What this page helps you understand
Privacy language should be clear. This page summarizes how Fixnx thinks about scan data, account data, report evidence, and sensitive artifact masking.
What Fixnx checks
Account data
Scan targets
Findings
Reports
Billing events
Masked secrets
Privacy and website security scanning
A scanner may process target URLs, response metadata, findings, scan events, and report evidence. Teams should avoid submitting secrets as target input and should use scoped accounts for authenticated tests.
Fixnx report output is designed to mask sensitive artifacts such as tokens and avoid printing raw secrets.
Public website scans generally do not require private credentials. Authenticated scans can provide more useful evidence for account-specific risks, but they should use test accounts with the least access needed for the review.
Reports should be shared thoughtfully. A report may contain URLs, route names, response behavior, security findings, and operational clues that are useful for remediation but should not be treated as public marketing copy by default.
This page is an informational product overview and should be reviewed alongside any formal legal policy your organization requires.
Example Fixnx finding
Issue: Missing browser security header
Risk: Medium
Evidence: A recommended browser protection header was not present on tested responses.
Recommended fix: Add the missing header, test it on staging, deploy, and rescan to confirm the evidence changed.
Browser hardening cannot fix vulnerable code, but it can reduce common attack impact and improve security posture.
What to fix first
- Critical exposed files, admin panels, secrets, or takeover paths.
- Broken HTTPS, missing redirects, weak SSL/TLS behavior, or unsafe cookie handling.
- Confirmed injection, XSS, access-control, authentication, or sensitive API evidence.
- High-impact security headers and browser protections that reduce attack impact.
- Medium and low hardening recommendations after the risky public evidence is fixed.
Trusted resources behind this guidance
Recommended Fixnx path
Follow these related pages to move from the current topic into the right scanner, guide, report, or comparison page without mixing search intent.
Use the main public website scanner hub for vulnerability evidence.
Sample Security ReportSee how Fixnx presents findings, severity, evidence, and fix order.
Fixnx SecurityReview Fixnx security boundaries, scope limits, and safe scanning rules.
Terms of ServiceRead the rules for authorized, defensive use of Fixnx scans.
responsible disclosureContinue through a related Fixnx page in this topic cluster.
Run this check on your site
Enter a public URL and get a live Fixnx report with security, SEO, and performance checks.
Scan now. Google sign-in is only needed to unlock fix guidance.
FAQ
Does Fixnx need sensitive credentials?
Public scans do not. Authenticated scans may use provided scoped credentials or cookies for deeper testing.
Are report tokens masked?
Yes. The product is designed to display token previews rather than full raw secrets.
Should I scan customer data workflows with real accounts?
Use scoped test accounts whenever possible, especially for authenticated scans involving customer portals, orders, payments, or private dashboards.
What can I do after reading Privacy Policy?
Run a Fixnx scan, review the evidence, fix the highest-risk public issues first, and rescan after deployment so the report reflects the current site.
Is Fixnx only for security teams?
No. Fixnx is written for developers, agencies, founders, and security teams that need practical website risk evidence without a long setup process.
