Too Long; Didn't Read
A passive vulnerability scan is a type of security scan in which the scanner sends no unusual requests to the server. Many problems can be identified just by looking into the source code of web pages. A passive scan is less risky for the availability of the web application. Since no unexpected request is sent to the web server, the server should be able to handle the scan like any other visitor. It is like a visitor browsing the site. The scan can proceed without getting blocked by the firewall. You should perform full comprehensive scans to have a thorough security test.