FixWeb

// docs / scans

Scanichagua

FixWeb runs three kinds of scans against three kinds of targets. Each has different gating, different speed, and different depth — pick the one that matches what you're improving.

Passive

Available on every tier. A passive scan never submits forms or uses owner credentials — it fetches the URL like a normal browser, renders the page, and checks crawlability, search presentation, structured content, media, performance, accessibility, forms, mobile/i18n, and runtime signals against 90+ quality checks.

Because it's read-only, passive can run against any URL you are authorized to scan. The trade-off is depth: passive misses private dashboards, account flows, checkout states, and owner-only routes.

What passive catches

  • Broken crawl/indexation controls: robots, sitemap, noindex, canonicals, 4xx/5xx pages.
  • Weak search presentation: missing or duplicated titles, snippets, favicon, and Open Graph metadata.
  • Semantic content and schema issues: heading skips, missing main landmarks, thin content, invalid JSON-LD.
  • Media quality issues: missing alt text, weak alt text, missing dimensions, and lazy-loaded hero images.
  • Performance delivery risks: heavy payloads, too many scripts, third-party pressure, and font volume.
  • Accessibility and form defects: missing language, skip links, button names, labels, and autocomplete hints.
  • Mobile, PWA, i18n, runtime, failed-request, and blank-render signals.
  • Live monitoring signals on paid plans: certificate, DNS, and external listing changes.
  • Repo-connected template and quality-tooling patterns on paid plans.

Owner-depth Hobby+

Owner-depth scans reuse the website-quality modules against verified domains and, optionally, authenticated/private routes through a short-lived test-account header you provide. Available on the Hobby plan and higher tiers (Pro, Unlimited), and requires domain ownership verification.

Why we gate it: the attestation flow

Owner-depth scans can crawl private URLs or account states when configured. We require you to:

  1. Verify the domain via DNS TXT or an HTTP file (Account -> Domains).
  2. Attest authorization — a single confirmation at scan-start time saying you own or have permission to scan the site. Server-stamped with your IP, user-agent, and timestamp; written to audit_logs.

For scheduled re-scans, the attestation is recorded once at first verification and inherited by every subsequent run until you disable the schedule. REST API and MCP starts remain passive-only; owner-depth scans must be started from the website UI.

GitHub repository Pro+

Repo scans skip the URL phases entirely. They pull a tarball of your default branch over the FixWeb GitHub App (or your OAuth token), process the source in memory, and emit findings against checks under the code.* namespace: crawl-control files, template image issues, metadata patterns, and missing quality automation.

Repo scan-kuéra never write pe ne repo ha never persist source code — only jejuhu evidence ha'e stored. Quota: same scansPerMonth bucket as URL scan-kuéra.

Trigger via API

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://staging.example.com"}'

Owner-depth mode is not exposed via API — the attestation flow is on-site only, by design. Full reference: /docs/api.

Anonymous one-shot scan-kuéra

The home page lets unsigned-up visitors run a single passive scan per browser session. These scan-kuéra expire 24 hours after creation ha ikatu be migrated pe a real cuenta by signing up before they expire — pe auth callback automatically attaches pe anonymous scan pe pe pyahu org.

Scanichagua — Docs · FixWeb