I've been part of three website launches that ranked badly for the first six months because of mistakes from this checklist. The first was an event-marketing agency in 2019 — we shipped with the staging robots.txt still blocking everything, and the launch announcement on LinkedIn drove people to a homepage Google had never crawled. The second was a Shopify storefront where the canonical tags pointed at myshopify.com URLs for two months instead of the custom domain. The third was a B2B SaaS where the entire /blog/* section had noindex from a forgotten staging override.
Each one of those failures was preventable with 90 seconds of pre-launch checking against the items below. None of them showed up as "errors" in the browser. The site loaded fine; Google just couldn't see it. That's the defining feature of pre-launch SEO failure: silent damage that's invisible until you log into Search Console weeks later.
Below are the 20 items I now check before every launch I'm responsible for. They're ordered roughly by "how badly does this hurt if you miss it" — the security and crawl-access items at the top are the ones that lose you weeks of traffic; the Core Web Vitals items at the bottom hurt rankings but are recoverable quickly. Most can be verified by the free Seoxpert scan in under two minutes.
All traffic must be served over HTTPS. Configure a permanent (301) redirect from the plain HTTP origin to the HTTPS version. Without this, browsers show security warnings and search engines may index the insecure version.
A missing or misconfigured robots.txt can accidentally block search engine crawlers from your entire site. Verify the file exists at the root, allows Googlebot, and does not contain overly broad Disallow rules.
An XML sitemap tells search engines which URLs you want indexed and how often they change. Generate one from your CMS or build system, upload it to the root, and submit the URL in Google Search Console.
Every indexable page needs a self-referencing canonical tag in the head. This prevents duplicate indexing when the same content is accessible via multiple URLs (for example with and without trailing slashes, or via HTTP and HTTPS).
The lang attribute on the <html> element tells browsers and screen readers the primary language of the page. Search engines use it to improve localised results. Missing lang causes accessibility failures.
Item 1 relates to security issues. Item 4 is explained in depth in the canonical tag glossary entry. See also: most common technical SEO mistakes →
Title tags are the primary on-page ranking signal for query relevance. Each page needs a unique title matching the primary keyword and page intent. Tags longer than 60 characters are typically truncated in search results.
Meta descriptions do not affect rankings directly, but well-written descriptions improve click-through rate. Keep each unique, under 155 characters, and include a natural version of the page keyword.
Every page should have exactly one H1 heading that clearly states the topic. Multiple H1s confuse the relevance signal. Missing H1s leave pages without a clear structural anchor for crawlers.
Schema markup in JSON-LD format enables rich results in search engines. Add at minimum: Article for blog posts, Product for ecommerce, FAQPage for Q&A content, and WebSite for the homepage.
Open Graph tags control how pages appear when shared on social platforms and messaging apps. At minimum include og:title, og:description, og:image, and og:url on every page that might be shared.
For meta description best practices, see what is a meta description.
Run a crawl of all internal links before going live. Any URL returning a 404 or other 4xx status needs to be fixed or redirected. Post-launch 4xx errors waste crawl budget and create dead ends for users.
Redirect chains (A → B → C) dilute link equity and slow down browsers. Compress every chain to a single hop: the source URL should redirect directly to the final destination.
A canonical tag pointing to a different URL than the page it is on will suppress the page from the index. Check every canonical for typos, protocol mismatches, and accidental cross-domain references.
Measure LCP, CLS, and INP on your key landing pages before launch. LCP should be under 2.5s, CLS under 0.1, and INP under 200ms. Read the Core Web Vitals guide for a full explanation of thresholds and what causes failures.
Text-based assets (HTML, CSS, JavaScript) compress significantly with gzip or Brotli. Uncompressed assets increase TTFB and total transfer size. Most hosting platforms enable this by default — verify it is not disabled.
Item 14: read the Core Web Vitals SEO impact guide for threshold explanations and common causes. See also: most common performance issues →
Pages with very thin content are unlikely to rank and may be demoted as low-quality. Ensure every indexed page has enough original, intent-matched content to serve the user query it targets.
The homepage typically carries the most PageRank on a new site. Ensure it links directly to the most important category and conversion pages so link equity flows to where it matters most.
Alt text serves two purposes: accessibility for screen reader users, and image search relevance signals. Describe the image content concisely. Avoid keyword-stuffing and do not leave alt attributes empty on meaningful images.
These four response headers are the baseline security posture for any public website. HSTS enforces HTTPS. CSP restricts script sources. X-Frame-Options prevents clickjacking. X-Content-Type-Options prevents MIME sniffing. All four are checked by the Seoxpert security scanner.
Paths like /admin, /.env, and /.git should be blocked in robots.txt and — more importantly — protected at the server level with authentication or a 403 response. robots.txt alone is not a security control.
Item 19: see the security issues library for per-header fix guides. Or see the most common security issues →
Manual checks catch obvious failures. An automated scan verifies every item across every page simultaneously — including template-generated pages where one misconfiguration propagates at scale. Run a free scan now to see which items pass and which need attention.
Or sign up to use your free scan credit. View plans for ongoing monitoring.
Use it before launching a new site, immediately after a major CMS migration or template change, and as a recurring audit routine. Each item functions as a test specification that passes or fails.
For active sites, an automated scan weekly catches regressions before they affect rankings. Review the full checklist manually after major redesigns or platform migrations. Scheduled scans in Seoxpert can automate the recurring verification.
The Seoxpert scanner covers: HTTPS, security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options), canonical tags, title and meta description length and uniqueness, H1 count, schema presence, Open Graph tags, 4xx errors, redirect chains, Core Web Vitals signals, compression, and robots.txt syntax.
Yes. All 20 items apply to any publicly indexed website — marketing sites, ecommerce, blogs, and SaaS products. Some items like Product schema are only relevant for ecommerce, but the other 19 are universal.