top | item 14958394

Ask HN: Website go-live checklist app

274 points| DubDubThrow | 8 years ago | reply

Hi HN! I was wondering if there's some sort of service that would check our client websites (we're a web agency) automatically before go live. We currently have our own doc to run through but it would be nice if there was something that would automatically do that for us.

Examples for checks are:

- HTTPS and related (HSTS -> cookies etc) enabled/correctly configured

- robots.txt configured

- Correct API keys configured (e.g. Stripe live key instead of test key)

- No dead links

and so forth..

48 comments

[+] jesperht|8 years ago|reply

Covers dead links, basic SEO issues, and broken HTML/JS/CSS:

https://monkeytest.it

P.S I'm the author - feel free to get in touch / comment :-)

[+] jordanlev|8 years ago|reply

Looks nice. Question: is there anywhere that explains exactly what the test looks for? I tested out a site of mine and it said everything is ok (go me!)... but I'd like to know what exactly it checked, for example when it says "SEO, looking good" -- what specific things on the page is it looking for?

[+] jaflo|8 years ago|reply

Really liking this. Are results not linked to an account deleted at some point? The privacy policy does not mention that that is the case. Could that be added?

[+] blairanderson|8 years ago|reply

pretty awesome. Keep adding to the SEO portion! checkout this page: http://tools.neilpatel.com/en/analyze/https%3A%2F%2Fmonkeyte...

[+] phpeach|8 years ago|reply

Already using the service and it's great! Thank you!

[+] josephjrobison|8 years ago|reply

Great service, just signed up a few sites!

[+] rokhayakebe|8 years ago|reply

You need to add Pricing immediately.

[+] janfry|8 years ago|reply

For some security specific checks, take a look at:

1. Mozilla Observatory https://observatory.mozilla.org

2. SSLLabs https://www.ssllabs.com/ssltest/

3. Security Headers https://securityheaders.io/

For a comprehensive appsec checklist see OWASP ASVS https://www.owasp.org/index.php/Category:OWASP_Application_S...

[+] egeozcan|8 years ago|reply

+ HSTS Preload: https://hstspreload.org

Which makes it practically impossible for your site to be MITMd for the users of many major browsers.

[+] corobo|8 years ago|reply

I use a more personally relevant fork of Spatie's checklist

https://github.com/spatie/checklist-going-live

I have not automated anything yet, but there are tools in that checklist that automate some of the process (HTTPS mixed content checks, dead link checks, etc)

[+] kowdermeister|8 years ago|reply

Run a Google pagespeed test:

https://developers.google.com/speed/pagespeed/insights/

[+] michaelwu|8 years ago|reply

Lighthouse (also by Google) might be a better alternative. It works as a plugin so you're not limited to testing sites broadly accessible by the public.

https://developers.google.com/web/tools/lighthouse/

[+] instakill|8 years ago|reply

For your question here's a few handy ones:

- https://humaan.com/checklist/

- https://simplesecurity.sensedeep.com/web-developer-security-...

- https://www.owasp.org/index.php/Web_Application_Security_Tes...

I find checklist apps/sites super useful. I've been building my own version of an interactive checklist site for email copywriting: http://honegrow.com/optimize-your-emails

What would be cool would be a checklist aggregator!

[+] hanniabu|8 years ago|reply

love humaan but i wish the state of items you check off were saved in local storage

[+] LeonM|8 years ago|reply

I've had this in my bookmarks. I believe it was discussed once here on HN: http://webdevchecklist.com/

[+] sidmitra|8 years ago|reply

One other trick i've used successfully is to not actually go-live on the actual launch date. But go-live much before that and have restricted signup or something. This way you can signup and test around your site in its full production config(even run payments)

You can configure the webserver to show a different landing page if a particular key/cookie doesn't exist. To avoid unauthorized access to the public sections not yet publicly launched

[+] oliveremberton|8 years ago|reply

https://insites.com/ crawls your website in a cloud-based Chrome for both mobile and desktop, so you can check spelling, broken links, JS errors, layout etc.

Or if you prefer something free and lightweight: http://nibbler.silktide.com/

Disclaimer: I work here.

[+] gchokov|8 years ago|reply

It really sucks that I have to provide my domain name, click test while expecting actual test and then I am faced with sign-up form. Too bad that there're so many startups embracing this irritating "growth" hack. I am immediately closing this site and moving over.

[+] adjohu|8 years ago|reply

Pretty comprehensive and allows you to inspect pages issue by issue:

https://insites.com/

Doesn't currently support API key checks but that seems like a good idea! I'll suggest it. (I work at Insites)

[+] nulagrithom|8 years ago|reply

I assume you've already seen Google's PageSpeed but if not: https://developers.google.com/speed/pagespeed/

[+] Redsquare|8 years ago|reply

Lighthouse > pagespeed https://developers.google.com/web/tools/lighthouse/

[+] scaryclam|8 years ago|reply

Honestly, I think you'd be better off with your checklist and a competent employee than trying to automate many of those things away to a third party who doesn't know what the project is supposed to do.

Sure, get in tools for things like dead link checking (no-one likes trawling through pages), but for most things it's going to depend on what the site does.

A service will only go so far as to make sure you don't have anything blatently wrong. In my experience, it's the non-blatent things that blow up the worst. Little green lights from a third party are nice and all, but you should still be verifying things are really OK.

[+] ivanr|8 years ago|reply

For a comprehensive check-up of network and security configuration, take a look at Hardenize https://www.hardenize.com. It covers a variety of things such as DNS/DNSSEC/DANE and CAA, email security (e.g., SPF, DMARC), TLS, X.509, HSTS, HPKP, CSP, SRI, cookies, application security and so on. It's a work in progress, currently in preview.

Disclosure: Hardenize is my project. I previously built SSL Labs.

[+] exclusiv|8 years ago|reply

I haven't used it yet but this has a lot of what you're looking for:

https://littlewarden.com/

[+] jdutoit|8 years ago|reply

Does Performance/Compatability/Spell Checking/SEO and Security (SSL):

https://passmarked.com

With the code open sourced here - https://github.com/passmarked

PS. Author, we're currently building it all out still so feel free to get in contact with any feedback.

Actual Headless Chrome coming up soon as well :)

[+] jriff|8 years ago|reply

Monsido (http://monsido.com) will scan sites for broken links, misspellings, and Section 508 and WCAG 2.0 accessibility compliance issues. And you can set policies for the website and get a list of pages not in compliance (e.g. don't allow "Lorem ipsum" or a certain CSS class). You can use RegEx for policies as well.

I'm co-founder of Monsido.

[+] codegeek|8 years ago|reply

There are some premium services that do this type of stuff for you. I like these 2 in particular as they are very comprehensive.

https://www.semrush.com/features/site-audit/

https://raventools.com/site-auditor/

[+] unknown|8 years ago|reply

[deleted]

[+] dbbk|8 years ago|reply

If you're sending transactional email, make sure you set up SPF, DKIM and DMARC records to prevent your emails from getting sent to spam. [Postmark offers a good tool](https://dmarc.postmarkapp.com/) to guide you through this.

[+] jostylr|8 years ago|reply

I like scrutiny: http://peacockmedia.software/mac/scrutiny/

It is a mac desktop app

It will do the most generic checking (dead links, spelling, site maps, ...) leaving the more nuanced for either a person or a custom script

[+] mylh|8 years ago|reply

Crawl the whole website. Check SEO issues, spelling, server errors including broken links and missing resourses and so on https://seocharger.com I'm one of the founders. Welcome :)