json-actions-typed
No agent-instructions.md(not scored)agent-runbook-present
No <link rel="alternate"> tags(not scored)auto-discovery-links
Schema.org on product pages(not directly scored)schema-org-density
No per-bot rules in robots.txt✗ Bot Access Control(not scored)
No MCP Server Card✗ Capabilities(not scored)
No WebMCP annotations(not scored)webmcp-annotations (low weight)

Same site, two different audit verdicts. Cloudflare emphasizes the gaps in governance + vendor protocols (Bot Access Control, Capabilities). Lighthouse emphasizes the gaps in transaction surface (file presence, file correctness, content structure).

A site that has shipped per-bot robots.txt rules and a Cloudflare MCP Server Card but no agents.json and no agent-instructions.md will score better on Cloudflare's framework and worse on Lighthouse's. A site that has shipped the three kit files but no per-bot rules and no MCP server will score better on Lighthouse's framework and worse on Cloudflare's.

Neither verdict is wrong. They're measuring different aspects of the same general question.

Which framework predicts what

The cleanest way to choose between them is to ask: what failure mode are you actually trying to prevent?

If you want to prevent...The framework that predicts itWhy
Agents abandoning your site at step 2 of a transactionLighthouseThe Lighthouse audits directly measure whether the action surface (agents.json) and behavioral runbook (agent-instructions.md) are present and typed. These are what agents fail on mid-transaction.
LLMs citing the wrong page when summarizing your siteLighthouseThe llms-txt-present + llms-txt-well-formed audits directly measure whether the model can pick the right canonical URL to read.
Your data being used for AI training without your consentCloudflareCloudflare's Bot Access Control dimension is the explicit governance surface. Lighthouse doesn't score this at all.
Your site being filtered out by Cloudflare's edge network for missing capabilitiesCloudflareThe Capabilities dimension scores Cloudflare-product-aligned signals that Cloudflare's own infrastructure may use to route or score agent traffic.
Falling behind whatever audit becomes the public defaultLighthouse, with a glance at CloudflareLighthouse has the longer reach (every Chromium browser) and the open standards anchor. When site-quality conversations happen at scale — the way Performance and Accessibility audits became default conversations — it'll be Lighthouse's framework being referenced.

For most BridgeToAgent customers — SMB e-commerce stores, lead-capture sites, content businesses with transactional intent — the answer is unambiguous: fix what Lighthouse scores first. The transaction surface is the surface that converts agent traffic into revenue. The governance surface (Cloudflare's emphasis) matters too, but it doesn't directly translate to whether an agent successfully books, buys, or signs up on your site.

For enterprise sites with separate concerns about AI training rights, content licensing, or Cloudflare-specific routing — also fix the Cloudflare score. The two are not mutually exclusive.

The complication: the two frameworks are easier to fix together than apart. The same agents.json file passes both the Lighthouse audit AND contributes to the Cloudflare Capabilities dimension. The same llms.txt file passes Lighthouse AND counts toward Cloudflare's Content dimension. There is no scenario where you have to choose one or the other — only a scenario where you choose what to prioritize when the surface is empty.

Where the kit fits

Honest mapping. Here's what the BridgeToAgent kit does and doesn't do against each framework.

What the kit fixes in Lighthouse:

  • llms-txt-present ✓ — generated from your real DOM, parser-validated
  • llms-txt-well-formed ✓ — validated against llmstxt.org reference parser as a build gate
  • agents-json-present ✓ — generated with typed actions, link-validated
  • agents-json-actions-typed ✓ — typing is mandatory in the generator; no null parameters ship
  • agent-runbook-present ✓ — agent-instructions.md generated with brand voice + escalation paths
  • auto-discovery-links ✓ — three <link rel="alternate"> tags emitted in the install snippet for your homepage <head>

That's six of the nine Lighthouse audits. The remaining three:

  • sitemap-discoverable — your CMS already does this; the kit's audit reports if the Sitemap reference is missing from your robots.txt
  • schema-org-density — CMS-side. Yoast / RankMath on WordPress, theme-native on Shopify, the structured-data field on Webflow. The kit's audit reports per-page density gaps; the fix lives in your CMS
  • webmcp-annotations — the kit ships WebMCP-annotated output as a free add-on in Kit 1.3 (planned for when the spec finalizes); for now this audit fails on virtually every site

What the kit fixes in Cloudflare:

  • Content dimension ✓ — llms.txt presence + Markdown-style content is what Cloudflare's Content dimension scores
  • Capabilities dimension (partial) ✓ — agents.json contributes; MCP Server Card does not (different file, different format)
  • Discoverability dimension — partial; the kit doesn't write your robots.txt or sitemap.xml, but the audit reports if either is missing
  • Bot Access Control dimension — not addressed. This requires per-bot rules in your robots.txt, which is your call as a publisher

The kit is designed to close the Lighthouse gaps first, because Lighthouse is what predicts agent transaction success. It complements Cloudflare's score but doesn't try to maximize it — that would require shipping an MCP Server Card and a more opinionated set of robots.txt rules, both of which are out of scope for a $49 kit and more appropriate as separate, customer-controlled work.

What to do this week

In order, regardless of which framework you started with:

  1. Run both audits on your site if you haven't. Cloudflare's at isitagentready.com; Chrome's via PageSpeed Insights (pagespeed.web.dev) or DevTools → Lighthouse → Analyze. Since Lighthouse 13.3.0 (May 7, 2026) Agentic Browsing ships in the default config, so no toggle is required on Chrome 150+; PSI inherits within two weeks of the 13.3.0 release. If you'd rather skip the install, the free readiness audit at bridgetoagent.com replicates the public Lighthouse checks and runs in five seconds.

  2. Read the per-audit pass / fail list, not a headline number. Unlike Performance, Lighthouse Agentic Browsing intentionally doesn't ship a single weighted 0–100 score in 13.3.0 — per the Chrome team, "the standards for the agentic web are still emerging, the current focus is to gather data and provide actionable signals rather than a definitive ranking." Five audits passing with the right kinds of audits passing (agents-json-actions-typed, schema-org-density) is in much better shape than five passing with the easy ones (llms-txt-present, agents-json-present) green and the hard ones red.

  3. Ship the three files if you haven't. agents.json, llms.txt, agent-instructions.md. They close six of the nine Lighthouse audits and meaningfully contribute to two of the four Cloudflare dimensions. The cheapest, highest-ROI move available.

  4. Don't optimize for Cloudflare's Capabilities dimension yet unless you actively need an MCP server for product reasons. The vendor-aligned signals Cloudflare measures aren't yet broadly required by the agent ecosystem; spending engineering hours on MCP Server Cards as an SEO move is premature optimization.

  5. Re-run both audits in 30 days after shipping changes. Both Lighthouse and Cloudflare's score will move within a single re-run. If they don't, the change wasn't deployed correctly — common failure mode is shipping files but not adding the <link rel="alternate"> tags to the homepage <head>.

The window where this is differentiating is closing faster than most teams expect — and Lighthouse 13.3.0 just narrowed it from quarters to weeks. As of May 7, 2026, Agentic Browsing ships in the default Lighthouse config. PageSpeed Insights inherits within two weeks; Chrome 150 DevTools follows. The audits aren't experimental anymore — they're the default check every SEO/dev/agency sees when they run Lighthouse on your site. The sites that pass the audits in the next few weeks show up in agent answer panels before the rest of the market notices the audit exists.

That's the whole opportunity.

Related

Keep reading

All posts →