UrbexScanner is now mobile-friendly and more secure
A faster field-review experience on phones, backed by stronger account and invitation protection.
Mobile review, built for the field
The dashboard has been redesigned around the essentials: Total, Queued, Found, and Urbex statistics; compact filters; a large image tile; Previous and Next navigation; and Urbex or No Urbex decisions directly beneath the image. The layout now adapts to phone screens, with a compact navigation bar and only the score and evidence that matter for each verdict.
Personal field notes
Every user now has a private Visited section. Reviewers can select an Urbex candidate and record the visit date, accessibility, security level, site condition, access details, security observations, hazards, and general notes. These records are visible only to their owner.
Security hardening
We rotated the production signing key and changed deployment so a strong private key is generated, stored with restricted permissions, and passed safely to the application. Existing sessions and invitation links were invalidated as part of that rotation.
Invitation links now exchange their token for a short-lived server-side session and immediately redirect to a token-free page, reducing exposure in browser history and access logs. Invitation completion expires after fifteen minutes, and invitation tokens expire within one day.
Authentication cookies are now HTTPS-only. Login and invitation endpoints are rate-limited. Redirect targets are validated, write endpoints use strict HTTP methods and CSRF protection, and third-party map assets use integrity verification. Additional browser protections include a Content Security Policy and restricted browser permissions.
The result is a smaller, clearer dashboard for field use with stronger protection around private locations, user accounts, and research notes.