Pre-go-live checklist
Purpose: Everything verified before a new site/section serves production traffic — the night-before list.
Who this page is for
| Audience | Why it matters to you |
|---|---|
| Tech leads | Owners of the list |
| All engineers | Contributors of evidence |
Content & functional
- [ ] Production content complete and published; no lorem/placeholder or dev-only pages activated
- [ ] All redirects (legacy URLs) configured and spot-tested; 404 page branded and cached
- [ ] Search/SEO: sitemap.xml served, robots.txt correct (staging blocked, prod open), canonical tags, metadata
- [ ] Analytics/consent firing correctly on prod IDs only
Platform
- [ ] Latest Service Pack + security hotfixes applied (patching)
- [ ] Security checklist passed incl. default-credential and dispatcher checks (security overview)
- [ ] Dispatcher: deny-by-default verified from OUTSIDE (curl the forbidden paths through the CDN)
- [ ] TLS chain valid, HSTS decided, headers verified externally
- [ ] Maintenance tasks scheduled and confirmed running (revision GC, purges — maintenance)
Operations
- [ ] Monitoring green: health checks wired into LB, alert routes tested (page someone on purpose once)
- [ ] Load test at expected peak ×2 passed with cache hit ratio at target (load testing)
- [ ] Backup completed post-content-load; restore rehearsed on this dataset (backup & restore)
- [ ] Rollback plan written for this release specifically (rollback strategy)
- [ ] Runbook current: contacts, escalation, known-issues, cache flush procedure
- [ ] Launch-day plan: who watches dashboards, who can flush caches, who talks to the business