Comprehensive Checklist Before Launching Your Website

How to Use This Checklist

Work through each section in order. The goal is to turn mistakes into impossibilities: automate what you can, document the rest. If you’re new to our system, pair this with Site Architecture, Automation for Web Dev, and Internal Linking Best Practices.

SEO: Indexing, Signals, and Structure

• Canonical URLs: Exactly one per page; self-referential where appropriate.
• Meta: Title ≤60 chars, description 150–160 chars; unique per page.
• Open Graph / Twitter: og:title, og:description, og:image (1200×630), twitter:card.
• Robots: Public pages use index, follow. Thin archives/search → noindex, follow.
• Sitemaps: XML split by type (pages, posts, locations). All entries 200-OK, canonical, HTTPS.
• Breadcrumbs: Visible UI + BreadcrumbList JSON-LD.
• Schema: BlogPosting/Article, Organization, WebSite, WebPage; ensure valid JSON-LD.
• Internal links: Pillars ↔ clusters ↔ services/locations. No orphans.
• Hreflang (if multi-locale): Bidirectional mapping; include self-ref.

Performance: Core Web Vitals & Byte Budget

• LCP ≤ 2.5s, CLS ≤ 0.05, INP ≤ 200ms, Total bytes ≤ 1.2MB.
• Images: .webp by default, explicit width/height, lazy-load non-critical, 1200×630 social crops ≤50KB if possible.
• CSS/JS: Minify, tree-shake, defer/async non-critical. Avoid over-hydration.
• Fonts: Preload primary, use font-display: swap, self-host when feasible.
• Caching: Long Cache-Control for assets, short/ETag for HTML. Use immutable hashes.

// lighthouserc.json (budgets)
{
  "ci": {
    "collect": { "staticDistDir": "dist" },
    "assert": {
      "assertions": {
        "largest-contentful-paint": ["error", { "maxNumericValue": 2500 }],
        "cumulative-layout-shift": ["error", { "maxNumericValue": 0.05 }],
        "interactive": ["error", { "maxNumericValue": 3500 }],
        "total-byte-weight": ["error", { "maxNumericValue": 1200000 }]
      }
    }
  }
}

Accessibility: Inclusive by Default

• Logical heading order; meaningful link text (no “click here”).
• Color contrast ≥ WCAG AA; visible focus states.
• ARIA only when necessary; form labels tied to inputs.
• Alt text for all non-decorative images; captions for media.
• Keyboard navigable; no keyboard traps.

Automate with axe-core in CI; verify critical flows with screen readers.

Content QA: Accuracy, Consistency, and UX

• Proofread for clarity; enforce style via Prettier/Markdownlint.
• Check dates, prices, and legal statements for accuracy.
• Replace placeholder text/media; verify alt text matches imagery.
• Verify CTAs route to correct funnels; calibrate tone by page intent.
• Ensure title, description, and H1 are aligned.

Security & Privacy: Ship Safely

• HTTPS redirect (301) site-wide; no mixed content.
• HSTS, CSP, Referrer-Policy, X-Content-Type-Options, X-Frame-Options (or frame-ancestors in CSP).
• Sanitize user input; validate forms server-side even on static front-ends.
• Cookie banner (if applicable) + privacy policy; minimize third-party scripts.
• Rotate API keys/secrets; restrict origins; use environment variables in CI.

# netlify.toml (headers)
[[headers]]
  for = "/*"
  [headers.values]
    Content-Security-Policy = "default-src 'self'; img-src 'self' https: data:; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none';"
    Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
    Referrer-Policy = "strict-origin-when-cross-origin"
    X-Content-Type-Options = "nosniff"

Analytics, Events & Monitoring

• Install analytics (e.g., Plausible or GA4); confirm pageviews and goals.
• Define events: CTA clicks, form submits, table/filter interactions.
• Search Console + Bing Webmaster Tools set up and verified.
• Uptime monitoring + broken link monitor post-launch.
• Error logging for serverless endpoints; alerts on failure.

Forms, Deliverability & Thank-You Paths

• Form validation client + server; honeypot/Turnstile to reduce spam.
• Test success/failure states; show clear confirmations.
• Email deliverability: SPF, DKIM, DMARC set; test to multiple inboxes.
• CRM/webhook connections verified; duplicate prevention in place.
• Post-submit route to resource or booking; send follow-up email.

Routing, Redirects & Error States

• Map legacy → new URLs (301). Avoid chains and loops.
• Custom 404/410 with helpful nav/search; graceful 500 fallbacks.
• Trailing slash + lowercase policy; consistent canonicalization.

# _redirects (examples)
/old-services/seo   /services/seo   301
/blog/old-post      /blog/new-post  301

Infrastructure: DNS, SSL, Caching

• DNS propagated; www ↔ apex rules; single canonical host.
• SSL cert active; auto-renew enabled; no mixed content.
• Edge caching rules tuned; purge strategy documented.
• Staging environment locked behind auth; robots blocked.

Governance: Content, Media & Ownership

• Editorial calendar live; owners for each page/section.
• Media license audit complete; attribution where required.
• Backup/export plan documented; restore tested.
• Roles/permissions assigned in hosting, DNS, analytics, and CMS.

Final “Green Light” Checklist

• ✅ Pages pass Lighthouse mobile: LCP ≤ 2.5s, CLS ≤ 0.05, TTI ≤ 3.5s, bytes ≤ 1.2MB.
• ✅ axe-core shows no critical a11y violations on key flows.
• ✅ Sitemaps valid; robots.txt references them; Search Console verified.
• ✅ Canonicals, OG tags, and meta descriptions unique and accurate.
• ✅ 301 map implemented; no redirect chains; 404/500 pages styled.
• ✅ CSP/HSTS headers present; no mixed content.
• ✅ Forms submit; emails deliver (SPF/DKIM/DMARC); CRM receives leads.
• ✅ Analytics events firing; dashboards ready; alerts configured.
• ✅ Backups created; rollback plan documented.

Post-Launch: First 30 Days

• Monitor crawl errors, Core Web Vitals, and coverage in Search Console.
• Fix 404s/redirects weekly; submit updated sitemaps after major content pushes.
• Review analytics for entry pages & drop-offs; tune CTAs and internal links.
• Collect user feedback; run a/b on headlines or CTAs where traffic allows.