- Contact Forms: If you have a contact form or support form (or anything similar), please make sure there is a CAPTCHA as part of the form. If there isn't a CAPTCHA, we'll find that form, and we will send a lot of email to you by submitting it. Please be aware of this, and just ensure you're ready for an influx of messages if you choose not to have a CAPTCHA on the form. To learn more read about our CAPTCHA recommendations.
- Staging Server: If you have a staging or test environment, we highly suggest using our scanner on that environment first, even if it isn't a perfect copy of what's in production. We have tried immensely hard to make our scanner as non-malicious as possible, and are working on an even more lightweight version that is 100% safe to run against production servers, but for now, if possible, test before running against a production server. If you don't have a staging server, then feel free to run against a production server (we're quite confident we won't hurt your website), but be sure to have your engineers standing by for the first scan, just in case.
- Request Rate: The default rate that scanner uses to send requests to your website is 40 requests/second for the full scans (10 requests/second on the free entrance scans). We try to back off the request rate if your service seems to be struggling, but sometimes the target servers quickly reach hard limits like memory (if severely underpowered) before we can react. You can change the target request rate from the Sites page or even during a scan!
- Scan Limit: Although you're certainly free to run scans on-demand, bear in mind that they still count against your monthly scan limit, and future scheduled scans may not run if you're past that limit.
As always, if you have any questions or issues at all, please feel free to contact us in our Support Chat or via any of the methods listed on our Contact Page and we'll be more than happy to assist.