Checklist

Website go-live checklist for a new build

Launching a brand-new site? This is the end-to-end checklist I run before flipping a build live, from content and performance to SEO, analytics, accessibility and launch day itself.

A launch is not a single moment, it is a sequence of checks. Work top to bottom; nothing here is optional on a site you want to stand behind.

Content and design

  • Every page proofread, with a second set of eyes on headings and CTAs.
  • Images compressed and sized correctly, with descriptive filenames.
  • Favicon, touch icons and social share image (Open Graph) in place.
  • Custom 404 and error pages that route people back into the site.
  • Legal pages live: privacy policy, terms, and a cookie/consent notice.
  • Placeholder and lorem-ipsum content removed everywhere.

Performance

  • Core Web Vitals checked on real pages (LCP, CLS, INP), not just the homepage.
  • Images lazy-loaded below the fold; the hero image prioritised.
  • Caching, minification and compression enabled at the server or CDN.
  • Tested on a real mid-range phone, not only a desktop browser.

SEO foundations

  • Unique title tags and meta descriptions on every indexable page.
  • One H1 per page, with a sensible heading hierarchy beneath it.
  • XML sitemap generated and robots.txt allowing the right paths.
  • Canonical tags set; structured data (Organisation, Article) where relevant.
  • The staging site is no longer indexable once the real site is live.

Analytics and tracking

  • GA4 installed and firing, ideally via a tag manager.
  • Key conversions configured as events (enquiry, call booking, download).
  • Consent handling wired so tags respect the cookie banner.
  • Search Console property verified and the sitemap submitted.

Accessibility

  • Meaningful alt text on informative images; decorative images marked empty.
  • Colour contrast meets WCAG AA for text and interactive elements.
  • Full keyboard navigation with visible focus states.
  • Form fields have labels; errors are announced, not just coloured.

Security and infrastructure

  • HTTPS enforced site-wide, with HTTP redirecting to HTTPS.
  • Sensible security headers (HSTS, CSP where practical).
  • Automated backups running and a restore actually tested.
  • DNS TTL lowered a day before launch so cutover propagates fast.

Forms and integrations

  • Every form submitted as a real user and the notification received.
  • Spam protection (honeypot or captcha) enabled.
  • Email deliverability checked: SPF, DKIM and DMARC records set.
  • CRM, booking and payment integrations tested end to end.

Launch day and after

  • DNS cut over, SSL verified on the live domain, and a full smoke test run.
  • Uptime and error monitoring switched on.
  • Within a week: check Search Console coverage, analytics flow and broken links, and gather first feedback.