FixWeb

// docs / scans

Loại quét

FixWeb runs three kinds of scans against three kinds of targets. Each has different gating, different speed, and different depth — pick the one that matches what you're improving.

Thụ động

Available on every tier. A passive scan never submits forms or uses owner credentials — it fetches the URL like a normal browser, renders the page, and checks crawlability, search presentation, structured content, media, performance, accessibility, forms, mobile/i18n, and runtime signals against 90+ quality checks.

Because it's read-only, passive can run against any URL you are authorized to scan. The trade-off is depth: passive misses private dashboards, account flows, checkout states, and owner-only routes.

What passive catches

  • Broken crawl/indexation controls: robots, sitemap, noindex, canonicals, 4xx/5xx pages.
  • Weak search presentation: missing or duplicated titles, snippets, favicon, and Open Graph metadata.
  • Semantic content and schema issues: heading skips, missing main landmarks, thin content, invalid JSON-LD.
  • Media quality issues: missing alt text, weak alt text, missing dimensions, and lazy-loaded hero images.
  • Performance delivery risks: heavy payloads, too many scripts, third-party pressure, and font volume.
  • Accessibility and form defects: missing language, skip links, button names, labels, and autocomplete hints.
  • Mobile, PWA, i18n, runtime, failed-request, and blank-render signals.
  • Live monitoring signals on paid plans: certificate, DNS, and external listing changes.
  • Repo-connected template and quality-tooling patterns on paid plans.

Owner-depth Hobby+

Owner-depth scans reuse the website-quality modules against verified domains and, optionally, authenticated/private routes through a short-lived test-account header you provide. Available on the Hobby plan and higher tiers (Pro, Unlimited), and requires domain ownership verification.

Why we gate it: the attestation flow

Owner-depth scans can crawl private URLs or account states when configured. We require you to:

  1. Verify the domain via DNS TXT or an HTTP file (Account -> Domains).
  2. Attest authorization — a single confirmation at scan-start time saying you own or have permission to scan the site. Server-stamped with your IP, user-agent, and timestamp; written to audit_logs.

For scheduled re-scans, the attestation is recorded once at first verification and inherited by every subsequent run until you disable the schedule. REST API and MCP starts remain passive-only; owner-depth scans must be started from the website UI.

Kho GitHub Pro+

Repo scans skip the URL phases entirely. They pull a tarball of your default branch over the FixWeb GitHub App (or your OAuth token), process the source in memory, and emit findings against checks under the code.* namespace: crawl-control files, template image issues, metadata patterns, and missing quality automation.

Quét repo không bao giờ ghi vào repo của bạn và không bao giờ lưu mã nguồn — chỉ lưu bằng chứng phát hiện. Hạn mức: cùng bucket scansPerMonth với quét URL.

Kích hoạt qua API

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://staging.example.com"}'

Owner-depth mode is not exposed via API — the attestation flow is on-site only, by design. Full reference: /docs/api.

Quét một lần ẩn danh

Trang chủ cho phép khách chưa đăng nhập chạy một lần quét thụ động duy nhất cho mỗi phiên trình duyệt. Các lần quét này hết hạn sau 24 giờ từ khi tạo và có thể chuyển vào tài khoản thật bằng cách đăng ký trước khi hết hạn — callback auth tự động gắn lần quét ẩn danh vào org mới.

Loại quét — Docs · FixWeb