Separate reader traffic
MCP authorization separates client, resource server, authorization server, and scopes, which is a useful model for sensitive page actions.
Website forms can separate reading data, drafting text, submitting requests, modifying orders, booking meetings, and payment actions so agents do not receive broad permission.
Requests are not readers
The useful question is not whether traffic looks busy; it is which activity represents readers, monitoring, crawlers, retries, or system errors.
Check the logs first
- Classify fields as publicly readable, user-provided, confirmation-required, and never auto-submit
- Keep the test narrow: one low-risk task or tool entry before connecting permissions, logs, failure handling, and human takeover to production
What still needs proof
Unlayered forms increase mistaken submissions, duplicate bookings, and sensitive-data exposure. Keep the original source open so the announcement, the evidence, and this site's interpretation stay separate.