د scan ډولونه

غیر فعال

Available on every tier. A passive scan never submits forms or uses owner credentials — it fetches the URL like a normal browser, renders the page, and checks crawlability, search presentation, structured content, media, performance, accessibility, forms, mobile/i18n, and runtime signals against 90+ quality checks.

Because it's read-only, passive can run against any URL you are authorized to scan. The trade-off is depth: passive misses private dashboards, account flows, checkout states, and owner-only routes.

What passive catches

• Broken crawl/indexation controls: robots, sitemap, noindex, canonicals, 4xx/5xx pages.
• Weak search presentation: missing or duplicated titles, snippets, favicon, and Open Graph metadata.
• Semantic content and schema issues: heading skips, missing main landmarks, thin content, invalid JSON-LD.
• Media quality issues: missing alt text, weak alt text, missing dimensions, and lazy-loaded hero images.
• Performance delivery risks: heavy payloads, too many scripts, third-party pressure, and font volume.
• Accessibility and form defects: missing language, skip links, button names, labels, and autocomplete hints.
• Mobile, PWA, i18n, runtime, failed-request, and blank-render signals.
• Live monitoring signals on paid plans: certificate, DNS, and external listing changes.
• Repo-connected template and quality-tooling patterns on paid plans.

Owner-depth Hobby+

Owner-depth scans reuse the website-quality modules against verified domains and, optionally, authenticated/private routes through a short-lived test-account header you provide. Available on the Hobby plan and higher tiers (Pro, Unlimited), and requires domain ownership verification.

Why we gate it: the attestation flow

Owner-depth scans can crawl private URLs or account states when configured. We require you to:

1. Verify the domain via DNS TXT or an HTTP file (Account -> Domains).
2. Attest authorization — a single confirmation at scan-start time saying you own or have permission to scan the site. Server-stamped with your IP, user-agent, and timestamp; written to audit_logs.

For scheduled re-scans, the attestation is recorded once at first verification and inherited by every subsequent run until you disable the schedule. REST API and MCP starts remain passive-only; owner-depth scans must be started from the website UI.

GitHub repository Pro+

Repo scans skip the URL phases entirely. They pull a tarball of your default branch over the FixWeb GitHub App (or your OAuth token), process the source in memory, and emit findings against checks under the code.* namespace: crawl-control files, template image issues, metadata patterns, and missing quality automation.

Repo scans ستاسو repo ته هېڅکله write نه کوي او source code هېڅکله persist نه کوي — یوازې finding evidence stored کېږي. Quota: د URL scans په شان هماغه scansPerMonth bucket.

د API له لارې trigger

curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://staging.example.com"}'

Owner-depth mode is not exposed via API — the attestation flow is on-site only, by design. Full reference: /docs/api.

Anonymous one-shot scans

Home page unsigned-up visitors ته په هر browser session کې یو passive scan چلولو اجازه ورکوي. دا scans له creation وروسته 24 hours کې expire کېږي او که له expire مخکې sign up وشي real account ته migrated کېدای شي — auth callback په اوتومات ډول anonymous scan نوي org ته attach کوي.