Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Website go-live checklist app
274 points by DubDubThrow on Aug 8, 2017 | hide | past | favorite | 48 comments
Hi HN! I was wondering if there's some sort of service that would check our client websites (we're a web agency) automatically before go live. We currently have our own doc to run through but it would be nice if there was something that would automatically do that for us.

Examples for checks are:

- HTTPS and related (HSTS -> cookies etc) enabled/correctly configured

- robots.txt configured

- Correct API keys configured (e.g. Stripe live key instead of test key)

- No dead links

and so forth..

Covers dead links, basic SEO issues, and broken HTML/JS/CSS:


P.S I'm the author - feel free to get in touch / comment :-)

Looks nice. Question: is there anywhere that explains exactly what the test looks for? I tested out a site of mine and it said everything is ok (go me!)... but I'd like to know what exactly it checked, for example when it says "SEO, looking good" -- what specific things on the page is it looking for?

Cheers! Great point. I'm working on filling up Apecademy (https://monkeytest.it/apecademy/) with all the explanations for these tests, and I'll make sure they're linked/summarized directly in the reports. Stay tuned, there's plenty more to come :-)

I'd make /academy route here, apecademy was really horrible for me to parse and I think if I was a bit sleepier I'd have just assumed it said academy

Really liking this. Are results not linked to an account deleted at some point? The privacy policy does not mention that that is the case. Could that be added?

Thanks for the kind words! Results are currently never deleted, but that would certainly make sense. I've added it to my task list for the coming month.

pretty awesome. Keep adding to the SEO portion! checkout this page: http://tools.neilpatel.com/en/analyze/https%3A%2F%2Fmonkeyte...

Already using the service and it's great! Thank you!

Thanks! Happy you like it!

Great service, just signed up a few sites!

Much appreciated! Let me know if there's anything you see missing :-)

You need to add Pricing immediately.

Link can be found in the footer. In my experience it's more commonly placed in the top nav which is more prominent.

For some security specific checks, take a look at:

1. Mozilla Observatory https://observatory.mozilla.org

2. SSLLabs https://www.ssllabs.com/ssltest/

3. Security Headers https://securityheaders.io/

For a comprehensive appsec checklist see OWASP ASVS https://www.owasp.org/index.php/Category:OWASP_Application_S...

+ HSTS Preload: https://hstspreload.org

Which makes it practically impossible for your site to be MITMd for the users of many major browsers.

I use a more personally relevant fork of Spatie's checklist


I have not automated anything yet, but there are tools in that checklist that automate some of the process (HTTPS mixed content checks, dead link checks, etc)

Lighthouse (also by Google) might be a better alternative. It works as a plugin so you're not limited to testing sites broadly accessible by the public.


It is now included in Chrome dev tools under Audit tab.

For your question here's a few handy ones:

- https://humaan.com/checklist/

- https://simplesecurity.sensedeep.com/web-developer-security-...

- https://www.owasp.org/index.php/Web_Application_Security_Tes...

I find checklist apps/sites super useful. I've been building my own version of an interactive checklist site for email copywriting: http://honegrow.com/optimize-your-emails

What would be cool would be a checklist aggregator!

love humaan but i wish the state of items you check off were saved in local storage

I've had this in my bookmarks. I believe it was discussed once here on HN: http://webdevchecklist.com/

One other trick i've used successfully is to not actually go-live on the actual launch date. But go-live much before that and have restricted signup or something. This way you can signup and test around your site in its full production config(even run payments)

You can configure the webserver to show a different landing page if a particular key/cookie doesn't exist. To avoid unauthorized access to the public sections not yet publicly launched

https://insites.com/ crawls your website in a cloud-based Chrome for both mobile and desktop, so you can check spelling, broken links, JS errors, layout etc.

Or if you prefer something free and lightweight: http://nibbler.silktide.com/

Disclaimer: I work here.

It really sucks that I have to provide my domain name, click test while expecting actual test and then I am faced with sign-up form. Too bad that there're so many startups embracing this irritating "growth" hack. I am immediately closing this site and moving over.

Pretty comprehensive and allows you to inspect pages issue by issue:


Doesn't currently support API key checks but that seems like a good idea! I'll suggest it. (I work at Insites)

I assume you've already seen Google's PageSpeed but if not: https://developers.google.com/speed/pagespeed/

WTF - how did I not know about this? Great link!

It's pretty new

Honestly, I think you'd be better off with your checklist and a competent employee than trying to automate many of those things away to a third party who doesn't know what the project is supposed to do.

Sure, get in tools for things like dead link checking (no-one likes trawling through pages), but for most things it's going to depend on what the site does.

A service will only go so far as to make sure you don't have anything blatently wrong. In my experience, it's the non-blatent things that blow up the worst. Little green lights from a third party are nice and all, but you should still be verifying things are really OK.

For a comprehensive check-up of network and security configuration, take a look at Hardenize https://www.hardenize.com. It covers a variety of things such as DNS/DNSSEC/DANE and CAA, email security (e.g., SPF, DMARC), TLS, X.509, HSTS, HPKP, CSP, SRI, cookies, application security and so on. It's a work in progress, currently in preview.

Disclosure: Hardenize is my project. I previously built SSL Labs.

I haven't used it yet but this has a lot of what you're looking for:


Does Performance/Compatability/Spell Checking/SEO and Security (SSL):


With the code open sourced here - https://github.com/passmarked

PS. Author, we're currently building it all out still so feel free to get in contact with any feedback.

Actual Headless Chrome coming up soon as well :)

Monsido (http://monsido.com) will scan sites for broken links, misspellings, and Section 508 and WCAG 2.0 accessibility compliance issues. And you can set policies for the website and get a list of pages not in compliance (e.g. don't allow "Lorem ipsum" or a certain CSS class). You can use RegEx for policies as well.

I'm co-founder of Monsido.

There are some premium services that do this type of stuff for you. I like these 2 in particular as they are very comprehensive.



If you're sending transactional email, make sure you set up SPF, DKIM and DMARC records to prevent your emails from getting sent to spam. [Postmark offers a good tool](https://dmarc.postmarkapp.com/) to guide you through this.

I like scrutiny: http://peacockmedia.software/mac/scrutiny/

It is a mac desktop app

It will do the most generic checking (dead links, spelling, site maps, ...) leaving the more nuanced for either a person or a custom script

Crawl the whole website. Check SEO issues, spelling, server errors including broken links and missing resourses and so on https://seocharger.com I'm one of the founders. Welcome :)

Use https://www.woorank.com/ it gives you a great SEO audit and website review.

Might also check the page rank of the domain. If it was used previously you might be surprised how loathe search engines are to direct requests to you.

Alternative for automated security checks, https://detectify.com/.

We have a lot of agency clients using us (GinzaMetrics) to automate this sort of thing. Feel free to hit me up (ray@).

Siteliner.com (check for duplicate content issues, other crawling issues)

[x] Setup backup

axe-core for accessibility issues.

How about open the site and do something???

Click a few links. Read the text. Buy something.

You're not thinking of delivering a site without doing the most basic QA, are you?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact