Cloudflare
Connect Cloudflare in Settings, then return to the partial report and use the Pro quick action Allowlist scanner IPs. Manual IP Access Rule steps are available for every plan.
A partial result means some checks did not return authoritative evidence. Follow these four steps to verify ownership, run every available check, open only the scanner access your firewall needs, and try the missing checks again.
One path, four steps
Add the domain to your account and verify it by Cloudflare, DNS, file, or meta tag. Verification authorizes the additional owner-only checks; it does not mark unanswered checks as successful.
Open DomainsSelect the verified domain and choose Deep Scan. This attempts every check available to verified owners. Free includes one lifetime Deep Scan; Pro includes unlimited Deep Scans.
Start Deep ScanIf the report names a firewall, WAF, or blocked checks, use the matching provider instructions below. Prefer a narrow rule for UNPWNED scanner IPs. Do not disable protection for every visitor.
Choose my providerRe-run the same scan after access is configured. An official score and grade appear only when the required evidence completes. If coverage remains partial, the new report shows the remaining gaps.
Run scan againProvider shortcuts
Use the provider detected in your report. If no provider was detected, try a re-scan before changing any firewall settings; timeouts and upstream services can also cause incomplete coverage.
Connect Cloudflare in Settings, then return to the partial report and use the Pro quick action Allowlist scanner IPs. Manual IP Access Rule steps are available for every plan.
Create a custom WAF rule matching the published scanner IPs and set the action to Bypass. Keep the rule narrower than a general firewall bypass.
In AWS, create an IP set and reference it from an Allow rule. For Netlify, nginx, Wordfence, or another provider, use the scanner identity and exact rule pattern in our scanning policy.
Copy these exact addresses into the narrow allow rule. They are also published as machine-readable JSON for automated firewall updates.
3.224.164.255 3.219.38.3
No. It unlocks owner-only checks. A grade appears only after the required evidence completes.
Only when the report identifies blocked access or the same checks repeatedly fail. Re-scan first when the cause is unknown.
Send the report link to support. We can identify whether the remaining gap is your WAF, authentication, an upstream service, or our scanner.
Run the scan after verification and any necessary allowlist change. If the result is still partial, keep the protection enabled and send us the report link.