Pre-Launch & Launch Checklist
Document ID: WBL-DEL-LC-[ID]-v1.0
Project: [PROJECT NAME]
Client: [CLIENT NAME]
Project Manager: [PM NAME]
Target Launch Date: [DATE]
Checklist Completed By: [NAME]
Date Completed: [DATE]
Purpose: This checklist must be completed in full and signed off by both the Agency Project Manager and the Client Project Owner before any DNS cutover or public launch is authorized. No launch proceeds without a completed and signed copy of this document.
Critical rule: If any item in the 🔴 LAUNCH BLOCKER category is incomplete, launch is postponed until resolved. 🟡 items should be resolved within the agreed post-launch window.
Section 1 — Technical Infrastructure
1.1 Hosting & Server
| # | Item | Status | Notes | Priority |
|---|
| 1.1.1 | Hosting environment provisioned and stable | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.1.2 | Server region confirmed (matches data residency requirements) | ☐ Pass ☐ Fail ☐ N/A | Region: | 🔴 |
| 1.1.3 | PHP / Node / runtime version confirmed and matches dev environment | ☐ Pass ☐ Fail ☐ N/A | Version: | 🔴 |
| 1.1.4 | Environment variables and production API keys configured | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.1.5 | .htaccess / nginx config reviewed and tested | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.1.6 | Gzip / Brotli compression enabled | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 1.1.7 | Caching configured (server-level and/or application-level) | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 1.1.8 | CDN configured and tested (if applicable) | ☐ Pass ☐ Fail ☐ N/A | Provider: | 🟡 |
| 1.1.9 | Firewall rules configured | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.1.10 | DDoS protection active (if applicable) | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
1.2 SSL & Security
| # | Item | Status | Notes | Priority |
|---|
| 1.2.1 | SSL certificate installed and valid | ☐ Pass ☐ Fail ☐ N/A | Expiry: | 🔴 |
| 1.2.2 | HTTPS enforced (HTTP redirects to HTTPS) | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.2.3 | HSTS header configured (Strict-Transport-Security) | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.2.4 | X-Frame-Options or CSP frame-ancestors set | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 1.2.5 | Content-Security-Policy (CSP) header configured | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 1.2.6 | X-Content-Type-Options: nosniff set | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 1.2.7 | Referrer-Policy header set | ☐ Pass ☐ Fail ☐ N/A | | 🟢 |
| 1.2.8 | Admin panel / CMS login URL not publicly guessable (if WordPress) | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 1.2.9 | Default admin credentials changed | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.2.10 | File permissions reviewed (not 777) | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.2.11 | Directory listing disabled | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.2.12 | Security headers verified via securityheaders.com or equivalent | ☐ Pass ☐ Fail ☐ N/A | Score: | 🟡 |
1.3 DNS & Domain
| # | Item | Status | Notes | Priority |
|---|
| 1.3.1 | Domain registered and not expiring within 60 days | ☐ Pass ☐ Fail ☐ N/A | Expiry: | 🔴 |
| 1.3.2 | DNS TTL lowered (recommended: 300s) 48 hours before cutover | ☐ Pass ☐ Fail ☐ N/A | Current TTL: | 🔴 |
| 1.3.3 | A / CNAME records staged and verified | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.3.4 | MX records confirmed — email will not break on DNS change | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.3.5 | www → non-www (or vice versa) redirect configured | ☐ Pass ☐ Fail ☐ N/A | Canonical: | 🔴 |
| 1.3.6 | Old site backup snapshot taken before DNS change | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.3.7 | Client has authorized DNS change in writing | ☐ Pass ☐ Fail ☐ N/A | Authorized by: | 🔴 |
| 1.3.8 | DNS propagation time communicated to client | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
1.4 Backup System
| # | Item | Status | Notes | Priority |
|---|
| 1.4.1 | Backup system configured and first backup completed | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 1.4.2 | Backup restoration tested (confirm restore works) | ☐ Pass ☐ Fail ☐ N/A | Tested date: | 🔴 |
| 1.4.3 | Backup storage is offsite / geographically separate | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 1.4.4 | Backup retention period configured per plan | ☐ Pass ☐ Fail ☐ N/A | Retention: | 🟡 |
| 1.4.5 | Client notified of backup access and restore request process | ☐ Pass ☐ Fail ☐ N/A | | 🟢 |
| # | Item | Status | Score / Result | Priority |
|---|
| 2.1 | Google PageSpeed Insights — Mobile score | ☐ Pass ☐ Fail | Score: (Target: ≥ 75) | 🔴 |
| 2.2 | Google PageSpeed Insights — Desktop score | ☐ Pass ☐ Fail | Score: (Target: ≥ 85) | 🟡 |
| 2.3 | Core Web Vitals — LCP (Largest Contentful Paint) | ☐ Pass ☐ Fail | LCP: (Target: < 2.5s) | 🔴 |
| 2.4 | Core Web Vitals — CLS (Cumulative Layout Shift) | ☐ Pass ☐ Fail | CLS: (Target: < 0.1) | 🔴 |
| 2.5 | Core Web Vitals — INP (Interaction to Next Paint) | ☐ Pass ☐ Fail | INP: (Target: < 200ms) | 🟡 |
| 2.6 | Time to First Byte (TTFB) | ☐ Pass ☐ Fail | TTFB: (Target: < 600ms) | 🟡 |
| 2.7 | Images optimized (WebP/AVIF, correct sizing, lazy loading) | ☐ Pass ☐ Fail | | 🔴 |
| 2.8 | CSS and JavaScript minified | ☐ Pass ☐ Fail | | 🟡 |
| 2.9 | No render-blocking resources (or minimized) | ☐ Pass ☐ Fail | | 🟡 |
| 2.10 | Font loading optimized (font-display: swap; preload) | ☐ Pass ☐ Fail | | 🟡 |
| 2.11 | Third-party script impact assessed and acceptable | ☐ Pass ☐ Fail | Scripts: | 🟡 |
Section 3 — SEO
| # | Item | Status | Notes | Priority |
|---|
| 3.1 | All pages have unique, descriptive <title> tags | ☐ Pass ☐ Fail | | 🔴 |
| 3.2 | All pages have unique <meta description> (under 160 chars) | ☐ Pass ☐ Fail | | 🔴 |
| 3.3 | H1 tags present and unique per page | ☐ Pass ☐ Fail | | 🔴 |
| 3.4 | Canonical tags configured correctly | ☐ Pass ☐ Fail | | 🔴 |
| 3.5 | XML sitemap generated and accessible at /sitemap.xml | ☐ Pass ☐ Fail | URL: | 🔴 |
| 3.6 | robots.txt configured — crawling not blocked in production | ☐ Pass ☐ Fail | | 🔴 |
| 3.7 | Staging environment blocked from indexing (noindex) | ☐ Pass ☐ Fail | | 🔴 |
| 3.8 | Production environment indexable (no noindex on live pages) | ☐ Pass ☐ Fail | | 🔴 |
| 3.9 | Open Graph tags (og:title, og:description, og:image) | ☐ Pass ☐ Fail | | 🟡 |
| 3.10 | Structured data / schema markup implemented (if applicable) | ☐ Pass ☐ Fail ☐ N/A | Types: | 🟡 |
| 3.11 | 301 redirects configured for all old URLs (migration only) | ☐ Pass ☐ Fail ☐ N/A | Redirect count: | 🔴 |
| 3.12 | No broken internal links (crawl verified) | ☐ Pass ☐ Fail | Tool used: | 🔴 |
| 3.13 | Images have descriptive alt text | ☐ Pass ☐ Fail | | 🟡 |
| 3.14 | hreflang tags implemented for multilingual sites | ☐ Pass ☐ Fail ☐ N/A | Languages: | 🔴 |
Section 4 — Analytics & Tracking
| # | Item | Status | Notes | Priority |
|---|
| 4.1 | Google Analytics 4 property configured | ☐ Pass ☐ Fail ☐ N/A | GA4 ID: | 🔴 |
| 4.2 | GA4 data stream active and receiving data | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 4.3 | Google Tag Manager container installed | ☐ Pass ☐ Fail ☐ N/A | GTM ID: | 🔴 |
| 4.4 | Key conversion events configured (form submit, purchase, etc.) | ☐ Pass ☐ Fail ☐ N/A | Events: | 🔴 |
| 4.5 | Google Search Console property verified | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 4.6 | Sitemap submitted to Google Search Console | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 4.7 | Internal IP addresses excluded from analytics | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 4.8 | Heatmap / session recording tool configured (if applicable) | ☐ Pass ☐ Fail ☐ N/A | Tool: | 🟢 |
| 4.9 | Analytics verified in staging — no data cross-contamination | ☐ Pass ☐ Fail | | 🔴 |
| 4.10 | Client has access to analytics account | ☐ Pass ☐ Fail | | 🟡 |
| # | Item | Status | Notes | Priority |
|---|
| 5.1 | All contact/lead forms tested and submitting correctly | ☐ Pass ☐ Fail ☐ N/A | Forms tested: | 🔴 |
| 5.2 | Form email notifications arriving at correct address(es) | ☐ Pass ☐ Fail ☐ N/A | Email: | 🔴 |
| 5.3 | Form submissions going to CRM (if integrated) | ☐ Pass ☐ Fail ☐ N/A | CRM: | 🔴 |
| 5.4 | Spam protection active on all forms (reCAPTCHA / honeypot) | ☐ Pass ☐ Fail | | 🔴 |
| 5.5 | Form confirmation messages (user-facing) appear correctly | ☐ Pass ☐ Fail | | 🟡 |
| 5.6 | Thank-you page / event tracked in analytics | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 5.7 | E-commerce checkout flow tested end-to-end (if applicable) | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 5.8 | Payment gateway in live mode (if applicable) | ☐ Pass ☐ Fail ☐ N/A | Provider: | 🔴 |
| 5.9 | Search functionality tested (if applicable) | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 5.10 | Chat / support widget configured (if applicable) | ☐ Pass ☐ Fail ☐ N/A | Tool: | 🟢 |
| 5.11 | Booking / scheduling tool tested (if applicable) | ☐ Pass ☐ Fail ☐ N/A | Tool: | 🔴 |
| 5.12 | All third-party integrations tested in production environment | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 5.13 | 404 error page configured and branded | ☐ Pass ☐ Fail | | 🟡 |
| 5.14 | Error pages (500, 503) configured | ☐ Pass ☐ Fail ☐ N/A | | 🟢 |
Section 6 — Cross-Device & Browser Testing
6.1 Browser Testing
| Browser | Version | Desktop | Tablet | Mobile | Pass/Fail |
|---|
| Chrome (latest) | | ☐ | ☐ | ☐ | |
| Firefox (latest) | | ☐ | ☐ | ☐ | |
| Safari (latest) | | ☐ | ☐ | ☐ | |
| Edge (latest) | | ☐ | ☐ | ☐ | |
| Safari (iOS — iPhone) | | N/A | ☐ | ☐ | |
| Chrome (Android) | | N/A | ☐ | ☐ | |
| Samsung Internet (if relevant) | | N/A | N/A | ☐ | |
6.2 Device / Viewport Testing
| Viewport | Tested | Issues Found | Status |
|---|
| 375px (iPhone SE / small mobile) | ☐ | | |
| 390px (iPhone 14) | ☐ | | |
| 428px (large mobile) | ☐ | | |
| 768px (iPad portrait) | ☐ | | |
| 1024px (iPad landscape / small laptop) | ☐ | | |
| 1280px (standard laptop) | ☐ | | |
| 1440px (standard desktop) | ☐ | | |
| 1920px (wide desktop) | ☐ | | |
Section 7 — Accessibility
| # | Item | Status | Notes | Priority |
|---|
| 7.1 | WCAG 2.1 AA automated audit completed (Axe / WAVE / Lighthouse) | ☐ Pass ☐ Fail | Tool: Score: | 🔴 |
| 7.2 | All images have meaningful alt text (or null alt for decorative) | ☐ Pass ☐ Fail | | 🔴 |
| 7.3 | Color contrast meets AA minimum (4.5:1 text; 3:1 UI) | ☐ Pass ☐ Fail | | 🔴 |
| 7.4 | Keyboard navigation tested — all interactive elements reachable | ☐ Pass ☐ Fail | | 🔴 |
| 7.5 | Focus states visible on all interactive elements | ☐ Pass ☐ Fail | | 🔴 |
| 7.6 | Skip navigation link present | ☐ Pass ☐ Fail | | 🟡 |
| 7.7 | Semantic HTML used (proper headings, landmarks, lists) | ☐ Pass ☐ Fail | | 🟡 |
| 7.8 | Screen reader tested (NVDA / VoiceOver — main user flows) | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 7.9 | Forms have associated <label> elements | ☐ Pass ☐ Fail | | 🔴 |
| 7.10 | Video has captions / transcripts (if applicable) | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 7.11 | Animations can be disabled (prefers-reduced-motion) | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 7.12 | Accessibility statement page present (if required) | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
Section 8 — Content & Legal
| # | Item | Status | Notes | Priority |
|---|
| 8.1 | All placeholder text removed (no lorem ipsum, [PLACEHOLDER], etc.) | ☐ Pass ☐ Fail | | 🔴 |
| 8.2 | All images are properly licensed (stock images purchased / client-provided) | ☐ Pass ☐ Fail | | 🔴 |
| 8.3 | No copyrighted content used without authorization | ☐ Pass ☐ Fail | | 🔴 |
| 8.4 | Privacy Policy page present and accurate | ☐ Pass ☐ Fail | URL: | 🔴 |
| 8.5 | Terms & Conditions / Terms of Use page present (if applicable) | ☐ Pass ☐ Fail ☐ N/A | URL: | 🟡 |
| 8.6 | Cookie Policy and consent banner implemented | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 8.7 | Cookie consent banner geotargeted correctly (GDPR / CASL / CCPA) | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 8.8 | Refund / Terms of Sale page present (e-commerce) | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 8.9 | Disclaimer / regulatory notice present (healthcare, finance, legal) | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 8.10 | French-language version present (Quebec / France — if required) | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 8.11 | Contact information on website is current and correct | ☐ Pass ☐ Fail | | 🔴 |
| 8.12 | Social media links tested and go to correct profiles | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 8.13 | Favicon present and correct | ☐ Pass ☐ Fail | | 🟡 |
| 8.14 | Apple touch icon present | ☐ Pass ☐ Fail | | 🟢 |
Section 9 — AI Automation (if applicable)
| # | Item | Status | Notes | Priority |
|---|
| 9.1 | All API keys rotated to production (not test) keys | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 9.2 | Webhook endpoints secured (signature verification) | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 9.3 | Production workflow triggered and tested end-to-end | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 9.4 | Error handling and fallback behavior tested | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 9.5 | Rate limits reviewed — production API quota sufficient | ☐ Pass ☐ Fail ☐ N/A | Quota: | 🔴 |
| 9.6 | Human review checkpoint functional (if applicable) | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
| 9.7 | Audit log / execution history configured | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 9.8 | Monitoring / alerting configured for failures | ☐ Pass ☐ Fail ☐ N/A | Tool: | 🟡 |
| 9.9 | Client access to workflow monitoring granted | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 9.10 | No sensitive data stored in plain text in workflow logs | ☐ Pass ☐ Fail ☐ N/A | | 🔴 |
Section 10 — Post-Launch Monitoring Setup
| # | Item | Status | Notes | Priority |
|---|
| 10.1 | Uptime monitoring configured (alert to PM and client) | ☐ Pass ☐ Fail | Tool: | 🔴 |
| 10.2 | Alert threshold set (notify at < 100% uptime) | ☐ Pass ☐ Fail | | 🔴 |
| 10.3 | SSL expiry alert configured (notify 30 days before expiry) | ☐ Pass ☐ Fail | | 🟡 |
| 10.4 | Domain expiry alert configured (notify 60 days before expiry) | ☐ Pass ☐ Fail | | 🟡 |
| 10.5 | Security scan scheduled (weekly / monthly) | ☐ Pass ☐ Fail ☐ N/A | | 🟡 |
| 10.6 | GA4 confirmed live and collecting data post-DNS | ☐ Pass ☐ Fail | | 🔴 |
| 10.7 | Crawl errors monitored (Search Console alerts set up) | ☐ Pass ☐ Fail | | 🟡 |
Section 11 — Final Launch Authorization
11.1 Agency Sign-Off
Webility confirms that:
- All 🔴 LAUNCH BLOCKER items are marked Pass
- All known 🟡 items are documented with a remediation plan and target date
- The staging environment has been tested and performs as specified
- The client has been briefed on post-launch monitoring and warranty terms
Agency PM Sign-Off:
Name: ___________________________
Signature: ___________________________
Date: ___________________________
11.2 Client Sign-Off
[CLIENT NAME] confirms that:
- The staging environment has been reviewed and User Acceptance Testing is complete
- All requested revisions have been addressed to satisfaction
- DNS change authorization is granted for: [DOMAIN(S)]
- The Client is aware that launch will make the website publicly accessible
- The Client is aware that the 30-day warranty period begins on the launch date
Outstanding 🟡 items acknowledged (Client accepts that the following items will be addressed post-launch within the agreed window):
| Item # | Description | Target Date |
|---|
| | |
| | |
Client Project Owner Sign-Off:
Name: ___________________________
Title: ___________________________
Signature: ___________________________
Date: ___________________________
Section 12 — Launch Log
| Event | Time (with timezone) | Actioned By | Confirmed By |
|---|
| Staging sign-off received | | | |
| DNS TTL lowered | | | |
| DNS records updated | | | |
| SSL confirmed on new DNS | | | |
| Site live and verified | | | |
| Analytics confirmed live | | | |
| Forms tested on live URL | | | |
| Uptime monitor activated | | | |
| Client notified of go-live | | | |
| Post-launch 24h check completed | | | |
| Post-launch 7-day check completed | | | |
Webility — WBL-DEL-LC-[ID]-v1.0 | Pre-Launch & Launch Checklist
This document constitutes the official launch authorization record. Retain for project file.