If a scan of your own site failed with a firewall or bot-protection error, your security provider is blocking the crawl. Add these to your allowlist and re-run the scan — it should go through in about a minute.
What to allowlist
User-Agent (exact match)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Custom header we always send — the more reliable match if your WAF supports header rules
X-Scanner: PeakVisibility SEO Scanner (+https://www.peakvisibility.io)
We crawl from Vercel's shared infrastructure, so our requests don't come from one fixed IP or IP range — allowlisting by User-Agent or the header above is the reliable option, not IP allowlisting.
Steps by provider
Cloudflare
Log in to the Cloudflare dashboard for your domain.
Go to Security → Bots and turn off Bot Fight Mode (or Super Bot Fight Mode) temporarily, or exclude our User-Agent from it.
For a permanent fix: go to Security → WAF → Custom rules → Create rule → set the condition to Header "X-Scanner" contains "PeakVisibility" → action Skip (skip remaining bot-management rules) → Deploy.
Re-run your scan from Peak Visibility.
Sucuri
In your Sucuri firewall dashboard, go to Settings → Whitelist.
Add a User-Agent whitelist entry matching the Chrome User-Agent string above.
Save, then re-run your scan.
Akamai
In Akamai Bot Manager, create a Bot Category or Custom Bot entry for the User-Agent above.
Set its action to Allow / Monitor rather than Deny or Challenge.
If you don't manage Akamai directly, ask whoever does (often your host or agency) to add this exception.
AWS WAF / CloudFront
In the AWS WAF console, edit the Web ACL attached to your CloudFront distribution.
Add a rule that matches the X-Scanner header value above with action Allow, and set its priority above any bot-control managed rule group.
Save and re-run your scan (AWS WAF changes can take a minute or two to propagate).
Fastly
In your Fastly service, add a VCL snippet or edge dictionary entry that matches the X-Scanner header and bypasses your bot-detection logic for matching requests.
If you use a third-party bot product on top of Fastly (e.g. a WAF add-on), add the exception there instead.
Imperva / Incapsula
Go to Site Settings → Bots in the Imperva dashboard.
Add the User-Agent above to your "Good Bots" or custom allowlist.
Re-run your scan.
SiteLock
Log in to your SiteLock dashboard (often via your hosting provider's panel).
Look for firewall/WAF settings and add a User-Agent exception matching the string above.
If you can't find this setting, contact SiteLock or your host's support and ask them to allowlist the User-Agent for a one-time crawl.
Don't want to touch your WAF settings?
You can skip all of this — export your site's HTML (most CMS platforms have a static export option) and upload it as a ZIP instead. That bypasses any firewall entirely since nothing is crawled live.
Only allowlist this scanner for sites you own or manage. Still stuck? Email [email protected] with the site URL and we'll help directly.