أنواع الفحص

سلبي

Available on every tier. A passive scan never submits forms or uses owner credentials — it fetches the URL like a normal browser, renders the page, and checks crawlability, search presentation, structured content, media, performance, accessibility, forms, mobile/i18n, and runtime signals against 90+ quality checks.

Because it's read-only, passive can run against any URL you are authorized to scan. The trade-off is depth: passive misses private dashboards, account flows, checkout states, and owner-only routes.

What passive catches

• Broken crawl/indexation controls: robots, sitemap, noindex, canonicals, 4xx/5xx pages.
• Weak search presentation: missing or duplicated titles, snippets, favicon, and Open Graph metadata.
• Semantic content and schema issues: heading skips, missing main landmarks, thin content, invalid JSON-LD.
• Media quality issues: missing alt text, weak alt text, missing dimensions, and lazy-loaded hero images.
• Performance delivery risks: heavy payloads, too many scripts, third-party pressure, and font volume.
• Accessibility and form defects: missing language, skip links, button names, labels, and autocomplete hints.
• Mobile, PWA, i18n, runtime, failed-request, and blank-render signals.
• Live monitoring signals on paid plans: certificate, DNS, and external listing changes.
• Repo-connected template and quality-tooling patterns on paid plans.

Owner-depth Hobby+

Owner-depth scans reuse the website-quality modules against verified domains and, optionally, authenticated/private routes through a short-lived test-account header you provide. Available on the Hobby plan and higher tiers (Pro, Unlimited), and requires domain ownership verification.

Why we gate it: the attestation flow

Owner-depth scans can crawl private URLs or account states when configured. We require you to:

1. Verify the domain via DNS TXT or an HTTP file (Account -> Domains).
2. Attest authorization — a single confirmation at scan-start time saying you own or have permission to scan the site. Server-stamped with your IP, user-agent, and timestamp; written to audit_logs.

For scheduled re-scans, the attestation is recorded once at first verification and inherited by every subsequent run until you disable the schedule. REST API and MCP starts remain passive-only; owner-depth scans must be started from the website UI.

مستودع GitHub Pro+

Repo scans skip the URL phases entirely. They pull a tarball of your default branch over the FixWeb GitHub App (or your OAuth token), process the source in memory, and emit findings against checks under the code.* namespace: crawl-control files, template image issues, metadata patterns, and missing quality automation.

لا تكتب فحوص المستودعات إلى مستودعك ولا تحفظ الشفرة المصدرية أبدًا — يُخزن دليل النتيجة فقط. الحصة: نفس دلو scansPerMonth المستخدم لفحوص URL.

التشغيل عبر API

curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://staging.example.com"}'

Owner-depth mode is not exposed via API — the attestation flow is on-site only, by design. Full reference: /docs/api.

فحوص مجهولة لمرة واحدة

تتيح الصفحة الرئيسية للزوار غير المسجلين تشغيل فحص سلبي واحد لكل جلسة متصفح. تنتهي هذه الفحوص بعد 24 ساعة من إنشائها، ويمكن ترحيلها إلى حساب حقيقي بالتسجيل قبل انتهاء صلاحيتها — يربط استدعاء المصادقة الفحص المجهول تلقائيًا بالمؤسسة الجديدة.