An Exhaustive List of all the Elements you need to have/test Before Launching your Website To Production.
The Front-End Checklist is an exhaustive list of all elements you need to have / to test before launching your site / HTML page to production.
It is based on Front-End developers’ years of experience, with additions coming from other open-source checklists. David Dias is the main author/creator and posted the guide to GitHub where it has taken off! The guide is also available below. Don’t forget to thank David for an awesome guide!
Table of Contents
- Head
- HTML
- Webfonts
- CSS
- Images
- JavaScript
- Security
- Performance
- Accessibility
- SEO
How To Use
All items in the Front-End Checklist are required for the majority of the projects, but some elements can be omitted or are not essential (in the case of an administration web app, you may not need RSS feed for example).
Some resources possess an emoticon to help you understand which type of content / help you may find on the checklist:
- 📖: documentation or article
- 🛠: online tool / testing tool
- 📹: media or video content
Head
Notes: You can find a list of everything that could be found in the
<head>
of an HTML document.
Meta tag
- Doctype: The Doctype is HTML5 and is at the top of all your HTML pages.
<!-- Doctype HTML5 -->
<!doctype html>
The next 3 meta tags (Charset, X-UA Compatible and Viewport) need to come first in the head.
- Charset: The charset declared (UTF-8) is declared correctly.
<!-- Set character encoding for the document -->
<meta charset="utf-8" />
- X-UA-Compatible: The X-UA-Compatible meta tag is present.
<!-- Instruct Internet Explorer to use its latest rendering engine -->
<meta http-equiv="x-ua-compatible" content="ie=edge" />
- Viewport: The viewport is declared correctly.
<!-- Viewport for responsive web design -->
<meta name="viewport" content="width=device-width, initial-scale=1" />
- Title: A title is used on all pages (SEO: Google calculate the pixel width of the characters used in the title, cut off between 472 and 482 pixels. Average character limit would be around 55-characters).
<!-- Document Title -->
<title>Page Title less than 65 characters</title>
- Description: A meta description is provided, it is unique and doesn’t possess more than 150 characters.
<!-- Meta Description -->
<meta
name="description"
content="Description of the page less than 150 characters"
/>
- Favicons: Each favicon has been created and displays correctly. If you have only a favicon.ico, put it at the root of your site. Normally you won't need to use any markup. However, it's still good practice to link to it using the example below. Today, PNG format is recommended over .ico format (dimensions: 32x32px).
<!-- Standard favicon -->
<link rel="icon" type="image/x-icon" href="https://example.com/favicon.ico" />
<!-- Recommended favicon format -->
<link rel="icon" type="image/png" href="https://example.com/favicon.png" />
📖 Favicons, Touch Icons, Tile Icons, etc. Which Do You Need? — CSS Tricks
- Apple Touch Icon: Apple touch favicon apple-mobile-web-app-capable are present. (Create your Apple Icon file with at least 200x200px dimension to support all dimensions that you may need)
<!-- Apple Touch Icon -->
<link rel="apple-touch-icon" href="/custom-icon.png" />
- Windows Tiles:
- Windows tiles are present and linked.
<!-- Microsoft Tiles -->
<meta name="msapplication-config" content="browserconfig.xml" />
Minimum required xml markup for the browserconfig.xml file is as follows:
<?xml version="1.0" encoding="utf-8"?>
<browserconfig>
<msapplication>
<tile>
<square70x70logo src="small.png"/>
<square150x150logo src="medium.png"/>
<wide310x150logo src="wide.png"/>
<square310x310logo src="large.png"/>
</tile>
</msapplication>
</browserconfig>
- Canonical: Use rel="canonical" to avoid duplicate content.
<!-- Helps prevent duplicate content issues -->
<link
rel="canonical"
href="http://example.com/2017/09/a-new-article-to-red.html"
/>
📖 5 common mistakes with rel=canonical — Google Webmaster Blog
HTML tags
- Language attribute: The lang attribute of your website is specified and related to the language of the current page.
<html lang="en"></html>
- Direction attribute: The direction of lecture is specified on the html tag (It can be used on another HTML tag).
<html dir="rtl"></html>
- Alternate language: The language tag of your website is specified and related to the language of the current page.
<link rel="alternate" href="https://es.example.com/" hreflang="es" />
- Conditional comments: Conditional comments are present for IE if needed.
📖 About conditional comments (Internet Explorer) — MSDN — Microsoft
- RSS feed: If your project is a blog or has articles, an RSS link was provided.
- inline critical CSS: CSS which styles content that is immediately visible during pageload (“above the fold content”) is called “critical CSS”. It is embedded before your principal CSS call and between in a single line (minified).
🛠 Critical by Addy Osmani on Github automates this
- CSS order: All CSS files are loaded before any JavaScript files in the
<head>
. (Except the case where sometimes JS files are loaded asynchronously on top of your page).
Social meta
Facebook OG and Twitter Cards are, for any website, highly recommended. The other social media tags can be considered if you target a particular presence on those and want to ensure the display.
- Facebook Open Graph: All Facebook Open Graph (OG) are tested and no one is missing or with a false information. Images need to be at least 600 x 315 pixels, 1200 x 630 pixels recommended.
<meta property="og:type" content="website" />
<meta property="og:url" content="https://example.com/page.html" />
<meta property="og:title" content="Content Title" />
<meta property="og:image" content="https://example.com/image.jpg" />
<meta property="og:description" content="Description Here" />
<meta property="og:site_name" content="Site Name" />
<meta property="og:locale" content="en_US" />
🛠 Test your page with the Facebook OG testing
- Twitter Card:
<meta name="twitter:card" content="summary" />
<meta name="twitter:site" content="@site_account" />
<meta name="twitter:creator" content="@individual_account" />
<meta name="twitter:url" content="https://example.com/page.html" />
<meta name="twitter:title" content="Content Title" />
<meta
name="twitter:description"
content="Content description less than 200 characters"
/>
<meta name="twitter:image" content="https://example.com/image.jpg" />
🛠 Test your page with the Twitter card validator
HTML
Best practices
- HTML5 Semantic Elements: HTML5 Semantic Elements are used appropriately (header, section, footer, main…).
- Error pages: Error 404 page and 5xx exist. Remember that the 5xx error pages need to have their CSS integrated (no external call on the current server).
- Noopener: In case you are using external links with target="_blank", your link should have a rel="noopener" attribute to prevent tab nabbing. If you need to support older versions of Firefox, use rel="noopener noreferrer".
- Clean up comments: Unnecessary code needs to be removed before sending the page to production.
HTML testing
- W3C compliant: All pages need to be tested with the W3C validator to identify possible issues in the HTML code.
- HTML Lint: I use tools to help me analyze any issues I could have on my HTML code.
- Link checker: There are no broken links in my page, verify that you don’t have any 404 error.
- Adblockers test: Your website shows your content correctly with adblockers enabled (You can provide a message encouraging people to disable their adblocker).
Webfonts
- Webfont format: WOFF, WOFF2 and TTF are supported by all modern browsers.
- Webfont size: Webfont sizes don’t exceed 2 MB (all variants included).
CSS
Notes: Take a look at CSS guidelines and Sass Guidelines followed by most Front-End developers. If you have a doubt about CSS properties, you can visit CSS Reference.
- Responsive Web Design: The website is using responsive web design.
- CSS Print: A print stylesheet is provided and is correct on each page.
- Preprocessors: Your page is using a CSS preprocessor (Sass is preferred).
- Unique ID: If IDs are used, they are unique to a page.
- Reset CSS: A CSS reset (reset, normalize or reboot) is used and up to date. (If you are using a CSS Framework like Bootstrap or Foundation, a Normalize is already included into it.)
📖 Reboot
- JS prefix: All classes (or id- used in JavaScript files) begin with js- and are not styled into the CSS files.
<div id="js-slider" class="my-slider">
<!-- Or -->
<div id="id-used-by-cms" class="js-slider my-slider"></div>
</div>
- Embedded or inline CSS: Avoid at all cost embeding CSS in
<style>
tags or using inline CSS: only use for valid reasons (e.g. background-image for slider, critical CSS). - Vendor prefixes: CSS vendor prefixes are used and are generated accordingly with your browser support compatibility.
Performance
- Concatenation: CSS files are concatenated in a single file. (Not for HTTP/2)
- Minification: All CSS files are minified.
- Non-blocking: CSS files need to be non-blocking to prevent the DOM from taking time to load.
- Unused CSS: Remove unused CSS.
🛠 UnCSS Online 🛠
CSS testing
- Stylelint: All CSS or SCSS files are without any errors.
- Responsive web design: All pages were tested at the following breakpoints: 320px, 768px, 1024px (can be more / different according to your analytics).
- CSS Validator: The CSS was tested and pertinent errors were corrected.
- Desktop Browsers: All pages were tested on all current desktop browsers (Safari, Firefox, Chrome, Internet Explorer, EDGE…).
- Mobile Browsers: All pages were tested on all current mobile browsers (Native browser, Chrome, Safari…).
- OS: All pages were tested on all current OS (Windows, Android, iOS, Mac…).
- Pixel perfect: Pages are close to pixel perfect. Depending on the quality of the creatives, you may not be 100% accurate, but your page needs to be close to your template.
- Reading direction: All pages need to be tested for LTR and RTL languages if they need to be supported.
📖 Building RTL-Aware Web Apps & Websites: Part 1 — Mozilla Hacks
📖 Building RTL-Aware Web Apps & Websites: Part 2 — Mozilla Hacks
Images
Notes: For a complete understanding of image optimization, check the free ebook Essential Image Optimizationfrom Addy Osmani.
Best practices
- Optimization: All images are optimized to be rendered in the browser. WebP format could be used for critical pages (like Homepage).
🛠 Imagemin
🛠 Use ImageOptim to optimise your images for free.
- Picture/Srcset: You use picture/srcset to provide the most appropriate image for the current viewport of the user.
- Retina: You provide layout images 2x or 3x, support retina display.
- Sprite: Small images are in a sprite file (in the case of icons, they can be in an SVG sprite image).
- Width and Height: Set width and height attributes on
<img>
if the final rendered image size is known (can be omitted for CSS sizing). - Alternative text: All
<img>
have an alternative text which describe the image visually.
- Lazy loading: Images are lazyloaded (A noscript fallback is always provided).
JavaScript
Best practices
- JavaScript Inline: You don’t have any JavaScript code inline (mixed with your HTML code).
- Concatenation: JavaScript files are concatenated.
- Minification: JavaScript files are minified (you can add the .min suffix).
- JavaScript security:
📖 Guidelines for Developing Secure Applications Utilizing JavaScript
- Non-blocking: JavaScript files are loaded asynchronously using async or deferred using defer attribute.
- Modernizr: If you need to target some specific features you can use a custom Modernizr to add classes in your
<html>
tag.
JavaScript testing
- ESLint: No errors are flagged by ESLint (based on your configuration or standards rules).
📖 ESLint — The pluggable linting utility for JavaScript and JSX
Security
Scan and check your web site
Best practices
- HTTPS: HTTPS is used on every pages and for all external content (plugins, images…).
- HTTP Strict Transport Security (HSTS):
- The HTTP header is set to ‘Strict-Transport-Security’.
- Cross Site Request Forgery (CSRF): You ensure that requests made to your server-side are legitimate and originate from your website / app to prevent CSRF attacks.
📖 Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet — OWASP
- Cross Site Scripting (XSS): Your page or website is free from XSS possible issues.
- Content Type Options: Prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server.
- X-Frame-Options (XFO): Protects your visitors against clickjacking attacks.
Performance
Best practices
- Weight page: The weight of each page is between 0 and 500 KB.
- Minified: Your HTML is minified.
- Lazy loading: Images, scripts and CSS need to be lazy loaded to improve the response time of the current page (See details in their respective sections).
- Cookie size: If you are using cookies be sure each cookie doesn’t exceed 4096 bytes and your domain name doesn’t have more than 20 cookies.
📖 Cookies
- Third party components: Third party iframes or components relying on external JS (like sharing buttons) are replaced by static components when possible, thus limiting calls to external APIs and keeping your users activity private.
Preparing upcoming requests
- DNS resolution: DNS of third-party services that may be needed are resolved in advance during idle time using dns-prefetch.
<link rel="dns-prefetch" href="https://example.com">
- Preconnection: DNS lookup, TCP handshake and TLS negociation with services that will be needed soon is done in advance during idle time using preconnect.
<link rel="preconnect" href="https://example.com">
- Prefetching: Resources that will be needed soon (e.g. lazy loaded images) are requested in advance during idle time using prefetch.
<link rel="prefetch" href="image.png">
- Preloading: Resources needed in the current page (e.g. scripts placed at the end of
<body>
) in advance using preload.
<link rel="preload" href="app.js">
Performance testing
- Google PageSpeed: All your pages were tested (not only the homepage) and have a score of at least 90/100.
Accessibility
Notes: You can watch the playlist A11ycasts with Rob Dodson 📹
Best practices
- Progressive enhancement: Major functionality like main navigation and search should work without JavaScript enabled.
- Color contrast: Color contrast should at least pass WCAG AA (AAA for mobile).
Headings
- H1: All pages have an H1 which is not the title of the website.
- Headings: Headings should be used properly in the right order (H1 to H6).
📹 Why headings and landmarks are so important — A11ycasts #18
Landmarks
- Role coverImage:
<header>
has role="banner". - Role navigation:
<nav>
has role="navigation". - Role main:
<main>
has role="main".
Semantics
- Specific HTML5 input types are used: This is especially important for mobile devices that show customized keypads and widgets for different types.
Form
- Label: A label is associated with each input form element. In case a label can’t be displayed, use aria-labelinstead.
Accessibility testing
- Accessibility standards testing: Use the WAVE tool to test if your page respects the accessibility standards.
- Keyboard navigation: Test your website using only your keyboard in a previsible order. All interactive elements are reachable and usable.
- Screen-reader: All pages were tested in a screen-reader (VoiceOver, ChromeVox, NVDA or Lynx).
- Focus style: If the focus is disabled, it is replaced by visible state in CSS.
SEO
- Google Analytics: Google Analytics is installed and correctly configured.
- Headings logic: Heading text helps to understand the content in the current page.
- sitemap.xml: A sitemap.xml exists and was submitted to Google Search Console (previously Google Webmaster Tools).
- robots.txt: The robots.txt is not blocking webpages.
🛠 Test your robots.txt with Google Robots Testing Tool
- Structured Data: Pages using structured data are tested and are without errors. Structured data helps crawlers understand the content in the current page.
📖 Introduction to Structured Data — Search — Google Developers
🛠 Test your page with the Structured Data Testing Tool
🛠 Complete list of vocabularies that can be used as structured data. Schema.org Full Heirarchy
- Sitemap HTML: An HTML sitemap is provided and is accessible via a link in the footer of your website.