01 / SceneCraft
Designing an honest partial audit
When public page evidence is blocked or unavailable, “unknown” is not a weak answer. It is the only accurate one.
Website preflights often fail in a misleading way: a crawler cannot retrieve the page, so the product either returns nothing or quietly treats missing evidence as a negative signal. SceneCraft takes a third path. It identifies why the public page could not be inspected, switches from a full audit to a partial result, and continues only with the domain-level sources that actually responded.
Separate absence from failure
A blocked page does not fail search, accessibility, social, form, or claim checks. Those checks were not completed. SceneCraft therefore removes their scores, marks their signal groups unavailable, and reports registration context, malware-filter DNS, available headers, and MDN Observatory evidence independently. A coverage indicator describes which source groups responded; it does not describe how much of the organization or site was understood.
Never coerce unavailable evidence into zero. Zero looks measured. Unknown says the system did not observe enough to judge.
Make the recovery path useful
Partial mode still has work to do. It explains whether HTML was blocked, unavailable, unsupported, challenged, or too large; shows the exact address inspected; and provides independent paths for registration, Safe Browsing, FTC guidance, PageSpeed, or a normal browser. If a bare name was interpreted as a .com address, the inferred destination is shown for confirmation before an outgoing link is revealed.
Protect the system before interpreting the page
SceneCraft treats retrieval as a security boundary. It accepts public HTTP or HTTPS addresses on standard ports, resolves A and AAAA records, rejects private and reserved destinations, and repeats those checks across redirects. HTML is streamed to a fixed maximum, redirect count is bounded, and selected upstream failures receive only a limited retry. These controls narrow what can be inspected; they are not optional plumbing around the audit.
Keep positive signals from cancelling warnings
Accountability links, authorship hints, external references, domain age, and header posture provide context. They do not establish identity, truth, or safety. A high-impact warning stays visible even when the page also exposes strong transparency signals. The result is a review queue for a person, not a probability that a site is legitimate.
- 01Name each unavailable source group.
Do not hide coverage loss inside a composite score.
- 02Explain what completed.
Keep page, domain, DNS, and header evidence separate.
- 03Offer an independent next check.
Recovery should help the person verify, not merely invite another retry.
- 04State what the result cannot certify.
Technical preflight, accessibility sampling, and risk patterns are not truth or safety verdicts.