{# T27.1: per-session CSRF token. Mutating fetches read this and #} {# send it back in the X-CSRF-Token header; HTML forms include it #} {# as a hidden ``csrf_token`` field. Empty string when the request #} {# came in unauthenticated (we redirect to login before reaching #} {# render in that case; the empty value is defence-in-depth). #}
browser-recon.
{% include 'partials/theme_toggle.html' %}
{% with active='overview' %}{% include 'partials/dashboard_nav.html' %}{% endwith %}

{{ scan_credits }} {% if scan_credits == 1 %}scan{% else %}scans{% endif %} remaining

credits on your account
Start a scan {% if buy_more_url %} Buy 10 more for $5 {% else %} {% endif %}

Recent scans

{% if scans %} {% if is_admin %} {% endif %} {% for s in scans %} {# T21 admin-only "View debug" link. Gated in-template via #} {# ``is_admin`` (resolved from ``user_role``) so a regular #} {# user doesn't even see the affordance. The route itself #} {# also enforces the admin-or-owner gate, defence in depth. #} {% if is_admin %} {% endif %} {% endfor %}
Date Site Status ReportDebug
{{ s.scanned_at }} {{ s.target_domain }} {{ s.status }} View →Debug →
{% else %}
No scans yet. Run recon scan https://example.com from your CLI to see results here.
{% endif %}