V/S Dimensions — Verification and Security Signals
3.1 V Dimension: Verification
The V dimension answers one question: Who are you? Before an AI agent recommends a merchant, it must first confirm that the entity behind the domain is real and verifiable. The V dimension does not rely on self-reported information (which can be fabricated) — instead, it cross-references identity through third-party public data sources.V Dimension Signal Catalog
OTR evaluates 13 verification signals:| Signal | Source | What It Checks |
|---|---|---|
| SSL Certificate Presence | SSL/TLS | Whether the domain has a valid SSL/TLS certificate |
| SSL Certificate Issuer | SSL/TLS | Which CA issued the certificate (Let’s Encrypt / DigiCert / Comodo, etc.) |
| SSL Certificate Type | SSL/TLS | DV (Domain Validation) / OV (Organization Validation) / EV (Extended Validation) |
| SSL Certificate Validity | SSL/TLS | Whether the certificate is current and how far from expiration |
| Domain Age | WHOIS | How long the domain has been registered (older is more trustworthy) |
| WHOIS Completeness | WHOIS | Whether registrant information is complete (vs. privacy-shielded) |
| GLEIF Entity Match | GLEIF API | Whether a matching entity exists in the Global Legal Entity Identifier system |
| Wikidata Entity Match | Wikidata API | Whether a corresponding entity page exists in the Wikidata knowledge base |
| Public Company Verification | Finnhub / SEC | If the entity claims to be publicly traded, whether the stock ticker is verifiable |
| Brand Name Consistency | Multi-source | Whether the name shown on the website, SSL certificate, and GLEIF record are consistent |
| WebRisk Check | Google WebRisk | Whether the domain has been flagged as malicious or fraudulent by Google |
| Geographic Verification | GLEIF + WHOIS | Whether the corporate registration jurisdiction and domain registration location are reasonably consistent |
| Parent Company Verification | GLEIF / Wikidata | If a parent company is claimed, whether it is independently verifiable |
Weight Allocation
The V dimension carries a weight of 40% in the OTR total score (under COLD mode) — the highest of all dimensions. This is by design: in agentic commerce, identity verification is the bedrock of trust. Your security configuration may be excellent and your data may be complete, but if an AI agent cannot verify who you are, none of that matters.Practical Tips for Improving V Dimension
| Action | Difficulty | Expected Effect |
|---|---|---|
| Ensure SSL certificate is valid | Low | Baseline requirement |
| Use an OV or EV certificate | Medium | Scores higher than DV |
| Register an LEI number with GLEIF | Medium | Significant improvement (requires corporate registration) |
| Ensure a Wikidata entity page exists | High | Significant improvement (must meet Wikipedia notability criteria) |
| Maintain domain registration for 5+ years | Time | Score grows naturally with age |
3.2 S Dimension: Security
The S dimension answers one question: Is your site secure?S Dimension Signal Catalog
OTR evaluates 15 security signals:| Signal | What It Checks | Data Source |
|---|---|---|
| DNSSEC | Whether DNS resolution has anti-tampering protection | DNS query |
| DMARC Presence | Whether a DMARC record is configured | DNS TXT record |
| DMARC Policy Strength | Whether the DMARC policy is none / quarantine / reject | DNS TXT record |
| SPF Presence | Whether an SPF record is configured | DNS TXT record |
| SPF Policy Strength | Whether SPF uses ~all or -all | DNS TXT record |
| DKIM | Whether DKIM signing is configured | DNS TXT record |
| CAA Record | Whether SSL certificate issuance is restricted to specific CAs | DNS CAA record |
| HSTS | Whether HTTPS is enforced | HTTP response header |
| HSTS Preload | Whether the site is in the HSTS preload list | HTTP response header |
| MX Record | Whether mail server configuration is correct | DNS MX record |
| NS Record Redundancy | Whether multiple authoritative DNS servers exist | DNS NS record |
| IPv6 Support | Whether AAAA records exist | DNS AAAA record |
| HTTPS Redirect | Whether HTTP automatically redirects to HTTPS | HTTP request |
| Security Response Headers | X-Frame-Options and other security headers | HTTP response header |
| Cookie Security Flags | Whether cookies are set with Secure / HttpOnly flags | HTTP response header |
Weight Allocation
The S dimension carries a weight of 15% in the OTR total score (under COLD mode). Although it is not the highest-weighted dimension, most S-dimension signals are zero-cost, zero-risk configuration items. These DNS records and HTTP headers can be set up without paid tools and without affecting any website functionality.DNS Scan Stage Guard
OTR has an important design feature: S-dimension signals are only scored after the DNS scan is complete. If the DNS scan has not finished (is in a pending state), S-dimension signals are displayed as “not scanned” rather than “missing.” This prevents false penalties caused by scan latency.Practical Tips for Improving S Dimension
Refer to Book 6, Chapter 2: Technical Infrastructure for step-by-step configuration instructions. Ranked by impact:- DNSSEC — One-click activation, high impact
- DMARC — A single DNS record, high impact
- SPF — A single DNS record
- HSTS — One HTTP header configuration
- CAA — A single DNS record
- DKIM — Requires coordination with your email service provider
Next Chapter: G/T/D Dimensions — Governance, Transparency, and Data Quality — Complete technical analysis of the remaining three automatically assessed dimensions