UpSearch
§ Secure Scan Access

Secure Scan Access: crawl protected sites without lowering defences

A secure token-based crawl path so UpSearch can audit your site without you turning off your firewall, WAF, or staging protection.

If your site blocks unknown crawlers — and most well-protected sites should — Secure Scan Access lets UpSearch through using a per-site token. You keep your protection in place, and we still get the evidence we need to run a complete audit.

What Secure Scan Access does

It is a token-based authentication layer between UpSearch and your site. You whitelist the token; UpSearch sends it on every crawl request; your firewall or WAF lets that specific traffic through.

No password sharing, no IP allowlists that you forget to revoke, no need to drop protection for the duration of a scan.

  • Per-site secure token, revocable at any time
  • Compatible with Cloudflare, Sucuri, WAF, and most hosting protections
  • Works for staging and password-protected sites
  • No persistent backdoor — only crawl requests carrying the token are allowed

How to set it up

Setup takes a few minutes and is documented in your dashboard.

  • Generate the token in Settings → Site Access
  • Add a header or query check to your firewall or WAF
  • Run a verification scan to confirm UpSearch can reach the protected pages
  • Rotate or revoke the token whenever you need to

Who needs Secure Scan Access

E-commerce sites running aggressive bot protection that blocks unknown crawlers by default.

Sites behind a WAF (Cloudflare, Sucuri, AWS) where rule sets reject everything that is not a known bot.

Staging environments and pre-launch sites where you need an audit before going public.

Membership and gated content sites that need an audit on the public surface without exposing it to the open web.

Security posture

Tokens are stored encrypted on the UpSearch side and only attached to outbound crawl requests for your site. They are revocable, rotatable, and never logged in plaintext.

You stay in control of your protection layer. Secure Scan Access is opt-in and removable in one click.

Related features

Automatic SEO Checks

Real automated SEO checks that watch your titles, headings, schema, performance, and crawl coverage — and only flag what really needs attention.

Read more

Guided SEO Audits

Premade SEO audits that read your real data and ship a complete report — Site Health, Trust & Authority, Quick Wins, Keyword Intelligence, and many more.

Read more

SEO Scan History

A persistent SEO scan history so you can see how findings evolve, when they were fixed, and which scans saw which issues.

Read more

From the blog

Frequently asked questions

Does this lower my site security?

No. You keep your WAF, firewall, and bot protection in place. The token allows only UpSearch crawl requests through, and it can be revoked at any time.

Will the token leak to third parties?

It is stored encrypted and only sent on requests to your own domain. UpSearch never shares tokens with other services.

Do I need this for a normal public site?

No. Standard public sites work without it. Secure Scan Access is for sites behind a firewall, WAF, or staging password.

All features

Audit your protected site without lowering defences

Turn on Secure Scan Access and get a complete audit while your firewall stays on.

Start with UpSearch