alliantcreditunion.org — AI Site Grade

Analysis

Alliant Credit Union is fully invisible to every major AI crawler — Cloudflare returns HTTP 403 to GPTBot, ClaudeBot, PerplexityBot, Google-Extended, and all others tested, while the site's robots.txt contains zero AI-bot directives and no llms.txt exists.

Crawler Access

Every AI crawler tested — GPTBot, OAI-SearchBot, ChatGPT-User, ClaudeBot, anthropic-ai, PerplexityBot, Perplexity-User, Google-Extended, Applebot-Extended, Bytespider — receives a 403 from Cloudflare on the homepage. The browser baseline returns 200 with full HTML content (~105KB). This is a blanket Cloudflare WAF block, not a robots.txt exclusion. The robots.txt itself is permissive (Allow: / for *) but mentions zero AI bots by name. No llms.txt exists (404). The sitemap is accessible (498 URLs) and well-structured, but AI crawlers cannot reach any page behind the Cloudflare wall.

Cold-Knowledge Gap

The LLM knows Alliant as a "digital-first" credit union with "over $20 billion in assets," originally serving United Airlines employees, with standout high-rate savings and a popular cashback card. The actual site reports 900,000+ members and $19 billion in assets — the model's asset figure is stale by roughly $1B. The model also recalls a single Chicago branch and membership via "Foster Care to Success" or a $5 donation. The site's membership page says membership is open to anyone in the United States via the Alliant Credit Union Foundation — a simpler, more inclusive message that the model does not fully reflect. The model knows the brand well, but the gap is that AI engines cannot verify any of this against the live site.

Schema Posture

The homepage carries an Organization schema with sameAs links to 7 social platforms. Product pages use domain-specific types: CreditCard on the Visa Signature page (with annualPercentageRate, award, offers), MortgageLoan on the HELOC page (with loanTerm), BreadcrumbList on sub-pages, and Article on blog posts. The CreditCard schema's annualPercentageRate is set to "0" — a data quality issue that would confuse parsers. The AboutPage schema on /about contains rich descriptive text but uses potentialAction as a plain string rather than a structured action type. No FAQPage schema is used despite FAQ sections existing on product pages.

Content & Structure

The site has strong answer-format signals: FAQ sections on product pages (membership, savings, HELOC, credit card), comparison language ("15x the national average," "vs bank average rates"), and rate/fee tables on savings and credit card pages. The Money Mentor blog publishes frequently (5 posts in the last two weeks visible) with Article schema. The homepage prominently displays awards from NerdWallet, Forbes Advisor, Bankrate, CNBC, and WSJ. However, the blog's oldest sampled article dates to January 2020 with a last-modified of August 2021 — some content is stale. The site runs on PHP 7.4.33 behind Cloudflare, with X-Powered-By: PHP/7.4.33 exposed in headers — a minor security/privacy leak.

External Signals

Web searches for Alliant reviews and Reddit mentions returned zero results through the search tool used, suggesting limited organic third-party citation density that AI engines can easily surface. The site prominently self-cites awards from NerdWallet, CNBC, Forbes Advisor, Bankrate, and Newsweek on multiple pages, but these claims are not independently verifiable through the search results available. The DNS TXT records show Imperva and Vali Mail configurations alongside Cloudflare nameservers, indicating a multi-vendor security stack that may contribute to the aggressive bot blocking.

Findings

1. Cloudflare WAF blocks all major AI crawlers with HTTP 403 High

   Every AI crawler tested (GPTBot, OAI-SearchBot, ChatGPT-User, ClaudeBot, anthropic-ai, PerplexityBot, Perplexity-User, Google-Extended, Applebot-Extended, Bytespider) receives a 403 from Cloudflare on the homepage. The browser baseline returns 200 with full HTML content.

   What to change: Configure Cloudflare WAF to allow known AI crawler user agents (GPTBot, ClaudeBot, PerplexityBot, Google-Extended, etc.) to access the site, or implement a token-based verification system that does not block these bots.

2. No llms.txt file published Medium

   The site returns a 404 for llms.txt, missing an opportunity to provide AI engines with a curated set of URLs and context about the site's content.

   What to change: Create and publish an llms.txt file listing key pages (homepage, membership, rates, blog) with brief descriptions to guide AI crawlers.

3. Robots.txt lacks AI bot directives Medium

   The robots.txt file is permissive for all user agents but does not explicitly mention any AI bots, leaving their access entirely dependent on the Cloudflare WAF.

   What to change: Add explicit directives for AI crawlers in robots.txt, such as allowing GPTBot and ClaudeBot, to complement WAF configuration.

4. CreditCard schema has annualPercentageRate set to 0 High

   The CreditCard schema on the Visa Signature card page sets annualPercentageRate to "0", which is factually incorrect and would confuse parsers.

   What to change: Update the CreditCard schema to include the correct annual percentage rate (e.g., a range or specific value) and ensure all numeric fields are accurate.

5. AboutPage schema uses plain string for potentialAction Low

   The AboutPage schema on /about contains a potentialAction field as a plain string rather than a structured action type, reducing its utility for AI parsers.

   What to change: Replace the plain string potentialAction with a structured SearchAction or other appropriate action type.

6. FAQPage schema not used despite FAQ sections Medium

   Product pages contain FAQ sections but do not use FAQPage schema, missing an opportunity for rich results and AI-friendly structured data.

   What to change: Add FAQPage schema to pages with FAQ sections, wrapping each question-answer pair in a Question/Answer sub-type.

7. Some blog content is stale Low

   The oldest sampled blog article dates to January 2020 with a last-modified of August 2021, indicating some content has not been updated in years.

   What to change: Review and update older blog posts to ensure accuracy and freshness, or remove outdated content.

8. PHP version exposed in HTTP headers Low

   The server header X-Powered-By: PHP/7.4.33 is exposed, revealing an outdated PHP version and presenting a minor security/privacy risk.

   What to change: Configure the server to remove the X-Powered-By header or update PHP to a supported version.

9. Limited third-party citations surfaced in web searches Medium

   Web searches for Alliant reviews and Reddit mentions returned zero results, suggesting low organic third-party citation density that AI engines can easily surface.

   What to change: Encourage member reviews on platforms like NerdWallet, Bankrate, and Reddit to increase third-party citations and improve AI confidence.

10. Award claims not independently verifiable via search Low

    The site prominently displays awards from NerdWallet, Forbes Advisor, Bankrate, CNBC, and WSJ, but these claims could not be independently verified through the search results available.

    What to change: Ensure award pages on third-party sites are indexed and linked from the Alliant site to provide verifiable backlinks.

What's working

• Sitemap is accessible and well-structured — The sitemap contains 498 URLs and is accessible, providing a clear map of the site's content for crawlers that can reach it.
• Organization schema on homepage with social links — The homepage includes Organization schema with sameAs links to 7 social platforms, helping AI engines understand brand identity.
• Domain-specific schema on product pages — Product pages use appropriate schema types: CreditCard, MortgageLoan, BreadcrumbList, and Article, providing structured data for AI parsers.
• FAQ sections on product pages — Product pages contain FAQ sections with question-answer pairs, which are strong answer-format signals for AI engines.
• Comparison language and rate tables — The site uses comparison language (e.g., '15x the national average') and rate/fee tables on savings and credit card pages, providing clear, structured data for AI extraction.
• Frequent blog publishing with Article schema — The Money Mentor blog publishes frequently (5 posts in the last two weeks) and uses Article schema, providing fresh content for AI engines.
• Prominent display of awards from reputable sources — The homepage prominently displays awards from NerdWallet, Forbes Advisor, Bankrate, CNBC, and WSJ, which can serve as trust signals for AI engines if verified.
• Clear and inclusive membership eligibility message — The membership page clearly states that anyone in the United States can join via the Alliant Credit Union Foundation, a simpler message than what the LLM recalled.