Website Launch Checklist

Before going live, conduct a thorough technical review of every page on your site. Start by clicking through all navigation menus and internal links to confirm none are broken or misdirected. Test every form — contact, quote, newsletter sign-up, and any checkout — by submitting real test entries and verifying you receive the corresponding notifications. Look for broken images by scanning each page for empty placeholders or missing visuals. Run your site through a crawler like Screaming Frog, Ahrefs, or Google Search Console's URL Inspection tool to surface 404 errors, redirect chains, duplicate pages, and missing metadata at scale. Test on multiple devices: at minimum a desktop monitor, a tablet, and two different smartphones (ideally one iOS and one Android). Check interactive elements like dropdown menus, mobile hamburger menus, accordions, sliders, and lightboxes on each device — these are the most common places cross-platform bugs hide. If you are migrating from an older site, verify that every previously-indexed URL either still exists at the same path or has a clean 301 redirect pointing to its new equivalent. A missing redirect means that URL loses both its accumulated search ranking and any bookmarked traffic. Create a simple spreadsheet to log each page, who tested it, and the date — this creates accountability and ensures nothing is missed in the rush to launch.

Content errors erode trust faster than almost anything else. Proofread every single page — not just the homepage — for spelling, grammar, and punctuation mistakes. Do not rely solely on spell-check tools; they miss correctly spelled words used in the wrong context. Read each page aloud to catch awkward phrasing that your eye skips over when reading silently. Critically, search every page for placeholder text such as 'Lorem ipsum', 'TBD', '[Insert copy here]', or dummy phone numbers and addresses. These are embarrassing and damage credibility the moment a visitor spots them. Verify that your contact details — phone number, email address, and physical address if applicable — are correct on every page they appear, including the footer, contact page, and any schema markup. Cross-check that all team member names, titles, and bios are current and that no former employees still appear on an About page. Confirm that your privacy policy is up to date and references the correct business name and data collection practices — especially important if you collect form data or use Google Analytics. Review all legal disclaimers, copyright years, and terms of service. Check that all external links open in a new tab when appropriate and do not send visitors away without warning. Finally, review all image alt text to ensure it is descriptive and accurate, which also benefits your SEO.

Your SEO foundation needs to be solid on day one. Every page on the site should have a unique meta title that is under 60 characters and accurately reflects the page content — duplicate meta titles confuse search engines about which page to rank. Every page also needs a unique meta description between 140 and 160 characters that clearly describes the page and includes a natural call to action to encourage clicks from search results. Review your heading structure: each page should have exactly one H1, and all subsequent subheadings should follow a logical H2, H3 hierarchy. Do not skip heading levels. Ensure every image has descriptive alt text that explains what the image shows — this helps search engines understand your visual content and improves accessibility for screen reader users. Generate and submit your XML sitemap to Google Search Console and Bing Webmaster Tools before or immediately after launch. If you are migrating, add a disavow file for any toxic backlinks from the old domain. Set up canonical tags to prevent duplicate content issues, particularly if your site can be accessed at both www and non-www versions. Configure your robots.txt file to allow search engine crawlers access to all pages you want indexed, and block staging subdirectories or admin areas. Finally, implement structured data markup (schema.org) for your business type, services, and any reviews to help search engines better understand your site's content.

Launching without analytics is like opening a store without any windows — you have no idea who is coming in, what they are doing, or why they are leaving. Install Google Analytics 4 and verify it is correctly recording page views before launch by using the GA4 DebugView. Set up conversion events for every meaningful action on your site: form submissions, phone number clicks, email link clicks, file downloads, and any e-commerce transactions. These conversion events tell you which pages and traffic sources are actually generating business, not just visits. Connect your site to Google Search Console so you can monitor keyword rankings, crawl errors, and indexing status from day one — this data is invaluable for the first few months of a new site. If you run Google Ads, verify that your Google Ads conversion tracking tag is firing correctly on your thank-you pages or via enhanced conversions. Do the same for any Meta (Facebook) Pixel, LinkedIn Insight Tag, or other advertising pixels you use. Consider adding a heat mapping tool like Hotjar or Microsoft Clarity — both have free tiers — to record session replays and heat maps showing exactly where visitors click, scroll, and drop off. Set up email reporting inside GA4 so you receive a weekly summary of key metrics without having to log in manually. Document every tag and event name in a tracking plan spreadsheet so you can maintain consistency as the site evolves.

A website without proper security is a liability — both to your business and your visitors. Start by confirming that your SSL certificate is fully installed and that every single page loads over HTTPS, including images, scripts, and stylesheets loaded from external sources. Mixed content warnings — where an HTTPS page loads HTTP resources — will trigger browser security warnings that deter visitors. Set up automatic HTTP to HTTPS redirects at the server or DNS level so no one ever lands on an insecure version of your site. Review file and directory permissions on your hosting server to ensure sensitive areas like configuration files, upload folders, and admin directories are not publicly accessible. Change all default admin usernames and passwords before launch — 'admin' and 'password123' are the first credentials bots try. Enable two-factor authentication on your CMS, hosting control panel, and domain registrar accounts. If you are on WordPress, install a reputable security plugin and configure it to limit login attempts, monitor for file changes, and block known malicious IP ranges. Set up daily or weekly automated backups of both your database and files, and verify the backup restoration process actually works by doing a test restore before launch. If your site collects payment information, ensure you are PCI-DSS compliant (the standard governing how businesses handle credit card data) and not storing raw card data. After launch, set up regular automated vulnerability scans to catch newly discovered exploits before attackers do.

A site that looks flawless in Chrome on your laptop may be broken on Safari on an iPhone or Edge on a Windows 11 machine — and a significant portion of your visitors will be on exactly those platforms. At a minimum, test in Chrome, Firefox, Safari, and Microsoft Edge on desktop. On mobile, test both Safari on iOS and Chrome on Android. If your audience includes older demographics, also test in Samsung Internet Browser, which ships as the default on Samsung devices and handles some CSS properties differently. Tools like BrowserStack or LambdaTest let you test on real devices and browser versions without owning them all. Pay particular attention to CSS properties with inconsistent browser support: CSS Grid, custom properties (variables), backdrop-filter, and newer color functions can behave differently across browsers. Check that custom fonts load correctly on all platforms and that the fallback fonts do not create layout-breaking size differences. Test all interactive JavaScript features — forms, accordions, modals, carousels — in each browser. Confirm hover states are replaced with touch-appropriate interactions on mobile, since hover does not exist on touchscreens. Review print stylesheets if your content may be printed (service menus, resource pages). For email newsletters or transactional emails your site sends, test those in Gmail, Outlook, and Apple Mail, which each render HTML differently. Document every browser-specific issue found and track its resolution before launch.

Website performance directly affects your search rankings, your bounce rate, and ultimately your conversion rate. Google's Core Web Vitals are the benchmarks that matter most: aim for a Largest Contentful Paint (LCP) of under 2.5 seconds, which measures how long the biggest visible element takes to load. Target a Cumulative Layout Shift (CLS) under 0.1, which measures unexpected visual shifts that make visitors accidentally click the wrong thing. Aim for an Interaction to Next Paint (INP) under 200 milliseconds, measuring how quickly the page responds to user interactions. Run your site through Google PageSpeed Insights, which tests your actual URL and provides real-world data from Chrome users, not just a lab simulation. Address the highest-impact issues first: compress and properly size images (convert to WebP format where possible), enable browser caching with appropriate cache lifetimes, minify CSS, JavaScript, and HTML files, and eliminate render-blocking resources that delay the page from displaying. Implement lazy loading for images below the fold so they only download when the user scrolls near them. Use a content delivery network (CDN) to serve assets from servers physically closer to your visitors — this alone can cut load times by 30-50% for geographically distributed audiences. Set a performance budget before launch and re-run your PageSpeed tests after every significant code or content change to catch regressions early.

Launching is not the finish line — it is the starting gun. Set up uptime monitoring through a service like UptimeRobot, Better Stack (formerly Better Uptime), or Pingdom, all of which offer free tiers that check your site every few minutes and alert you by email or SMS if it goes down. Nothing is more damaging than a site that has been down for hours before anyone noticed. Schedule a structured review of Google Analytics and Google Search Console data every week for the first month. Look for unexpected drops in organic traffic, pages with high bounce rates and low engagement time, and any crawl errors that appeared post-launch. Monitor your Core Web Vitals data inside Search Console, as it aggregates real-world measurements from Chrome users and reflects actual visitor experience better than any lab test. Set up Google Alerts for your business name and domain to catch mentions, potential reputation issues, or scraper sites copying your content. Plan a formal 30-day post-launch review meeting where you compare actual traffic and conversion performance against your goals. Gather feedback from real users — ask customers what they found confusing or difficult. Many sites benefit from a round of usability fixes after watching how real people interact with the site. Track your keyword rankings weekly for the first three months; new sites often experience slow initial ranking growth as Google indexes and evaluates your content — this is normal. Stay consistent with publishing quality content and building authority, and the rankings will follow.