Add your first app
Monitoring starts with one field: your app's URL. Everything else — the first check, the security scan, the incident engine — kicks off on its own.
Add the URL
From the dashboard, click Add app and paste your URL. You can skip the https:// — we'll add it. A name is optional; if you leave it blank we use the hostname.
The URL has to be publicly reachable. localhost, private network addresses, and internal hostnames are rejected — our checkers live on the public internet, same as your users.
The first check runs within seconds of adding the app, and you land on the app's page just in time to watch it go green. From then on we check every minute, from three regions (US, Europe, Asia). How many apps you can monitor depends on your plan — the current limits are on the pricing page.
What runs automatically
- Uptime checks, every 60 seconds. When something looks wrong we re-check faster and confirm from a second region before calling it an outage — you'll never get paged over one dropped packet.
- SSL and domain expiry tracking. We warn you 14 days before your certificate expires and 30 days before your domain does — escalating as the deadline gets close.
- Passive security checks. Security headers, TLS setup, email protection (SPF/DMARC), DNS hygiene, cookies, mixed content. These only look at what your site shows any visitor.
Verify ownership (recommended)
Some checks probe for things like a publicly exposed .env file or an open admin panel. We only run those against sites whose owner has proven control — so verifying unlocks the full security scan. Three ways to prove it, any one works:
- DNS TXT record. Add a TXT record with the value shown on your app's Setup tab:
tmwd-verify=<your token>
Add it at the domain apex (@) — we accept it on the app's exact host or any parent domain, so the easy path your DNS provider offers is fine.
- Meta tag. If DNS isn't convenient, put this in your page's
<head>and deploy:
<meta name="tmwd-verify" content="<your token>" />
It must be in the <head>, not the body — that's deliberate, so a comment section can't be used to "verify" a site you don't own.
- Connect the app's GitHub repo. A connected repo counts as proof of ownership too — one step, two benefits (see the next guide).
Click Verify on the Setup tab once the record or tag is live. DNS can take a few minutes to propagate; if it doesn't pass right away, wait a moment and try again. The moment verification succeeds, the deeper scan runs on your app's next check.