What is Mage Scan?

Mage Scan is a service to help merchants and developers check their sites against recommended Magento security standards.

We crawl your store looking for signs of outdated software, missing patches, and general bad practices.

The Bots

User Agent: Mage Scan (https://magescan.com/about#bots)

All of our bots use the above User Agent. We realize not everyone wants to be crawled. An easy way to stop us from scanning your site is to block requests with this signature.

Rate Limits

There are two kinds of rate limits:

Scan Per Site Limit

We don't want a user to scan the same site over and over as this can cause a denial of service. The number of times a user can scan the same domain repeatedly is called a scan per site limit.

Total Scan Limit

We do, however, want to allow merchants to scan several of their sites on different domains in one go. We need to limit this too so that one user doesn't hog up too much space in the queue. This is called a total scan limit.

Guests

  • 1 scan per site in a 24 hour period
  • 10 total scans in a 60 minute period

Scans initiated by Guests are given lowest priority in the queue.

Registered Users

  • 1 scan per site in a 12 hour period.
  • 25 total scans in a 60 minute period.

Scans initiated by Registered Users are given a higher priority in the queue than Guests.

Domain Owners

  • 5 scans per owned site in a 1 hour period.
  • 25 total scans in a 60 minute period.

Scans initiated by Owners on owned domains are given a higher priority in the queue than Registered users.