> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enkryptai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Policy Scan URL (Legacy)

> Scan a URL for security threats using a specific policy

<Warning>
  **Archived**: This endpoint is legacy. Use the new [Guardrail Scan URL](/api-reference/guardrails-api-reference/endpoint/guardrail-scan-url) endpoint instead, which supports separate input/output detectors via `X-Enkrypt-Mode`.
</Warning>


## OpenAPI

````yaml POST /guardrails/policy/scan-url
openapi: 3.0.0
info:
  title: Enkrypt AI APIs
  version: 2.0.0
servers:
  - url: https://api.enkryptai.com
security:
  - apiKeyAuth: []
tags:
  - name: Guardrails
  - name: Code of Conduct
  - name: Endpoints
  - name: Datasets
  - name: Redteam
  - name: Deployments
  - name: AI Proxy
  - name: Leaderboard
  - name: Archived
  - name: MCP Hub
    description: >-
      MCP Hub vulnerability scanning APIs. Submitting scans (the POST endpoints)
      is open to all authenticated callers. The scan **retrieval** APIs — Get
      Scan Job Status, Get Complete Scan Results, List Scans, and Get MCP Hub
      Scan Statistics (the GET endpoints) — are an **enterprise data-license
      feature**: they require your organization to have MCP Hub API access
      enabled by Enkrypt, otherwise they return `403`. Contact us at
      support@enkryptai.com to enable access.
  - name: MCP Registry Servers
  - name: MCP Gateways
  - name: MCP Playground
paths:
  /guardrails/policy/scan-url:
    post:
      tags:
        - Archived
      summary: Scan a URL for security threats using a specific policy.
      description: >-
        Scans a URL for security threats using a specific policy. Returns
        details about any detected threats, including which detectors were
        triggered and highlights of unsafe content, according to the selected
        policy.
      operationId: policyScanUrl
      parameters:
        - name: X-Enkrypt-Policy
          in: header
          required: true
          schema:
            type: string
          description: Name of the policy to apply
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PolicyScanUrlRequestBody'
      responses:
        '200':
          description: Scan results for the provided URL using the specified policy.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ScanUrlResponseBody'
              examples:
                success:
                  value:
                    summary:
                      injection_attack: 1
                      bias: 1
                      policy_violation: 0
                    details:
                      url: https://example.com
                      metadata:
                        title: Example Domain
                        language: en
                      total_fragments: 2
                      fragments_with_detections: 2
                      detections:
                        - unsafe_content: Example Domain
                          chunk_type: title
                          triggered_detectors:
                            - bias
                          detector_details:
                            injection_attack:
                              safe: '0.999417'
                              attack: '0.000583'
                              most_unsafe_content: Example Domain
                              compliance_mapping: {}
                            policy_violation:
                              policy_violation:
                                violating_policy: No Violation Found
                                explanation: No Violation Found
                            bias:
                              bias:
                                bias_detected: true
                                debiased_text: Example Website
                                compliance_mapping:
                                  owasp_llm_2025:
                                    - LLM09:2025 Misinformation
                                    - LLM04:2025 Data and Model Poisoning
                                  mitre_atlas: []
                                  nist_ai_rmf:
                                    - >-
                                      MEASURE 2.1-2.5 (AI system bias evaluation
                                      & management)
                                  eu_ai_act:
                                    - >-
                                      Article 10(2)(f), Article 15(3) (Bias
                                      detection, correction & mitigation)
                                  iso_iec_standards:
                                    - 'ISO/IEC TR 24027: 5.2 (Bias in AI systems)'
                        - unsafe_content: >-
                            Example Domain This domain is for use in
                            documentation examples without needing permission.
                            Avoid use in operations. Learn more
                          chunk_type: text_block
                          triggered_detectors:
                            - injection_attack
                            - bias
                          detector_details:
                            injection_attack:
                              safe: '0.030481'
                              attack: '0.969519'
                              most_unsafe_content: >-
                                Example Domain This domain is for use in
                                documentation examples without needing
                                permission. Avoid use in operations. Learn more
                              compliance_mapping:
                                owasp_llm_2025:
                                  - LLM01:2025 Prompt Injection
                                mitre_atlas:
                                  - 'AML.T0051: LLM Prompt Injection'
                                  - 'AML.T0054: LLM Jailbreaking'
                                nist_ai_rmf:
                                  - >-
                                    MAP 2.3, MEASURE 2.3 (Input manipulation &
                                    adversarial attacks)
                                eu_ai_act:
                                  - >-
                                    Article 15(4) (Robustness against
                                    manipulation)
                                iso_iec_standards:
                                  - 'ISO/IEC 42001: 6.4.3'
                                  - 'ISO/IEC 27001: A.14.2'
                            policy_violation:
                              policy_violation:
                                violating_policy: No Violation Found
                                explanation: No Violation Found
                            bias:
                              bias:
                                bias_detected: true
                                debiased_text: >-
                                  This domain is intended for use in
                                  documentation purposes, providing a safe space
                                  for experimentation without impacting live
                                  systems.
                                compliance_mapping:
                                  owasp_llm_2025:
                                    - LLM09:2025 Misinformation
                                    - LLM04:2025 Data and Model Poisoning
                                  mitre_atlas: []
                                  nist_ai_rmf:
                                    - >-
                                      MEASURE 2.1-2.5 (AI system bias evaluation
                                      & management)
                                  eu_ai_act:
                                    - >-
                                      Article 10(2)(f), Article 15(3) (Bias
                                      detection, correction & mitigation)
                                  iso_iec_standards:
                                    - 'ISO/IEC TR 24027: 5.2 (Bias in AI systems)'
                      combined_highlight_url: >-
                        https://example.com#:~:text=Example%20Domain&text=Example%20Domain%20This,operations.%20Learn%20more
      deprecated: true
components:
  schemas:
    PolicyScanUrlRequestBody:
      title: PolicyScanUrlRequestBody
      type: object
      properties:
        url:
          type: string
          format: uri
          description: The URL to scan and analyze.
      required:
        - url
    ScanUrlResponseBody:
      title: ScanUrlResponseBody
      type: object
      required:
        - summary
        - details
      properties:
        summary:
          type: object
          description: Summary counts of detections by detector type.
          additionalProperties:
            type: integer
        details:
          $ref: '#/components/schemas/ScanUrlDetails'
    ScanUrlDetails:
      title: ScanUrlDetails
      type: object
      description: >-
        Detailed scan results including URL metadata and fragment-level
        information.
      properties:
        url:
          type: string
          format: uri
          description: The URL that was scanned.
        metadata:
          $ref: '#/components/schemas/ScanUrlMetadata'
        total_fragments:
          type: integer
          description: Total number of text fragments extracted from the URL.
        fragments_with_detections:
          type: integer
          description: Number of fragments that had detections.
        detections:
          type: array
          description: List of detections found in the URL content.
          items:
            $ref: '#/components/schemas/ScanUrlDetection'
        combined_highlight_url:
          type: string
          format: uri
          description: URL with text fragment highlights for all detections.
    ScanUrlMetadata:
      title: ScanUrlMetadata
      type: object
      description: Metadata extracted from the scanned URL.
      properties:
        title:
          type: string
          description: The page title.
        description:
          type: string
          description: The page meta description.
        language:
          type: string
          description: The detected language of the page content.
    ScanUrlDetection:
      title: ScanUrlDetection
      type: object
      properties:
        unsafe_content:
          type: string
          description: The content that was flagged as unsafe.
        chunk_type:
          type: string
          description: The type of content chunk that was analyzed.
        triggered_detectors:
          type: array
          items:
            type: string
          description: List of detectors that flagged this content.
        detector_details:
          type: object
          additionalProperties: true
          description: >-
            Detailed results from each detector, including compliance mapping
            where applicable.
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: apikey

````