Automate Website Health Checks with Claude and MCP
Tell Claude to check your website's health and get a full report back. SSL, headers, performance, broken links, email auth. All from one conversation.
The Apixies MCP server gives Claude access to all the inspection tools. Instead of running separate curl commands or switching between browser tabs, you just describe what you want checked and Claude handles the rest.
Setup
If you haven't installed the MCP server yet, follow the Getting Started guide. It takes about 2 minutes.
The short version: add this to your MCP client config and restart:
{
"mcpServers": {
"apixies": {
"command": "npx",
"args": ["-y", "@apixies/mcp-server"],
"env": {
"APIXIES_API_KEY": "apx_your_key_here"
}
}
}
}
Single Site Health Check
Try this prompt in Claude Desktop or Claude Code:
Run a full health check on mysite.com. Check the SSL certificate,
security headers, page performance, and scan for broken links.
Claude calls four tools in sequence:
check_ssl- Checks certificate validity, issuer, expiry date, and chain healthcheck_headers- Inspects security headers and assigns a grade (A through F)check_performance- Measures DNS lookup, TCP connect, SSL handshake, TTFB, and total load timecheck_link- Verifies the URL is reachable and returns the status code
Then Claude combines everything into a summary. You'll see something like:
Your SSL certificate from Let's Encrypt is valid, expiring in 62 days. Security headers scored a B, you're missing HSTS and Content-Security-Policy. Performance looks good with a TTFB of 180ms. The homepage is returning a 200 status.
One prompt, four API calls, one report.
Multi-Site SSL Monitoring
Got multiple domains? Just list them:
Check SSL certificates for these domains: stripe.com, github.com,
vercel.com, mysite.com. Flag any that expire within 30 days.
Claude loops through each domain using check_ssl, pulls the days_until_expiry field from each response, and highlights anything under your threshold.
This is great for teams managing multiple properties. Instead of maintaining a monitoring script, you can run this check whenever you want and get a plain-English summary.
Security Audit
For a deeper security review, try:
Do a security audit on mysite.com. Check the SSL certificate,
security headers, and email authentication (SPF, DKIM, DMARC).
Claude uses three tools:
check_ssl- Certificate healthcheck_headers- Missing or misconfigured security headersvalidate_email_auth- SPF, DKIM, and DMARC record validation
The email auth check is important if you send emails from your domain. Missing DMARC records mean anyone can spoof your domain. Missing SPF means mail servers can't verify your messages are legitimate.
Performance Comparison
Want to compare performance between your site and a competitor?
Compare the performance of mysite.com and competitor.com.
Show DNS lookup time, TTFB, and total load time for both.
Claude calls check_performance for each URL and puts the numbers side by side. Useful for benchmarking after infrastructure changes.
Pre-Launch Checklist
Before launching a new site or deploying a major update:
I'm about to launch newsite.com. Run a pre-launch check:
1. Verify SSL is valid
2. Check all security headers
3. Test the homepage performance
4. Verify DNS is resolving correctly
5. Check that SPF and DMARC are configured
Claude runs through each item methodically, using check_ssl, check_headers, check_performance, dns_lookup, and validate_email_auth. You get a pass/fail for each item.
Monitoring Workflow
Claude Desktop doesn't have scheduling built in. But you can save your monitoring prompt and rerun it whenever you need to.
For automated monitoring, use Claude Code in a script:
# Run a health check from the command line
echo "Check SSL, headers, and performance for mysite.com" | claude --mcp
Or set up a cron job that pipes the prompt to Claude Code and saves the output.
Tips
- Be specific about what to check. "Run a health check" is good. "Check everything about my website" is vague and might use more API calls than you need.
- List all domains upfront. Claude will batch them more efficiently than if you add them one at a time.
- Use the
check_headersgrade as a quick triage. A or B is fine. C or lower means you should fix something. - Monitor
days_until_expiryfrom the SSL check. Set your threshold at 30 days. Most certificate renewals happen automatically, but it's good to catch failures early.
Related Tools
- SSL Health Inspector - Try the SSL check in your browser
- Security Headers Inspector - See the grading in action
- Website Performance Analyzer - Test load times interactively
- Email Auth Validator - Check SPF/DKIM/DMARC records
- Link Checker - Verify individual URLs