Website Health Report

Comprehensive website health audit in a single run. Checks HTTP status, SSL certificates, DNS resolution, security headers, meta tags, and response time. Returns a unified health score (0-100) with per-category grades.

What does Website Health Report do?

Website Health Report takes a list of URLs and runs 6 independent checks on each one: HTTP connectivity, SSL certificate validity, DNS resolution, security headers compliance, meta tag completeness, and page performance. Each check produces its own score and grade (A-F), and a weighted overall health score combines them into a single number.

Every issue found is categorized by severity (critical/warning/info) with a specific message explaining the problem.

Use cases

• Agencies — Run a quick health check on all client websites in one batch
• DevOps — Monitor SSL expiry, DNS resolution, and security headers across infrastructure
• SEO professionals — Audit meta tags, canonical links, and Open Graph tags
• Web developers — Validate new deployments with a single comprehensive check
• Security teams — Identify missing security headers across domains

Why use Website Health Report?

• 6 checks in one run — HTTP, SSL, DNS, security headers, meta tags, performance
• Unified score — Single 0-100 health score with A-F grade
• Per-category breakdown — Individual scores and grades for each check category
• Issue tracking — Every problem listed with severity and specific message
• Batch processing — Audit up to 200 URLs in a single run
• Fast — Parallel checks per URL, typically 2-5 seconds each

What does it check?

Category	Weight	What it checks
HTTP	20%	Status code, HTTPS, redirect chains, connectivity
SSL	20%	Certificate validity, expiry date, issuer
DNS	10%	A records, MX records, NS records, redundancy
Headers	20%	HSTS, CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy
Meta	15%	Title, description, viewport, charset, Open Graph, canonical, lang
Performance	15%	Response time, HTML size, inline script/style count

Input parameters

Parameter	Type	Required	Default	Description
urls	string[]	Yes	—	Website URLs to audit
maxUrls	integer	No	50	Maximum URLs to audit per run
timeoutPerUrlSecs	integer	No	30	Timeout per URL in seconds

Output example

{
    "url": "https://example.com",
    "domain": "example.com",
    "healthScore": 76,
    "healthGrade": "B",
    "httpGrade": "A",
    "sslGrade": "A",
    "dnsGrade": "A",
    "headersGrade": "F",
    "metaGrade": "C",
    "performanceGrade": "A",
    "httpScore": 100,
    "sslScore": 95,
    "dnsScore": 85,
    "headersScore": 20,
    "metaScore": 55,
    "performanceScore": 100,
    "issues": [
        { "category": "headers", "severity": "critical", "message": "Missing security header: strict-transport-security" },
        { "category": "headers", "severity": "warning", "message": "Missing security header: content-security-policy" },
        { "category": "meta", "severity": "warning", "message": "Missing meta description" }
    ],
    "issueCount": 11,
    "criticalCount": 1,
    "warningCount": 8,
    "auditedAt": "2026-03-01T20:00:00.000Z"
}

Grading scale

Grade	Score range
A	90-100
B	75-89
C	55-74
D	35-54
F	0-34

How to run a website health audit

1. Open Website Health Report on Apify.
2. Enter one or more website URLs in the urls field.
3. Optionally adjust maxUrls and timeoutPerUrlSecs settings.
4. Click Start and wait for the audit to finish.
5. Review health scores, grades, and issues in the Dataset tab.
6. Download results as JSON, CSV, or Excel.

How much does it cost to audit website health?

This actor uses pay-per-event pricing:

Event	Price	Description
Actor start	$0.035	Charged once per run
URL audited	$0.003	Charged per URL audited

Example costs:

• 1 URL: $0.035 + $0.003 = $0.038
• 10 URLs: $0.035 + (10 x $0.003) = $0.065
• 100 URLs: $0.035 + (100 x $0.003) = $0.335

Using the Apify API

Node.js

import { ApifyClient } from 'apify-client';

const client = new ApifyClient({ token: 'YOUR_API_TOKEN' });

const run = await client.actor('automation-lab/website-health-report').call({
    urls: ['https://example.com', 'https://mysite.com'],
    maxUrls: 50,
});

const { items } = await client.dataset(run.defaultDatasetId).listItems();
items.forEach((item) => {
    console.log(`${item.url}: ${item.healthScore}/100 (${item.healthGrade}) — ${item.issueCount} issues`);
    item.issues.filter(i => i.severity === 'critical').forEach(i => {
        console.log(`  CRITICAL: ${i.message}`);
    });
});

Python

from apify_client import ApifyClient

client = ApifyClient("YOUR_API_TOKEN")

run = client.actor("automation-lab/website-health-report").call(run_input={
    "urls": ["https://example.com", "https://mysite.com"],
})

for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    print(f"{item['url']}: {item['healthScore']}/100 ({item['healthGrade']})")
    for issue in item["issues"]:
        if issue["severity"] == "critical":
            print(f"  CRITICAL: {issue['message']}")

cURL

curl -X POST "https://api.apify.com/v2/acts/automation-lab~website-health-report/runs?token=YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "urls": ["https://example.com", "https://mysite.com"]
  }'

Use with Claude AI (MCP)

This actor is available as a tool in Claude AI through the Model Context Protocol (MCP). Add it to Claude Desktop, Cursor, Windsurf, or any MCP-compatible client.

Setup for Claude Code

$claude mcp add --transport http apify "https://mcp.apify.com"

Setup for Claude Desktop, Cursor, or VS Code

Add this to your MCP config file:

{
    "mcpServers": {
        "apify": {
            "url": "https://mcp.apify.com"
        }
    }
}

Example prompts

• "Run a full health audit on our website: https://example.com"
• "Check SEO, performance, and security for these URLs"
• "Which of these domains has the most critical security issues?"

Learn more in the Apify MCP documentation.

Integrations

• Google Sheets — Export health reports to spreadsheets for client reporting
• Slack — Get alerts when websites score below a threshold
• Webhooks — Trigger automated remediation workflows
• n8n / Make — Schedule weekly health audits with notification pipelines

How do I check if my website is healthy?

A complete website health check should cover six areas: HTTP connectivity (is the site accessible?), SSL certificates (is the connection secure?), DNS configuration (are records set up correctly?), security headers (are browser protections in place?), meta tags (are SEO elements present?), and page performance (how fast does it load?).

Website Health Report runs all six checks in a single run and produces a unified 0-100 score. Enter your URL, click Start, and get a full audit in under 10 seconds — no configuration, no browser extensions, no manual checks.

What security headers should every website have?

Modern websites should include these six security headers:

• Strict-Transport-Security (HSTS) — Forces HTTPS connections, prevents downgrade attacks
• Content-Security-Policy (CSP) — Controls which resources the browser can load, mitigates XSS
• X-Content-Type-Options — Prevents MIME type sniffing
• X-Frame-Options — Blocks clickjacking by controlling iframe embedding
• Referrer-Policy — Controls how much referrer information is sent with requests
• Permissions-Policy — Restricts access to browser features like camera, microphone, geolocation

Website Health Report checks all six headers and flags missing ones as critical or warning issues. Many production websites score F on headers despite functioning correctly — the low score indicates security hardening opportunities.

How can I monitor website health over time?

Set up scheduled website health audits to catch issues before they impact users:

1. Apify Scheduler — Run Website Health Report on a daily or weekly schedule directly from the Apify platform
2. Webhook alerts — Configure a webhook to POST results to Slack, email, or PagerDuty when the health score drops below a threshold
3. n8n / Make workflows — Build automation pipelines that run audits, compare scores to previous runs, and alert on regressions
4. API integration — Call the actor programmatically from your CI/CD pipeline to validate deployments before going live

Pair with Website Change Monitor for continuous content surveillance alongside periodic health audits.

How do I bulk-audit hundreds of websites at once?

Website Health Report processes up to 200 URLs per run with parallel execution. For agencies managing many client websites or DevOps teams monitoring infrastructure:

1. Prepare a list of URLs (one per line or as a JSON array)
2. Paste them into the urls input field
3. Set maxUrls to match your list size (default: 50)
4. Run the audit — each URL takes 2-5 seconds

For larger batches, split URLs across multiple runs. The per-URL cost is $0.003, so auditing 1,000 websites costs about $3.04 total.

Tips and best practices

• Audit all your domains regularly — SSL expiry and header changes can happen without warning
• Focus on critical issues first: missing HSTS and expired SSL are the highest-risk findings
• Use maxUrls to batch large domain lists efficiently
• The issues array is sorted by check order — filter by severity for prioritized action lists
• Pair with Website Change Monitor for ongoing surveillance after initial audit

Legality

Scraping publicly available data is generally legal according to the US Court of Appeals ruling (HiQ Labs v. LinkedIn). This actor only accesses publicly available information and does not require authentication. Always review and comply with the target website's Terms of Service before scraping. For personal data, ensure compliance with GDPR, CCPA, and other applicable privacy regulations.

FAQ

Why does my website score low on headers even though it works fine? The headers check evaluates security headers like HSTS, Content-Security-Policy, X-Content-Type-Options, and X-Frame-Options. Many websites function correctly without these headers but are vulnerable to certain attacks. A low headers score means security hardening opportunities exist, not that the site is broken.

The SSL grade shows F but my certificate is valid. What is wrong? The SSL check looks at more than just certificate validity. It also checks expiry dates (certificates expiring within 30 days are penalized), certificate chain issues, and whether the server supports modern TLS versions. An F grade can result from an expired certificate, a self-signed certificate, or misconfigured certificate chains.

Compliance

This actor makes standard HTTP requests to audit publicly accessible websites. It checks SSL certificates via TLS handshake and DNS records via standard resolution. No authentication is used. No private data is accessed.

Related scrapers

• HTTP Status Checker — Check HTTP status codes, response times, and redirect targets for any list of URLs
• Tech Stack Detector — Detect frameworks, CMS, analytics, and other technologies used by any website