Comprehensive Checklist Before Launching Your Website

By · Updated

Look, I would like to tell you this list will make launch day non-exciting and will totally avoid mess-ups, but that would be a lie — best practice still says we do our due diligence.

How to Use This Checklist

Systematic approaches to technical projects are generally recommended, especially when consumer facing products are at stake. My recommendation: work through each section in order. The goal is to turn last minute catches into opportunities to ensure functionality and preserve brand reputation: by now you should have automated what you could have, documented the rest, and accepted the working gaps for what they are. Sites are rewarded for iteration, so as long as you have a strong foundation, the rest can be worked out later. If you’re new to my system, pair this read with Site Architecture, Automation for Web Dev, and Internal Linking Best Practices.

SEO: Indexing, Signals, and Structure

  • Canonical URLs: Exactly one per page; self-referential where appropriate.
    • Why: Consolidates duplicates and parameters so link equity isn’t split.
    • How: In templates, emit:
    <link rel="canonical" href="{{ page.url | absolute }}">
    • Never point canonicals to non-200 or non-HTTPS URLs.
    • Quick check: Search site:yourdomain.com inurl=? and confirm canonical points to the clean URL.
  • Meta: Title ≤60 chars, description 150–160 chars; unique per page.
    • Why: Controls SERP messaging and boosts CTR.
    • How: Front matter → template; enforce uniqueness in CI.
    • Snippet:
    <title>{{ title }} | {{ site.name }}</title>
<meta name="description" content="{{ description | truncate(160, true) }}">
  • Open Graph / Twitter: og:title, og:description, og:image (1200×630), twitter:card.
    • Why: Clean social previews increase shares and assisted links.
    • How: Generate social images at build time; use absolute URLs.
    • Snippet:
    <meta property="og:title" content="{{ ogTitle | default: title }}">
<meta property="og:description" content="{{ description }}">
<meta property="og:image" content="{{ ogImage | absolute }}">
<meta name="twitter:card" content="summary_large_image">
  • Robots: Public pages use index, follow. Thin archives/search → noindex, follow.
    • Why: Guides crawl budget toward money pages.
    • How: Conditional meta robots; keep staging blocked by robots.txt and noindex headers.
    • Snippet:
    {% if isThin %}<meta name="robots" content="noindex,follow">{% else %}<meta name="robots" content="index,follow">{% endif %}
  • Sitemaps: XML split by type (pages, posts, locations). All entries 200-OK, canonical, HTTPS.
    • Why: Faster discovery and better coverage diagnostics.
    • How: Emit /sitemap.xml index with children: /sitemap-pages.xml, /sitemap-posts.xml, etc.
    • Quick check: Validate 200/HTTPS and lastmod as ISO 8601.
  • Breadcrumbs: Visible UI + BreadcrumbList JSON-LD.
    • Why: Improves internal linking and SERP breadcrumb display.
    • Snippet:
    <script type="application/ld+json">{
 "@context":"https://schema.org",
 "@type":"BreadcrumbList",
 "itemListElement":[
  {"@type":"ListItem","position":1,"name":"Homepage","item":"{{ site.url }}/"},
  {"@type":"ListItem","position":2,"name":"{{ section.name }}","item":"{{ section.url | absolute }}"},
  {"@type":"ListItem","position":3,"name":"{{ title }}","item":"{{ page.url | absolute }}"}
 ]}</script>
  • Schema: BlogPosting/Article, Organization, WebSite, WebPage; ensure valid JSON-LD.
    • Why: Rich results eligibility and clearer entity understanding.
    • How: Absolute URLs, ISO dates, matching headline/H1; no contradictory data.
  • Internal links: Pillars ↔ clusters ↔ services/locations. No orphans.
    • Why: Distributes PageRank and clarifies topical authority.
    • How: Add “Further reading” blocks per post; enforce ≥2 inbound links/page in CI.
  • Hreflang (if multi-locale): Bidirectional mapping; include self-ref.
    • Why: Prevents wrong-language rankings and cannibalization.
    • How: Emit full sets per page (en-us, es-us, x-default).

Performance: Core Web Vitals & Byte Budget

  • LCP ≤ 2.5s, CLS ≤ 0.05, INP ≤ 200ms, Total bytes ≤ 1.2MB.
    • Why: Rankings, conversions, and user trust ride on this.
    • How: Serve hero image as responsive <img> with width/height; preconnect to CDN; inline critical CSS.
  • Images: .webp by default, explicit width/height, lazy-load non-critical, 1200×630 social crops ≤50KB if possible.
    • How: loading="lazy" for below-the-fold, fetchpriority="high" on LCP image.
    <img src="/img/hero-1200.webp" width="1200" height="630" alt="..." fetchpriority="high" decoding="async">
  • CSS/JS: Minify, tree-shake, defer/async non-critical. Avoid over-hydration.
    • How: Split vendor vs. app bundles; islands-only interactivity; kill unused deps quarterly.
  • Fonts: Preload primary, use font-display: swap, self-host when feasible.
  • Caching: Long Cache-Control for assets, short/ETag for HTML. Use immutable hashes.
    • How: /assets/app.abc123.css with Cache-Control: public, max-age=31536000, immutable.

Usability & UX: Don’t Make People Think

  • Navigation: Obvious, consistent, and predictable. 5–7 primary items, clear labels, persistent breadcrumbs.
    • How: Top tasks in the main nav; everything else gets demoted or linked contextually.
    • Quick check: First-time user finds pricing, contact, and services in under 10 seconds.
  • Content hierarchy: Proper H2/H3 nesting, bullet lists, and scannable sections for fast comprehension.
    • How: Keep paragraphs ≤80–120 words; one idea per block.
  • Mobile ergonomics: Hit targets ≥44px, no tiny text, thumb-friendly buttons in logical zones.
    • How: Place primary CTA in-view on load; test on small phones, not just big ones.
  • Forms: Cut fields to what’s essential, show inline validation, clear error states, obvious success confirmation.
    • How: Mask phone numbers; client + server validation; disabled states are not confirmations.
  • Readability: 16–18px base, generous line-height, tested in bright and dark modes.
  • Trust signals: Add testimonials, clear contact info, and client logos to reduce friction.

Accessibility: Inclusive by Default

  • Logical heading order; meaningful link text (no “click here”).
  • Color contrast ≥ WCAG AA; visible focus states.
  • ARIA only when necessary; form labels tied to inputs.
  • Alt text for all non-decorative images; captions for media.
  • Keyboard navigable; no keyboard traps.

Content QA: Accuracy, Consistency, and UX

  • Proofread for clarity; enforce style via Prettier/Markdownlint.
  • Check dates, prices, and legal statements for accuracy.
  • Replace placeholder text/media; verify alt text matches imagery.
  • Verify CTAs route to correct funnels; calibrate tone by page intent.
  • Ensure title, description, and H1 are aligned.
  • Bonus: Add “last updated” dates on evergreen posts and refresh quarterly to keep rankings fresh.

Security & Privacy: Ship Safely

  • HTTPS redirect (301) site-wide; no mixed content.
  • HSTS, CSP, Referrer-Policy, X-Content-Type-Options, X-Frame-Options (or frame-ancestors in CSP).
  • Sanitize user input; validate forms server-side even on static front-ends.
  • Cookie banner (if applicable) + privacy policy; minimize third-party scripts.
  • Rotate API keys/secrets; restrict origins; use environment variables in CI.
  • Audit external embeds and dependencies quarterly; remove unused scripts.
  • Verify backups and restores under load, not just in theory.

Snippet (Netlify headers):

[[headers]]
for = "/*"
  [headers.values]
  Content-Security-Policy = "default-src 'self'; img-src 'self' https: data:; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none';"
  Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
  Referrer-Policy = "strict-origin-when-cross-origin"
  X-Content-Type-Options = "nosniff"

Analytics, Events & Monitoring

  • Install analytics (e.g., Plausible or GA4); confirm pageviews and goals.
  • Define events: CTA clicks, form submits, table/filter interactions.
  • Search Console + Bing Webmaster Tools set up and verified.
  • Uptime monitoring + broken link monitor post-launch.
  • Error logging for serverless endpoints; alerts on failure.
  • Pro tip: Mark internal dev/staff traffic with a filter to keep reports clean.

Forms, Deliverability & Thank-You Paths

  • Form validation client + server; honeypot/Turnstile to reduce spam.
  • Test success/failure states; show clear confirmations.
  • Email deliverability: SPF, DKIM, DMARC set; test to multiple inboxes.
  • CRM/webhook connections verified; duplicate prevention in place.
  • Post-submit route to resource or booking; send follow-up email.
  • Quick check: Screenshot and save success states per form as proof at launch.

Routing, Redirects & Error States

  • Map legacy → new URLs (301). Avoid chains and loops.
  • Custom 404/410 with helpful nav/search; graceful 500 fallbacks.
  • Trailing slash + lowercase policy; consistent canonicalization.

Snippet:

/old-services/seo   /services/seo   301
/blog/old-post      /blog/new-post  301

Infrastructure: DNS, SSL, Caching

  • DNS propagated; www ↔ apex rules; single canonical host.
  • SSL cert active; auto-renew enabled; no mixed content.
  • Edge caching rules tuned; purge strategy documented.
  • Staging environment locked behind auth; robots blocked.

Governance: Content, Media & Ownership

  • Editorial calendar live; owners for each page/section.
  • Media license audit complete; attribution where required.
  • Backup/export plan documented; restore tested.
  • Roles/permissions assigned in hosting, DNS, analytics, and CMS.

Final “Green Light” Checklist

  • Pages pass Lighthouse mobile: LCP ≤ 2.5s, CLS ≤ 0.05, TTI ≤ 3.5s, bytes ≤ 1.2MB.
  • axe-core shows no critical a11y violations on key flows.
  • Sitemaps valid; robots.txt references them; Search Console verified.
  • Canonicals, OG tags, and meta descriptions unique and accurate.
  • 301 map implemented; no redirect chains; 404/500 pages styled.
  • CSP/HSTS headers present; no mixed content.
  • Forms submit; emails deliver (SPF/DKIM/DMARC); CRM receives leads.
  • Analytics events firing; dashboards ready; alerts configured.
  • Backups created; rollback plan documented.

Post-Launch: First 30 Days

  • Monitor crawl errors, Core Web Vitals, and coverage in Search Console.
  • Fix 404s/redirects weekly; submit updated sitemaps after major content pushes.
  • Review analytics for entry pages & drop-offs; tune CTAs and internal links.
  • Collect user feedback; run A/B tests on headlines or CTAs where traffic allows.
  • Cadence: Week 1 triage, Week 2–3 iteration, Week 4 retrospective and backlog grooming.

Spot an error or a better angle? Tell me and I’ll update the piece. I’ll credit you by name—or keep it anonymous if you prefer. Accuracy > ego.

Portrait of Mason Goulding

Mason Goulding · Founder, Maelstrom Web Services

Builder of fast, hand-coded static sites with SEO baked in. Stack: Eleventy · Vanilla JS · Netlify · Figma

With 10 years of writing expertise and currently pursuing advanced studies in computer science and mathematics, Mason blends human behavior insights with technical execution. His Master’s research at CSU–Sacramento examined how COVID-19 shaped social interactions in academic spaces — see his thesis on Relational Interactions in Digital Spaces During the COVID-19 Pandemic . He applies his unique background and skills to create successful builds for California SMBs.

Every build follows Google’s E-E-A-T standards: scalable, accessible, and future-proof.

Start Your Project See Our Work