Website Deployment Checklist

Oftentimes, when a new website is created, other than having a decent design, it would be nice to have a checklist of important items to ensure a quality deployment. This checklist isn't necessarily an authoritative list, but should prove useful nonetheless.

• HTTPS (caddy, acme-client)
• If site has users, some sort of permissions matrix
• Sitemap
• Caching from framework (such as django)
• Caching on Webserver (varnish)
• CDN
• Responsive/Mobile Friendly
• robots.txt file
• Favicon
• SEO Check
• H1 Tags on pages
• Title tag set on pages
• Meta tags (description, viewport, content-type, etc)
• SEO OpenGraph for social media sharing
• WAF (relayd, nginx, caddy/coraza)
• Page Speed Test
• Object Storage (S3 Compatible, Minio)
• Uptime monitor
• Application monitor (APM)
• Backups
• Security scan
• Firewall off ports not in use on server(s)
• Ensure HTTP server headers are set for security
• Brute force protection (django-defender)
• User Feedback options
• Analytics (punkweb-insight)
• Setup 'Content-Security-Policy' via meta tags or server header (sucuri)
• Provide a Software Bill of Materials

# Caddy example header settings
-Server
X-Content-Type-Options nosniff

X-Frame-Options DENY

X-XSS-Protection "1; mode=block"

# Gov recommended setting for HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"