Failure and skipped-page meanings

Before retrying a scan

Use this page when a scan detail page shows skipped pages, failed page states, unavailable artifacts or incomplete evidence. The goal is to understand the reason before retrying, editing scope, publishing a report or claiming that a page was checked. Skipped does not always mean broken. It can mean WebRiskOps correctly protected accepted scope, avoided private areas, respected plan limits or refused a non-HTML target. Treat the skipped state as an evidence boundary until the product offers a retry or a next documentation step.

Review skipped-page meanings

Follow the path `Scans → Scan detail → Scan coverage notes → Skipped page row → Retry or report evidence`.

1. Open /scans/{scanRun} from the project or Scans list. Result: the scan detail page shows Status, Worker readiness and Scan coverage notes for the exact run.
2. Read Scan coverage notes before retrying. Result: unavailable pages, unsupported paths, blocked private areas and evidence gaps are separated from completed page evidence.
3. Open each skipped page row and read the reason label and message. Result: outside-scope, unsupported content, private or unsafe targets and transient availability issues each have a different next action.
4. Match outside accepted scope or unsupported content type to scope and page selection. Result: unrelated domains, private paths and non-HTML files do not become scan evidence.
5. Treat page load timeout, DNS failure, TLS failure and invalid redirect as availability conditions. Result: retry happens only after the customer site is reachable and accepted scope is unchanged.
6. Retry only when the product offers retry and scope remains accepted. Result: WebRiskOps avoids duplicate runs and does not claim coverage for pages it skipped or could not observe.

Common skipped and failed states

Each state should explain why evidence is missing and what the automated next action is.

• Outside accepted scope means edit accepted scope or leave the URL out.
• Unsupported content type means the scanner found a non-HTML response, so screenshots, HTML snapshots and page checks are not collected.
• Private or unsafe means WebRiskOps blocked the URL because it appears private, internal or unsafe for automated scanning.
• Unavailable means retry only after DNS, TLS, redirect or load-time conditions are fixed.
• Evidence incomplete means use available deterministic fields without inventing the missing screenshot, DOM state or issue evidence.

When retry is allowed

Retry should preserve the same authorization boundary and should not hide why evidence was incomplete.

• Retry when the target public page is reachable again and the accepted scope still includes it.
• Do not retry by adding unrelated domains, private paths or login-only pages.
• Do not change plan limits just to force hidden or unsupported pages into evidence.
• Use [Privacy redaction](/docs/projects/privacy-redaction) when evidence was skipped because sharing would expose sensitive data.
• Use [Screenshots and HTML snapshots](/docs/projects/screenshots-and-html-snapshots) when the page loaded but artifact capture was incomplete.

Continue to report evidence

When skipped and failed states are understood, continue to [Understand report evidence](/docs/reports/report-evidence) after a report is available. The report should carry the same evidence limitations instead of presenting skipped pages as fully checked.