SiteScan Analyzer Documentation

Identifies pages returning 4xx (client errors) and 5xx (server errors) HTTP status codes, and maps which internal pages link to them.

Detects pages that return HTTP 200 but behave like error pages (soft 404s) using multi-signal scoring: reference matching, phrase detection, and statistical anomaly.

Analyzes HTTP redirect chains, detecting excessive hops, external redirects, and structural link rot from internal pages pointing to redirected URLs.

Comprehensive character encoding analysis: missing charset declarations, mismatches between HTTP and HTML charset, mojibake patterns, BOM presence, and double-encoding.

Analyzes robots.txt format, directives, and effectiveness. Checks for missing or malformed files, overly restrictive rules, sitemap presence, and crawl budget impact.

Checks viewport meta tag presence and configuration for mobile-friendly design. Detects missing viewports, disabled zoom, fixed-width layouts, and inconsistent viewport coverage.

Detects meta robots directives (noindex, nofollow) and meta refresh redirects across all pages. Flags critical issues like noindex on homepage, sitemap conflicts, and HTML-level redirects.

Per-URL analysis of HTTP response headers captured by the crawler: cookie security flags, server fingerprint, X-Frame-Options / X-Content-Type-Options / HSTS coverage across all pages, ETag inode leak, TTFB statistics. Complements 014 (homepage-only score) with site-wide coverage.

Validates H1-H6 heading hierarchy, checking for missing H1, multiple H1 tags, and heading level skips that harm SEO and accessibility.

Finds pages sharing identical H1 headings, title tags or meta descriptions, which dilutes SEO value and confuses search engines.

Checks heading text length for SEO optimization. Headings that are too short provide little SEO value, while overly long headings may be truncated.

Validates HTML lang attributes, canonical URLs, and hreflang implementations for multilingual SEO. Checks for missing, invalid, or conflicting declarations.

Validates Open Graph meta tags and Twitter Cards for social sharing. Checks required tags, content quality, consistency with page metadata, and duplicate detection.

Evaluates image ALT text coverage and quality. Detects missing ALT attributes, empty ALT text, untranslated ALT for multilingual sites, and overly long descriptions.

Validates JSON-LD structured data blocks against Schema.org specifications. Checks syntax, required fields per type, URL format, and type recognition.

Analyzes internal linking structure using BFS from homepage. Detects orphan pages, deep pages (>4 clicks), generic anchor text, and self-linking patterns.

Compares the just-generated sitemap.xml with the previous scan's snapshot. Detects URL count spikes/drops (vs 7-day baseline) and suspicious new URLs (webshell paths, spam keywords, exotic charsets). Replaces the daily sitemap watchdog: the customer's sitemap.xml is SiteScan output, so meaningful diffs only happen between consecutive scans, not day-by-day.

Verifies that the homepage's JSON-LD structured data actually describes the real business, by comparing it against the AI-derived site profile (context_llm.json). Parses the whole document (head+body), so it catches body-injected JSON-LD that 021 misses. Two layers: deterministic NAP match (name/phone/email/locality) + neutral AI semantic judgement (Gemini) that also flags moved/empty/parked sites, language drift, or a different business — without presuming the cause. Homepage-only.

Validates all external links: detects broken links (4xx/5xx), connection failures, slow responses, HTTP-only links, and suspicious URL shorteners.

Evaluates 10 HTTP security headers using Mozilla Observatory methodology. Grades from A+ to F based on CSP, HSTS, cookie flags, CORS, X-Frame-Options, and more.

Scans JavaScript libraries for known CVE vulnerabilities using Retire.js database. Reports severity (Critical/High/Medium/Low), affected versions, and available fixes.

Detects mixed content on HTTPS sites: HTTP scripts and stylesheets (blocked by browsers), HTTP images in OG tags, HTTP canonical/internal links, protocol-relative resource URLs, and unsafe cross-origin links.

Active pentest-style server security testing: TRACE/XST, host header injection, dangerous HTTP methods, sensitive file exposure, directory listing, TLS weakness, CRLF injection, verbose errors, path traversal, backup file discovery, security.txt compliance.

Checks heading accessibility: empty headings, headings hidden via CSS, and image-only headings that screen readers cannot interpret.

Analyzes grammar, spelling, and linguistic quality across all site languages using AI (Claude/Gemini). Reports errors, warnings, and suggestions with corrected text.

Browser-based homepage analysis using headless Chrome. Reports JavaScript console errors, failed network requests, third-party domains, and page load performance metrics.

Validates static resources (CSS, JS, images, fonts): detects broken resources (4xx/5xx), oversized files (>5MB), redirected resources, and malformed URLs.