graphql
diff --git a/‎README.md
+7-7 b/‎README.md
+7-7
diff --git a/‎implementations/apollo-server/README.md
+74-77 b/‎implementations/apollo-server/README.md
+74-77
diff --git a/‎implementations/express-graphql/README.md
+73-79 b/‎implementations/express-graphql/README.md
+73-79
diff --git a/‎implementations/graph-client/README.md
+82-72 b/‎implementations/graph-client/README.md
+82-72
@@ -729,13 +729,13 @@ Having said this, graphql-http is mostly aimed for library authors and simple se
 
 If you want a feature-full server with bleeding edge technologies, you're recommended to use one of the following.
 
-| Name                                                               | Audit                                                                |
-| ------------------------------------------------------------------ | -------------------------------------------------------------------- |
-| [graphql-yoga](https://www.the-guild.dev/graphql/yoga-server)      | [✅ Compliant (0 warnings)](/implementations/graphql-yoga/README.md) |
-| [hotchocolate](https://chillicream.com/docs/hotchocolate)          | [✅ Compliant (0 warnings)](/implementations/hotchocolate/README.md) |
-| [postgraphile](https://www.graphile.org/postgraphile/)             | [✅ Compliant](/implementations/postgraphile/README.md)              |
-| [apollo-server](https://www.apollographql.com/docs/apollo-server/) | [✅ Compliant](/implementations/apollo-server/README.md)             |
-| [mercurius](https://mercurius.dev)                                 | [✅ Compliant](/implementations/mercurius/README.md)                 |
+| Name                                                               | Audit                                                    |
+| ------------------------------------------------------------------ | -------------------------------------------------------- |
+| [graphql-yoga](https://www.the-guild.dev/graphql/yoga-server)      | [✅ Compliant](/implementations/graphql-yoga/README.md)  |
+| [hotchocolate](https://chillicream.com/docs/hotchocolate)          | [✅ Compliant](/implementations/hotchocolate/README.md)  |
+| [postgraphile](https://www.graphile.org/postgraphile/)             | [✅ Compliant](/implementations/postgraphile/README.md)  |
+| [apollo-server](https://www.apollographql.com/docs/apollo-server/) | [✅ Compliant](/implementations/apollo-server/README.md) |
+| [mercurius](https://mercurius.dev)                                 | [✅ Compliant](/implementations/mercurius/README.md)     |
 
 ## [Documentation](docs/)
 
 
@@ -3,80 +3,90 @@ _* This report was auto-generated by graphql-http_
 # GraphQL over HTTP audit report
 
 - **73** audits in total
-- ✅ **73** pass
+- ✅ **71** pass
+- ⚠️ **2** warnings (optional)
 
 ## Passing
 1. SHOULD accept application/graphql-response+json and match the content-type
 2. MUST accept application/json and match the content-type
-3. SHOULD accept \*/\* and use application/graphql-response+json for the content-type
-4. SHOULD assume application/graphql-response+json content-type when accept is missing
-5. MUST use utf-8 encoding when responding
-6. MUST accept utf-8 encoding
-7. MUST assume utf-8 if encoding is unspecified
-8. MUST accept POST requests
-9. MAY accept application/x-www-form-urlencoded formatted GET requests
-10. MAY NOT allow executing mutations on GET requests
-11. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
-12. MUST accept application/json POST requests
-13. MUST require a request body on POST
-14. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
-15. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
-16. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
-17. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
-18. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
-19. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
-20. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
-21. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
-22. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
-23. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
-24. SHOULD allow string {query} parameter when accepting application/graphql-response+json
-25. MUST allow string {query} parameter when accepting application/json
-26. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
-27. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
-28. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
-29. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
-30. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
-31. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
-32. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
-33. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
-34. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
-35. MUST allow string {operationName} parameter when accepting application/json
-36. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-37. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
-38. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
-39. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
-40. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
-41. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
-42. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
-43. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
-44. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-45. MUST allow map {variables} parameter when accepting application/json
-46. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
-47. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
-48. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
-49. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
-50. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
-51. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
-52. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
-53. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
-54. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
-55. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
-56. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-57. MUST allow map {extensions} parameter when accepting application/json
-58. SHOULD use 200 status code on JSON parsing failure when accepting application/json
-59. SHOULD use 200 status code if parameters are invalid when accepting application/json
-60. SHOULD use 200 status code on document parsing failure when accepting application/json
-61. SHOULD use 200 status code on document validation failure when accepting application/json
-62. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-63. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-64. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
-65. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-66. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-67. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-68. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-69. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-70. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-71. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-72. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-73. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+3. MUST use utf-8 encoding when responding
+4. MUST accept utf-8 encoding
+5. MUST assume utf-8 if encoding is unspecified
+6. MUST accept POST requests
+7. MAY accept application/x-www-form-urlencoded formatted GET requests
+8. MAY NOT allow executing mutations on GET requests
+9. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+10. MUST accept application/json POST requests
+11. MUST require a request body on POST
+12. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
+13. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+14. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
+15. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
+16. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
+17. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
+18. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+19. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+20. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+21. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+22. SHOULD allow string {query} parameter when accepting application/graphql-response+json
+23. MUST allow string {query} parameter when accepting application/json
+24. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
+25. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
+26. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
+27. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
+28. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+29. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+30. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+31. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+32. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+33. MUST allow string {operationName} parameter when accepting application/json
+34. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+35. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
+36. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
+37. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
+38. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
+39. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
+40. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
+41. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
+42. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+43. MUST allow map {variables} parameter when accepting application/json
+44. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+45. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+46. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+47. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
+48. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
+49. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
+50. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
+51. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
+52. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
+53. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
+54. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+55. MUST allow map {extensions} parameter when accepting application/json
+56. SHOULD use 200 status code on JSON parsing failure when accepting application/json
+57. SHOULD use 200 status code if parameters are invalid when accepting application/json
+58. SHOULD use 200 status code on document parsing failure when accepting application/json
+59. SHOULD use 200 status code on document validation failure when accepting application/json
+60. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+61. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+62. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+63. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+64. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+65. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+66. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+67. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+68. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+69. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+70. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+71. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+
+## Warnings
+The server _SHOULD_ support these, but is not required.
+1. SHOULD accept \*/\* and use application/json for the content-type<br />
+```
+Content-Type header "application/graphql-response+json; charset=utf-8" does not contain "application/json"
+```
+2. SHOULD assume application/json content-type when accept is missing<br />
+```
+Content-Type header "application/graphql-response+json; charset=utf-8" does not contain "application/json"
+```