About agentify-scanner
This page identifies the scanner honestly and describes the outbound behavior target-site operators can expect.
On this page
Identity and contact
Scanner user agent: agentify-scanner/1.0 (+https://agentify.ad/scanner)
Operator: Operator identity pending confirmation. Abuse and opt-out contact: abuse@agentify.ad.
The production domain is active, but final legal identity remains a paid-launch blocker.
Request behavior
- GET and HEAD only; no JavaScript, cookies, credentials, forms, or browser session.
- Public HTTP(S) on ports 80 and 443 only.
- At most 5 redirects, revalidated at every hop.
- At most 18 outbound requests per scan and 2 concurrent requests per origin.
- Individual fetch timeout at 8 seconds; global result target within 60 seconds.
Robots behavior
We fetch /robots.txt first. If the scanner or wildcard group disallows the submitted path, content checks are marked unavailable. We do not bypass that rule.
Body and safety limits
Decoded HTML is capped at 2 MiB, robots at 512 KiB, discovery JSON at 1 MiB, and sitemap data at 5 MiB. Every DNS result and redirect destination must be public global unicast; private, local, reserved, metadata, credentialed, and secret-bearing URLs are rejected.
Cache and retention
Eligible technical snapshots may be cached for 24 hours. We do not retain target raw bodies, cookies, full headers, credentials, or raw IP addresses. Structured scan facts follow the retention described in the privacy page.
Opt out or report a problem
Send the affected host, approximate UTC time, and request identifier if available to abuse@agentify.ad. Do not email access tokens, private URLs, credentials, or personal data.