The Ultimate Website Launch Checklist for New Businesses (40 Items)

Q: How long before launch should I start this checklist?

Start the checklist at least 1 week before your target launch date. Performance optimization and SEO setup can take 2–3 days alone. Legal pages (privacy policy, terms) should be drafted even earlier. Give yourself buffer time for unexpected issues — there are always unexpected issues.

Q: What's the single most important item on this checklist?

SSL certificate (HTTPS). A site without HTTPS shows a 'Not Secure' warning in every major browser, which immediately destroys trust. Google also uses HTTPS as a ranking signal. It's free via Let's Encrypt — there's no excuse not to have it.

You've spent weeks (or months) building your website. The design is sharp. The content reads well. You're ready to launch. But before you point your domain and announce it to the world, there are 40 things that can go wrong — and most of them are easy to fix if you catch them now.

This isn't a theoretical list. It's the exact pre-launch audit we run at Day One AI Services before every deployment. We've organized it into eight categories: Performance, SEO, Security, Analytics, Content, Legal, Conversion, and Accessibility.

Print this out. Walk through it item by item. Your future self (and your first 100 visitors) will thank you.

🚀 Performance (Items 1–5)

A slow website is a dead website. 53% of mobile visitors leave if a page takes more than 3 seconds to load. Performance isn't just a nice-to-have — it's the foundation of everything else.

#1 Run PageSpeed Insights on every key page. Score 90+ on both mobile and desktop. Anything below 80 needs immediate attention — identify the specific bottlenecks (large images, render-blocking scripts, slow server response).
#2 Optimize all images. Convert to WebP or AVIF format. Compress to the smallest file size that maintains acceptable quality. Add explicit width and height attributes to prevent layout shift. Lazy-load anything below the fold.
#3 Verify Core Web Vitals. LCP (Largest Contentful Paint) under 2.5 seconds. CLS (Cumulative Layout Shift) under 0.1. INP (Interaction to Next Paint) under 200ms. These thresholds directly impact your Google rankings.
#4 Enable compression and caching. Gzip or Brotli compression for text-based assets (HTML, CSS, JS). Cache-Control headers for static assets (images, fonts) with appropriate max-age values. A CDN like Cloudflare adds both for free.
#5 Test on real, slow devices. Open Chrome DevTools, throttle to "Slow 3G" and "Low-end mobile," and navigate your site. What you experience is what your worst-case visitor experiences. Fix anything that feels unacceptable.

🔍 SEO (Items 6–12)

SEO mistakes made at launch are expensive to fix later. Get the fundamentals right now so Google starts indexing your site correctly from day one. For a deeper dive, read our 2026 SEO Playbook.

#6 Write unique title tags for every page. 50–60 characters. Include your primary keyword near the front. Make it compelling enough to click — search results are an ad for your page.
#7 Write unique meta descriptions for every page. 150–160 characters. Summarize the page's value proposition. Include a call-to-action. This directly affects your click-through rate from search results.
#8 Verify one H1 per page. Every page should have exactly one H1 tag that matches the page's topic. Subsequent headings should follow a logical hierarchy (H2, H3, H4) — don't skip levels.
#9 Create and submit an XML sitemap. Generate a sitemap.xml that includes all indexable pages. Submit it to Google Search Console and Bing Webmaster Tools. Update it whenever you add or remove pages.
#10 Create a robots.txt file. Ensure it allows crawling of all pages you want indexed and blocks pages you don't (admin panels, staging URLs, duplicate content). Verify by testing the URL in Search Console's URL Inspection tool.
#11 Set canonical URLs. Every page should have a rel="canonical" tag pointing to its preferred URL. This prevents duplicate content issues if your pages are accessible via multiple URLs (with/without trailing slashes, www vs non-www).
#12 Implement structured data (schema markup). At minimum: Organization on the homepage, LocalBusiness if you serve a geographic area, Article/BlogPosting on blog posts, and BreadcrumbList for site navigation. Validate with Google's Rich Results Test.

🔒 Security (Items 13–18)

A security issue on launch day isn't just embarrassing — it can destroy trust permanently. These items are non-negotiable.

#13 Install and verify your SSL certificate (HTTPS). Every page must load over HTTPS. HTTP URLs should 301 redirect to HTTPS. Mixed content warnings (HTTP resources loaded on an HTTPS page) must be zero. Free SSL is available via Let's Encrypt.
#14 Set security headers. At minimum: X-Content-Type-Options: nosniff, X-Frame-Options: DENY, Strict-Transport-Security (HSTS), and a basic Content-Security-Policy. Test with securityheaders.com.
#15 Validate all form inputs server-side. Client-side validation is a convenience for users. Server-side validation is a security requirement. Never trust data that comes from the browser — sanitize and validate everything.
#16 Protect against spam. Add reCAPTCHA, hCaptcha, or a honeypot field to all contact forms. Bots will find your forms within hours of launch. Without protection, your inbox will be flooded.
#17 Remove default credentials and exposed debug info. No default admin passwords. No exposed stack traces. No .env files accessible via URL. No directory listing enabled. These are the lowest-hanging fruit for automated attacks.
#18 Set up automated backups. Back up your database (if applicable) and file system daily. Store backups off-server (S3, Google Cloud Storage, or your hosting provider's backup service). Test that you can actually restore from a backup.

📊 Analytics (Items 19–23)

If you can't measure it, you can't improve it. Set up tracking before launch so you have data from day one.

#19 Install Google Analytics 4 (GA4). Create a property, add the tracking snippet, and verify events are firing correctly. Use the Realtime report to confirm data is flowing before launch.
#20 Connect Google Search Console. Verify your domain ownership. Submit your sitemap. This is your primary tool for understanding how Google sees your site and which queries drive impressions.
#21 Set up conversion tracking. Define your key conversions — form submissions, button clicks, phone call taps, demo bookings — and create GA4 events for each. Without conversion tracking, you're guessing at what works.
#22 Configure a Google Business Profile (if local). Complete every field. Add photos, services, business hours, and a description. This is essential for local SEO — even if you haven't fully launched yet, claim and set up your profile.
#23 Install a heatmap tool (optional but valuable). Hotjar or Microsoft Clarity (free) gives you session recordings and click heatmaps. This data is gold for understanding how real users interact with your site in the first few weeks.

✍️ Content (Items 24–29)

Content mistakes are the most visible and the easiest to prevent. Read every word on your site before anyone else does.

#24 Proofread every page. Typos, grammatical errors, and broken formatting destroy credibility instantly. Read every page out loud. Then have someone else read it. Tools like Grammarly help, but human review is essential.
#25 Verify all links work. Every internal and external link should resolve. Run a broken link checker (Screaming Frog, Dead Link Checker, or the W3C Link Checker) across your entire site. Fix or remove any that return 404.
#26 Check all images load correctly. Verify every image renders on both desktop and mobile. Check that alt text is present and descriptive — not "image1.jpg" but "team collaborating on AI chatbot design."
#27 Verify all CTAs have correct destinations. Click every button and link on your site. Does "Book a Call" actually open Calendly? Does the contact form actually submit? Does the phone number actually dial? Test everything as a real user would.
#28 Replace all placeholder content. Search your codebase for "Lorem ipsum," "Coming soon," "TBD," and "placeholder." Every instance must be replaced with real content before launch.
#29 Verify contact information is correct and consistent. Your phone number, email, and address (if applicable) should be identical everywhere — header, footer, contact page, Google Business Profile, and schema markup.

⚖️ Legal (Items 30–33)

Legal pages protect your business. They're boring to write, but expensive to skip.

#30 Publish a Privacy Policy. Required by law if you collect any user data (analytics, forms, cookies). It must disclose what you collect, how you use it, and how users can opt out. Use a generator (Termly, Iubenda) as a starting point, then customize.
#31 Publish Terms of Service. Defines the rules for using your website. Limits your liability. Especially important if you sell products/services through the site. Have a lawyer review if your budget allows.
#32 Add a cookie consent banner (if required). If you serve users in the EU (GDPR) or use non-essential cookies, you need a consent mechanism. CookieConsent, Osano, and Termly offer free or low-cost implementations.
#33 Verify copyright notices and attributions. The footer copyright year should be current (2026). If you use stock photos, verify your license permits commercial use. If you use open-source code, include required attributions.

💰 Conversion (Items 34–38)

Your website exists to drive a business outcome. These items ensure you're not leaving money on the table.

#34 Test every form submission end-to-end. Submit every form on your site with test data. Verify the confirmation message appears. Verify the data arrives where it should (email, CRM, database). Check that the sender gets a confirmation email if applicable.
#35 Verify your primary CTA is visible above the fold. Your most important action — "Book a Call," "Get a Quote," "Sign Up" — should be visible without scrolling on both desktop and mobile. If visitors have to hunt for it, they won't find it.
#36 Test the mobile experience thoroughly. Over 60% of web traffic is mobile. Navigate your entire site on an actual phone (not just a desktop browser's responsive mode). Check that buttons are tap-friendly (at least 44×44 pixels), text is readable without zooming, and forms are usable on a small screen.
#37 Set up email notifications for form submissions. You need to know immediately when a lead comes in. Configure email alerts to your inbox and/or a Slack channel. Test that notifications actually arrive — check spam folders.
#38 Create a thank-you/confirmation page. After a form submission, redirect to a dedicated thank-you page. This serves two purposes: it confirms the action for the user, and it gives you a clean conversion event to track in analytics.

♿ Accessibility (Items 39–40)

Accessibility isn't just ethical — it's legal and commercial. Sites that exclude disabled users face lawsuits and lose customers.

#39 Run an automated accessibility audit. Use WAVE, axe DevTools, or Lighthouse's accessibility audit. Fix all critical and serious issues: missing alt text, low contrast ratios, missing form labels, keyboard navigation traps, and missing ARIA attributes.
#40 Test keyboard navigation. Navigate your entire site using only the Tab key. Can you reach every interactive element? Can you tell where the focus is? Can you submit forms and click buttons without a mouse? If not, you're excluding users who rely on keyboard navigation — including screen reader users.

How to Use This Checklist

Don't try to do all 40 items in one sitting. Here's the workflow we recommend:

Week before launch: Complete Security (13–18), Legal (30–33), and Analytics (19–23). These take the longest and have the most dependencies.
3 days before launch: Complete Performance (1–5) and SEO (6–12). These require testing tools and potential code changes.
Day before launch: Complete Content (24–29), Conversion (34–38), and Accessibility (39–40). These are manual review tasks that benefit from fresh eyes.
Launch day: Do a final spot-check of items 13, 25, 27, and 34 (SSL, links, CTAs, form submissions). Then ship it.

Remember: a launched website that's 95% polished beats an unlaunched website that's 100% perfect. Use this checklist to catch the 5% that would embarrass you, then get it live and start learning from real users.

Frequently Asked Questions

How long before launch should I start this checklist?

Start at least 1 week before your target launch date. Performance optimization and SEO setup can take 2–3 days alone. Legal pages (privacy policy, terms) should be drafted even earlier. Give yourself buffer time for unexpected issues — there are always unexpected issues.

Do I really need a privacy policy for a small business website?

Yes, legally. If your site uses cookies, analytics, contact forms, or collects any user data, you're required to disclose that under GDPR (if you have any EU visitors), CCPA (California residents), and various other regulations. A privacy policy isn't optional — it's a legal requirement, and the absence of one can result in fines.

What's the single most important item on this checklist?

SSL certificate (HTTPS). A site without HTTPS shows a "Not Secure" warning in every major browser, which immediately destroys trust. Google also uses HTTPS as a ranking signal. It's free via Let's Encrypt — there's no excuse not to have it.

Should I launch a perfect site or ship fast and improve?

Ship fast, but not broken. Use this checklist to catch any issues that would embarrass you or harm your business. Performance scores don't need to be 100, but they should be above 80. Content doesn't need to be Pulitzer-worthy, but it needs to be accurate and clear. Launch when it's good enough, then iterate based on real user data.