Accept scan scope

Before you start

Scope acceptance is the customer approval step that turns discovered public pages into the exact scan boundary. Use this page after the account exists and the project setup choices are saved. Domain ownership verification and billing may still follow as protected steps on the same project path. Accepting scope matters because WebRiskOps must not scan every discovered URL automatically. Discovery suggests candidate public pages; the accepted scope tells the live audit which URL groups, manual URLs and exclusions are allowed.

Accept the scan scope

Follow the path `Dashboard → Shortcut paths → Get the first useful report → Project detail → Scan scope selection → Scope acceptance`. The accepted scope is the scan boundary. If a page is not selected here, it should not become live-audit input until you intentionally add it to the project scope.

1. Open `/dashboard`, choose Get the first useful report, then open the project for the authorized domain. Result: the project detail page shows Shortest path to first useful report, Scan scope selection, Selected scope and Scope acceptance sections.
2. Review discovered URL groups and selected page count in Scan scope selection. Result: you can see which public page groups will become scanner input and whether the count fits the plan limit.
3. Select only groups that belong to the authorized public journey, such as homepage, pricing, checkout or contact pages. Result: admin, account, login-only, private-network and unrelated-domain paths stay outside scope.
4. Use Add authorized URL only for missing public pages on the same project domain. Result: manual URLs supplement discovery without expanding to another host.
5. Read Scope acceptance → Assumptions, Exclusions and legal-boundary disclaimer, then check I accept the plan scope, assumptions, exclusions, and legal-boundary disclaimer for this automated workflow. Result: the Accept scope button can submit the approved boundary.
6. Click Accept scope. Result: the project records accepted scope, shows Scope accepted and moves Shortest path to first useful report to domain authorization, billing or scan execution.

Continue to the first live audit

When the accepted scope looks correct, continue to [Run the first live audit](/docs/getting-started/run-first-live-audit). The next page explains how to start the first automated browser audit and how to read the run state while evidence is collected.

Blocked states

• Scan scope required means no accepted page set exists yet.
• Project setup comes first means Business type, Customer flow, Fix delivery path or Platform still needs to be saved before scope acceptance can move forward.
• Discovery empty means WebRiskOps did not find candidate public pages. Add an authorized manual URL or check that the domain is reachable.
• Plan limit reached means selected pages exceed the plan cap. Reduce scope or choose a plan with enough scan credits.
• Excluded path means the page stays out of scanner input until you intentionally add it back.
• Unsupported scope means the selected target is outside the self-service public-page boundary. Remove private, login-only, admin or unrelated-domain URLs before accepting scope.