FixWeb

// docs / scans

Scan-typen

FixWeb runs three kinds of scans against three kinds of targets. Each has different gating, different speed, and different depth — pick the one that matches what you're improving.

Passief

Available on every tier. A passive scan never submits forms or uses owner credentials — it fetches the URL like a normal browser, renders the page, and checks crawlability, search presentation, structured content, media, performance, accessibility, forms, mobile/i18n, and runtime signals against 90+ quality checks.

Because it's read-only, passive can run against any URL you are authorized to scan. The trade-off is depth: passive misses private dashboards, account flows, checkout states, and owner-only routes.

What passive catches

  • Broken crawl/indexation controls: robots, sitemap, noindex, canonicals, 4xx/5xx pages.
  • Weak search presentation: missing or duplicated titles, snippets, favicon, and Open Graph metadata.
  • Semantic content and schema issues: heading skips, missing main landmarks, thin content, invalid JSON-LD.
  • Media quality issues: missing alt text, weak alt text, missing dimensions, and lazy-loaded hero images.
  • Performance delivery risks: heavy payloads, too many scripts, third-party pressure, and font volume.
  • Accessibility and form defects: missing language, skip links, button names, labels, and autocomplete hints.
  • Mobile, PWA, i18n, runtime, failed-request, and blank-render signals.
  • Live monitoring signals on paid plans: certificate, DNS, and external listing changes.
  • Repo-connected template and quality-tooling patterns on paid plans.

Owner-depth Hobby+

Owner-depth scans reuse the website-quality modules against verified domains and, optionally, authenticated/private routes through a short-lived test-account header you provide. Available on the Hobby plan and higher tiers (Pro, Unlimited), and requires domain ownership verification.

Why we gate it: the attestation flow

Owner-depth scans can crawl private URLs or account states when configured. We require you to:

  1. Verify the domain via DNS TXT or an HTTP file (Account -> Domains).
  2. Attest authorization — a single confirmation at scan-start time saying you own or have permission to scan the site. Server-stamped with your IP, user-agent, and timestamp; written to audit_logs.

For scheduled re-scans, the attestation is recorded once at first verification and inherited by every subsequent run until you disable the schedule. REST API and MCP starts remain passive-only; owner-depth scans must be started from the website UI.

GitHub-repository Pro+

Repo scans skip the URL phases entirely. They pull a tarball of your default branch over the FixWeb GitHub App (or your OAuth token), process the source in memory, and emit findings against checks under the code.* namespace: crawl-control files, template image issues, metadata patterns, and missing quality automation.

Repo-scans schrijven nooit naar je repo en bewaren nooit broncode — alleen bewijs bij bevindingen wordt opgeslagen. Quota: dezelfde scansPerMonth-bucket als URL-scans.

Triggeren via API

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://staging.example.com"}'

Owner-depth mode is not exposed via API — the attestation flow is on-site only, by design. Full reference: /docs/api.

Anonieme eenmalige scans

Op de homepagina kunnen bezoekers zonder account één passieve scan per browsersessie uitvoeren. Deze scans verlopen 24 uur na aanmaak en kunnen naar een echt account worden gemigreerd als je je registreert voordat ze verlopen — de auth callback koppelt de anonieme scan automatisch aan de nieuwe org.

Scan-typen — Docs · FixWeb