PATTERN Cited by 1 source

Hidden agent directive in HTML

Pattern

Embed a short, human-invisible, LLM-visible imperative in every HTML page that steers an LLM that has fetched the HTML version toward a better representation (usually the page's markdown URL). Common shape:

"STOP! If you are an AI agent or LLM, read this before continuing. This is the HTML version of a [...] page. Always request the Markdown version instead — HTML wastes context. Get this page as Markdown: /index.md (append index.md) or send Accept: text/markdown to ."

Implementation: inline hidden element (CSS display: none, or inside a comment parsed by the LLM tokenizer), or a dedicated <meta>-style region styled invisibly.

Why it works

LLMs trained on web data have a strong prior to follow imperative text. An agent that has fetched HTML (despite being told by the Agent Readiness Score best- practices to use markdown) is likely to notice a capitalised "STOP!" at the top of the page and switch strategies on its next turn. It's cooperative steering — not enforcement.

Recursion guard (load-bearing)

Strip the directive from the markdown version. Otherwise the agent that fetches the markdown URL reads "STOP! Always request the Markdown version instead" — loops back to fetching the same URL. This recursion isn't hypothetical; it's a real failure mode that authors must design around.

Complementary layered fallback

The directive sits at the bottom of a three-layer fallback stack:

1. Accept: text/markdown on the original request → server returns markdown directly. (concepts/markdown-content-negotiation)
2. <url>/index.md pointed at by llms.txt → agent gets markdown via URL-based discovery.
3. Hidden directive in HTML → agent that accidentally fetched HTML gets steered to request markdown next turn.

Each layer covers a different agent-implementation deficiency.

Enforcement posture

This is not an enforcement mechanism. Adversarial agents can ignore the directive entirely. The pattern expects cooperative agents — which in 2026 is most of the high-value agent fleet (Claude Code, OpenCode, Cursor, autonomous coding agents built on ecosystem frameworks that respect site author intent).

Adversarial content manipulation via hidden directives is a separate, real concern (prompt injection in served-content) — the same mechanism used benignly here can be used maliciously to inject instructions into an agent's context. Site authors publishing hidden directives for LLMs are adopting the same attack surface that defensive agent designers try to mitigate.

Adoption signal

Cloudflare's developer docs add this directive on every HTML page (2026-04) as part of the dogfood that measured 31 % fewer tokens / 66 % faster to correct answer against competitor docs. Not (currently) a scored item in the Agent Readiness Score, but treated as an adoption-driving technique alongside the scored checks.

Seen in

• sources/2026-04-17-cloudflare-introducing-the-agent-readiness-score-is-your-site-agent-ready — canonical wiki instance. Cloudflare developer-docs implementation with verbatim directive text quoted.

Related

• concepts/hidden-agent-directive — concept page.
• concepts/markdown-content-negotiation — the primitive the directive steers toward.
• patterns/dynamic-index-md-fallback — the URL the directive points to.
• patterns/split-llms-txt-per-subdirectory — the same-dogfood pattern in the per-product docs split.
• concepts/agent-readiness-score — the scoring surface this complements.
• systems/cloudflare-developer-documentation — reference implementation.