Probe type · Pro+
WebSocket probe
The only check that proves your WebSocket endpoint actually upgrades, negotiates the right subprotocol, and stays responsive after the 101.
Why you need it
A WebSocket probe exercises every phase of a real WebSocket connection — DNS, TCP, TLS, HTTP Upgrade, subprotocol negotiation, and an actual send / receive round-trip after the 101. An HTTP probe stops at the response status code; a TCP probe never even tries the Upgrade. Neither catches the failure modes that hit WebSocket apps in production.
Three depth levels:
- Level 1 — Connect + 101. DNS → TCP → TLS
→
GETwithUpgrade: websocket+Sec-WebSocket-Key→ server returns101 Switching Protocols. - Level 2 — Subprotocol assertion. Offer
subprotocols (e.g.
graphql-ws, graphql-transport-ws) and assert that the server'sSec-WebSocket-Protocolresponse matches. Catches silent server changes that upgrade fine but no longer support your client's protocol. - Level 3 — Send/receive RTT. After the 101
the probe sends a small text frame (default
"ping") and waits for a response. Echo semantics by default; switchable to "any non-control frame counts" for servers that emit a welcome frame.
The Upgrade handshake runs over HTTP/1.1 by default. For environments that already run WebSockets over HTTP/2 via RFC 8441's CONNECT extension, an HTTP/2 mode is one toggle away. A single auth-style header is AES-GCM encrypted at rest; additional non-secret headers live in a separate JSON field.
Where it pays off
Use a WebSocket probe whenever your product's real-time path matters and HTTP polling can't tell you it's healthy:
- GraphQL subscriptions — assert the
graphql-transport-wssubprotocol negotiates and a ping frame round-trips inside the budget. - Chat / collaboration apps — Slack-style real-time infra where the WebSocket is the product. Level 3 RTT catches the wedged-event-loop failure.
- Phoenix / Rails ActionCable / SignalR — frameworks that emit a welcome frame on connect. Set "Expect echo" to off.
- MQTT-over-WebSocket and trading APIs — financial and IoT exchanges publishing prices over WSS.
- Authenticated WebSocket APIs — Bearer token or API-key in the encrypted Auth field.
Not the right choice when: the endpoint speaks long-poll HTTP rather than WebSockets — use the HTTP probe. Also a poor fit for Server-Sent Events (SSE) — that's an HTTP/2 stream and reachable from the HTTP probe.
Configuration parameters
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
Name |
string |
Required | — | Human-readable label for the probe. |
Target URL |
string (ws:// or wss://) |
Required | — | Full WebSocket URL. wss:// preferred for production. Internal hostnames rejected at save time. |
HTTP version |
Http11 | Http2 |
Optional | Http11 | Transport version. HTTP/2 (RFC 8441) requires server SETTINGS_ENABLE_CONNECT_PROTOCOL; falls back to HTTP/1.1. |
Offered subprotocols |
string (comma-separated) |
Optional | — | Subprotocols the client offers (e.g. "graphql-ws, graphql-transport-ws"). |
Expected subprotocol |
string |
Optional | — | Hard assertion — server's chosen subprotocol must equal this value or the probe flips Down. |
Origin header |
string |
Optional | — | Value of the Origin request header. Required by CSRF-aware servers. |
Custom headers |
JSON object |
Optional | — | Map of header → value sent on the Upgrade request. Non-secret only — use Auth header for credentials. |
Auth header |
string (encrypted at rest) |
Optional | — | Single auth-style line (Bearer / X-API-Key). AES-GCM encrypted; sent as Authorization. |
Send RTT probe |
boolean |
Optional | true | When on, after the 101 the probe sends a small text frame and waits for a response (Level 3). |
RTT payload |
string |
Optional | ping | Text payload for the RTT probe. Capped at 64 KB. |
Expect echo |
boolean |
Optional | true | When on, server response must equal what we sent. When off, any non-control frame counts (welcome frame servers). |
Handshake Degraded (ms) |
integer |
Optional | 1000 | Connect + TLS + Upgrade budget above which the probe reports Degraded. |
RTT Degraded (ms) |
integer |
Optional | 200 | Post-101 send/receive latency above which the probe reports Degraded. |
RTT timeout (ms) |
integer |
Optional | 5000 | Hard ceiling on the RTT-probe response. |
Ignore server cert validation |
boolean |
Optional | false | Accept self-signed or untrusted server certs. |
Available on Pro+. Already on StatusPulse? See the full config in Help →
Related
Try WebSocket probe in StatusPulse
5 probes, 1 status page, forever. No credit card. US or EU host — you choose.