diff --git a/README.md b/README.md
index 561e58e3..bbc37aef 100644
--- a/README.md
+++ b/README.md
@@ -890,14 +890,10 @@ Their compliance with the [GraphQL over HTTP spec](https://graphql.github.io/gra
 | Name | Audit |
 |------|-------|
 | [apollo-server](https://www.apollographql.com/docs/apollo-server) | [✅ Compliant](/implementations/apollo-server/README.md) |
-| [deno](https://deno.com/blog/build-a-graphql-server-with-deno) | [✅ Compliant](/implementations/deno/README.md) |
 | [graph-client](https://github.com/graphprotocol/graph-client) | [✅ Compliant](/implementations/graph-client/README.md) |
-| [graphql-helix](https://www.graphql-helix.com) | [✅ Compliant](/implementations/graphql-helix/README.md) |
 | [graphql-yoga](https://www.the-guild.dev/graphql/yoga-server) | [✅ Compliant](/implementations/graphql-yoga/README.md) |
 | [hotchocolate](https://chillicream.com/docs/hotchocolate) | [✅ Compliant](/implementations/hotchocolate/README.md) |
-| [lighthouse](https://lighthouse-php.com) | [✅ Compliant](/implementations/lighthouse/README.md) |
 | [pioneer](https://pioneer.dexclaimation.com) | [✅ Compliant](/implementations/pioneer/README.md) |
-| [postgraphile](https://www.graphile.org/postgraphile) | [✅ Compliant](/implementations/postgraphile/README.md) |
 <!-- prettier-ignore-end -->
 
 <!-- </ServersTable> -->
diff --git a/implementations/apollo-server/README.md b/implementations/apollo-server/README.md
index d267c757..902516cc 100644
--- a/implementations/apollo-server/README.md
+++ b/implementations/apollo-server/README.md
@@ -3,18 +3,18 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>60</b> audits in total</li>
-<li><span style="font-family: monospace">✅</span> <b>54</b> pass</li>
+<li><b>68</b> audits in total</li>
+<li><span style="font-family: monospace">✅</span> <b>62</b> pass</li>
 <li><span style="font-family: monospace">💡</span> <b>3</b> notices (suggestions)</li>
 <li><span style="font-family: monospace">❗️</span> <b>3</b> warnings (optional)</li>
 </ul>
 
 <h2>Passing</h2>
 <ol>
-<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type</li>
+<li><code>22EB</code> MUST accept application/graphql-response+json and match the content-type</li>
 <li><code>4655</code> MUST accept application/json and match the content-type</li>
-<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type</li>
-<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing</li>
+<li><code>47DE</code> SHOULD accept */* and use application/graphql-response+json or application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json or application/graphql-response+json content-type when accept is missing</li>
 <li><code>82A3</code> MUST use utf-8 encoding when responding</li>
 <li><code>BF61</code> MUST accept utf-8 encoded request</li>
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
@@ -28,40 +28,48 @@
 <li><code>LKJ1</code> MAY use 400 status code on number {query} parameter</li>
 <li><code>LKJ2</code> MAY use 400 status code on boolean {query} parameter</li>
 <li><code>LKJ3</code> MAY use 400 status code on array {query} parameter</li>
-<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
+<li><code>34A2</code> MUST allow string {query} parameter when accepting application/graphql-response+json</li>
 <li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
 <li><code>6C00</code> MAY use 400 status code on object {operationName} parameter</li>
 <li><code>6C01</code> MAY use 400 status code on number {operationName} parameter</li>
 <li><code>6C02</code> MAY use 400 status code on boolean {operationName} parameter</li>
 <li><code>6C03</code> MAY use 400 status code on array {operationName} parameter</li>
-<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>8161</code> MUST allow string {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
-<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>94B0</code> MUST allow null {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>0220</code> MUST allow null {variables} parameter when accepting application/json</li>
-<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>94B1</code> MUST allow null {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
-<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>94B2</code> MUST allow null {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json</li>
 <li><code>4760</code> MAY use 400 status code on string {variables} parameter</li>
 <li><code>4761</code> MAY use 400 status code on number {variables} parameter</li>
 <li><code>4762</code> MAY use 400 status code on boolean {variables} parameter</li>
 <li><code>4763</code> MAY use 400 status code on array {variables} parameter</li>
-<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>2EA1</code> MUST allow map {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
-<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter</li>
-<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter</li>
-<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter</li>
-<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter</li>
-<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0280</code> MUST use 4xx or 5xx status codes on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0281</code> MUST use 4xx or 5xx status codes on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0282</code> MUST use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0283</code> MUST use 4xx or 5xx status codes on array {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2330</code> SHOULD use 4xx status code on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2331</code> SHOULD use 4xx status code on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2332</code> SHOULD use 4xx status code on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2333</code> SHOULD use 4xx status code on array {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>58B0</code> SHOULD use 4xx or 5xx status codes on string {extensions} parameter when accepting application/json</li>
+<li><code>58B1</code> SHOULD use 4xx or 5xx status codes on number {extensions} parameter when accepting application/json</li>
+<li><code>58B2</code> SHOULD use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/json</li>
+<li><code>58B3</code> SHOULD use 4xx or 5xx status codes on array {extensions} parameter when accepting application/json</li>
+<li><code>428F</code> MUST allow map {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
 <li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure</li>
 <li><code>BCF8</code> MAY use 400 status code on JSON parsing failure</li>
 <li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid</li>
 <li><code>3E3A</code> MAY use 400 status code if parameters are invalid</li>
-<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
+<li><code>865D</code> MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json</li>
-<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
+<li><code>51FE</code> MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
 <li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json</li>
 <li><code>5E5B</code> SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json</li>
 <li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json</li>
diff --git a/implementations/apollo-server/report.json b/implementations/apollo-server/report.json
index 2476acfc..c5c3d982 100644
--- a/implementations/apollo-server/report.json
+++ b/implementations/apollo-server/report.json
@@ -1,6 +1,6 @@
 {
-  "total": 60,
-  "ok": 54,
+  "total": 68,
+  "ok": 62,
   "notice": 3,
   "warn": 3,
   "error": 0
diff --git a/implementations/deno/README.md b/implementations/deno/README.md
index 4712b2be..7d457a37 100644
--- a/implementations/deno/README.md
+++ b/implementations/deno/README.md
@@ -3,17 +3,18 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>60</b> audits in total</li>
-<li><span style="font-family: monospace">✅</span> <b>29</b> pass</li>
-<li><span style="font-family: monospace">💡</span> <b>18</b> notices (suggestions)</li>
-<li><span style="font-family: monospace">❗️</span> <b>13</b> warnings (optional)</li>
+<li><b>68</b> audits in total</li>
+<li><span style="font-family: monospace">✅</span> <b>37</b> pass</li>
+<li><span style="font-family: monospace">💡</span> <b>14</b> notices (suggestions)</li>
+<li><span style="font-family: monospace">❗️</span> <b>9</b> warnings (optional)</li>
+<li><span style="font-family: monospace">❌</span> <b>8</b> errors (required)</li>
 </ul>
 
 <h2>Passing</h2>
 <ol>
 <li><code>4655</code> MUST accept application/json and match the content-type</li>
-<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type</li>
-<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing</li>
+<li><code>47DE</code> SHOULD accept */* and use application/graphql-response+json or application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json or application/graphql-response+json content-type when accept is missing</li>
 <li><code>82A3</code> MUST use utf-8 encoding when responding</li>
 <li><code>BF61</code> MUST accept utf-8 encoded request</li>
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
@@ -32,14 +33,22 @@
 <li><code>4761</code> MAY use 400 status code on number {variables} parameter</li>
 <li><code>4762</code> MAY use 400 status code on boolean {variables} parameter</li>
 <li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
+<li><code>0280</code> MUST use 4xx or 5xx status codes on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0281</code> MUST use 4xx or 5xx status codes on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0282</code> MUST use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0283</code> MUST use 4xx or 5xx status codes on array {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2330</code> SHOULD use 4xx status code on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2331</code> SHOULD use 4xx status code on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2332</code> SHOULD use 4xx status code on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2333</code> SHOULD use 4xx status code on array {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
 <li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure</li>
 <li><code>BCF8</code> MAY use 400 status code on JSON parsing failure</li>
 <li><code>572B</code> SHOULD use 200 status code on document parsing failure when accepting application/json</li>
 <li><code>FDE2</code> SHOULD use 200 status code on document validation failure when accepting application/json</li>
 <li><code>7B9B</code> SHOULD use a status code of 200 on variable coercion failure when accepting application/json</li>
-<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
-<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
+<li><code>865D</code> MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
+<li><code>51FE</code> MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
 </ol>
 
 <h2>Notices</h2>
@@ -315,9 +324,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter
+<li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -325,19 +334,19 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
     "vary": "Accept-Encoding",
     "date": "<timestamp>",
     "content-type": "application/json",
-    "content-length": "59",
+    "content-length": "45",
     "content-encoding": "gzip"
   },
   "body": {
-    "data": {
-      "__typename": "Query"
-    }
+    "errors": [
+      {}
+    ]
   }
 }
 </code></pre>
 </details>
 </li>
-<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter
+<li><code>3E3A</code> MAY use 400 status code if parameters are invalid
 <details>
 <summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
@@ -347,21 +356,26 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
     "vary": "Accept-Encoding",
     "date": "<timestamp>",
     "content-type": "application/json",
-    "content-length": "59",
+    "content-length": "45",
     "content-encoding": "gzip"
   },
   "body": {
-    "data": {
-      "__typename": "Query"
-    }
+    "errors": [
+      {}
+    ]
   }
 }
 </code></pre>
 </details>
 </li>
-<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter
+</ol>
+
+<h2>Warnings</h2>
+The server <i>SHOULD</i> support these, but is not required.
+<ol>
+<li><code>58B0</code> SHOULD use 4xx or 5xx status codes on string {extensions} parameter when accepting application/json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -381,9 +395,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter
+<li><code>58B1</code> SHOULD use 4xx or 5xx status codes on number {extensions} parameter when accepting application/json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -403,7 +417,7 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid
+<li><code>58B2</code> SHOULD use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/json
 <details>
 <summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
@@ -413,21 +427,21 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
     "vary": "Accept-Encoding",
     "date": "<timestamp>",
     "content-type": "application/json",
-    "content-length": "45",
+    "content-length": "59",
     "content-encoding": "gzip"
   },
   "body": {
-    "errors": [
-      {}
-    ]
+    "data": {
+      "__typename": "Query"
+    }
   }
 }
 </code></pre>
 </details>
 </li>
-<li><code>3E3A</code> MAY use 400 status code if parameters are invalid
+<li><code>58B3</code> SHOULD use 4xx or 5xx status codes on array {extensions} parameter when accepting application/json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -435,26 +449,21 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
     "vary": "Accept-Encoding",
     "date": "<timestamp>",
     "content-type": "application/json",
-    "content-length": "45",
+    "content-length": "59",
     "content-encoding": "gzip"
   },
   "body": {
-    "errors": [
-      {}
-    ]
+    "data": {
+      "__typename": "Query"
+    }
   }
 }
 </code></pre>
 </details>
 </li>
-</ol>
-
-<h2>Warnings</h2>
-The server <i>SHOULD</i> support these, but is not required.
-<ol>
-<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type
+<li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 200</summary>
+<summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
   "statusText": "Not Acceptable",
   "status": 406,
@@ -469,9 +478,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json
+<li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 200</summary>
+<summary>Response body is not valid JSON</summary>
 <pre><code class="lang-json">{
   "statusText": "Not Acceptable",
   "status": 406,
@@ -481,14 +490,14 @@ The server <i>SHOULD</i> support these, but is not required.
     "content-type": "text/plain;charset=UTF-8",
     "content-length": "14"
   },
-  "body": "Not Acceptable"
+  "body": null
 }
 </code></pre>
 </details>
 </li>
-<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+<li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 200</summary>
+<summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
   "statusText": "Not Acceptable",
   "status": 406,
@@ -503,9 +512,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json
+<li><code>5E5B</code> SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 200</summary>
+<summary>Response body is not valid JSON</summary>
 <pre><code class="lang-json">{
   "statusText": "Not Acceptable",
   "status": 406,
@@ -515,14 +524,14 @@ The server <i>SHOULD</i> support these, but is not required.
     "content-type": "text/plain;charset=UTF-8",
     "content-length": "14"
   },
-  "body": "Not Acceptable"
+  "body": null
 }
 </code></pre>
 </details>
 </li>
-<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json
+<li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 200</summary>
+<summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
   "statusText": "Not Acceptable",
   "status": 406,
@@ -537,7 +546,12 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json
+</ol>
+
+<h2>Errors</h2>
+The server <b>MUST</b> support these.
+<ol>
+<li><code>22EB</code> MUST accept application/graphql-response+json and match the content-type
 <details>
 <summary>Response status code is not 200</summary>
 <pre><code class="lang-json">{
@@ -554,7 +568,7 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+<li><code>34A2</code> MUST allow string {query} parameter when accepting application/graphql-response+json
 <details>
 <summary>Response status code is not 200</summary>
 <pre><code class="lang-json">{
@@ -571,7 +585,7 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+<li><code>8161</code> MUST allow string {operationName} parameter when accepting application/graphql-response+json
 <details>
 <summary>Response status code is not 200</summary>
 <pre><code class="lang-json">{
@@ -588,9 +602,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+<li><code>94B0</code> MUST allow null {variables} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status code is not 200</summary>
 <pre><code class="lang-json">{
   "statusText": "Not Acceptable",
   "status": 406,
@@ -605,9 +619,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+<li><code>94B1</code> MUST allow null {operationName} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response body is not valid JSON</summary>
+<summary>Response status code is not 200</summary>
 <pre><code class="lang-json">{
   "statusText": "Not Acceptable",
   "status": 406,
@@ -617,14 +631,14 @@ The server <i>SHOULD</i> support these, but is not required.
     "content-type": "text/plain;charset=UTF-8",
     "content-length": "14"
   },
-  "body": null
+  "body": "Not Acceptable"
 }
 </code></pre>
 </details>
 </li>
-<li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+<li><code>94B2</code> MUST allow null {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status code is not 200</summary>
 <pre><code class="lang-json">{
   "statusText": "Not Acceptable",
   "status": 406,
@@ -639,9 +653,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>5E5B</code> SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+<li><code>2EA1</code> MUST allow map {variables} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response body is not valid JSON</summary>
+<summary>Response status code is not 200</summary>
 <pre><code class="lang-json">{
   "statusText": "Not Acceptable",
   "status": 406,
@@ -651,14 +665,14 @@ The server <i>SHOULD</i> support these, but is not required.
     "content-type": "text/plain;charset=UTF-8",
     "content-length": "14"
   },
-  "body": null
+  "body": "Not Acceptable"
 }
 </code></pre>
 </details>
 </li>
-<li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json
+<li><code>428F</code> MUST allow map {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status code is not 200</summary>
 <pre><code class="lang-json">{
   "statusText": "Not Acceptable",
   "status": 406,
@@ -674,4 +688,3 @@ The server <i>SHOULD</i> support these, but is not required.
 </details>
 </li>
 </ol>
-
diff --git a/implementations/deno/report.json b/implementations/deno/report.json
index b5658aa1..41591878 100644
--- a/implementations/deno/report.json
+++ b/implementations/deno/report.json
@@ -1,7 +1,7 @@
 {
-  "total": 60,
-  "ok": 29,
-  "notice": 18,
-  "warn": 13,
-  "error": 0
+  "total": 68,
+  "ok": 37,
+  "notice": 14,
+  "warn": 9,
+  "error": 8
 }
diff --git a/implementations/express-graphql/README.md b/implementations/express-graphql/README.md
index 50299fd3..317b1962 100644
--- a/implementations/express-graphql/README.md
+++ b/implementations/express-graphql/README.md
@@ -3,17 +3,18 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>60</b> audits in total</li>
+<li><b>68</b> audits in total</li>
 <li><span style="font-family: monospace">✅</span> <b>45</b> pass</li>
-<li><span style="font-family: monospace">💡</span> <b>11</b> notices (suggestions)</li>
-<li><span style="font-family: monospace">❗️</span> <b>4</b> warnings (optional)</li>
+<li><span style="font-family: monospace">💡</span> <b>7</b> notices (suggestions)</li>
+<li><span style="font-family: monospace">❗️</span> <b>11</b> warnings (optional)</li>
+<li><span style="font-family: monospace">❌</span> <b>5</b> errors (required)</li>
 </ul>
 
 <h2>Passing</h2>
 <ol>
 <li><code>4655</code> MUST accept application/json and match the content-type</li>
-<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type</li>
-<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing</li>
+<li><code>47DE</code> SHOULD accept */* and use application/graphql-response+json or application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json or application/graphql-response+json content-type when accept is missing</li>
 <li><code>82A3</code> MUST use utf-8 encoding when responding</li>
 <li><code>BF61</code> MUST accept utf-8 encoded request</li>
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
@@ -28,31 +29,31 @@
 <li><code>LKJ1</code> MAY use 400 status code on number {query} parameter</li>
 <li><code>LKJ2</code> MAY use 400 status code on boolean {query} parameter</li>
 <li><code>LKJ3</code> MAY use 400 status code on array {query} parameter</li>
-<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
+<li><code>34A2</code> MUST allow string {query} parameter when accepting application/graphql-response+json</li>
 <li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
-<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>8161</code> MUST allow string {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
-<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>94B0</code> MUST allow null {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>0220</code> MUST allow null {variables} parameter when accepting application/json</li>
-<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>94B1</code> MUST allow null {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
-<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>94B2</code> MUST allow null {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json</li>
 <li><code>4760</code> MAY use 400 status code on string {variables} parameter</li>
-<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>2EA1</code> MUST allow map {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
 <li><code>D6D5</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json</li>
 <li><code>6A70</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json</li>
-<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>428F</code> MUST allow map {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
 <li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure</li>
 <li><code>BCF8</code> MAY use 400 status code on JSON parsing failure</li>
 <li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid</li>
 <li><code>3E3A</code> MAY use 400 status code if parameters are invalid</li>
-<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
+<li><code>865D</code> MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json</li>
-<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
+<li><code>51FE</code> MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
 <li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json</li>
 <li><code>5E5B</code> SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json</li>
 <li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json</li>
@@ -229,9 +230,14 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter
+</ol>
+
+<h2>Warnings</h2>
+The server <i>SHOULD</i> support these, but is not required.
+<ol>
+<li><code>2330</code> SHOULD use 4xx status code on string {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -253,9 +259,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter
+<li><code>2331</code> SHOULD use 4xx status code on number {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -277,9 +283,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter
+<li><code>2332</code> SHOULD use 4xx status code on boolean {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -301,9 +307,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter
+<li><code>2333</code> SHOULD use 4xx status code on array {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -325,14 +331,81 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-</ol>
-
-<h2>Warnings</h2>
-The server <i>SHOULD</i> support these, but is not required.
-<ol>
-<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type
+<li><code>58B0</code> SHOULD use 4xx or 5xx status codes on string {extensions} parameter when accepting application/json
 <details>
-<summary>Response header content-type does not contain application/graphql-response+json</summary>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "etag": "W/\"1f-yOwhVHjWKeagyuteVuktj+6mcMg\"",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B1</code> SHOULD use 4xx or 5xx status codes on number {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "etag": "W/\"1f-yOwhVHjWKeagyuteVuktj+6mcMg\"",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B2</code> SHOULD use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "etag": "W/\"1f-yOwhVHjWKeagyuteVuktj+6mcMg\"",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B3</code> SHOULD use 4xx or 5xx status codes on array {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -461,3 +534,127 @@ The server <i>SHOULD</i> support these, but is not required.
 </li>
 </ol>
 
+<h2>Errors</h2>
+The server <b>MUST</b> support these.
+<ol>
+<li><code>22EB</code> MUST accept application/graphql-response+json and match the content-type
+<details>
+<summary>Response header content-type does not contain application/graphql-response+json</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "etag": "W/\"1f-yOwhVHjWKeagyuteVuktj+6mcMg\"",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0280</code> MUST use 4xx or 5xx status codes on string {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "etag": "W/\"1f-yOwhVHjWKeagyuteVuktj+6mcMg\"",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0281</code> MUST use 4xx or 5xx status codes on number {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "etag": "W/\"1f-yOwhVHjWKeagyuteVuktj+6mcMg\"",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0282</code> MUST use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "etag": "W/\"1f-yOwhVHjWKeagyuteVuktj+6mcMg\"",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0283</code> MUST use 4xx or 5xx status codes on array {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "etag": "W/\"1f-yOwhVHjWKeagyuteVuktj+6mcMg\"",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+</ol>
diff --git a/implementations/express-graphql/report.json b/implementations/express-graphql/report.json
index 4099d182..7f98e925 100644
--- a/implementations/express-graphql/report.json
+++ b/implementations/express-graphql/report.json
@@ -1,7 +1,7 @@
 {
-  "total": 60,
+  "total": 68,
   "ok": 45,
-  "notice": 11,
-  "warn": 4,
-  "error": 0
+  "notice": 7,
+  "warn": 11,
+  "error": 5
 }
diff --git a/implementations/graph-client/README.md b/implementations/graph-client/README.md
index 364f93c2..dfd5357a 100644
--- a/implementations/graph-client/README.md
+++ b/implementations/graph-client/README.md
@@ -3,17 +3,17 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>60</b> audits in total</li>
-<li><span style="font-family: monospace">✅</span> <b>57</b> pass</li>
+<li><b>68</b> audits in total</li>
+<li><span style="font-family: monospace">✅</span> <b>65</b> pass</li>
 <li><span style="font-family: monospace">💡</span> <b>3</b> notices (suggestions)</li>
 </ul>
 
 <h2>Passing</h2>
 <ol>
-<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type</li>
+<li><code>22EB</code> MUST accept application/graphql-response+json and match the content-type</li>
 <li><code>4655</code> MUST accept application/json and match the content-type</li>
-<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type</li>
-<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing</li>
+<li><code>47DE</code> SHOULD accept */* and use application/graphql-response+json or application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json or application/graphql-response+json content-type when accept is missing</li>
 <li><code>82A3</code> MUST use utf-8 encoding when responding</li>
 <li><code>BF61</code> MUST accept utf-8 encoded request</li>
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
@@ -27,43 +27,51 @@
 <li><code>LKJ1</code> MAY use 400 status code on number {query} parameter</li>
 <li><code>LKJ2</code> MAY use 400 status code on boolean {query} parameter</li>
 <li><code>LKJ3</code> MAY use 400 status code on array {query} parameter</li>
-<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
+<li><code>34A2</code> MUST allow string {query} parameter when accepting application/graphql-response+json</li>
 <li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
 <li><code>6C00</code> MAY use 400 status code on object {operationName} parameter</li>
 <li><code>6C01</code> MAY use 400 status code on number {operationName} parameter</li>
 <li><code>6C02</code> MAY use 400 status code on boolean {operationName} parameter</li>
 <li><code>6C03</code> MAY use 400 status code on array {operationName} parameter</li>
-<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>8161</code> MUST allow string {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
-<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>94B0</code> MUST allow null {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>0220</code> MUST allow null {variables} parameter when accepting application/json</li>
-<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>94B1</code> MUST allow null {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
-<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>94B2</code> MUST allow null {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json</li>
 <li><code>4760</code> MAY use 400 status code on string {variables} parameter</li>
 <li><code>4761</code> MAY use 400 status code on number {variables} parameter</li>
 <li><code>4762</code> MAY use 400 status code on boolean {variables} parameter</li>
 <li><code>4763</code> MAY use 400 status code on array {variables} parameter</li>
-<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>2EA1</code> MUST allow map {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
 <li><code>D6D5</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json</li>
 <li><code>6A70</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json</li>
-<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter</li>
-<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter</li>
-<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter</li>
-<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter</li>
-<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0280</code> MUST use 4xx or 5xx status codes on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0281</code> MUST use 4xx or 5xx status codes on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0282</code> MUST use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0283</code> MUST use 4xx or 5xx status codes on array {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2330</code> SHOULD use 4xx status code on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2331</code> SHOULD use 4xx status code on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2332</code> SHOULD use 4xx status code on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2333</code> SHOULD use 4xx status code on array {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>58B0</code> SHOULD use 4xx or 5xx status codes on string {extensions} parameter when accepting application/json</li>
+<li><code>58B1</code> SHOULD use 4xx or 5xx status codes on number {extensions} parameter when accepting application/json</li>
+<li><code>58B2</code> SHOULD use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/json</li>
+<li><code>58B3</code> SHOULD use 4xx or 5xx status codes on array {extensions} parameter when accepting application/json</li>
+<li><code>428F</code> MUST allow map {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
 <li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid</li>
 <li><code>3E3A</code> MAY use 400 status code if parameters are invalid</li>
 <li><code>572B</code> SHOULD use 200 status code on document parsing failure when accepting application/json</li>
 <li><code>FDE2</code> SHOULD use 200 status code on document validation failure when accepting application/json</li>
 <li><code>7B9B</code> SHOULD use a status code of 200 on variable coercion failure when accepting application/json</li>
-<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
+<li><code>865D</code> MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json</li>
-<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
+<li><code>51FE</code> MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
 <li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json</li>
 <li><code>5E5B</code> SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json</li>
 <li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json</li>
diff --git a/implementations/graph-client/report.json b/implementations/graph-client/report.json
index 17ae4227..ab91c153 100644
--- a/implementations/graph-client/report.json
+++ b/implementations/graph-client/report.json
@@ -1,6 +1,6 @@
 {
-  "total": 60,
-  "ok": 57,
+  "total": 68,
+  "ok": 65,
   "notice": 3,
   "warn": 0,
   "error": 0
diff --git a/implementations/graphql-helix/README.md b/implementations/graphql-helix/README.md
index 72631835..716b5420 100644
--- a/implementations/graphql-helix/README.md
+++ b/implementations/graphql-helix/README.md
@@ -3,17 +3,18 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>60</b> audits in total</li>
+<li><b>68</b> audits in total</li>
 <li><span style="font-family: monospace">✅</span> <b>49</b> pass</li>
-<li><span style="font-family: monospace">💡</span> <b>7</b> notices (suggestions)</li>
-<li><span style="font-family: monospace">❗️</span> <b>4</b> warnings (optional)</li>
+<li><span style="font-family: monospace">💡</span> <b>3</b> notices (suggestions)</li>
+<li><span style="font-family: monospace">❗️</span> <b>11</b> warnings (optional)</li>
+<li><span style="font-family: monospace">❌</span> <b>5</b> errors (required)</li>
 </ul>
 
 <h2>Passing</h2>
 <ol>
 <li><code>4655</code> MUST accept application/json and match the content-type</li>
-<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type</li>
-<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing</li>
+<li><code>47DE</code> SHOULD accept */* and use application/graphql-response+json or application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json or application/graphql-response+json content-type when accept is missing</li>
 <li><code>82A3</code> MUST use utf-8 encoding when responding</li>
 <li><code>BF61</code> MUST accept utf-8 encoded request</li>
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
@@ -28,35 +29,35 @@
 <li><code>LKJ1</code> MAY use 400 status code on number {query} parameter</li>
 <li><code>LKJ2</code> MAY use 400 status code on boolean {query} parameter</li>
 <li><code>LKJ3</code> MAY use 400 status code on array {query} parameter</li>
-<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
+<li><code>34A2</code> MUST allow string {query} parameter when accepting application/graphql-response+json</li>
 <li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
 <li><code>6C00</code> MAY use 400 status code on object {operationName} parameter</li>
 <li><code>6C01</code> MAY use 400 status code on number {operationName} parameter</li>
 <li><code>6C02</code> MAY use 400 status code on boolean {operationName} parameter</li>
 <li><code>6C03</code> MAY use 400 status code on array {operationName} parameter</li>
-<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>8161</code> MUST allow string {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
-<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>94B0</code> MUST allow null {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>0220</code> MUST allow null {variables} parameter when accepting application/json</li>
-<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>94B1</code> MUST allow null {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
-<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>94B2</code> MUST allow null {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json</li>
 <li><code>4760</code> MAY use 400 status code on string {variables} parameter</li>
-<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>2EA1</code> MUST allow map {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
 <li><code>D6D5</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json</li>
 <li><code>6A70</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json</li>
-<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>428F</code> MUST allow map {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
 <li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure</li>
 <li><code>BCF8</code> MAY use 400 status code on JSON parsing failure</li>
 <li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid</li>
 <li><code>3E3A</code> MAY use 400 status code if parameters are invalid</li>
-<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
+<li><code>865D</code> MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json</li>
-<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
+<li><code>51FE</code> MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
 <li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json</li>
 <li><code>5E5B</code> SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json</li>
 <li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json</li>
@@ -134,9 +135,14 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter
+</ol>
+
+<h2>Warnings</h2>
+The server <i>SHOULD</i> support these, but is not required.
+<ol>
+<li><code>2330</code> SHOULD use 4xx status code on string {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -157,9 +163,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter
+<li><code>2331</code> SHOULD use 4xx status code on number {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -180,9 +186,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter
+<li><code>2332</code> SHOULD use 4xx status code on boolean {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -203,9 +209,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter
+<li><code>2333</code> SHOULD use 4xx status code on array {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -226,14 +232,78 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-</ol>
-
-<h2>Warnings</h2>
-The server <i>SHOULD</i> support these, but is not required.
-<ol>
-<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type
+<li><code>58B0</code> SHOULD use 4xx or 5xx status codes on string {extensions} parameter when accepting application/json
 <details>
-<summary>Response header content-type does not contain application/graphql-response+json</summary>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B1</code> SHOULD use 4xx or 5xx status codes on number {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B2</code> SHOULD use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B3</code> SHOULD use 4xx or 5xx status codes on array {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -358,3 +428,122 @@ The server <i>SHOULD</i> support these, but is not required.
 </li>
 </ol>
 
+<h2>Errors</h2>
+The server <b>MUST</b> support these.
+<ol>
+<li><code>22EB</code> MUST accept application/graphql-response+json and match the content-type
+<details>
+<summary>Response header content-type does not contain application/graphql-response+json</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0280</code> MUST use 4xx or 5xx status codes on string {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0281</code> MUST use 4xx or 5xx status codes on number {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0282</code> MUST use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0283</code> MUST use 4xx or 5xx status codes on array {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "Express",
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+</ol>
diff --git a/implementations/graphql-helix/report.json b/implementations/graphql-helix/report.json
index a7e67865..36eb9d6f 100644
--- a/implementations/graphql-helix/report.json
+++ b/implementations/graphql-helix/report.json
@@ -1,7 +1,7 @@
 {
-  "total": 60,
+  "total": 68,
   "ok": 49,
-  "notice": 7,
-  "warn": 4,
-  "error": 0
+  "notice": 3,
+  "warn": 11,
+  "error": 5
 }
diff --git a/implementations/graphql-yoga/README.md b/implementations/graphql-yoga/README.md
index 9c15aea4..3053b1fd 100644
--- a/implementations/graphql-yoga/README.md
+++ b/implementations/graphql-yoga/README.md
@@ -3,16 +3,16 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>60</b> audits in total</li>
-<li><span style="font-family: monospace">✅</span> <b>60</b> pass</li>
+<li><b>68</b> audits in total</li>
+<li><span style="font-family: monospace">✅</span> <b>68</b> pass</li>
 </ul>
 
 <h2>Passing</h2>
 <ol>
-<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type</li>
+<li><code>22EB</code> MUST accept application/graphql-response+json and match the content-type</li>
 <li><code>4655</code> MUST accept application/json and match the content-type</li>
-<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type</li>
-<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing</li>
+<li><code>47DE</code> SHOULD accept */* and use application/graphql-response+json or application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json or application/graphql-response+json content-type when accept is missing</li>
 <li><code>82A3</code> MUST use utf-8 encoding when responding</li>
 <li><code>BF61</code> MUST accept utf-8 encoded request</li>
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
@@ -27,33 +27,41 @@
 <li><code>LKJ1</code> MAY use 400 status code on number {query} parameter</li>
 <li><code>LKJ2</code> MAY use 400 status code on boolean {query} parameter</li>
 <li><code>LKJ3</code> MAY use 400 status code on array {query} parameter</li>
-<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
+<li><code>34A2</code> MUST allow string {query} parameter when accepting application/graphql-response+json</li>
 <li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
 <li><code>6C00</code> MAY use 400 status code on object {operationName} parameter</li>
 <li><code>6C01</code> MAY use 400 status code on number {operationName} parameter</li>
 <li><code>6C02</code> MAY use 400 status code on boolean {operationName} parameter</li>
 <li><code>6C03</code> MAY use 400 status code on array {operationName} parameter</li>
-<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>8161</code> MUST allow string {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
-<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>94B0</code> MUST allow null {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>0220</code> MUST allow null {variables} parameter when accepting application/json</li>
-<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>94B1</code> MUST allow null {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
-<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>94B2</code> MUST allow null {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json</li>
 <li><code>4760</code> MAY use 400 status code on string {variables} parameter</li>
 <li><code>4761</code> MAY use 400 status code on number {variables} parameter</li>
 <li><code>4762</code> MAY use 400 status code on boolean {variables} parameter</li>
 <li><code>4763</code> MAY use 400 status code on array {variables} parameter</li>
-<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>2EA1</code> MUST allow map {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
 <li><code>D6D5</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json</li>
 <li><code>6A70</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json</li>
-<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter</li>
-<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter</li>
-<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter</li>
-<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter</li>
-<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0280</code> MUST use 4xx or 5xx status codes on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0281</code> MUST use 4xx or 5xx status codes on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0282</code> MUST use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0283</code> MUST use 4xx or 5xx status codes on array {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2330</code> SHOULD use 4xx status code on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2331</code> SHOULD use 4xx status code on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2332</code> SHOULD use 4xx status code on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2333</code> SHOULD use 4xx status code on array {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>58B0</code> SHOULD use 4xx or 5xx status codes on string {extensions} parameter when accepting application/json</li>
+<li><code>58B1</code> SHOULD use 4xx or 5xx status codes on number {extensions} parameter when accepting application/json</li>
+<li><code>58B2</code> SHOULD use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/json</li>
+<li><code>58B3</code> SHOULD use 4xx or 5xx status codes on array {extensions} parameter when accepting application/json</li>
+<li><code>428F</code> MUST allow map {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
 <li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure</li>
 <li><code>BCF8</code> MAY use 400 status code on JSON parsing failure</li>
@@ -62,10 +70,10 @@
 <li><code>572B</code> SHOULD use 200 status code on document parsing failure when accepting application/json</li>
 <li><code>FDE2</code> SHOULD use 200 status code on document validation failure when accepting application/json</li>
 <li><code>7B9B</code> SHOULD use a status code of 200 on variable coercion failure when accepting application/json</li>
-<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
+<li><code>865D</code> MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json</li>
-<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
+<li><code>51FE</code> MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
 <li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json</li>
 <li><code>5E5B</code> SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json</li>
 <li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json</li>
diff --git a/implementations/graphql-yoga/report.json b/implementations/graphql-yoga/report.json
index d19c440b..562cbede 100644
--- a/implementations/graphql-yoga/report.json
+++ b/implementations/graphql-yoga/report.json
@@ -1,6 +1,6 @@
 {
-  "total": 60,
-  "ok": 60,
+  "total": 68,
+  "ok": 68,
   "notice": 0,
   "warn": 0,
   "error": 0
diff --git a/implementations/hotchocolate/README.md b/implementations/hotchocolate/README.md
index cb066ff6..cafaf0bd 100644
--- a/implementations/hotchocolate/README.md
+++ b/implementations/hotchocolate/README.md
@@ -3,15 +3,17 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>60</b> audits in total</li>
-<li><span style="font-family: monospace">✅</span> <b>58</b> pass</li>
-<li><span style="font-family: monospace">❗️</span> <b>2</b> warnings (optional)</li>
+<li><b>68</b> audits in total</li>
+<li><span style="font-family: monospace">✅</span> <b>64</b> pass</li>
+<li><span style="font-family: monospace">❗️</span> <b>4</b> warnings (optional)</li>
 </ul>
 
 <h2>Passing</h2>
 <ol>
-<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type</li>
+<li><code>22EB</code> MUST accept application/graphql-response+json and match the content-type</li>
 <li><code>4655</code> MUST accept application/json and match the content-type</li>
+<li><code>47DE</code> SHOULD accept */* and use application/graphql-response+json or application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json or application/graphql-response+json content-type when accept is missing</li>
 <li><code>82A3</code> MUST use utf-8 encoding when responding</li>
 <li><code>BF61</code> MUST accept utf-8 encoded request</li>
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
@@ -26,33 +28,37 @@
 <li><code>LKJ1</code> MAY use 400 status code on number {query} parameter</li>
 <li><code>LKJ2</code> MAY use 400 status code on boolean {query} parameter</li>
 <li><code>LKJ3</code> MAY use 400 status code on array {query} parameter</li>
-<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
+<li><code>34A2</code> MUST allow string {query} parameter when accepting application/graphql-response+json</li>
 <li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
 <li><code>6C00</code> MAY use 400 status code on object {operationName} parameter</li>
 <li><code>6C01</code> MAY use 400 status code on number {operationName} parameter</li>
 <li><code>6C02</code> MAY use 400 status code on boolean {operationName} parameter</li>
 <li><code>6C03</code> MAY use 400 status code on array {operationName} parameter</li>
-<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>8161</code> MUST allow string {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
-<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>94B0</code> MUST allow null {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>0220</code> MUST allow null {variables} parameter when accepting application/json</li>
-<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>94B1</code> MUST allow null {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
-<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>94B2</code> MUST allow null {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json</li>
 <li><code>4760</code> MAY use 400 status code on string {variables} parameter</li>
 <li><code>4761</code> MAY use 400 status code on number {variables} parameter</li>
 <li><code>4762</code> MAY use 400 status code on boolean {variables} parameter</li>
 <li><code>4763</code> MAY use 400 status code on array {variables} parameter</li>
-<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>2EA1</code> MUST allow map {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
 <li><code>D6D5</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json</li>
 <li><code>6A70</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json</li>
-<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter</li>
-<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter</li>
-<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter</li>
-<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter</li>
-<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0280</code> MUST use 4xx or 5xx status codes on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0281</code> MUST use 4xx or 5xx status codes on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0282</code> MUST use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0283</code> MUST use 4xx or 5xx status codes on array {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2330</code> SHOULD use 4xx status code on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2331</code> SHOULD use 4xx status code on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2332</code> SHOULD use 4xx status code on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2333</code> SHOULD use 4xx status code on array {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>428F</code> MUST allow map {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
 <li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure</li>
 <li><code>BCF8</code> MAY use 400 status code on JSON parsing failure</li>
@@ -61,10 +67,10 @@
 <li><code>572B</code> SHOULD use 200 status code on document parsing failure when accepting application/json</li>
 <li><code>FDE2</code> SHOULD use 200 status code on document validation failure when accepting application/json</li>
 <li><code>7B9B</code> SHOULD use a status code of 200 on variable coercion failure when accepting application/json</li>
-<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
+<li><code>865D</code> MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json</li>
-<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
+<li><code>51FE</code> MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
 <li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json</li>
 <li><code>5E5B</code> SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json</li>
 <li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json</li>
@@ -73,9 +79,9 @@
 <h2>Warnings</h2>
 The server <i>SHOULD</i> support these, but is not required.
 <ol>
-<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type
+<li><code>58B0</code> SHOULD use 4xx or 5xx status codes on string {extensions} parameter when accepting application/json
 <details>
-<summary>Response header content-type does not contain application/json</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -83,20 +89,31 @@ The server <i>SHOULD</i> support these, but is not required.
     "transfer-encoding": "chunked",
     "server": "Kestrel",
     "date": "<timestamp>",
-    "content-type": "application/graphql-response+json;charset=utf-8"
+    "content-type": "application/json; charset=utf-8"
   },
   "body": {
-    "data": {
-      "__typename": "Query"
-    }
+    "errors": [
+      {
+        "message": "Expected an object or a null-token, but found a String-token with value `string`.",
+        "locations": [
+          {
+            "line": 1,
+            "column": 40
+          }
+        ],
+        "extensions": {
+          "code": "HC0011"
+        }
+      }
+    ]
   }
 }
 </code></pre>
 </details>
 </li>
-<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing
+<li><code>58B1</code> SHOULD use 4xx or 5xx status codes on number {extensions} parameter when accepting application/json
 <details>
-<summary>Response header content-type does not contain application/json</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -104,12 +121,87 @@ The server <i>SHOULD</i> support these, but is not required.
     "transfer-encoding": "chunked",
     "server": "Kestrel",
     "date": "<timestamp>",
-    "content-type": "application/graphql-response+json;charset=utf-8"
+    "content-type": "application/json; charset=utf-8"
   },
   "body": {
-    "data": {
-      "__typename": "Query"
-    }
+    "errors": [
+      {
+        "message": "Expected an object or a null-token, but found a Integer-token with value `0`.",
+        "locations": [
+          {
+            "line": 1,
+            "column": 40
+          }
+        ],
+        "extensions": {
+          "code": "HC0011"
+        }
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B2</code> SHOULD use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "transfer-encoding": "chunked",
+    "server": "Kestrel",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "Expected an object or a null-token, but found a Name-token with value `false`.",
+        "locations": [
+          {
+            "line": 1,
+            "column": 40
+          }
+        ],
+        "extensions": {
+          "code": "HC0011"
+        }
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B3</code> SHOULD use 4xx or 5xx status codes on array {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "transfer-encoding": "chunked",
+    "server": "Kestrel",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "Expected an object or a null-token, but found a LeftBracket-token with value ``.",
+        "locations": [
+          {
+            "line": 1,
+            "column": 40
+          }
+        ],
+        "extensions": {
+          "code": "HC0011"
+        }
+      }
+    ]
   }
 }
 </code></pre>
diff --git a/implementations/hotchocolate/report.json b/implementations/hotchocolate/report.json
index ddfc3f4e..fd5d4049 100644
--- a/implementations/hotchocolate/report.json
+++ b/implementations/hotchocolate/report.json
@@ -1,7 +1,7 @@
 {
-  "total": 60,
-  "ok": 58,
+  "total": 68,
+  "ok": 64,
   "notice": 0,
-  "warn": 2,
+  "warn": 4,
   "error": 0
 }
diff --git a/implementations/lighthouse/README.md b/implementations/lighthouse/README.md
index 49f21d60..07b1f953 100644
--- a/implementations/lighthouse/README.md
+++ b/implementations/lighthouse/README.md
@@ -3,17 +3,18 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>60</b> audits in total</li>
+<li><b>68</b> audits in total</li>
 <li><span style="font-family: monospace">✅</span> <b>33</b> pass</li>
-<li><span style="font-family: monospace">💡</span> <b>21</b> notices (suggestions)</li>
-<li><span style="font-family: monospace">❗️</span> <b>6</b> warnings (optional)</li>
+<li><span style="font-family: monospace">💡</span> <b>17</b> notices (suggestions)</li>
+<li><span style="font-family: monospace">❗️</span> <b>11</b> warnings (optional)</li>
+<li><span style="font-family: monospace">❌</span> <b>7</b> errors (required)</li>
 </ul>
 
 <h2>Passing</h2>
 <ol>
 <li><code>4655</code> MUST accept application/json and match the content-type</li>
-<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type</li>
-<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing</li>
+<li><code>47DE</code> SHOULD accept */* and use application/graphql-response+json or application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json or application/graphql-response+json content-type when accept is missing</li>
 <li><code>82A3</code> MUST use utf-8 encoding when responding</li>
 <li><code>BF61</code> MUST accept utf-8 encoded request</li>
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
@@ -21,21 +22,21 @@
 <li><code>5A70</code> MAY accept application/x-www-form-urlencoded formatted GET requests</li>
 <li><code>03D4</code> MUST accept application/json POST requests</li>
 <li><code>A5BF</code> MAY use 400 status code when request body is missing on POST</li>
-<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
+<li><code>34A2</code> MUST allow string {query} parameter when accepting application/graphql-response+json</li>
 <li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
-<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>8161</code> MUST allow string {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
-<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>94B0</code> MUST allow null {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>0220</code> MUST allow null {variables} parameter when accepting application/json</li>
-<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>94B1</code> MUST allow null {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
-<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>94B2</code> MUST allow null {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json</li>
-<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>2EA1</code> MUST allow map {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
 <li><code>D6D5</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json</li>
 <li><code>6A70</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json</li>
-<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>428F</code> MUST allow map {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
 <li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure</li>
 <li><code>BCF8</code> MAY use 400 status code on JSON parsing failure</li>
@@ -3591,98 +3592,6 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter
-<details>
-<summary>Response status code is not 400</summary>
-<pre><code class="lang-json">{
-  "statusText": "OK",
-  "status": 200,
-  "headers": {
-    "x-powered-by": "PHP/8.2.19",
-    "host": "localhost:4000",
-    "date": "<timestamp>",
-    "content-type": "application/json",
-    "connection": "close",
-    "cache-control": "no-cache, private"
-  },
-  "body": {
-    "data": {
-      "__typename": "Query"
-    }
-  }
-}
-</code></pre>
-</details>
-</li>
-<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter
-<details>
-<summary>Response status code is not 400</summary>
-<pre><code class="lang-json">{
-  "statusText": "OK",
-  "status": 200,
-  "headers": {
-    "x-powered-by": "PHP/8.2.19",
-    "host": "localhost:4000",
-    "date": "<timestamp>",
-    "content-type": "application/json",
-    "connection": "close",
-    "cache-control": "no-cache, private"
-  },
-  "body": {
-    "data": {
-      "__typename": "Query"
-    }
-  }
-}
-</code></pre>
-</details>
-</li>
-<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter
-<details>
-<summary>Response status code is not 400</summary>
-<pre><code class="lang-json">{
-  "statusText": "OK",
-  "status": 200,
-  "headers": {
-    "x-powered-by": "PHP/8.2.19",
-    "host": "localhost:4000",
-    "date": "<timestamp>",
-    "content-type": "application/json",
-    "connection": "close",
-    "cache-control": "no-cache, private"
-  },
-  "body": {
-    "data": {
-      "__typename": "Query"
-    }
-  }
-}
-</code></pre>
-</details>
-</li>
-<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter
-<details>
-<summary>Response status code is not 400</summary>
-<pre><code class="lang-json">{
-  "statusText": "OK",
-  "status": 200,
-  "headers": {
-    "x-powered-by": "PHP/8.2.19",
-    "host": "localhost:4000",
-    "date": "<timestamp>",
-    "content-type": "application/json",
-    "connection": "close",
-    "cache-control": "no-cache, private"
-  },
-  "body": {
-    "data": {
-      "__typename": "Query"
-    }
-  }
-}
-</code></pre>
-</details>
-</li>
 <li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid
 <details>
 <summary>Response status is not between 400 and 599</summary>
@@ -4180,9 +4089,147 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 <h2>Warnings</h2>
 The server <i>SHOULD</i> support these, but is not required.
 <ol>
-<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type
+<li><code>2330</code> SHOULD use 4xx status code on string {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response header content-type does not contain application/graphql-response+json</summary>
+<summary>Response status is not between 400 and 499</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>2331</code> SHOULD use 4xx status code on number {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 499</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>2332</code> SHOULD use 4xx status code on boolean {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 499</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>2333</code> SHOULD use 4xx status code on array {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 499</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B0</code> SHOULD use 4xx or 5xx status codes on string {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B1</code> SHOULD use 4xx or 5xx status codes on number {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B2</code> SHOULD use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -4203,9 +4250,32 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+<li><code>58B3</code> SHOULD use 4xx or 5xx status codes on array {extensions} parameter when accepting application/json
 <details>
 <summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+<details>
+<summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -4238,7 +4308,7 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+<li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
 <details>
 <summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
@@ -4255,11 +4325,11 @@ The server <i>SHOULD</i> support these, but is not required.
   "body": {
     "errors": [
       {
-        "message": "Syntax Error: Expected Name, found <EOF>",
+        "message": "Syntax Error: Expected Name, found Int \"8\"",
         "locations": [
           {
             "line": 1,
-            "column": 2
+            "column": 3
           }
         ],
         "extensions": {
@@ -4273,9 +4343,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+<li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json
 <details>
-<summary>Response status is not between 400 and 599</summary>
+<summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -4290,16 +4360,16 @@ The server <i>SHOULD</i> support these, but is not required.
   "body": {
     "errors": [
       {
-        "message": "Syntax Error: Expected Name, found Int \"8\"",
+        "message": "Variable \"$id\" is never used in operation \"CoerceFailure\".",
         "locations": [
           {
             "line": 1,
-            "column": 3
+            "column": 21
           }
         ],
         "extensions": {
-          "line": 382,
-          "file": "/app/vendor/webonyx/graphql-php/src/Language/Parser.php"
+          "line": 41,
+          "file": "/app/vendor/webonyx/graphql-php/src/Validator/Rules/NoUnusedVariables.php"
         }
       }
     ]
@@ -4308,9 +4378,129 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+</ol>
+
+<h2>Errors</h2>
+The server <b>MUST</b> support these.
+<ol>
+<li><code>22EB</code> MUST accept application/graphql-response+json and match the content-type
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response header content-type does not contain application/graphql-response+json</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0280</code> MUST use 4xx or 5xx status codes on string {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0281</code> MUST use 4xx or 5xx status codes on number {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0282</code> MUST use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0283</code> MUST use 4xx or 5xx status codes on array {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "x-powered-by": "PHP/8.2.19",
+    "host": "localhost:4000",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "connection": "close",
+    "cache-control": "no-cache, private"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>865D</code> MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -4325,11 +4515,11 @@ The server <i>SHOULD</i> support these, but is not required.
   "body": {
     "errors": [
       {
-        "message": "Syntax Error: Expected Name, found Int \"8\"",
+        "message": "Syntax Error: Expected Name, found <EOF>",
         "locations": [
           {
             "line": 1,
-            "column": 3
+            "column": 2
           }
         ],
         "extensions": {
@@ -4343,9 +4533,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json
+<li><code>51FE</code> MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -4360,16 +4550,16 @@ The server <i>SHOULD</i> support these, but is not required.
   "body": {
     "errors": [
       {
-        "message": "Variable \"$id\" is never used in operation \"CoerceFailure\".",
+        "message": "Syntax Error: Expected Name, found Int \"8\"",
         "locations": [
           {
             "line": 1,
-            "column": 21
+            "column": 3
           }
         ],
         "extensions": {
-          "line": 41,
-          "file": "/app/vendor/webonyx/graphql-php/src/Validator/Rules/NoUnusedVariables.php"
+          "line": 382,
+          "file": "/app/vendor/webonyx/graphql-php/src/Language/Parser.php"
         }
       }
     ]
@@ -4379,4 +4569,3 @@ The server <i>SHOULD</i> support these, but is not required.
 </details>
 </li>
 </ol>
-
diff --git a/implementations/lighthouse/report.json b/implementations/lighthouse/report.json
index 9c2ceb34..650ecfcb 100644
--- a/implementations/lighthouse/report.json
+++ b/implementations/lighthouse/report.json
@@ -1,7 +1,7 @@
 {
-  "total": 60,
+  "total": 68,
   "ok": 33,
-  "notice": 21,
-  "warn": 6,
-  "error": 0
+  "notice": 17,
+  "warn": 11,
+  "error": 7
 }
diff --git a/implementations/mercurius/README.md b/implementations/mercurius/README.md
index 6f09dbb9..1064fe2d 100644
--- a/implementations/mercurius/README.md
+++ b/implementations/mercurius/README.md
@@ -3,18 +3,18 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>60</b> audits in total</li>
-<li><span style="font-family: monospace">✅</span> <b>46</b> pass</li>
+<li><b>68</b> audits in total</li>
+<li><span style="font-family: monospace">✅</span> <b>54</b> pass</li>
 <li><span style="font-family: monospace">💡</span> <b>6</b> notices (suggestions)</li>
-<li><span style="font-family: monospace">❗️</span> <b>7</b> warnings (optional)</li>
-<li><span style="font-family: monospace">❌</span> <b>1</b> errors (required)</li>
+<li><span style="font-family: monospace">❗️</span> <b>5</b> warnings (optional)</li>
+<li><span style="font-family: monospace">❌</span> <b>3</b> errors (required)</li>
 </ul>
 
 <h2>Passing</h2>
 <ol>
 <li><code>4655</code> MUST accept application/json and match the content-type</li>
-<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type</li>
-<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing</li>
+<li><code>47DE</code> SHOULD accept */* and use application/graphql-response+json or application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json or application/graphql-response+json content-type when accept is missing</li>
 <li><code>82A3</code> MUST use utf-8 encoding when responding</li>
 <li><code>BF61</code> MUST accept utf-8 encoded request</li>
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
@@ -27,36 +27,44 @@
 <li><code>423L</code> MAY use 400 status code on missing {query} parameter</li>
 <li><code>LKJ0</code> MAY use 400 status code on object {query} parameter</li>
 <li><code>LKJ3</code> MAY use 400 status code on array {query} parameter</li>
-<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
+<li><code>34A2</code> MUST allow string {query} parameter when accepting application/graphql-response+json</li>
 <li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
 <li><code>6C00</code> MAY use 400 status code on object {operationName} parameter</li>
 <li><code>6C03</code> MAY use 400 status code on array {operationName} parameter</li>
-<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>8161</code> MUST allow string {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
-<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>94B0</code> MUST allow null {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>0220</code> MUST allow null {variables} parameter when accepting application/json</li>
-<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>94B1</code> MUST allow null {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
 <li><code>4760</code> MAY use 400 status code on string {variables} parameter</li>
 <li><code>4763</code> MAY use 400 status code on array {variables} parameter</li>
-<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>2EA1</code> MUST allow map {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
 <li><code>D6D5</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json</li>
 <li><code>6A70</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json</li>
-<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter</li>
-<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter</li>
-<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter</li>
-<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter</li>
-<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0280</code> MUST use 4xx or 5xx status codes on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0281</code> MUST use 4xx or 5xx status codes on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0282</code> MUST use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>0283</code> MUST use 4xx or 5xx status codes on array {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2330</code> SHOULD use 4xx status code on string {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2331</code> SHOULD use 4xx status code on number {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2332</code> SHOULD use 4xx status code on boolean {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>2333</code> SHOULD use 4xx status code on array {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>58B0</code> SHOULD use 4xx or 5xx status codes on string {extensions} parameter when accepting application/json</li>
+<li><code>58B1</code> SHOULD use 4xx or 5xx status codes on number {extensions} parameter when accepting application/json</li>
+<li><code>58B2</code> SHOULD use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/json</li>
+<li><code>58B3</code> SHOULD use 4xx or 5xx status codes on array {extensions} parameter when accepting application/json</li>
+<li><code>428F</code> MUST allow map {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
 <li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure</li>
 <li><code>BCF8</code> MAY use 400 status code on JSON parsing failure</li>
 <li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid</li>
 <li><code>3E3A</code> MAY use 400 status code if parameters are invalid</li>
 <li><code>7B9B</code> SHOULD use a status code of 200 on variable coercion failure when accepting application/json</li>
-<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
+<li><code>865D</code> MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json</li>
-<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
+<li><code>51FE</code> MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
 <li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json</li>
 </ol>
 
@@ -212,53 +220,6 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 <h2>Warnings</h2>
 The server <i>SHOULD</i> support these, but is not required.
 <ol>
-<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type
-<details>
-<summary>Response header content-type does not contain application/graphql-response+json</summary>
-<pre><code class="lang-json">{
-  "statusText": "OK",
-  "status": 200,
-  "headers": {
-    "keep-alive": "timeout=72",
-    "date": "<timestamp>",
-    "content-type": "application/json; charset=utf-8",
-    "content-length": "31",
-    "connection": "keep-alive"
-  },
-  "body": {
-    "data": {
-      "__typename": "Query"
-    }
-  }
-}
-</code></pre>
-</details>
-</li>
-<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json
-<details>
-<summary>Response status code is not 200</summary>
-<pre><code class="lang-json">{
-  "statusText": "Bad Request",
-  "status": 400,
-  "headers": {
-    "keep-alive": "timeout=72",
-    "date": "<timestamp>",
-    "content-type": "application/json; charset=utf-8",
-    "content-length": "69",
-    "connection": "keep-alive"
-  },
-  "body": {
-    "errors": [
-      {
-        "message": "body/extensions must be object"
-      }
-    ],
-    "data": null
-  }
-}
-</code></pre>
-</details>
-</li>
 <li><code>572B</code> SHOULD use 200 status code on document parsing failure when accepting application/json
 <details>
 <summary>Response status code is not 200</summary>
@@ -428,6 +389,53 @@ The server <i>SHOULD</i> support these, but is not required.
 <h2>Errors</h2>
 The server <b>MUST</b> support these.
 <ol>
+<li><code>22EB</code> MUST accept application/graphql-response+json and match the content-type
+<details>
+<summary>Response header content-type does not contain application/graphql-response+json</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "keep-alive": "timeout=72",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>94B2</code> MUST allow null {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status code is not 200</summary>
+<pre><code class="lang-json">{
+  "statusText": "Bad Request",
+  "status": 400,
+  "headers": {
+    "keep-alive": "timeout=72",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "69",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "body/extensions must be object"
+      }
+    ],
+    "data": null
+  }
+}
+</code></pre>
+</details>
+</li>
 <li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json
 <details>
 <summary>Response status code is not 200</summary>
diff --git a/implementations/mercurius/report.json b/implementations/mercurius/report.json
index d68f033b..6c3bb880 100644
--- a/implementations/mercurius/report.json
+++ b/implementations/mercurius/report.json
@@ -1,7 +1,7 @@
 {
-  "total": 60,
-  "ok": 46,
+  "total": 68,
+  "ok": 54,
   "notice": 6,
-  "warn": 7,
-  "error": 1
+  "warn": 5,
+  "error": 3
 }
diff --git a/implementations/postgraphile/README.md b/implementations/postgraphile/README.md
index cea994fc..ec521761 100644
--- a/implementations/postgraphile/README.md
+++ b/implementations/postgraphile/README.md
@@ -3,17 +3,18 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>60</b> audits in total</li>
+<li><b>68</b> audits in total</li>
 <li><span style="font-family: monospace">✅</span> <b>46</b> pass</li>
-<li><span style="font-family: monospace">💡</span> <b>10</b> notices (suggestions)</li>
-<li><span style="font-family: monospace">❗️</span> <b>4</b> warnings (optional)</li>
+<li><span style="font-family: monospace">💡</span> <b>6</b> notices (suggestions)</li>
+<li><span style="font-family: monospace">❗️</span> <b>11</b> warnings (optional)</li>
+<li><span style="font-family: monospace">❌</span> <b>5</b> errors (required)</li>
 </ul>
 
 <h2>Passing</h2>
 <ol>
 <li><code>4655</code> MUST accept application/json and match the content-type</li>
-<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type</li>
-<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing</li>
+<li><code>47DE</code> SHOULD accept */* and use application/graphql-response+json or application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json or application/graphql-response+json content-type when accept is missing</li>
 <li><code>82A3</code> MUST use utf-8 encoding when responding</li>
 <li><code>BF61</code> MUST accept utf-8 encoded request</li>
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
@@ -25,35 +26,35 @@
 <li><code>423L</code> MAY use 400 status code on missing {query} parameter</li>
 <li><code>LKJ1</code> MAY use 400 status code on number {query} parameter</li>
 <li><code>LKJ2</code> MAY use 400 status code on boolean {query} parameter</li>
-<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
+<li><code>34A2</code> MUST allow string {query} parameter when accepting application/graphql-response+json</li>
 <li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
 <li><code>6C00</code> MAY use 400 status code on object {operationName} parameter</li>
 <li><code>6C01</code> MAY use 400 status code on number {operationName} parameter</li>
 <li><code>6C02</code> MAY use 400 status code on boolean {operationName} parameter</li>
 <li><code>6C03</code> MAY use 400 status code on array {operationName} parameter</li>
-<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>8161</code> MUST allow string {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
-<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>94B0</code> MUST allow null {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>0220</code> MUST allow null {variables} parameter when accepting application/json</li>
-<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>94B1</code> MUST allow null {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
-<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>94B2</code> MUST allow null {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json</li>
 <li><code>4760</code> MAY use 400 status code on string {variables} parameter</li>
 <li><code>4761</code> MAY use 400 status code on number {variables} parameter</li>
 <li><code>4762</code> MAY use 400 status code on boolean {variables} parameter</li>
-<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>2EA1</code> MUST allow map {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
-<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>428F</code> MUST allow map {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
 <li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure</li>
 <li><code>BCF8</code> MAY use 400 status code on JSON parsing failure</li>
 <li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid</li>
 <li><code>3E3A</code> MAY use 400 status code if parameters are invalid</li>
-<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
+<li><code>865D</code> MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json</li>
-<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
+<li><code>51FE</code> MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json</li>
 <li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json</li>
 <li><code>5E5B</code> SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json</li>
 <li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json</li>
@@ -207,9 +208,14 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter
+</ol>
+
+<h2>Warnings</h2>
+The server <i>SHOULD</i> support these, but is not required.
+<ol>
+<li><code>2330</code> SHOULD use 4xx status code on string {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -229,9 +235,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter
+<li><code>2331</code> SHOULD use 4xx status code on number {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -251,9 +257,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter
+<li><code>2332</code> SHOULD use 4xx status code on boolean {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -273,9 +279,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter
+<li><code>2333</code> SHOULD use 4xx status code on array {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -295,14 +301,75 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-</ol>
-
-<h2>Warnings</h2>
-The server <i>SHOULD</i> support these, but is not required.
-<ol>
-<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type
+<li><code>58B0</code> SHOULD use 4xx or 5xx status codes on string {extensions} parameter when accepting application/json
 <details>
-<summary>Response header content-type does not contain application/graphql-response+json</summary>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B1</code> SHOULD use 4xx or 5xx status codes on number {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B2</code> SHOULD use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>58B3</code> SHOULD use 4xx or 5xx status codes on array {extensions} parameter when accepting application/json
+<details>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -414,3 +481,117 @@ The server <i>SHOULD</i> support these, but is not required.
 </li>
 </ol>
 
+<h2>Errors</h2>
+The server <b>MUST</b> support these.
+<ol>
+<li><code>22EB</code> MUST accept application/graphql-response+json and match the content-type
+<details>
+<summary>Response header content-type does not contain application/graphql-response+json</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0280</code> MUST use 4xx or 5xx status codes on string {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0281</code> MUST use 4xx or 5xx status codes on number {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0282</code> MUST use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0283</code> MUST use 4xx or 5xx status codes on array {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "keep-alive": "timeout=5",
+    "date": "<timestamp>",
+    "content-type": "application/json; charset=utf-8",
+    "content-length": "31",
+    "connection": "keep-alive"
+  },
+  "body": {
+    "data": {
+      "__typename": "Query"
+    }
+  }
+}
+</code></pre>
+</details>
+</li>
+</ol>
diff --git a/implementations/postgraphile/report.json b/implementations/postgraphile/report.json
index af61c47d..25383d18 100644
--- a/implementations/postgraphile/report.json
+++ b/implementations/postgraphile/report.json
@@ -1,7 +1,7 @@
 {
-  "total": 60,
+  "total": 68,
   "ok": 46,
-  "notice": 10,
-  "warn": 4,
-  "error": 0
+  "notice": 6,
+  "warn": 11,
+  "error": 5
 }
diff --git a/implementations/thegraph/README.md b/implementations/thegraph/README.md
index 7f76bee8..eb2a547f 100644
--- a/implementations/thegraph/README.md
+++ b/implementations/thegraph/README.md
@@ -3,29 +3,29 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>60</b> audits in total</li>
+<li><b>68</b> audits in total</li>
 <li><span style="font-family: monospace">✅</span> <b>19</b> pass</li>
-<li><span style="font-family: monospace">💡</span> <b>25</b> notices (suggestions)</li>
-<li><span style="font-family: monospace">❗️</span> <b>9</b> warnings (optional)</li>
-<li><span style="font-family: monospace">❌</span> <b>7</b> errors (required)</li>
+<li><span style="font-family: monospace">💡</span> <b>21</b> notices (suggestions)</li>
+<li><span style="font-family: monospace">❗️</span> <b>11</b> warnings (optional)</li>
+<li><span style="font-family: monospace">❌</span> <b>17</b> errors (required)</li>
 </ul>
 
 <h2>Passing</h2>
 <ol>
 <li><code>4655</code> MUST accept application/json and match the content-type</li>
-<li><code>47DE</code> SHOULD accept */* and use application/json for the content-type</li>
-<li><code>80D8</code> SHOULD assume application/json content-type when accept is missing</li>
+<li><code>47DE</code> SHOULD accept */* and use application/graphql-response+json or application/json for the content-type</li>
+<li><code>80D8</code> SHOULD assume application/json or application/graphql-response+json content-type when accept is missing</li>
 <li><code>82A3</code> MUST use utf-8 encoding when responding</li>
 <li><code>BF61</code> MUST accept utf-8 encoded request</li>
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
 <li><code>2C94</code> MUST accept POST requests</li>
 <li><code>5A70</code> MAY accept application/x-www-form-urlencoded formatted GET requests</li>
 <li><code>03D4</code> MUST accept application/json POST requests</li>
-<li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
-<li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
-<li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
+<li><code>34A2</code> MUST allow string {query} parameter when accepting application/graphql-response+json</li>
+<li><code>8161</code> MUST allow string {operationName} parameter when accepting application/graphql-response+json</li>
+<li><code>2EA1</code> MUST allow map {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>D6D5</code> MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json</li>
-<li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
+<li><code>428F</code> MUST allow map {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>572B</code> SHOULD use 200 status code on document parsing failure when accepting application/json</li>
 <li><code>FDE2</code> SHOULD use 200 status code on document validation failure when accepting application/json</li>
 <li><code>7B9B</code> SHOULD use a status code of 200 on variable coercion failure when accepting application/json</li>
@@ -614,9 +614,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter
+<li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -648,7 +648,7 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter
+<li><code>BCF8</code> MAY use 400 status code on JSON parsing failure
 <details>
 <summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
@@ -682,9 +682,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter
+<li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -716,7 +716,7 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter
+<li><code>3E3A</code> MAY use 400 status code if parameters are invalid
 <details>
 <summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
@@ -750,7 +750,12 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure
+</ol>
+
+<h2>Warnings</h2>
+The server <i>SHOULD</i> support these, but is not required.
+<ol>
+<li><code>2330</code> SHOULD use 4xx status code on string {extensions} parameter when accepting application/graphql-response+json
 <details>
 <summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
@@ -784,9 +789,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>BCF8</code> MAY use 400 status code on JSON parsing failure
+<li><code>2331</code> SHOULD use 4xx status code on number {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -818,9 +823,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid
+<li><code>2332</code> SHOULD use 4xx status code on boolean {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status is not between 400 and 599</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -852,9 +857,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-<li><code>3E3A</code> MAY use 400 status code if parameters are invalid
+<li><code>2333</code> SHOULD use 4xx status code on array {extensions} parameter when accepting application/graphql-response+json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response status is not between 400 and 499</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -886,14 +891,9 @@ The server <i>MAY</i> support these, but are truly optional. These are suggestio
 </code></pre>
 </details>
 </li>
-</ol>
-
-<h2>Warnings</h2>
-The server <i>SHOULD</i> support these, but is not required.
-<ol>
-<li><code>22EB</code> SHOULD accept application/graphql-response+json and match the content-type
+<li><code>58B0</code> SHOULD use 4xx or 5xx status codes on string {extensions} parameter when accepting application/json
 <details>
-<summary>Response header content-type does not contain application/graphql-response+json</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -925,9 +925,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json
+<li><code>58B1</code> SHOULD use 4xx or 5xx status codes on number {extensions} parameter when accepting application/json
 <details>
-<summary>Response body execution result has a property "errors"</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -959,9 +959,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>94B1</code> SHOULD allow null {operationName} parameter when accepting application/graphql-response+json
+<li><code>58B2</code> SHOULD use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/json
 <details>
-<summary>Response body execution result has a property "errors"</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -993,9 +993,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json
+<li><code>58B3</code> SHOULD use 4xx or 5xx status codes on array {extensions} parameter when accepting application/json
 <details>
-<summary>Response body execution result has a property "errors"</summary>
+<summary>Response status is not between 400 and 599</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -1027,9 +1027,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+<li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
 <details>
-<summary>Response status is not between 400 and 599</summary>
+<summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -1061,7 +1061,7 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+<li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
 <details>
 <summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
@@ -1095,9 +1095,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>51FE</code> SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+<li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json
 <details>
-<summary>Response status is not between 400 and 599</summary>
+<summary>Response status code is not 400</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -1129,9 +1129,14 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>74FF</code> SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+</ol>
+
+<h2>Errors</h2>
+The server <b>MUST</b> support these.
+<ol>
+<li><code>22EB</code> MUST accept application/graphql-response+json and match the content-type
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response header content-type does not contain application/graphql-response+json</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -1163,9 +1168,9 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-<li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json
+<li><code>13EE</code> MUST allow string {query} parameter when accepting application/json
 <details>
-<summary>Response status code is not 400</summary>
+<summary>Response body execution result has a property "errors"</summary>
 <pre><code class="lang-json">{
   "statusText": "OK",
   "status": 200,
@@ -1197,12 +1202,7 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
-</ol>
-
-<h2>Errors</h2>
-The server <b>MUST</b> support these.
-<ol>
-<li><code>13EE</code> MUST allow string {query} parameter when accepting application/json
+<li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json
 <details>
 <summary>Response body execution result has a property "errors"</summary>
 <pre><code class="lang-json">{
@@ -1236,7 +1236,7 @@ The server <b>MUST</b> support these.
 </code></pre>
 </details>
 </li>
-<li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json
+<li><code>94B0</code> MUST allow null {variables} parameter when accepting application/graphql-response+json
 <details>
 <summary>Response body execution result has a property "errors"</summary>
 <pre><code class="lang-json">{
@@ -1304,6 +1304,40 @@ The server <b>MUST</b> support these.
 </code></pre>
 </details>
 </li>
+<li><code>94B1</code> MUST allow null {operationName} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response body execution result has a property "errors"</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "vary": "Accept-Encoding",
+    "transfer-encoding": "chunked",
+    "set-cookie": "<omitted>",
+    "server": "cloudflare",
+    "last-modified": "Mon, 02 Dec 2024 20:56:39 GMT",
+    "expires": "<timestamp>",
+    "etag": "W/\"cffa996b9fb9470d034909269c4d8d0f\"",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-encoding": "br",
+    "connection": "keep-alive",
+    "cf-ray": "<omitted>",
+    "cf-cache-status": "HIT",
+    "cache-control": "public, max-age=3600",
+    "age": "<omitted>"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "This endpoint has been removed. If you have any questions, reach out to support@thegraph.zendesk.com"
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
 <li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json
 <details>
 <summary>Response body execution result has a property "errors"</summary>
@@ -1338,6 +1372,40 @@ The server <b>MUST</b> support these.
 </code></pre>
 </details>
 </li>
+<li><code>94B2</code> MUST allow null {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response body execution result has a property "errors"</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "vary": "Accept-Encoding",
+    "transfer-encoding": "chunked",
+    "set-cookie": "<omitted>",
+    "server": "cloudflare",
+    "last-modified": "Mon, 02 Dec 2024 20:56:39 GMT",
+    "expires": "<timestamp>",
+    "etag": "W/\"cffa996b9fb9470d034909269c4d8d0f\"",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-encoding": "br",
+    "connection": "keep-alive",
+    "cf-ray": "<omitted>",
+    "cf-cache-status": "HIT",
+    "cache-control": "public, max-age=3600",
+    "age": "<omitted>"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "This endpoint has been removed. If you have any questions, reach out to support@thegraph.zendesk.com"
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
 <li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json
 <details>
 <summary>Response body execution result has a property "errors"</summary>
@@ -1406,6 +1474,142 @@ The server <b>MUST</b> support these.
 </code></pre>
 </details>
 </li>
+<li><code>0280</code> MUST use 4xx or 5xx status codes on string {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "vary": "Accept-Encoding",
+    "transfer-encoding": "chunked",
+    "set-cookie": "<omitted>",
+    "server": "cloudflare",
+    "last-modified": "Mon, 02 Dec 2024 20:56:39 GMT",
+    "expires": "<timestamp>",
+    "etag": "W/\"cffa996b9fb9470d034909269c4d8d0f\"",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-encoding": "br",
+    "connection": "keep-alive",
+    "cf-ray": "<omitted>",
+    "cf-cache-status": "HIT",
+    "cache-control": "public, max-age=3600",
+    "age": "<omitted>"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "This endpoint has been removed. If you have any questions, reach out to support@thegraph.zendesk.com"
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0281</code> MUST use 4xx or 5xx status codes on number {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "vary": "Accept-Encoding",
+    "transfer-encoding": "chunked",
+    "set-cookie": "<omitted>",
+    "server": "cloudflare",
+    "last-modified": "Mon, 02 Dec 2024 20:56:39 GMT",
+    "expires": "<timestamp>",
+    "etag": "W/\"cffa996b9fb9470d034909269c4d8d0f\"",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-encoding": "br",
+    "connection": "keep-alive",
+    "cf-ray": "<omitted>",
+    "cf-cache-status": "HIT",
+    "cache-control": "public, max-age=3600",
+    "age": "<omitted>"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "This endpoint has been removed. If you have any questions, reach out to support@thegraph.zendesk.com"
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0282</code> MUST use 4xx or 5xx status codes on boolean {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "vary": "Accept-Encoding",
+    "transfer-encoding": "chunked",
+    "set-cookie": "<omitted>",
+    "server": "cloudflare",
+    "last-modified": "Mon, 02 Dec 2024 20:56:39 GMT",
+    "expires": "<timestamp>",
+    "etag": "W/\"cffa996b9fb9470d034909269c4d8d0f\"",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-encoding": "br",
+    "connection": "keep-alive",
+    "cf-ray": "<omitted>",
+    "cf-cache-status": "HIT",
+    "cache-control": "public, max-age=3600",
+    "age": "<omitted>"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "This endpoint has been removed. If you have any questions, reach out to support@thegraph.zendesk.com"
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>0283</code> MUST use 4xx or 5xx status codes on array {extensions} parameter when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "vary": "Accept-Encoding",
+    "transfer-encoding": "chunked",
+    "set-cookie": "<omitted>",
+    "server": "cloudflare",
+    "last-modified": "Mon, 02 Dec 2024 20:56:39 GMT",
+    "expires": "<timestamp>",
+    "etag": "W/\"cffa996b9fb9470d034909269c4d8d0f\"",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-encoding": "br",
+    "connection": "keep-alive",
+    "cf-ray": "<omitted>",
+    "cf-cache-status": "HIT",
+    "cache-control": "public, max-age=3600",
+    "age": "<omitted>"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "This endpoint has been removed. If you have any questions, reach out to support@thegraph.zendesk.com"
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json
 <details>
 <summary>Response body execution result has a property "errors"</summary>
@@ -1440,4 +1644,72 @@ The server <b>MUST</b> support these.
 </code></pre>
 </details>
 </li>
+<li><code>865D</code> MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "vary": "Accept-Encoding",
+    "transfer-encoding": "chunked",
+    "set-cookie": "<omitted>",
+    "server": "cloudflare",
+    "last-modified": "Mon, 02 Dec 2024 20:56:39 GMT",
+    "expires": "<timestamp>",
+    "etag": "W/\"cffa996b9fb9470d034909269c4d8d0f\"",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-encoding": "br",
+    "connection": "keep-alive",
+    "cf-ray": "<omitted>",
+    "cf-cache-status": "HIT",
+    "cache-control": "public, max-age=3600",
+    "age": "<omitted>"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "This endpoint has been removed. If you have any questions, reach out to support@thegraph.zendesk.com"
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
+<li><code>51FE</code> MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+<details>
+<summary>Response status is not between 400 and 599</summary>
+<pre><code class="lang-json">{
+  "statusText": "OK",
+  "status": 200,
+  "headers": {
+    "vary": "Accept-Encoding",
+    "transfer-encoding": "chunked",
+    "set-cookie": "<omitted>",
+    "server": "cloudflare",
+    "last-modified": "Mon, 02 Dec 2024 20:56:39 GMT",
+    "expires": "<timestamp>",
+    "etag": "W/\"cffa996b9fb9470d034909269c4d8d0f\"",
+    "date": "<timestamp>",
+    "content-type": "application/json",
+    "content-encoding": "br",
+    "connection": "keep-alive",
+    "cf-ray": "<omitted>",
+    "cf-cache-status": "HIT",
+    "cache-control": "public, max-age=3600",
+    "age": "<omitted>"
+  },
+  "body": {
+    "errors": [
+      {
+        "message": "This endpoint has been removed. If you have any questions, reach out to support@thegraph.zendesk.com"
+      }
+    ]
+  }
+}
+</code></pre>
+</details>
+</li>
 </ol>
diff --git a/implementations/thegraph/report.json b/implementations/thegraph/report.json
index 22374362..553c5b64 100644
--- a/implementations/thegraph/report.json
+++ b/implementations/thegraph/report.json
@@ -1,7 +1,7 @@
 {
-  "total": 60,
+  "total": 68,
   "ok": 19,
-  "notice": 25,
-  "warn": 9,
-  "error": 7
+  "notice": 21,
+  "warn": 11,
+  "error": 17
 }
diff --git a/src/audits/server.ts b/src/audits/server.ts
index c3708540..77551396 100644
--- a/src/audits/server.ts
+++ b/src/audits/server.ts
@@ -40,9 +40,8 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
   return [
     // Media Types
     audit(
-      // TODO: convert to MUST after watershed
       '22EB',
-      'SHOULD accept application/graphql-response+json and match the content-type',
+      'MUST accept application/graphql-response+json and match the content-type',
       async () => {
         const res = await fetchFn(await getUrl(opts.url), {
           method: 'POST',
@@ -76,7 +75,7 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
     ),
     audit(
       '47DE',
-      'SHOULD accept */* and use application/json for the content-type',
+      'SHOULD accept */* and use application/graphql-response+json or application/json for the content-type',
       async () => {
         const res = await fetchFn(await getUrl(opts.url), {
           method: 'POST',
@@ -87,12 +86,18 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
           body: JSON.stringify({ query: '{ __typename }' }),
         });
         ressert(res).status.toBe(200);
-        ressert(res).header('content-type').toContain('application/json');
+        try {
+          ressert(res)
+            .header('content-type')
+            .toContain('application/graphql-response+json');
+        } catch {
+          ressert(res).header('content-type').toContain('application/json');
+        }
       },
     ),
     audit(
       '80D8',
-      'SHOULD assume application/json content-type when accept is missing',
+      'SHOULD assume application/json or application/graphql-response+json content-type when accept is missing',
       async () => {
         const res = await fetchFn(await getUrl(opts.url), {
           method: 'POST',
@@ -103,7 +108,13 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
         });
 
         ressert(res).status.toBe(200);
-        ressert(res).header('content-type').toContain('application/json');
+        try {
+          ressert(res)
+            .header('content-type')
+            .toContain('application/graphql-response+json');
+        } catch {
+          ressert(res).header('content-type').toContain('application/json');
+        }
       },
     ),
     audit('82A3', 'MUST use utf-8 encoding when responding', async () => {
@@ -255,9 +266,8 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
       ),
     ),
     audit(
-      // TODO: convert to MUST after watershed
       '34A2',
-      'SHOULD allow string {query} parameter when accepting application/graphql-response+json',
+      'MUST allow string {query} parameter when accepting application/graphql-response+json',
       async () => {
         const res = await fetchFn(await getUrl(opts.url), {
           method: 'POST',
@@ -312,9 +322,8 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
       ),
     ),
     audit(
-      // TODO: convert to MUST after watershed
       '8161',
-      'SHOULD allow string {operationName} parameter when accepting application/graphql-response+json',
+      'MUST allow string {operationName} parameter when accepting application/graphql-response+json',
       async () => {
         const res = await fetchFn(await getUrl(opts.url), {
           method: 'POST',
@@ -353,8 +362,7 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
       (parameter, index) => [
         audit(
           `94B${index}`,
-          // TODO: convert to MUST after watershed
-          `SHOULD allow null {${parameter}} parameter when accepting application/graphql-response+json`,
+          `MUST allow null {${parameter}} parameter when accepting application/graphql-response+json`,
           async () => {
             const res = await fetchFn(await getUrl(opts.url), {
               method: 'POST',
@@ -418,9 +426,8 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
       ),
     ),
     audit(
-      // TODO: convert to MUST after watershed
       '2EA1',
-      'SHOULD allow map {variables} parameter when accepting application/graphql-response+json',
+      'MUST allow map {variables} parameter when accepting application/graphql-response+json',
       async () => {
         const res = await fetchFn(await getUrl(opts.url), {
           method: 'POST',
@@ -496,32 +503,75 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
         await ressert(res).bodyAsExecutionResult.notToHaveProperty('errors');
       },
     ),
+    ...['string', 0, false, ['array']].map((invalid, index) =>
+      audit(
+        `028${index}`,
+        `MUST use 4xx or 5xx status codes on ${extendedTypeof(
+          invalid,
+        )} {extensions} parameter when accepting application/graphql-response+json`,
+        async () => {
+          const res = await fetchFn(await getUrl(opts.url), {
+            method: 'POST',
+            headers: {
+              'content-type': 'application/json',
+              accept: 'application/graphql-response+json',
+            },
+            body: JSON.stringify({
+              query: '{ __typename }',
+              extensions: invalid,
+            }),
+          });
+          ressert(res).status.toBeBetween(400, 599);
+        },
+      ),
+    ),
+    ...['string', 0, false, ['array']].map((invalid, index) =>
+      audit(
+        `233${index}`,
+        `SHOULD use 4xx status code on ${extendedTypeof(
+          invalid,
+        )} {extensions} parameter when accepting application/graphql-response+json`,
+        async () => {
+          const res = await fetchFn(await getUrl(opts.url), {
+            method: 'POST',
+            headers: {
+              'content-type': 'application/json',
+              accept: 'application/graphql-response+json',
+            },
+            body: JSON.stringify({
+              query: '{ __typename }',
+              extensions: invalid,
+            }),
+          });
+          ressert(res).status.toBeBetween(400, 499);
+        },
+      ),
+    ),
     ...['string', 0, false, ['array']].map((invalid, index) =>
       audit(
         `58B${index}`,
-        // TODO: convert to MUST after watershed
-        `MAY use 400 status code on ${extendedTypeof(
+        `SHOULD use 4xx or 5xx status codes on ${extendedTypeof(
           invalid,
-        )} {extensions} parameter`,
+        )} {extensions} parameter when accepting application/json`,
         async () => {
           const res = await fetchFn(await getUrl(opts.url), {
             method: 'POST',
             headers: {
               'content-type': 'application/json',
+              accept: 'application/json',
             },
             body: JSON.stringify({
               query: '{ __typename }',
               extensions: invalid,
             }),
           });
-          ressert(res).status.toBe(400);
+          ressert(res).status.toBeBetween(400, 599);
         },
       ),
     ),
     audit(
-      // TODO: convert to MUST after watershed
       '428F',
-      'SHOULD allow map {extensions} parameter when accepting application/graphql-response+json',
+      'MUST allow map {extensions} parameter when accepting application/graphql-response+json',
       async () => {
         const res = await fetchFn(await getUrl(opts.url), {
           method: 'POST',
@@ -670,9 +720,8 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
     ),
     // Response application/graphql-response+json
     audit(
-      // TODO: convert to MUST after watershed
       '865D',
-      'SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json',
+      'MUST use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json',
       async () => {
         const res = await fetchFn(await getUrl(opts.url), {
           method: 'POST',
@@ -722,9 +771,8 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
       },
     ),
     audit(
-      // TODO: convert to MUST after watershed
       '51FE',
-      'SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json',
+      'MUST use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json',
       async () => {
         const res = await fetchFn(await getUrl(opts.url), {
           method: 'POST',