What an AI agent actually needs from your website — six layers, three starting points, and the parts that will change before the year is out.
Most writing about AI agents and the web argues about the future. This is not that. By June 2026, agents are already the thing on the other side of a measurable share of your traffic — reading pages, comparing options, filling forms, completing checkouts. The question stopped being whether to prepare and became what to do first.
Agent-readiness is the answer to one question asked six different ways: when a machine arrives at your site on behalf of a person, can it read what's there, understand it, and act on it — and do you have any say in the matter? That's it. Not a new discipline. A new layer of work on the site you already run, sitting somewhere between SEO, accessibility, and security, plus a few things none of those ever had to handle.
This guide lays out the whole map at once: six layers, what each one means, and — because doing all six at once is the fastest way to quit by week two — where to start depending on what kind of site you run.
A warning the rest of this guide earns: the structure below is stable, but several of the specifics have an expiry date. Where a fact is likely to change within a year, this guide says so out loud. Treat anything dated as a snapshot, not a settled answer.
The six layers
The layers are a hierarchy, not a checklist. Each one assumes the one before it works. There's no point exposing tools to an agent (layer four) if the agent can't read your page in the first place (layer one).
Layer 1 — Readability. Can the agent see your page and tell where things are? Semantic HTML, a sane heading order, real text instead of text baked into images, meaningful link labels. An agent loads HTML, Markdown, and structured data. It does not see your layout, scroll your animations, or guess what a blue rectangle does. If your content lives behind JavaScript that never renders without a browser, the agent sees a blank page. This is the layer where the work you did for human accessibility — if you did it — almost entirely overlaps with the work agents need. If you kept that house in order, you start ahead.
Layer 2 — Data. Does the agent understand what the things on your page are? Schema.org, JSON-LD, Open Graph. This is the layer where prose narrates and data asserts — and the agent trusts the assertion. A page that says one price in the text and carries another in its Product markup has told the agent two different things, and the agent believes the data. That gap was always a bug. Now it's an expensive one.
Layer 3 — Signals. Who do you let in, and on what terms? robots.txt with named AI user-agents, llms.txt, and actually watching your traffic. This is the layer where the first question flipped from how do I get seen to who do I allow. The uncomfortable truth here is that having no policy is itself a policy, and usually the worst one.
Layer 4 — Action. Once the agent is in, what can it actually do? Forms, APIs, and — increasingly — tools you expose on purpose. This is where the agent stops being a reader and starts being something closer to staff you never hired. Spam defenses were built to stop bulk junk; they do nothing about a single well-formed agent completing an action you didn't intend to be automatable.
Layer 5 — Identity. Who is this agent, really? This is the third evolution of trust on the web, after anonymous traffic and OAuth federation — and the one with no settled standard yet. A user-agent string is a single line of code; it proves nothing. The proposals pointing at an answer (HTTP Message Signatures, agent registries, payment-bound credentials) show the direction without yet being something you can simply switch on. Hardest to implement today, most strategic over the next two years.
Layer 6 — Governance. On what terms, and who decides? This is the layer of business and policy decisions sitting on top of all the technical work below. Client, parasite, or thief — three kinds of agent, three different policies — is where it starts, because you can't set a policy until you can name what's arriving. From there: an access policy (who gets in, to do what), monitoring (you can't govern traffic you can't see), the monetize-or-protect choice (pay-per-crawl and licensing on one side, blocking on the other), and regulatory fit (the AI Act, data protection, copyright). Having no policy is itself a policy — usually the worst one.
Six questions, six layers. The tools inside each one will churn. The structure should hold for the next two to three years.
Where to start: three sites, three orders
The biggest risk in agent-readiness isn't doing too little. It's trying to do everything at once and burning out. So pick the profile that matches you and follow that order — ignore the rest until the basics are real.
If you run a blog or a company site with no store
Your asset is content and reputation. You're not selling through a checkout.
Start with Layer 1 (readability) — a few hours. Check the heading structure on your most important pages, confirm you're using semantic HTML, that alt text exists, that links read sensibly. If you tended to accessibility before, this is a quick audit. If you didn't, this is where the largest return sits for the least effort.
Then Layer 3 (signals) — also a few hours. Decide which training crawlers you allow, write it into robots.txt, and add a simple llms.txt pointing at your best content.
Then, over the first month, Layer 2 (data): confirm BlogPosting markup on posts and Organization on the homepage. Most SEO plugins do this; verify rather than assume.
Layers 4, 5, and 6 you can watch without acting. A content site's action surface is thin, agent identity doesn't bite yet, and monetizing agent traffic (the governance layer's commercial side) has poor economics at small scale today.
If you run a store
Everything changes, because an agent can buy. Same six layers, different order.
Start with Layer 2 (data) — this is the job. Products need complete Product and Offer markup: price, availability, currency, SKU, brand, images. Skip it and an agent steering a buyer toward a purchase simply routes to the competitor who did it.
Then Layer 4 (action): protect the consequential moves. Second confirmation on orders above a threshold, double opt-in on forms, a rate limit per account. This is direct defense against an agent doing something at scale you didn't mean to allow.
Then, over the first month, Layers 3 and 6 together: set robots.txt deliberately, turn on agent-traffic monitoring, and watch for a month before you decide a final block-and-allow policy on real data instead of a guess.
Readability and identity (1 and 5) come next quarter — readability on your key store pages, identity as a thing to track rather than build, since there's no turnkey standard yet.
If you run a booking or services platform
The hardest case: actions with consequences, but not classic e-commerce.
Start with Layer 4 (action) — classify every action by risk. A contact enquiry is low. A booking with consequences is medium. A payment is high. Match the confirmation friction to the risk class.
Then Layer 3 (signals): monitor before you decide anything. See how many agents you get and what they do — logs, edge analytics, a plugin.
Then, over the first month, Layers 1 and 2: your service descriptions have to be legible enough that an agent recommends you correctly. Structured offerings, clear pricing, Service or LocalBusiness markup where it fits.
Identity and monetization (5 and 6) stay on the watch list until agent traffic in your category gets real.
A rough rhythm, whatever your profile
Week one — quick wins: the things that cost little and pay immediately. Usually robots.txt, your most important structured data, a basic readability check.
First month — systematic cleanup of the two or three layers that matter most for your profile, plus monitoring switched on.
First quarter — mature decisions. After a month of watching, you have the data to set real policy instead of a placeholder.
First year — evolution. Return to the metrics each quarter; the crawler that mattered in early 2026 may look different by 2027. The strategy has to stay alive, not frozen.
And not every layer needs to hit 100%. For most sites, layers 1–3 done solidly with 4–6 addressed to taste beats a store that built everything except its product data. A blog with a clean llms.txt and neglected forms is more agent-ready than a shop that did it all and skipped JSON-LD.
What's genuinely unsettled right now
This is the part with an expiry date. As of June 2026, several open questions will reshape parts of this guide within a year — and pretending otherwise would be the exact mistake this guide warns against.
The legal line on agent-as-visitor. The defining case in the United States — Amazon against Perplexity, over Perplexity's Comet browser shopping on Amazon under a user's own login — is live and at a hinge point. A federal judge granted Amazon a preliminary injunction in March 2026, finding Amazon likely to win on its Computer Fraud and Abuse Act claim; the Ninth Circuit then paused that injunction pending appeal, and oral arguments are set for June 11, 2026. The core question the court is weighing is whether a user's permission to an agent is the same thing as the site's authorization to be accessed — the judge treated them as separate requirements. Whichever way the Ninth Circuit leans will set the precedent for every retailer, marketplace, and booking platform facing the same question. If you build on assumptions about agent access, this is the ruling to watch.
Browser-native tool exposure just changed status. At Google I/O in May 2026, WebMCP — a way for a site to declare structured tools that in-browser agents call directly, instead of the agent simulating clicks — was announced as a proposed open web standard, with a Chrome origin trial and public backing from multiple platforms. That's a real step up from where it sat a couple of months earlier, when it was a flag-gated experiment most people hadn't heard of. But "proposed standard with an origin trial" is not "ready to depend on." It's Chrome-first, Gemini is essentially the only agent calling it so far, Firefox and Safari support are committed but unshipped, and the spec is still a community-group draft. If WebMCP lands across browsers with more than one agent consuming it, layer four changes shape — from agent clicks the UI to site declares tools, agent calls them. Track it; don't bet production on it yet.
Whether llms.txt becomes a real standard. Today it's a proposal with growing adoption — respected by some providers, publicly unsupported by others. If a critical mass of operators adopts it within the year, it becomes a de facto standard. If not, something else replaces it. The cost to add one is minutes, so add it — just don't be a zealot about it.
Identity. This layer is the most open of all. Whether a dominant agent-identity registry emerges, whether a signature-based standard reaches critical mass, or whether the big platforms each build their own competing registries — none of that is decided. Most open, therefore most strategic.
None of these has an answer today. Which is the actual point: a posture of ready for several outcomes beats bet everything on one standard. Do layers 1–3 solidly, experiment in 4–6, and check what moved each quarter.
How not to freeze on what's true today
Three habits keep this from going stale on you.
Build on layers, not on specific tools. Solid semantic HTML survives whatever standard arrives next. A perfect "llms.txt optimized for mid-2026" is a wasted investment if that file fades. Prefer the HTML-and-architecture level over any one config file.
Document your decisions. Why you blocked one crawler, allowed another, set a transaction limit where you did. In six months you won't remember, and when the ground shifts you'll need to revisit fast. A comment in robots.txt, a note in the project wiki — anything that outlives your memory.
Distrust final answers. Anyone who says "do X and you're agent-ready" is selling something, because the field hasn't settled into its final shape. Every recommendation, this guide included, has an expiry date. Treat that as the normal condition, and the fact that you've stepped into a field still in motion becomes the interesting part, not the exhausting one.
This is the map. The individual layers get their own field reports — what agents actually do at each one, tested on real pages, including the experiments that didn't go to plan.
