Frequently asked questions

4F is a website monitoring service. It crawls your site and reports broken links, failing assets, broken anchor targets, redirect chains, slow responses, SSL errors, and mixed content – all in one place. The name stands for Fabulously Fast Fault Finder.

No. You can run a free scan on any public URL without an account – up to 500 pages per scan and 2 scans per day from the same IP. For scheduled scans, multiple projects, history, and higher page limits you need a free or paid account.

Only internal HTML pages count. External URLs (links pointing off your domain), assets (images, scripts, fonts, stylesheets), and subdomains outside your root URL are checked but do not consume quota. So if your 500-page site links to 2,000 external resources, only 500 pages count against your limit.

Your quota resets 30 days after your last reset (or account creation for new accounts). It is a rolling 30-day window, not a fixed calendar date. You can see your current usage and next reset date on the Account page.

You can scan any site you own or have permission to crawl. 4F respects robots.txt by default (configurable per project). Scanning government and military domains (.gov, .mil) is restricted to paid accounts.

4F reads each page's HTML response up to a 2 MB limit. Pages larger than 2 MB are still crawled for links, but SEO checks (missing H1, missing meta description, etc.) are skipped for those pages since the document was incomplete at the point 4F stopped reading. This mainly affects unusually large pages – documentation sites that bundle every API endpoint into a single HTML file are a typical example. The fix is to split those pages or enable pagination on the source site.

No. 4F intentionally spreads scheduled scans across a short window around the configured time. If many projects are scheduled at the same hour, starting them all simultaneously would spike server load, so each scan is offset by a small random delay. In practice this means your scan may start a few minutes later than the exact time shown – never earlier, and not more than a few minutes late under normal load.

Scan duration depends on three things: the number of URLs checked, your configured crawl rate, and how quickly each URL responds. A site with 1,000 pages, 500 assets, and 1,300 external links has nearly 3,000 URLs to check – at 5 req/s that is around 10 minutes under ideal conditions. In practice, external links are the biggest wildcard: a single unresponsive URL can hold up the crawler for several seconds while it waits for a timeout, and hundreds of slow external links compound quickly. Server-side throttling is another common cause – after sustained crawling, some servers start responding more slowly or returning 429 errors, forcing the crawler to back off. Scans also run on shared crawler infrastructure across different server locations, so a busy period (many scans running at the same time) can slow things down slightly. If a scan is taking far longer than you'd expect, try reducing the crawl rate in your project settings (counterintuitively, slower often finishes faster on sites that throttle), or check whether the site links to a large number of external resources.

Yes. In your project settings (Starter plan and above) there is a Sitemap URL field. Enter the URL of your sitemap.xml or sitemap_index.xml and the crawler will load all listed URLs as starting points before it begins following links. This is useful for large sites or sites where some pages are not linked from the homepage – the crawler finds them immediately rather than only once it happens to discover a path to them. The field is optional: if left blank, the crawler starts from your root URL and follows links as normal. The sitemap URL must be on the same domain as your project's root URL.

The "Issues found" count includes only errors and warnings – things that are broken or actively degrading your site. Informational findings (such as slow responses from external servers, or third-party URLs blocked by rate limiting) are shown in the breakdown but not counted as issues, because they are usually outside your control. Site quality findings (missing titles, H1 problems, missing alt text, etc.) are shown separately in the SEO card and also excluded from the issue count, since they are improvement suggestions rather than outright failures.

A broken link is any URL on your site that returns a 4xx HTTP status code (most commonly 404 Not Found, but also 403 Forbidden, 410 Gone, 429 Too Many Requests, etc.). Both internal links (pages on your own domain) and external links (links to other sites) are checked.

Any URL that returns a 5xx HTTP status code – 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable, 504 Gateway Timeout, etc. These indicate the server itself is failing to respond correctly.

A missing asset is an image, script, stylesheet, font, or other non-HTML resource that returns an error (typically 404). These won't break navigation but do affect page appearance and performance.

An anchor link points to a specific section of a page using a #fragment (e.g. /about#team). If the target element with that id or name does not exist on the page, 4F flags it as a broken anchor.

4F checks for anchor targets in the static HTML returned by the server. Some sites use JavaScript to render content dynamically – for example, filtering libraries like Isotope use hash fragments (e.g. /#category) as filter triggers rather than real page sections. Because the crawler does not execute JavaScript, it cannot see those elements and flags the anchors as missing. If you know a set of anchors is intentionally JavaScript-driven, you can add the pattern to the "Ignore URL patterns" field in your project settings (e.g. /#) to suppress them.

A redirect chain occurs when a URL redirects through 3 or more hops before reaching the final destination (e.g. A → B → C → D). Chains slow page load and dilute SEO link equity. 4F reports the full chain so you can consolidate redirects.

By default, any URL taking longer than 3 seconds to respond is flagged. This threshold can be adjusted per project in the crawl settings.

An SSL error means 4F could not establish a secure HTTPS connection to the URL. Common causes: expired certificate, hostname mismatch, self-signed certificate, or an incomplete certificate chain.

Mixed content occurs when an HTTPS page loads resources (images, scripts, iframes) over plain HTTP. Browsers block or warn about these, which can silently break functionality or trigger security warnings for your users.

A 403 on your root URL usually means the site's firewall or CDN blocked the crawler before it could start. This is common with WAFs, bot-protection services (Cloudflare, Sucuri, etc.), or IP-based rate limiters that reject unfamiliar user agents. To fix it, allowlist the 4F crawler by matching on the User-Agent prefix 4f.at/crawler in your firewall rules, rate-limit config, or robots.txt. If you do not own the site you are scanning, a persistent 403 means the site is intentionally blocking automated access and the results will be incomplete.

429 errors mean the target server is rate-limiting the crawler. The fix is to slow down: go to your project settings and reduce the crawl rate (e.g. from 2 req/s to 1 req/s). The lower the rate, the less likely the server is to throttle requests. If you own the site being scanned, you can also allowlist the 4F crawler in your rate-limiting configuration – see the next question for the user agent string.

A small number of well-known domains are silently skipped because they reliably block all automated requests and would always produce false-positive errors – the links themselves are not broken. Currently skipped: GitHub (github.com, gist.github.com), Google Maps (google.com/maps, maps.googleapis.com), LinkedIn (linkedin.com), Google Support (support.google.com), YouTube, and social share endpoints for Facebook, Instagram, Reddit, and X/Twitter. They are not counted as errors or shown in your results.

4F reports all 4xx codes as issues. The most common ones: 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 405 Method Not Allowed, 410 Gone, 429 Too Many Requests. A 404 means the page or resource no longer exists. A 410 is a permanent deletion signal (stronger than 404 for SEO). A 403 means the server is reachable but refusing access – this may or may not be intentional.

All 5xx codes are reported as server errors: 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable, 504 Gateway Timeout, 507 Insufficient Storage, etc. These indicate your server or a dependency is not functioning correctly.

Single redirects (301, 302, 307, 308) are not flagged as errors – redirects are normal. However, chains of 3 or more hops are flagged as redirect chain issues. 4F always follows redirects and reports the final destination URL.

If a URL cannot be reached at all – DNS failure, connection refused, TLS handshake failure, or timeout – 4F records it as a connection error without a status code. These appear alongside HTTP errors in your scan results.

API keys are available on all plans (Free, Starter, and Agency). Create a key on the Account page under "API keys". Include it in every request as a Bearer token in the Authorization header: Authorization: Bearer 4f_your_key_here. Keys are shown only once at creation – store them securely.

Yes. API-triggered scans consume pages from your monthly quota the same way as web-triggered scans. Burst rate limiting on the API itself applies per key.

Up to 50 API keys per account. Revoke an existing key to free up a slot.

Yes. When creating an API key you can choose between two scopes: All projects (the key can trigger scans and read results for any project on your account) or a single named project (the key is restricted to that project only and will be rejected for any other). Project-scoped keys are useful when you want to give a script or third-party tool access to one site without exposing the rest of your account.

Yes. Any account with an API key can create multiple projects and trigger scans for each via the API. Each scan result is scoped to the project, so you can separate client data cleanly.

Webhooks are HTTP callbacks that 4F sends to your server when a scan event occurs. Instead of polling the API for scan status, your server receives a POST request the moment a scan completes or fails. Webhooks are configured per project – each project has its own set of endpoints – so you can send notifications for one project to n8n and another to a custom script. Webhooks are available on the Agency plan and are configured in each project's settings.

Currently two events are supported: scan.completed (fires when a scan finishes successfully with results) and scan.failed (fires when the crawler encounters an unrecoverable error).

For scan.completed:
{
  "event": "scan.completed",
  "scanId": "uuid",
  "projectId": "uuid",
  "projectUrl": "https://example.com",
  "totalPages": 142,
  "totalIssues": 7,
  "finishedAt": "2026-03-13T14:22:00.000Z"
}

For scan.failed:
{
  "event": "scan.failed",
  "scanId": "uuid",
  "projectId": "uuid",
  "projectUrl": "https://example.com",
  "error": "connection refused"
}

Every webhook request includes an X-4F-Signature header with a HMAC-SHA256 signature of the raw request body, using the secret shown when you created the webhook. To verify: compute HMAC-SHA256(secret, rawBody) and compare it to the value after "sha256=" in the header. If they match, the request is genuine. Never skip signature verification on production endpoints.

Webhook delivery is best-effort with an 8-second timeout. If your endpoint is down or slow, the delivery may fail silently – 4F does not currently retry failed deliveries. Make your endpoint respond quickly (under 2 seconds) and handle any heavy processing asynchronously.

HTTP webhook endpoints would transmit your payload and signature in plaintext, making it trivial to intercept or forge requests. 4F requires HTTPS to ensure delivery is encrypted and the signature remains meaningful.

Team seats let you invite colleagues to your 4F workspace so they can view or manage your projects without sharing your login. Team seats are available on the Agency plan. The default seat allowance is 5 (excluding the owner), which can be raised on request.

Go to the Team page in your dashboard. Enter the invitee's email address, select a role (Manager or Viewer), and send the invite. They will receive an email with a link that is valid for 7 days. They need a 4F account to accept – a free account is enough, no paid plan required on their end.

Yes. On the Team page, each Viewer has a project assignment picker. Only the projects you check there are visible to that Viewer – all others are hidden. Managers always see all team projects. Note that projects you have marked as Personal are never shown to any team member regardless of assignments.

On the Agency plan, you can mark any of your own projects as Personal to hide them from your team entirely. Personal projects appear only on your Personal Projects page and are never visible to Managers or Viewers. Team projects appear on the Team Projects page and can be shared with Managers or assigned to Viewers. Projects created in the dashboard default to Team; quick scans started from the homepage go to your Personal Projects.

Yes. All scans – whether triggered by you, a Manager, or via the API – draw from the same monthly page quota on the owner's account. Team members do not have their own separate quotas.

No. Managers can only invite Viewers and remove Viewers they have invited. Only the account owner can invite Managers or change a member's role between Manager and Viewer.

The member loses access immediately. Their account is not deleted – they keep their own 4F account – but they can no longer see your projects or trigger scans. Any scan results they viewed remain unchanged in your account.

The default limit on the Agency plan is 5 seats (not counting the owner). Pending invitations count toward the limit – if someone has not accepted yet, that slot is still reserved. Revoke the invitation to free it up. If you need more than 5 seats, contact hello@4f.at.

4F has a free tier and two paid plans. Features and page quotas vary by plan – details and current pricing are on the homepage and your Account page.

Your monthly quota is the total number of pages 4F can crawl across all your scans in a 30-day period. The per-scan limit is a separate ceiling that applies to a single crawl run – once a scan reaches that limit it stops, regardless of how much monthly quota you have left. This prevents one large scan from consuming your entire budget in one go. Current limits per plan are shown on the Account page.

Yes. To prevent scans from running indefinitely on very large or slow sites, each scan has a maximum wall-clock duration based on your plan: 30 minutes for public (no-account) scans, 2 hours on the Free plan, 4 hours on Starter, and 8 hours on Agency. If a scan hits the time limit it stops and the results collected so far are saved normally – nothing is lost. In practice the vast majority of scans finish well within these limits; timeouts are only relevant for exceptionally large sites or very slow crawl rates.

The quickest way is to just run a scan – enter your URL on the homepage, let 4F crawl your site, and the results will show exactly how many internal pages were found. If your site has a sitemap.xml (most CMS platforms generate one automatically), you can also open it in your browser to get an estimate. Bear in mind that some pages may only be reachable through navigation menus or links that are not publicly indexed, so a scan is usually the most accurate count.

Everything is managed from the Account page in your dashboard. Under the Plan section you will find options to upgrade or switch to a different plan – upgrades take effect immediately and you receive a prorated credit for unused days on your current plan. Downgrades take effect at the end of your current billing period, so you keep your current features until then. To cancel, downgrade to the free plan from the Account page; there is no separate cancellation flow. If you run into any issues, email hello@4f.at.

Credits are a one-time top-up for when you exceed your monthly page quota mid-period. 1 credit = 1 additional page crawled. They expire 24 months after purchase and are drawn automatically once your plan quota is exhausted.

Yes. When you upgrade, you receive a proration credit for the unused days of your current plan. The upgrade price shown at checkout already reflects this credit.

Downgrades take effect at the end of your current billing period. You keep your current plan's features until then.