v1.0 · macOS · Windows · Linux

Audit the web.
On your machine.

Full-site technical SEO audits that run locally — not a cloud subscription. 140+ checks per page, every byte stays on your disk. No quotas. No per-URL tax. No login.

See what it catches Explore features

140+

Checks

across SEO, security, GEO

Uploaded

every crawl runs on your machine

Cost per URL

buy it, don't rent it

crawling · example.com

000 / 500

URLs

Issues

Depth

local · 0 bytes sent140+ checks active

No telemetry

Your data never leaves.

⚡ Rust-fast

140+ checks and growing

SEO · Security · GDPR · GEO · Performance · Best practices

TITLE_MISSING TITLE_TOO_LONG TITLE_TOO_SHORT DUPLICATE_TITLE META_DESC_MISSING META_DESC_TOO_LONG DUPLICATE_META_DESC CANONICAL_MISSING CANONICAL_MISMATCH CANONICAL_CROSS_DOMAIN HREFLANG_INVALID_CODE HREFLANG_NO_SELF OG_TITLE_MISSING OG_IMAGE_MISSING REDIRECT_CHAIN REDIRECT_LOOP HTTP_TO_HTTPS_REDIRECT ORPHAN_PAGE LINK_DEPTH_DEEP NOINDEX_PAGE NOFOLLOW_PAGE HEADING_SKIP IMG_ALT_MISSING ANCHOR_TEXT_GENERIC LOW_WORD_COUNT LOW_TEXT_RATIO KEYWORD_STUFFING READABILITY_VERY_HARD PERF_LARGE_PAGE PERF_HUGE_PAGE PERF_DOM_SIZE PERF_SLOW_RESPONSE PERF_VERY_SLOW_RESPONSE PERF_RENDER_BLOCKING_SCRIPT PERF_LARGE_INLINE_CSS PERF_TOO_MANY_REQUESTS PERF_UNCOMPRESSED SEC_NOT_HTTPS SEC_MIXED_CONTENT_ACTIVE SEC_MIXED_CONTENT_PASSIVE SEC_CSP_MISSING SEC_CSP_UNSAFE_EVAL SEC_CSP_UNSAFE_INLINE SEC_HSTS_MISSING SEC_COOKIE_NO_HTTPONLY SEC_COOKIE_NO_SAMESITE SEC_CORS_WILDCARD_CREDS SEC_OPEN_REDIRECT SEC_OUTDATED_JS_LIB SEC_FORM_INSECURE_ACTION SEC_EMAIL_DISCLOSURE SEC_PERMISSIONS_POLICY_MISSING GDPR_NO_CONSENT_BANNER GDPR_TRACKING_WITHOUT_CONSENT GDPR_THIRD_PARTY_FONTS GDPR_FORM_NO_PRIVACY_NOTICE GDPR_NO_PRIVACY_LINK GDPR_FINGERPRINTING_RISK GEO_LOW_ENTITY_DENSITY GEO_NO_ARTICLE_SCHEMA GEO_NO_AUTHOR_ENTITY GEO_NO_FAQ_SCHEMA GEO_NO_LLMS_TXT GEO_SPEAKABLE_MISSING GEO_NO_CITE_ELEMENT GEO_NO_CITE_SIGNALS GEO_NO_EXTERNAL_CITATIONS BP_NO_DOCTYPE BP_NO_CHARSET BP_CONSOLE_LOG BP_DOCUMENT_WRITE BP_DEPRECATED_TAG BP_HTTP_LINKS BP_INLINE_EVENT_HANDLERS TITLE_MISSING TITLE_TOO_LONG TITLE_TOO_SHORT DUPLICATE_TITLE META_DESC_MISSING META_DESC_TOO_LONG DUPLICATE_META_DESC CANONICAL_MISSING CANONICAL_MISMATCH CANONICAL_CROSS_DOMAIN HREFLANG_INVALID_CODE HREFLANG_NO_SELF OG_TITLE_MISSING OG_IMAGE_MISSING REDIRECT_CHAIN REDIRECT_LOOP HTTP_TO_HTTPS_REDIRECT ORPHAN_PAGE LINK_DEPTH_DEEP NOINDEX_PAGE NOFOLLOW_PAGE HEADING_SKIP IMG_ALT_MISSING ANCHOR_TEXT_GENERIC LOW_WORD_COUNT LOW_TEXT_RATIO KEYWORD_STUFFING READABILITY_VERY_HARD PERF_LARGE_PAGE PERF_HUGE_PAGE PERF_DOM_SIZE PERF_SLOW_RESPONSE PERF_VERY_SLOW_RESPONSE PERF_RENDER_BLOCKING_SCRIPT PERF_LARGE_INLINE_CSS PERF_TOO_MANY_REQUESTS PERF_UNCOMPRESSED SEC_NOT_HTTPS SEC_MIXED_CONTENT_ACTIVE SEC_MIXED_CONTENT_PASSIVE SEC_CSP_MISSING SEC_CSP_UNSAFE_EVAL SEC_CSP_UNSAFE_INLINE SEC_HSTS_MISSING SEC_COOKIE_NO_HTTPONLY SEC_COOKIE_NO_SAMESITE SEC_CORS_WILDCARD_CREDS SEC_OPEN_REDIRECT SEC_OUTDATED_JS_LIB SEC_FORM_INSECURE_ACTION SEC_EMAIL_DISCLOSURE SEC_PERMISSIONS_POLICY_MISSING GDPR_NO_CONSENT_BANNER GDPR_TRACKING_WITHOUT_CONSENT GDPR_THIRD_PARTY_FONTS GDPR_FORM_NO_PRIVACY_NOTICE GDPR_NO_PRIVACY_LINK GDPR_FINGERPRINTING_RISK GEO_LOW_ENTITY_DENSITY GEO_NO_ARTICLE_SCHEMA GEO_NO_AUTHOR_ENTITY GEO_NO_FAQ_SCHEMA GEO_NO_LLMS_TXT GEO_SPEAKABLE_MISSING GEO_NO_CITE_ELEMENT GEO_NO_CITE_SIGNALS GEO_NO_EXTERNAL_CITATIONS BP_NO_DOCTYPE BP_NO_CHARSET BP_CONSOLE_LOG BP_DOCUMENT_WRITE BP_DEPRECATED_TAG BP_HTTP_LINKS BP_INLINE_EVENT_HANDLERS

A look inside

Dense. Fast. Familiar.

Built for SEOs who already know what they're looking for. Keyboard-navigable, filterable, exportable. Nothing stands between you and the finding.

Scannica dashboard with tracked sites and their letter-grade scores — Dashboard

Aggregated issues across the crawl grouped by rule — Issue aggregation

Per-page audit showing SEO, performance, accessibility and security gauges — Per-page audit

New crawl configuration with depth, concurrency and user-agent controls — Configure crawl

01 — Why local-first

Your crawls shouldn't be someone else's product.

Cloud auditors built a business on uploading your clients' HTML and charging by the URL. Scannica flips it: the crawler runs on your desktop, results sit in a local SQLite database, and nothing is phoned home.

Cloud auditor

Pay to see your own site.

Upload: Send every URL & HTML response to a vendor server.
Quota: Pay per crawled URL. Forget it — surprise bill.
Data: Lives on a third-party box you don't control.
Speed: Bottlenecked on their crawl workers & your upload link.
Offline: Doesn't work. At all.

Scannica · on your desktop

Own the crawl. Own the data.

Upload: Zero bytes leave your laptop. The network is only for fetching the site you're auditing.
Quota: None. Crawl a million URLs if your disk holds it.
Data: A portable .scannica file you own, archive, and share.
Speed: Rust workers + SQLite WAL. Saturates your bandwidth, not their queue.
Offline: Open an old crawl on a plane. Works fine.

02–05 — What it actually does

Four verbs. One app.

Crawl, analyze, audit, report. Each surface in Scannica maps to one of them — so the workflow matches how SEOs actually think, not how a vendor SKU is priced.

02 Crawl

A crawler that behaves.

Saturates a site without knocking it over. Robots-aware, rate-limited, resumable.

Depth, concurrency, filters

Tune max URLs, depth, regex include/exclude. Per-host rate limits.
Polite by default

Respects robots.txt. Predefined Googlebot / Bingbot user agents, or bring your own.
xxh3 URL frontier

Handles multi-million-URL sites without melting RAM.
Resumable sessions

Close the app, come back, continue. State lives in a local session DB.

03 Analyze

See the page like a search engine.

Parses real head tags, real markup, real response headers — and diffs rendered DOM against static HTML.

Tags & meta

Titles, descriptions, canonicals, hreflang, Open Graph, Twitter cards.
Heading structure

Full H1–H6 tree per URL with skip detection.
Indexability chains

Robots meta, X-Robots-Tag, noindex propagation.
JS rendering diff

Headless render vs static HTML — catches content only search bots can't see.

04 Audit

140+ rules. Real severities. Real codes.

Every finding has a stable code (TITLE_TOO_LONG, SEC_CSP_UNSAFE_EVAL, GEO_NO_LLMS_TXT) and a severity. No mystery scores.

SEO · Content · Performance

The fundamentals — plus readability, DOM size, render-blocking scripts.
Security + CWE refs

CSP, HSTS, mixed content, cookie flags — linked to CWE IDs so engineering can act.
Privacy / GDPR

Consent banners, third-party fonts, fingerprinting risk, tracking-without-consent.
GEO (LLM-era SEO)

Article schema, author entities, speakable, llms.txt — differentiator for AI-era search.

05 Report

Ship findings, not screenshots.

Every crawl is a single portable file. Compare two crawls side by side. Export for the dev ticket.

.scannica bundles

Self-contained project files — session DB + config — ZIP-portable, archivable.
Before/after diffs

Run pre-migration, run post-migration, compare. Same view for competitor tracking.
Per-URL offenders

Exact element + HTML snippet that triggered the rule. No guesswork for the fix.
Issue aggregation

Roll up thousands of findings into tractable counts by severity and category.

GEO · generative engine optimization

Built for the LLM era.

Traditional SEO auditors stop at title tags and canonicals. Scannica also checks what matters when Google's AI Overviews, ChatGPT, and Perplexity read your page: entity density, author signals, citation markup, llms.txt, Speakable schema, FAQ and Article structured data.

Nine GEO checks. No other desktop auditor ships them.

GEO_LOW_ENTITY_DENSITY
GEO_NO_ARTICLE_SCHEMA
GEO_NO_AUTHOR_ENTITY
GEO_NO_FAQ_SCHEMA
GEO_NO_LLMS_TXT
GEO_SPEAKABLE_MISSING
GEO_NO_CITE_ELEMENT
GEO_NO_CITE_SIGNALS
GEO_NO_EXTERNAL_CITATIONS

06 — Deep dives

The checks we nerd out on.

A sampler of what actually sets Scannica apart once a crawl lands.

Rendered DOM · Core Web Vitals

Measure the page users actually see.

A headless browser collects real LCP, CLS, and INP per URL — then Scannica diffs the rendered DOM against the static HTML. Pages that only exist after hydration? Caught.

→ SPA and hydrated sites surface rendered-only links and content.
→ Render-blocking scripts flagged with byte counts, not vibes.
→ DOM size and depth checks catch builder-exported monsters.

/pricing · audited quality 74 / 100

LCP

1.8s

CLS

0.04

INP

312ms

TTFB

520ms

Rendered ↔ Static diff 18 nodes only in rendered

+ <article data-ssr="false">
+   <h1>Plans built for scale</h1>
+   <a href="/plans/enterprise">...</a>
  <section id="faq">
    <h2>Frequently asked</h2>
  </section>

Redirect topology

Every hop, named.

Scannica walks every redirect to its terminus and surfaces loops before they surface in Search Console. Chains longer than two, mixed 301/302, HTTP→HTTPS hand-offs — all flagged with the URL that started the mess.

REDIRECT_CHAIN REDIRECT_LOOP HTTP_TO_HTTPS_REDIRECT

301 http://example.com/products

→ https
301 https://example.com/products

→ www
301 https://www.example.com/products

→ /store
302 https://www.example.com/store

→ locale prefix
200 https://www.example.com/en/store

final

4 hops · flagged as REDIRECT_CHAIN

Security · CWE-tagged

Findings your security team will actually read.

HTTPS enforcement, CSP directives, HSTS, cookie flags, mixed content — each flag carries the rule code AND a CWE reference so your engineers can triage without a translator.

CWE refs: ✓; linked on every security rule
Scope: per-URL; not just top-level headers

Response · https://example.com/checkout 3 issues

Strict-Transport-Security `—`	max-age=15552000; includeSubDomains
Content-Security-Policy `SEC_CSP_UNSAFE_EVAL`	script-src 'self' 'unsafe-eval' *.vendor.com
X-Frame-Options `SEC_PERMISSIONS_POLICY_MISSING`	missing
Set-Cookie: session `SEC_COOKIE_NO_HTTPONLY`	HttpOnly ✗ · SameSite ✗
Mixed content `SEC_MIXED_CONTENT_PASSIVE`	3 http:// resources on https page

Sitemap diff

Orphans, found.

Feed in one or many sitemap.xml files. Scannica diffs them against the live crawl: pages listed but unreachable, pages crawled but absent from the sitemap, stale entries pointing at 404s. Migration QA without the spreadsheet.

sitemap.xml (127)

/
/about
/blog/launch
/blog/roadmap
/legal/old-tos
+ 122 more

crawl (214)

/
/about
/blog/launch
/blog/v2-notes
/internal/staging
+ 209 more

● 4 missing

● 12 orphan

● 123 matched

07 — Built for

Four jobs. One shape.

01 · In-house SEOs “Run a weekly crawl, spot regressions before the VP of Marketing does.” “Run a weekly crawl, spot regressions before the VP of Marketing does.” Scheduled audits, before/after diffs on every release, signal-to-noise that survives 10k pages. See features
02 · Agencies “Audit five client sites without touching a billing dashboard.” “Audit five client sites without touching a billing dashboard.” Each project is its own .scannica file. Share with the client, archive with the engagement. See features
03 · Migration leads “Ship a replatform without torching organic traffic.” “Ship a replatform without torching organic traffic.” Pre-migration snapshot, post-launch crawl, side-by-side diff. Redirect chains surfaced on day one. See features
04 · Dev teams “Get actionable tickets, not a 400-page PDF.” “Get actionable tickets, not a 400-page PDF.” Every finding ships with rule code, severity, CWE ref, and the exact HTML snippet that tripped it. See features

08 — Under the hood

Built on boring infrastructure.

No fashion stack. The parts we picked are the ones you'd pick if you were answering for performance at 3 AM.

Rust

crawler · workers

Parallel crawl engine with no GC pauses on million-URL jobs.

lol_html

streaming HTML parser

Analyzes pages as bytes arrive. No DOM construction tax per URL.

CDP

JS render + CWV

Chrome DevTools Protocol for headless rendering and Core Web Vitals.

Tauri

native desktop shell

Lean native binaries. Not an Electron tax.

SQLite · WAL

embedded store

Concurrent reads while crawling. Every session is a single file.

xxh3

URL frontier dedup

Collision-resistant at scale. Keeps memory flat.

09 — FAQ

Short questions. Honest answers.

If yours isn't here, the team is a real email away — not a ticketing portal.

Does Scannica send my crawl data anywhere?

No. The crawl engine runs inside the desktop app. The only outbound network traffic is the HTTP requests your crawl makes to the site you're auditing. There's no Scannica analytics backend, no telemetry, no cloud sync — audit a staging host from a VPN-isolated laptop and nothing leaks.
Which platforms are supported?

macOS (Apple Silicon and Intel), Windows 10+, and Linux (.deb, .rpm, and AppImage). SHA-256 checksums are published with every release.
How big a site can it crawl?

The URL frontier uses xxh3 hashing for deduplication, and the session database runs SQLite in WAL mode — the practical ceiling is your disk, not the app. Designed for multi-million-URL sites.
Can I pause a crawl and resume later?

Session state and frontier persist to the project file — full pause-and-resume is on the near-term roadmap and lands in v1.1.
Does it render JavaScript?

Yes — Scannica can route each URL through a headless browser, collect Core Web Vitals, and diff the rendered DOM against the static response to surface content that only appears after hydration.
What file format are the projects in?

A .scannica bundle is a ZIP containing the session SQLite database and the crawl configuration. Portable, archivable, diff-able, and small enough to email.
Is it open source?

The crawl engine and rule set are proprietary. Full license terms ship with the installer.
Is there a CLI?

A command-line runner is on the roadmap for headless CI use (e.g. run a crawl per deploy). For now, crawls kick off from the desktop app.

v1.0 out now

Stop renting the crawler. Buy the tool once.

A desktop app for serious SEO work. No account, no form, no per-URL billing. Launching on macOS, Windows, and Linux.

0 telemetry 0 cloud upload No account required

Audit the web. On your machine.