FixWeb

// docs / scans

Mataqali scan

FixWeb runs three kinds of scans against three kinds of targets. Each has different gating, different speed, and different depth β€” pick the one that matches what you're improving.

Passive scan

Available on every tier. A passive scan never submits forms or uses owner credentials β€” it fetches the URL like a normal browser, renders the page, and checks crawlability, search presentation, structured content, media, performance, accessibility, forms, mobile/i18n, and runtime signals against 90+ quality checks.

Because it's read-only, passive can run against any URL you are authorized to scan. The trade-off is depth: passive misses private dashboards, account flows, checkout states, and owner-only routes.

What passive catches

  • Broken crawl/indexation controls: robots, sitemap, noindex, canonicals, 4xx/5xx pages.
  • Weak search presentation: missing or duplicated titles, snippets, favicon, and Open Graph metadata.
  • Semantic content and schema issues: heading skips, missing main landmarks, thin content, invalid JSON-LD.
  • Media quality issues: missing alt text, weak alt text, missing dimensions, and lazy-loaded hero images.
  • Performance delivery risks: heavy payloads, too many scripts, third-party pressure, and font volume.
  • Accessibility and form defects: missing language, skip links, button names, labels, and autocomplete hints.
  • Mobile, PWA, i18n, runtime, failed-request, and blank-render signals.
  • Live monitoring signals on paid plans: certificate, DNS, and external listing changes.
  • Repo-connected template and quality-tooling patterns on paid plans.

Owner-depth Hobby+

Owner-depth scans reuse the website-quality modules against verified domains and, optionally, authenticated/private routes through a short-lived test-account header you provide. Available on the Hobby plan and higher tiers (Pro, Unlimited), and requires domain ownership verification.

Why we gate it: the attestation flow

Owner-depth scans can crawl private URLs or account states when configured. We require you to:

  1. Verify the domain via DNS TXT or an HTTP file (Account -> Domains).
  2. Attest authorization β€” a single confirmation at scan-start time saying you own or have permission to scan the site. Server-stamped with your IP, user-agent, and timestamp; written to audit_logs.

For scheduled re-scans, the attestation is recorded once at first verification and inherited by every subsequent run until you disable the schedule. REST API and MCP starts remain passive-only; owner-depth scans must be started from the website UI.

GitHub repository scan Pro+

Repo scans skip the URL phases entirely. They pull a tarball of your default branch over the FixWeb GitHub App (or your OAuth token), process the source in memory, and emit findings against checks under the code.* namespace: crawl-control files, template image issues, metadata patterns, and missing quality automation.

Repo scans e sega ni write ki nomu repo ka sega ni persist source code β€” finding evidence ga e stored. Quota: same scansPerMonth bucket as URL scans.

Trigger ena API

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://staging.example.com"}'

Owner-depth mode is not exposed via API β€” the attestation flow is on-site only, by design. Full reference: /docs/api.

Anonymous one-shot scans sega ni kilai

Na home page e vakatara unsigned-up visitors me ra run e dua ga na passive scan ena browser session yadua. Na scans oqo e expire 24 hours after creation ka rawa ni migrated ki na real account ni sign up ni bera ni expire β€” na auth callback e attach vakataki koya na anonymous scan ki na org vou.

Mataqali scan β€” Docs Β· FixWeb