MCP server integration
Endpoint:
https://mcp.siteguardian.io
(path-based fallback: https://siteguardian.io/mcp)
1. What it is
The SiteGuardian MCP server lets you query your monitoring data directly from MCP-capable AI clients like Claude Desktop, Cursor, Claude Code, and Windsurf. Ask about scan results, drift events, and fix recommendations in natural language without leaving your workflow.
The server runs on our infrastructure; your client connects over Streamable HTTP. Five tools ship in v1 — one anonymous (scan_domain), four authenticated with an API key.
2. Try it without an account
The scan_domain tool works without authentication. Paste this into a terminal to get a live scan of any domain:
curl -X POST https://mcp.siteguardian.io \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/event-stream' \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"scan_domain","arguments":{"domain":"example.com"}}}'
Anonymous scans are rate-limited to 10 per hour per source IP. Results are cached for 2 hours — repeat calls for the same domain return the same snapshot.
3. Install in your client
Cursor
One-click install via the Add to Cursor button on the landing page, or edit ~/.cursor/mcp.json manually:
{
"mcpServers": {
"siteguardian": {
"url": "https://mcp.siteguardian.io"
}
}
}
Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows), then restart the app.
{
"mcpServers": {
"siteguardian": {
"url": "https://mcp.siteguardian.io"
}
}
}
Claude Code (CLI)
Run in your terminal:
claude mcp add --transport http siteguardian https://mcp.siteguardian.io
Windsurf
Edit ~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"siteguardian": {
"serverUrl": "https://mcp.siteguardian.io"
}
}
}
VS Code / GitHub Copilot
Run in your terminal:
code --add-mcp '{"name":"siteguardian","type":"http","url":"https://mcp.siteguardian.io"}'
4. Getting an API key
Anonymous scan_domain works without a key. The four other tools (list_monitored_domains, get_domain_status, get_drift_events, get_fix_recommendations) require a Bearer token.
API keys are available on the Monitor, Compliance, and Enterprise plans. Free-tier accounts will see an upgrade prompt.
- Sign in at siteguardian.io.
- Open Settings → API & Integrations.
- Click Generate key, name it, copy it. You only see the full key once.
- Add it to your client config as an
Authorization: Bearer <key>header. For Claude Desktop:
{
"mcpServers": {
"siteguardian": {
"url": "https://mcp.siteguardian.io",
"headers": {
"Authorization": "Bearer sg_live_...your_key..."
}
}
}
}
Same header shape for Cursor, Windsurf, VS Code. For Claude Code: append --header "Authorization: Bearer <key>" to the mcp add command.
5. What you can ask
Scan a domain. "Run a security scan on example.com and show me the grade." Your client calls scan_domain and reports back the A–F grade plus the top 3 issues.
Check your monitored sites. "List all the domains I'm monitoring." Returns current grade and last-scan timestamp for each.
Investigate a drop. "What changed on example.com in the past week?" Returns drift events — TLS renegotiations, header changes, new third-party scripts — ordered by time.
Get copy-paste fixes. "Give me the nginx config I need to fix the missing HSTS header on example.com." Returns the exact config snippet with your domain interpolated.
6. Tool reference
| Tool | Input | Returns | Auth |
|---|---|---|---|
| scan_domain | domain | Grade, top 3 issues, permalink | Anonymous |
| list_monitored_domains | — | All monitored domains + grades | API key |
| get_domain_status | domain | Current grade + active issues | API key |
| get_drift_events | domain, since?, limit? | Drift events with severity | API key |
| get_fix_recommendations | domain, issue_id? | Snippets + verify commands | API key + paid tier |
7. Rate limits
- Anonymous: 10 scan_domain calls per hour per source IP
- Authenticated: 120 calls per minute per API key
- Per target: the same domain is not freshly scanned more than 2× per minute — cached results serve repeated calls within a 2-hour window
8. Privacy
🇪🇺 EU hosting. No third-party LLM. No training.
The SiteGuardian MCP server runs on our infrastructure in Germany. Your queries and tool arguments are logged for abuse prevention and billing but are not sent to any third-party AI service. We do not use your MCP traffic to train any model.
Tool responses are generated deterministically from your account's existing monitoring data — no LLM inference happens on our side.
9. Troubleshooting
- Server not connecting
- Verify the endpoint URL is exactly
https://mcp.siteguardian.io(no trailing slash, no /v1). Restart the client after editing config. Check your firewall allows outbound HTTPS to siteguardian.io. - Authentication errors
- Confirm the
Authorizationheader isBearer sg_live_...with a single space. If in doubt, revoke the key in Settings and create a fresh one. - Tool not appearing in client
- Update to the latest client version; MCP support is available in recent releases of Claude Desktop, Cursor, Claude Code, Windsurf, and VS Code Copilot.
- Rate limit errors
- Anonymous scan_domain is capped at 10/hour/IP. Authenticated tools at 120/min/key. If you're hitting either, wait or upgrade to a higher tier for more throughput.
- Anonymous scan returns cached result
- Scans are cached for 2 hours per domain. The
cachedfield in the response is true when served from cache.
Problem not listed? Contact us — MCP is new; we're happy to debug with you.