← RampartScanning Policy
Last updated: April 11, 2026
What We Scan
Rampart performs passive, non-intrusive security assessments of publicly accessible web properties. Our scans are limited to information that is already publicly available — the same information visible to any web browser, search engine crawler, or security researcher.
What Our Scans Include
- DNS Resolution — Standard DNS queries (A, AAAA, MX, TXT, NS, CNAME records)
- Security Headers — Checking HTTP response headers for security best practices (CSP, HSTS, X-Frame-Options, etc.)
- TLS/SSL Configuration — Verifying certificate validity and expiration
- Public Path Discovery — Checking for commonly exposed files and endpoints using standard HTTP requests (includes framework-specific paths, config files, and backup directories)
- CORS Configuration — Testing Cross-Origin Resource Sharing policy settings
- WebSocket Security — Probing for exposed WebSocket endpoints that accept connections without authentication
- JavaScript Analysis — Reviewing publicly served JavaScript files for inadvertently exposed credentials
- API Exposure — Checking for publicly accessible API documentation, endpoints, and unauthenticated API routes
What We Do NOT Do
- We do not attempt to log in, authenticate, or bypass access controls
- We do not exploit any vulnerabilities we discover
- We do not perform denial-of-service testing or load testing
- We do not modify, delete, or write any data on target systems
- We do not brute-force credentials or enumerate user accounts
- We do not access non-public areas of any system
- We do not perform any active exploitation or penetration testing
Our Scanner Identification
All requests from our scanner identify themselves with the User-Agent string:
Rampart/1.0 (security-scan; https://rampartscan.com/scanning-policy)Server administrators can identify and filter our requests using this User-Agent string.
Rate Limiting
Our scanner is designed to be respectful of target infrastructure. We limit request rates to avoid any impact on service availability. Scans are throttled and timeouts are set conservatively.
User-Initiated Scans
All scans are initiated by authenticated users who have agreed to our Terms of Service and confirmed they have authorization to scan the target domain. Rampart acts as a tool operated at the user's direction.
Responsible Disclosure
If our scans discover critical vulnerabilities on a domain, we share results only with the authenticated user who initiated the scan. We do not publicly disclose vulnerabilities or share findings with third parties.
Opt Out
If you are a domain owner and wish to prevent scans of your property:
- Block our User-Agent string in your server configuration
- Add a disallow rule for our crawler in your robots.txt
- Contact us at support@rampartscan.com and we will add your domain to our exclusion list
Contact
Questions or concerns about our scanning practices? Contact us at support@rampartscan.com