---
title: "Scanning with Web Governance"
date: "2026-07-03T14:39:15+00:00"
summary: "Explore Web Governance scan types, data security, hosting details, and setup requirements to monitor and improve your website effectively."
image:
type: "page"
url: "/web-governance/scanning-web-governance"
id: "4bdc3735-04f4-41f8-a1f9-241f580d5c88"
---

Table of contents will be added

Introduction
------------

This document provides information about scan data hosting and security, how the Web Governance scan works, the types of scans that Web Governance offers, and scan implementation requirements.
================================================================================================================================================================================================

Scan data hosting and security
------------------------------

Google Cloud Platform is the host environment for Web Governance services.

Known and unknown crawlers scan public websites daily. Search engines, such as Google and Bing, and unknown companies crawl websites to gather information and monitor performance. Web Governance does a similar function. This activity has no detectable effect on website performance.

The Web Governance crawler, Monsidobot, does the scan on public websites. The crawler does not access or store confidential data. The only stored data is the names and email addresses of customer users. This data is not public. All collected data and backups remain secure for at least 30 days. The system permanently deletes this data after the client exits, with the exception of logs.

Unless otherwise agreed, the location of customer data depends on the Web Governance branch specified in the contract. Customer data for United States of America (USA) offices and subsidiaries is processed and stored in the USA. Customer data for Australia (AU) offices and subsidiaries is processed and stored in the AU. Customer data for the European Union (EU) and United Kingdom (UK) offices and subsidiaries is processed and stored in the EU.

Log in credentials include a name, email, password, and data-location ID. The Web Governance login service stores these credentials centrally in the EU.

For more information, visit [Data hosting and security](/node/58411).

How does the scan work?
-----------------------

The Web Governance crawler, Monsidobot, does the website scan through a combination of dynamic discovery and an XML sitemap. Dynamic discovery uses a breadth-first approach. The crawler uses the XML sitemap if a user explicitly supplies the sitemap or if the crawler discovers the sitemap through the robots.txt file.

Types of scans
--------------

*   **Automated scan**: This scheduled, automated scan detects website issues around accessibility, quality assurance, SEO, user activity and more, depending on the type of contract you have with Acquia.
    *   For instructions on how to set up the automated scan, visit [Domain scan setup](/node/58556).
*   **On-demand scan**: This type of scan can be done at any time on a single domain. It detects the same website issues as the automated, scheduled scan. 
    *   For more information, visit [On-demand scan](/node/98371).
*   **Single-page scan**: This type of scan can be done at any time on a single page. It detects the same website issues as the automated, scheduled scan, but for a single page.
    *   For more information, visit [Single-page scan](/node/58586).
*   **External page scan**: This type of scan is done through the Web Governance Browser Extension and can be done on any website page. It provides details about Accessibility, QA, SEO, and data privacy.
    *   For more information, visit [External page scan](/node/60096).
*   **Quick scan**: This type of scan differs from a regular domain scan because it does not rely on a crawl of the web page. The quick scan is done through the Web Governance Browser Extension and uses the HTML code that is captured by the browser extension. It forwards that data to the API to do the scan. This scan provides details about Accessibility, data privacy, SEO, and readability.
    *   For more information, visit [Quick Scan](https://docs.acquia.com/acquia-optimize/docs/quick-guides/how-do-scan/quick-scan).
        
*   **Document scan**: This type of scan is done on documents and detects the same issues as the automated scan within documents that are present on the domain.
    
    *   For more information, visit [Document scan](/node/58551).
        
*   **PDF accessibility scan**: This scan detects accessibility issues within PDF documents. 
    
    *   For more information, visit [PDF accessibility scan](/node/58576).
        
*   **Password-protected and internal pages scan**: This scan requires Admin setup. When configured, it detects the same website issues as the automated, scheduled scan on password-protected and internal-only pages within the domain.
    
    *   For more information, visit [Configure the password-protected and internal pages scan](/node/58566).
        
*   **Mobile accessibility scan**: When Mobile Accessibility is enabled, an additional scan is done on your website to simulate how it renders on a mobile device. This data is used to pick up device-specific code that only loads when a website opens on a mobile device. Two additional checks are done:
    
    *   Check 1: Is pinch-to-zoom disabled?
    *   Check 2: Does the webpage require two-dimensional scrolling?
    *   For more information, visit [Configure the mobile accessibility scan](/node/58561).

Implementation requirements
---------------------------

Web Governance requires no installations or additions to the current infrastructure for the website scan to function. The system prioritizes statistics and pages by the number of views. A script is available to add to Google Tag Manager. Refer to Google Tag Manager with Web Governance for configuration instructions.

For instructions on how to set this up, visit [Using Google Tag Manager with](/web-governance/using-google-tag-manager-web-governance "Using Google Tag Manager with Web Governance") Web Governance.

To scan password-protected or restricted web pages and documents, the contract with Acquia must permit the action. Users must ensure that the information in these web pages and documents is not confidential. Acquia cannot guarantee an equivalent level of security.

For instructions, visit [Configure the scan for password-protected and internal pages](/node/58566).