
Ask HN: Website go-live checklist app - DubDubThrow
Hi HN! I was wondering if there&#x27;s some sort of service that would check our client websites (we&#x27;re a web agency) automatically before go live. We currently have our own doc to run through but it would be nice if there was something that would automatically do that for us.<p>Examples for checks are:<p>- HTTPS and related (HSTS -&gt; cookies etc) enabled&#x2F;correctly configured<p>- robots.txt configured<p>- Correct API keys configured (e.g. Stripe live key instead of test key)<p>- No dead links<p>and so forth..
======
jesperht
Covers dead links, basic SEO issues, and broken HTML/JS/CSS:

[https://monkeytest.it](https://monkeytest.it)

P.S I'm the author - feel free to get in touch / comment :-)

~~~
jordanlev
Looks nice. Question: is there anywhere that explains exactly what the test
looks for? I tested out a site of mine and it said everything is ok (go
me!)... but I'd like to know what exactly it checked, for example when it says
"SEO, looking good" \-- what specific things on the page is it looking for?

~~~
jesperht
Cheers! Great point. I'm working on filling up Apecademy
([https://monkeytest.it/apecademy/](https://monkeytest.it/apecademy/)) with
all the explanations for these tests, and I'll make sure they're
linked/summarized directly in the reports. Stay tuned, there's plenty more to
come :-)

~~~
sleepychu
I'd make /academy route here, apecademy was really horrible for me to parse
and I think if I was a bit sleepier I'd have just assumed it said academy

------
janfry
For some security specific checks, take a look at:

1\. Mozilla Observatory
[https://observatory.mozilla.org](https://observatory.mozilla.org)

2\. SSLLabs
[https://www.ssllabs.com/ssltest/](https://www.ssllabs.com/ssltest/)

3\. Security Headers
[https://securityheaders.io/](https://securityheaders.io/)

For a comprehensive appsec checklist see OWASP ASVS
[https://www.owasp.org/index.php/Category:OWASP_Application_S...](https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project)

~~~
egeozcan
\+ HSTS Preload: [https://hstspreload.org](https://hstspreload.org)

Which makes it practically impossible for your site to be MITMd for the users
of many major browsers.

------
corobo
I use a more personally relevant fork of Spatie's checklist

[https://github.com/spatie/checklist-going-
live](https://github.com/spatie/checklist-going-live)

I have not automated anything yet, but there are tools in that checklist that
automate some of the process (HTTPS mixed content checks, dead link checks,
etc)

------
kowdermeister
Run a Google pagespeed test:

[https://developers.google.com/speed/pagespeed/insights/](https://developers.google.com/speed/pagespeed/insights/)

~~~
michaelwu
Lighthouse (also by Google) might be a better alternative. It works as a
plugin so you're not limited to testing sites broadly accessible by the
public.

[https://developers.google.com/web/tools/lighthouse/](https://developers.google.com/web/tools/lighthouse/)

~~~
rmuratov
It is now included in Chrome dev tools under Audit tab.

------
instakill
For your question here's a few handy ones:

\- [https://humaan.com/checklist/](https://humaan.com/checklist/)

\- [https://simplesecurity.sensedeep.com/web-developer-
security-...](https://simplesecurity.sensedeep.com/web-developer-security-
checklist-f2e4f43c9c56)

\-
[https://www.owasp.org/index.php/Web_Application_Security_Tes...](https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet)

I find checklist apps/sites super useful. I've been building my own version of
an interactive checklist site for email copywriting:
[http://honegrow.com/optimize-your-emails](http://honegrow.com/optimize-your-
emails)

What would be cool would be a checklist aggregator!

~~~
hanniabu
love humaan but i wish the state of items you check off were saved in local
storage

------
LeonM
I've had this in my bookmarks. I believe it was discussed once here on HN:
[http://webdevchecklist.com/](http://webdevchecklist.com/)

------
sidmitra
One other trick i've used successfully is to not actually go-live on the
actual launch date. But go-live much before that and have restricted signup or
something. This way you can signup and test around your site in its full
production config(even run payments)

You can configure the webserver to show a different landing page if a
particular key/cookie doesn't exist. To avoid unauthorized access to the
public sections not yet publicly launched

------
oliveremberton
[https://insites.com/](https://insites.com/) crawls your website in a cloud-
based Chrome for both mobile and desktop, so you can check spelling, broken
links, JS errors, layout etc.

Or if you prefer something free and lightweight:
[http://nibbler.silktide.com/](http://nibbler.silktide.com/)

Disclaimer: I work here.

~~~
gchokov
It really sucks that I have to provide my domain name, click test while
expecting actual test and then I am faced with sign-up form. Too bad that
there're so many startups embracing this irritating "growth" hack. I am
immediately closing this site and moving over.

------
adjohu
Pretty comprehensive and allows you to inspect pages issue by issue:

[https://insites.com/](https://insites.com/)

Doesn't currently support API key checks but that seems like a good idea! I'll
suggest it. (I work at Insites)

------
nulagrithom
I assume you've already seen Google's PageSpeed but if not:
[https://developers.google.com/speed/pagespeed/](https://developers.google.com/speed/pagespeed/)

~~~
Redsquare
Lighthouse > pagespeed
[https://developers.google.com/web/tools/lighthouse/](https://developers.google.com/web/tools/lighthouse/)

~~~
simonswords82
WTF - how did I not know about this? Great link!

~~~
ch4s3
It's pretty new

------
scaryclam
Honestly, I think you'd be better off with your checklist and a competent
employee than trying to automate many of those things away to a third party
who doesn't know what the project is supposed to do.

Sure, get in tools for things like dead link checking (no-one likes trawling
through pages), but for most things it's going to depend on _what_ the site
does.

A service will only go so far as to make sure you don't have anything
blatently wrong. In my experience, it's the non-blatent things that blow up
the worst. Little green lights from a third party are nice and all, but you
should still be verifying things are really OK.

------
ivanr
For a comprehensive check-up of network and security configuration, take a
look at Hardenize [https://www.hardenize.com](https://www.hardenize.com). It
covers a variety of things such as DNS/DNSSEC/DANE and CAA, email security
(e.g., SPF, DMARC), TLS, X.509, HSTS, HPKP, CSP, SRI, cookies, application
security and so on. It's a work in progress, currently in preview.

Disclosure: Hardenize is my project. I previously built SSL Labs.

------
exclusiv
I haven't used it yet but this has a lot of what you're looking for:

[https://littlewarden.com/](https://littlewarden.com/)

------
jdutoit
Does Performance/Compatability/Spell Checking/SEO and Security (SSL):

[https://passmarked.com](https://passmarked.com)

With the code open sourced here -
[https://github.com/passmarked](https://github.com/passmarked)

PS. Author, we're currently building it all out still so feel free to get in
contact with any feedback.

Actual Headless Chrome coming up soon as well :)

------
jriff
Monsido ([http://monsido.com](http://monsido.com)) will scan sites for broken
links, misspellings, and Section 508 and WCAG 2.0 accessibility compliance
issues. And you can set policies for the website and get a list of pages not
in compliance (e.g. don't allow "Lorem ipsum" or a certain CSS class). You can
use RegEx for policies as well.

I'm co-founder of Monsido.

------
codegeek
There are some premium services that do this type of stuff for you. I like
these 2 in particular as they are very comprehensive.

[https://www.semrush.com/features/site-
audit/](https://www.semrush.com/features/site-audit/)

[https://raventools.com/site-auditor/](https://raventools.com/site-auditor/)

------
dbbk
If you're sending transactional email, make sure you set up SPF, DKIM and
DMARC records to prevent your emails from getting sent to spam. [Postmark
offers a good
tool]([https://dmarc.postmarkapp.com/](https://dmarc.postmarkapp.com/)) to
guide you through this.

------
jostylr
I like scrutiny:
[http://peacockmedia.software/mac/scrutiny/](http://peacockmedia.software/mac/scrutiny/)

It is a mac desktop app

It will do the most generic checking (dead links, spelling, site maps, ...)
leaving the more nuanced for either a person or a custom script

------
mylh
Crawl the whole website. Check SEO issues, spelling, server errors including
broken links and missing resourses and so on
[https://seocharger.com](https://seocharger.com) I'm one of the founders.
Welcome :)

------
VirgilShelton
Use [https://www.woorank.com/](https://www.woorank.com/) it gives you a great
SEO audit and website review.

------
totally
Might also check the page rank of the domain. If it was used previously you
might be surprised how loathe search engines are to direct requests to you.

------
adamwi
Alternative for automated security checks,
[https://detectify.com/](https://detectify.com/).

------
rgrieselhuber
We have a lot of agency clients using us (GinzaMetrics) to automate this sort
of thing. Feel free to hit me up (ray@).

------
bhartzer
Siteliner.com (check for duplicate content issues, other crawling issues)

------
_Codemonkeyism
[x] Setup backup

------
binthere
axe-core for accessibility issues.

------
user5994461
How about open the site and do something???

Click a few links. Read the text. Buy something.

You're not thinking of delivering a site without doing the most basic QA, are
you?

