What is AI-powered SEO and how does it work?

AI-powered SEO combines traditional search engine optimization with artificial intelligence technologies like ChatGPT, Claude, and machine learning algorithms. It involves using AI for keyword research, content optimization, technical audits, and adapting strategies for AI Overviews and LLM-generated responses. The goal is ranking in both traditional results and AI-generated answers.

How do you optimize content for Large Language Models?

LLM optimization involves structuring content for AI understanding — natural language patterns, comprehensive schema markup, conversational content formats, and entity-first information architecture. I focus on making content that performs well in AI-powered search while maintaining clarity for human readers.

How long does it take to see SEO results?

SEO results typically begin within 3–6 months, with significant improvements at 6–12 months. AI-optimized strategies can accelerate content and technical wins, but organic growth requires sustained effort. I provide monthly reports tracking progress against specific business metrics.

Do you work with businesses outside Phoenix?

Yes. While I'm based in Phoenix, Arizona, most of my clients are remote. SEO and AI search strategy work is fully remote-friendly. I work with e-commerce, SaaS, healthcare, and finance brands across the US.

What does an engagement look like?

Engagements typically start with a comprehensive audit, followed by a prioritized strategy and ongoing execution. I work on monthly retainers or project-based scopes depending on the need. Every engagement includes regular reporting tied to revenue, not just rankings.

OC MCP — The Front Door for AI Agents | Omar Corral | Omar Corral

The Problem: Two Failure Modes

AI agents access websites in one of two ways: through browser automation — expensive, fragile, hallucinates from mis-parsed HTML — or unauthorized scraping outside your control. Both are already happening. Neither is acceptable long-term.

Without WebMCP

Tokens consumed8,000–12,000

Breaks on redesign?Yes

Hallucination riskHigh

AttributionNone

Latency~12 seconds

With OC MCP

Tokens consumed~280

Breaks on redesign?No

Hallucination riskNone

AttributionInstrumented

Latency~200 ms

Technical depth

Why Playwright-based browsing costs so much

Browser automation requires four sequential LLM passes before an agent has an answer: (1) load and render full DOM, (2) extract accessibility tree or screenshot, (3) LLM parse pass to identify relevant content, (4) LLM summarization to produce the final response. A typical portfolio homepage is ~4,200 tokens of raw HTML. The accessibility tree extraction adds ~2× overhead. The parse + summarize passes add another ~2,800 tokens of prompt. Total: 9,000–12,000 tokens to answer “what services does this person offer?”

Why robots.txt is no longer sufficient

Major search crawlers (Googlebot, ClaudeBot, PerplexityBot) honour robots.txt. But agentic browsers operated by end users do not fall under robots.txt scope — the user is operating the agent, and the agent is just a browser acting on the user’s behalf. The robots.txt prohibition applies to autonomous scrapers, not to browser sessions. This is the gap WebMCP addresses.

The zero-click parallel

Just as Google AI Overviews reduced CTR 79% at a university while rankings improved 51%, agent intermediation reduces site visits while “coverage” (being cited in agent responses) grows. If you don’t control the structured data layer, you don’t control the answer. Read the 17-month dataset →

The Architecture: Two Layers

Layer 1 invites authorized AI agents in through typed, versioned tool contracts. Layer 2 ensures unauthorized scrapers receive no useful harvest. Both layers run independently — Layer 1 requires no server infrastructure, Layer 2 operates at the CDN edge.

         Incoming AI agent request
                    │
         ┌──────────▼──────────┐
         │  Using WebMCP tools? │
         └─────┬───────────┬───┘
              YES          NO
               │            │
    ┌──────────▼──┐    ┌────▼──────────────────┐
    │  LAYER 1    │    │  LAYER 2              │
    │             │    │                       │
    │ .well-known │    │  Honeypot content     │
    │ /webmcp.json│    │  Tarpit latency       │
    │             │    │  Legal enforcement    │
    │ Typed JSON  │    │  (Amazon v.           │
    │ responses   │    │   Perplexity, 2026)   │
    └─────────────┘    └───────────────────────┘
    Clean, ~280 tokens  No productive harvest
    Schema-versioned    Fingerprinted + denied

Technical depth

W3C Web ML CG — WebMCP specification

The WebMCP specification emerged from the Model Context Protocol (Anthropic, late 2024) adapted for browser-native execution by the W3C Web Machine Learning Community Group. The key design decision is the tab-bound security model: tools are scoped to the tab’s origin, preventing cross-origin tool injection. As of May 2026, the API is in Chrome Canary behind a flag.

MCP vs. WebMCP — complementary, not competing

MCP (Anthropic) is server-to-server: it enables Claude Desktop, Cursor, and similar tools to call your servers from the client side. WebMCP is browser-native: it enables AI-augmented browsers to call your site’s tools from inside a tab. Both can coexist. The OC MCP static JSON approach works with both — the endpoints are plain HTTP, so any MCP client can call them too.

CDN layer role

Static JSON files are fully CDN-cacheable. Set Cache-Control: public, max-age=604800 (7 days) on slow-changing data like profile.json and services.json. Use max-age=86400 (24h) for feed-like data like insights.json. Edge delivery means effectively zero latency for agents relative to a Playwright cold start.

Layer 1: Authorized Tool Access

Three components. A discovery manifest. Static tool endpoints. Browser registration. All three run on a static site with no server infrastructure.

Discovery — /.well-known/webmcp.json

The agent fetches this manifest first. It discovers every available tool, the tool’s input schema, the endpoint URL, the risk level, and the rate limit. No documentation site required — the manifest is self-describing.

{
  "version": "1.0",
  "publisher": { "name": "Omar Corral", "url": "https://omar-corral.com" },
  "tools": [
    { "name": "getProfile",     "riskLevel": "low", "endpoint": "/data/profile.json" },
    { "name": "getServices",    "riskLevel": "low", "endpoint": "/data/services.json" },
    { "name": "getCaseStudies", "riskLevel": "low", "endpoint": "/data/case-studies.json" },
    { "name": "getSEOResources","riskLevel": "low", "endpoint": "/data/seo-resources.json" },
    { "name": "getContact",     "riskLevel": "low", "endpoint": "/data/contact.json" },
    { "name": "getInsights",    "riskLevel": "low", "endpoint": "/data/insights.json" }
  ]
}

Static endpoints — /data/*.json

Each file is a typed, versioned JSON response with a schema: "oc-mcp/v1" key. No server required — works on GitHub Pages, Vercel, Netlify, or any CDN. Example response structure:

{
  "schema": "oc-mcp/v1",
  "tool": "getProfile",
  "data": {
    "name": "Omar Corral",
    "title": "Digital Strategist",
    "specialization": "SEO, AI Search & Organic Growth",
    "yearsExperience": 12,
    "expertise": ["Technical SEO", "AI Search Optimization / GEO", "..."]
  },
  "generated": "2026-05-06",
  "ttl": 604800
}

Browser registration — navigator.modelContext.registerTool()

Progressive enhancement. Registers tools in the browser session for agents with WebMCP support. Silent no-op in all current stable browsers. When Chrome ships stable WebMCP support, all tools are already registered.

// MCPTools.tsx — runs in <head> on every page
useEffect(() => {
  const nav = navigator as Navigator & {
    modelContext?: { registerTool: (cfg: object) => void }
  };
  if (!nav.modelContext?.registerTool) return; // no-op in all current browsers

  nav.modelContext.registerTool({
    name: 'getProfile',
    description: "Returns Omar Corral's professional profile and expertise",
    inputSchema: { type: 'object', properties: {} },
    execute: async () =>
      fetch('/data/profile.json').then(r => r.json()),
  });
  // … repeated for all 6 tools
}, []);

Full tool schemas + versioning

All 6 tool schemas

// getServices — inputSchema supports optional category filter
{
  "name": "getServices",
  "description": "Returns available service offerings with scope, ideal client, and outcomes",
  "riskLevel": "low",
  "endpoint": "https://omar-corral.com/data/services.json",
  "method": "GET",
  "inputSchema": {
    "type": "object",
    "properties": {
      "category": {
        "type": "string",
        "enum": ["seo-audit", "ai-search-strategy", "content-strategy", "growth-analytics"],
        "description": "Filter services by category (optional)"
      }
    }
  },
  "rateLimit": { "requestsPerMinute": 60 }
}

The same structure applies to all six tools. See the live manifest for the complete definitions.

Risk level taxonomy

low — read-only, public data, no PII. All OC MCP tools are low.
medium — read-only, potentially sensitive (pricing, private schedules).
high — write operations, form submissions, or authenticated data.

Schema versioning

The schema: "oc-mcp/v1" key lets agents detect breaking changes. When the response shape changes, bump to v2 and maintain the old files at /data/v1/*.json during the transition period.

Cache / TTL strategy

profile.json, services.json, contact.json → 7-day TTL (slow-changing).
insights.json, seo-resources.json → 24-hour TTL (feed-like data updated more frequently).
Set via Cache-Control: public, max-age=86400 at the CDN layer.

Layer 2: Unauthorized Scraper Defense

Unauthorized agents that bypass WebMCP tools are routed to infrastructure that wastes their resources and generates no useful data. Amazon v. Perplexity (March 2026) confirmed platforms have legal standing to enforce this proactively.

1
Honeypot content
Pages that look structurally plausible but contain no real data. A scraper that accesses a honeypot is fingerprinted. Legitimate users and compliant crawlers never reach these pages — no links from real content, no sitemap entries.
2
Tarpit responses
Unrecognized or flagged user-agents receive deliberate latency at the CDN edge — 30–60 second TTFB, or a chunked response that never completes. The scraper’s thread blocks, consuming the attacker’s compute budget rather than yours. Named after the Nepenthes open-source tarpit.
3
Legal boundary
robots.txt explicitly prohibits unauthorized agent access. Post-Amazon v. Perplexity, this creates an enforceable prohibition — not just a convention. The legal standing is now judicially established.

Amazon v. Perplexity + full technical detail

Amazon v. Perplexity (March 2026)

A U.S. federal judge granted Amazon a temporary injunction blocking Perplexity’s “Comet” AI browser from scraping its site, finding “strong evidence” of unauthorized access and “essentially undisputed evidence” of harm — advertising revenue disruption, customer data exposure, and brand experience loss. Amazon responded reactively. The WebMCP architecture is proactive: build the authorized channel and the defense layer before the reactive cycle begins.

Tarpit implementation

Run at CDN/edge (Cloudflare Workers, Vercel Edge Middleware, or equivalent). Trigger conditions: user-agent strings matching known unauthorized scrapers, anomalous request patterns (too-fast, too-regular, no referer header), or honeypot page access. Response: Transfer-Encoding: chunked with infinite slow-dribble, or Connection: keep-alive with 30–60s wait before returning garbage data.

robots.txt pattern

# Unauthorized AI agent access is prohibited.
# Compliant agents: use /.well-known/webmcp.json for structured tool access.

User-agent: *
Disallow: /honeypot/

# Confirmed-compliant crawlers — whitelisted
User-agent: Googlebot
Allow: /

User-agent: ClaudeBot
Allow: /

User-agent: PerplexityBot
Allow: /

Additional defense layers

ai.txt (emerging standard) — explicit AI training opt-out.
TDMRep (W3C Text and Data Mining Reservation Protocol) — machine-readable rights declaration.
Canary tokens — synthetic data embedded in honeypot pages; if it appears in model outputs, the scraper’s training data is confirmed contaminated by your honeypot.

Note for regulated industries

Layer 2 deployment should include legal review before activating active-defense routing in higher education, healthcare, or finance. Ensure tarpit rules do not overlap with legitimate accessibility agents (screen readers, assistive technology) which may use unconventional user-agent strings. The legal boundary (robots.txt prohibition) can be established immediately; tarpit deployment follows compliance sign-off.

Live Proof: OC MCP on omar-corral.com

Layer 1 is running on this site right now. All six tools are deployed. Call any endpoint directly — no authentication, no API key, no scraping required.

Tool	Endpoint	Returns
getProfile	/data/profile.json	Bio, expertise, credentials	Live →
getServices	/data/services.json	4 services with scope + outcomes	Live →
getCaseStudies	/data/case-studies.json	2 case studies with metrics	Live →
getSEOResources	/data/seo-resources.json	Resource center map + posts	Live →
getContact	/data/contact.json	Engagement process + CTA	Live →
getInsights	/data/insights.json	Recent analysis + focus areas	Live →

Task: “What services does this person offer?”

Playwright path

→ spin up browser (cold start)~3 seconds

→ load full page HTML~4,200 tokens

→ extract accessibility tree~6,100 tokens

→ LLM summarization pass~2,800 tokens

TOTAL~9,400 tokens · ~12s

OC MCP path

→ fetch /.well-known/webmcp.json~400 bytes

→ call getServices()~1,100 bytes JSON

TOTAL~280 tokens · ~200ms

Reduction: 97% fewer tokens · survives redesigns · zero hallucination risk

How to Build This: Any Site, Four Phases

Start with Layer 1 — it takes days, not sprints, on any stack. Layer 2 follows once you understand your traffic patterns and have legal sign-off on active-defense routing.

1	Define your tools Days 1–3 What would an AI agent actually need from your site? Write the tool names and descriptions before writing any code. Aim for 4–8 tools. Name them by the agent's goal, not your data model.
2	Author static endpoints Days 4–7 One JSON file per tool in public/data/. Publish /.well-known/webmcp.json pointing to them. Zero server infrastructure required. Test by fetching the manifest manually.
3	Browser registration Week 2 Add navigator.modelContext.registerTool() calls in a client component. Test with Claude Projects or GPT with Browse. Verify tool discovery in DevTools console.
4	Layer 2 deployment Weeks 3–4 Honeypot pages (no links, no sitemap). Tarpit at CDN edge. robots.txt update. Legal review before activating active-defense routing.

Works for

E-commerceSaaSHigher educationHealthcareLocal businessMedia & publishing

Full implementation checklist

Layer 1 checklist

□ Define tool vocabulary (4–8 tools for most sites)
□ Author /public/data/*.json with schema: "oc-mcp/v1" header
□ Author /.well-known/webmcp.json with full tool definitions
□ Set Cache-Control headers at CDN
□ Create MCPTools.tsx with registerTool() calls
□ Add MCPTools to root layout <head>
□ Test: fetch manifest, verify JSON validity, confirm browser registration in DevTools
□ Publish a POV page explaining the architecture to clients

Layer 2 checklist

□ Update robots.txt with WebMCP invitation + unauthorized agent prohibition
□ Create 2–3 honeypot pages under /honeypot/ (no links, no sitemap)
□ Configure CDN edge rule: honeypot access → fingerprint + slow response
□ Configure tarpit (30–60s delayed 200 with garbage data)
□ Legal review of active-defense routing (especially regulated industries)
□ Monitoring: log data endpoint requests separately, alert on >1,000 req/hr per IP

Tool design heuristics

Tools should answer questions, not expose raw database records.
Name tools by the agent’s goal: getServices not fetchServiceEntries.
Keep inputSchema minimal — optional filters only; never required params on read tools.
Public data only in Layer 1 — authenticated or private data requires separate auth patterns outside this architecture.

Want this for your site?

The architecture is not complex. The decision is whether to build it before you need it or after the first agent intermediates your funnel.

Start a conversation →See the zero-click research →