pPleenx
Sign in
·8 min·Nikolay Spangelets·#webflow#agency#monitoring#care-plans

Monitoring for Webflow agencies: what actually needs watching

Webflow hosts the site so you don't get traditional 'server' downtime. The failure modes are different — custom domains, SSL renewals, third-party scripts, CMS limits. Practical checklist.

WordPress agencies have monitoring tooling sorted. ManageWP, MainWP, WPMU DEV — a whole industry exists around "watch the WordPress sites." Webflow agencies don't have an equivalent ecosystem, and the failure modes are different enough that just applying a WordPress monitoring playbook doesn't work.

This post is the Webflow-specific checklist.

Why "uptime monitoring" alone is wasted on Webflow

Webflow's underlying hosting (AWS Cloudfront + their own infrastructure) has 99.99%+ uptime measured year-over-year. If you're paying for an uptime monitor that pings the homepage every 60 seconds, you'll see the green dot stay green for years. That's not the value.

What does break on Webflow sites in agency portfolios:

  1. Custom domain SSL certificates. Webflow auto-provisions Let's Encrypt certs for custom domains, but renewal can fail silently if DNS records change or if the client's DNS provider rate-limits ACME challenges.
  2. Domain registration expiring — same as any agency-managed property. Webflow doesn't register the domain for you.
  3. DNS misconfiguration during migrations. The client moves their domain DNS from one provider to another; the Webflow-required A and CNAME records don't get carried over.
  4. Webflow plan limits. Site hits its monthly CMS items limit, form submission limit, or bandwidth limit. The site doesn't go down, but new content doesn't publish.
  5. Third-party script breakage. Custom embeds (HubSpot forms, Calendly widgets, custom JavaScript) silently 404 when the third party rotates URLs.
  6. Memberships / Ecommerce site logic breaking after a Webflow update or staging push.
  7. Form submissions failing — most catastrophic for lead-gen sites.

WordPress-style monitoring won't catch any of these well. You need Webflow-shaped monitoring.

The actual checklist

1. Custom domain SSL — real handshake every day

Webflow's UI says "SSL certificate enabled" with a green checkmark. That checkmark reflects the provisioning attempt, not the actual cert validity. We've seen sites where the UI says "enabled" while the live cert was expired for two weeks.

Run an external TLS handshake daily:

  • Connect to https://client.com
  • Validate the chain
  • Check notAfter for expiry
  • Match the hostname
  • Verify the issuer is what you expect (Let's Encrypt R3 or E1 for Webflow)

Alert at 30, 14, 3 days remaining. The Let's Encrypt 90-day cycle means certs renew silently in the background; missed renewals are caught only by external checks.

2. WHOIS / RDAP expiry for the domain

Webflow doesn't register your client's domain. Whatever registrar they use (GoDaddy, Namecheap, Google Domains alternative, etc.) controls the actual domain. If renewal fails, the entire site goes offline regardless of Webflow's uptime.

Daily WHOIS / RDAP check, three-tier alerts at 60/30/7 days, same as any other domain.

3. DNS configuration validity

Webflow custom domains require specific records:

  • A record on apex pointing at 75.2.60.5 and 99.83.190.102 (Webflow's load balancers)
  • CNAME on www pointing at proxy-ssl.webflow.com

These need to be exactly correct or both SSL provisioning and traffic delivery break.

Daily probe: resolve A and AAAA on apex, CNAME on www, alert on drift. If the client's DNS provider has a UI quirk that occasionally drops records (looking at you, certain registrars during migrations), you'll catch it before users do.

4. Webflow plan-limit monitoring

This is the hardest to monitor externally because Webflow's plan limits (CMS items, form submissions, bandwidth) are internal to Webflow.

Two options:

Option A — Webflow API. Webflow has a Data API that exposes CMS item count, form submission count, etc. Hit it daily, compare against plan limits, alert when approaching cap.

Option B — Manual review monthly. Less rigorous but works for smaller portfolios. Log into each site in Webflow Designer, check the dashboard counter, note in your monthly report.

Most agency operators skip this and the result is the client emails one Tuesday saying "we can't add new CMS items, we get an error." Could've been caught 3 weeks earlier with a 5-second API poll.

5. Third-party embed health

The Calendly widget on the contact page, the HubSpot form, the embedded YouTube player. These embed scripts are URLs the client doesn't control. When the third party deprecates or rotates them, your client's site silently breaks pieces.

Detection: fetch the rendered page, look for:

  • <script src> returning 4xx or 5xx
  • <iframe src> returning 4xx
  • Console errors at first-paint (requires headless browser to capture)

External uptime monitors don't see this. You need a probe that fetches the page and inspects loaded resources. Lighthouse / PageSpeed Insights catches some of it via the "best practices" audit. Pleenx's HTTP probe doesn't catch this directly; for embeds you need a synthetic flow that asserts specific text on the page after JS runs.

6. Form submission health (synthetic test)

The single most important canary for a Webflow lead-gen site: does the contact form actually deliver?

You can build a synthetic test that:

  • Fills out the form with a known dummy submission (use a clearly-fake address like monitor@yourdomain.com)
  • Submits
  • Checks that the submission lands in Webflow's form submissions list (via API)
  • Checks that the notification email arrives at the configured address

Run this weekly per form. When it stops working — usually because reCAPTCHA broke, or a Zapier integration deauthenticated, or Webflow updated form handling — you catch it before the client loses 30 leads.

This is the Pleenx-style "synthetic flow" probe. Not strictly required for every Webflow site, but for any client whose business depends on form submissions, it's the highest-value monitoring you can offer.

7. SEO and content-related probes

Webflow sites tend to have:

  • A well-handled robots.txt
  • Auto-generated sitemap.xml
  • Configurable OG meta per page
  • Configurable noindex per page

All of these can drift. We've seen:

  • A page launched with noindex set in CMS template, never noticed for months
  • Sitemap that stops including new CMS items because of a misconfigured collection setting
  • OG image set to staging-asset URL after a migration

Daily SEO probe per main page: title, description, canonical, robots-meta, OG presence. Catches these.

8. Email auth (SPF / DKIM / DMARC) for the domain

Just because the site is on Webflow doesn't change the email situation. The client still sends mail through Google Workspace, MailChimp, etc. SPF/DKIM/DMARC monitoring applies same as any other domain.

Full email-auth playbook here →

Webflow-specific stack: who handles what

| Concern | Webflow handles | You / client handle | |---|---|---| | Origin server uptime | ✅ Webflow | — | | CDN delivery | ✅ Webflow | — | | SSL provisioning | ✅ Webflow (auto Let's Encrypt) | — | | SSL renewal validation | ⚠️ Not visible externally | Daily external TLS check | | Custom DNS records | ❌ | Client's registrar | | Domain registration / renewal | ❌ | Client's registrar | | Form delivery | ✅ (mostly) | Synthetic test weekly | | Plan limits (CMS, forms, bandwidth) | ❌ visibility, ✅ enforcement | API poll daily | | Embed scripts | ❌ | External monitor | | SEO meta | ✅ configurable in Designer | External SEO probe | | Email auth | ❌ | DNS-side TXT records |

What a Webflow-specific monitoring report looks like

For each Webflow site, monthly deliverable should include:

  1. SSL status — issuer, days remaining, last verified
  2. Domain expiry — registrar, days remaining
  3. DNS state — A on apex, CNAME on www, exact match to Webflow's required values
  4. Plan utilization — CMS items used/limit, form submissions used/limit, bandwidth used/limit
  5. Form delivery confirmation — last successful synthetic submission
  6. SEO snapshot — main page meta, sitemap accessible, robots.txt sane
  7. Email auth — SPF/DKIM/DMARC state
  8. Incident log — any of the above that triggered an alert this month, with resolution

This is a different report than what you'd send a WordPress client. Different fields, different framing. Worth maintaining a separate template.

Webflow agency tooling stack we've seen work

  • Webflow Designer + CMS API — for plan-limit visibility
  • External monitoring (Pleenx, Oh Dear, etc.) — for SSL, DNS, WHOIS, HTTP, SEO, email-auth
  • Synthetic form tester (Pleenx synthetic flows, or hand-rolled cron) — for lead-form delivery
  • Zapier or n8n — to wire Webflow form submissions into client CRM/Slack with a heartbeat alert if no submissions in N days
  • Google Workspace + DMARC reporting — for email reputation

We're biased toward Pleenx for the external monitoring layer because it handles 7 of the 8 things in the table above in one place, but you can stitch the same coverage from 3-4 separate tools if you prefer.

TL;DR

  • Don't apply WordPress monitoring playbooks to Webflow sites — the failure modes are different.
  • Webflow handles uptime and CDN. Your job is everything around Webflow: DNS, domain registration, SSL renewal validity, plan limits, embeds, forms, SEO, email auth.
  • The highest-leverage monitor for a Webflow lead-gen site is a weekly synthetic form-submission test.
  • For multi-site Webflow agencies, the second-highest leverage is CMS / form / bandwidth limit polling via API — catches the "client can't publish" failure mode weeks earlier.

Run a free probe on your Webflow site →

NS
written byNikolay SpangeletsCTO · founder

Building Pleenx from the engineering side. 10+ years shipping production web platforms; broke enough things in production to know which monitoring is actually useful.

spanglz@pleenx.comgithub/spanglz
/related reads
2026-05-11 · 7 min

White-label monitoring reports: what to actually put in a client deliverable

The 'pretty PDF with your logo' isn't the value — it's what's in the report that justifies the retainer. Agency-tested template for monthly client monitoring deliverables.

2026-05-04 · 7 min

WordPress care plan checklist 2026: what to actually monitor (and what to drop)

Most agency WordPress care plan templates carry over a list of monitors that mattered in 2014 and ignore four things that take down clients in 2026. The current-state checklist plus the items we cut from ours.

2026-05-11 · 9 min

Core Web Vitals for agencies: LCP, INP, CLS without the marketing rebrand

CWV affects Google rankings, but most of what gets sold to clients as 'page speed optimization' addresses metrics that don't matter. Here's what each CWV actually measures and what to fix.