Why a Launch Checklist Is Not a Formality

Anyone who has ever launched a site "in a hurry" knows that special dread: the client found a typo in the contact details, Google indexed a placeholder page, the contact form wasn't sending emails for three days. The checklist below is the result of dozens of launches and all the pain points we've experienced ourselves or seen with clients.

Divided into 7 blocks: content → SEO → performance → security → functionality → analytics → legal.

Block 1: Content

  • No Lorem ipsum — walk through every page, especially "advantages", "about us" blocks and card footers

  • Current contact details — phone, email, address, working hours verified and correct

  • Spelling and grammar — run a spell checker on at least the main pages

  • Correct prices and terms — if there's a price list, it's up to date

  • Links working — check internal and external links. Tools: Broken Link Checker, Screaming Frog

  • Favicon set — 32×32px and 180×180px (Apple touch icon), shows in browser tab

  • 404 page — custom, with navigation and a "Back to Home" button. Not a server technical stub

Block 2: SEO

  • Title and meta description — unique for each page, not empty, not duplicated. Title: 50–60 characters. Description: 120–160 characters.

  • H1 on every page — one H1, matches the page topic, doesn't duplicate the Title

  • Sitemap.xml — generated and accessible at /sitemap.xml. Contains all public pages with current dates.

  • Robots.txt — configured, doesn't block indexing of needed pages. Check: /robots.txt

  • Canonical URL<link rel="canonical"> tag on all pages, pointing to the correct version (with or without www, with or without trailing slash)

  • hreflang — if multilingual, configure language alternate tags for each page

  • Google Search Console — site added, sitemap submitted, no critical errors

  • Image alt texts — all meaningful images have descriptive alt attributes

  • Schema.org markup — LocalBusiness, BreadcrumbList, or other relevant type. Verify through Google Rich Results Test

Block 3: Performance

  • Google PageSpeed Insights — mobile score ≥70, desktop ≥85. Fix critical recommendations

  • Images optimized — converted to WebP or AVIF, compressed without quality loss. Tools: Squoosh, ImageOptim

  • Lazy loading — images below the first screen have loading="lazy" attribute

  • CSS and JS minified — built for production via npm run build or equivalent

  • Caching configured — static files (CSS, JS, images) cached by browser. Check Cache-Control headers

  • Fonts optimizedfont-display: swap, only necessary weights loaded

Block 4: Security

  • SSL certificate — HTTPS enabled, padlock displayed. Redirect from http:// to https:// configured

  • HTTP Security Headers — check via securityheaders.com:

    • X-Content-Type-Options: nosniff

    • X-Frame-Options: SAMEORIGIN

    • Referrer-Policy: strict-origin-when-cross-origin

    • Content-Security-Policy — basic configuration

  • CMS and plugin updates — WordPress, Drupal and all plugins updated to current versions

  • Admin password — not admin/admin, unique, in a password manager

  • Backup — first backup made, backup schedule configured (daily or weekly)

Block 5: Functionality

  • Forms tested — every form sends data, the responsible person received a test email, success message displays

  • Email confirmation — automatic email to client after form submission sends correctly and doesn't land in spam

  • Mobile version — checked on a real device (not just DevTools). iOS Safari + Chrome Android — minimum

  • Cross-browser testing — Chrome, Firefox, Safari, Edge. Tool: BrowserStack or real devices

  • Site search — if present, returns relevant results and doesn't break on special characters

  • Open Graph tagsog:title, og:description, og:image (minimum 1200×630px) configured. Check via Facebook Sharing Debugger or by sending the link in Telegram

  • Twitter/X Card tagstwitter:card, twitter:title, twitter:image

Block 6: Analytics

  • Google Analytics 4 — code installed, data is flowing (check Realtime report). Key events configured: CTA clicks, form submissions

  • Google Tag Manager — if used, container published in production mode

  • Goals/Conversions — at least one conversion event configured (form submission, call, purchase)

Block 7: Legal

  • Privacy Policy — mandatory if you collect any personal data. Must include: what you collect, how you use it, user rights

  • Cookie notice — if using Google Analytics or other trackers, a cookie notification is required (especially for EU audiences)

  • Terms of Use — mandatory for e-commerce and SaaS. Recommended for regular corporate sites

  • Company details — legal entity name, registration number, address — in the footer or contacts page

What to Do After Launch

  • First week: check Google Search Console daily for indexing errors

  • First month: monitor Core Web Vitals in GSC, fix issues

  • Remember updates: CMS, plugins, SSL certificate (if not auto-renewal)

Need help with a pre-launch audit or fixing identified issues? We'll conduct a full review and prepare your site for launch.