Web Dev Checklist

32 actionable items covering performance, accessibility, security, and code quality for web developers.

0 of 32 completed
0%

Valid HTML5 document structure

high

Use proper DOCTYPE, html, head, and body tags. Validate with W3C validator.

Semantic HTML elements

high

Use header, nav, main, article, section, aside, and footer instead of generic divs.

Responsive meta viewport tag

high

Include <meta name='viewport' content='width=device-width, initial-scale=1'>.

CSS minification and bundling

medium

Minify CSS files and bundle them to reduce HTTP requests and file sizes.

JavaScript minification and tree shaking

medium

Remove unused JavaScript. Use tree shaking in your build process.

Lazy loading for images and videos

high

Use loading='lazy' for below-the-fold images. Lazy load video embeds.

Modern image formats (WebP/AVIF)

medium

Serve images in WebP or AVIF with fallbacks for older browsers.

Responsive images with srcset

medium

Use srcset and sizes attributes to serve appropriately sized images.

Font optimization (subsetting, preload)

medium

Subset fonts to only needed characters. Preload critical fonts.

Critical CSS inlined

medium

Inline above-the-fold CSS to prevent render-blocking.

Defer non-critical JavaScript

high

Use defer or async attributes on non-critical script tags.

HTTP/2 or HTTP/3 enabled

medium

Ensure your server supports HTTP/2+ for multiplexing and header compression.

Gzip/Brotli compression enabled

high

Enable Brotli or Gzip compression on your server for text-based assets.

CDN configured for static assets

medium

Serve images, CSS, and JS from a CDN for faster global delivery.

Browser caching headers configured

high

Set Cache-Control and ETag headers for static assets.

WCAG 2.1 AA accessibility compliance

high

Ensure color contrast, keyboard navigation, ARIA labels, and screen reader compatibility.

Alt text on all meaningful images

high

Every non-decorative image needs descriptive alt text.

Keyboard navigation works

high

All interactive elements should be reachable and usable via keyboard.

Focus indicators visible

medium

Don't remove focus outlines. Style them to be visible and match your design.

ARIA labels on interactive elements

medium

Add aria-label or aria-labelledby to buttons, links, and form elements that need context.

HTTPS with valid SSL certificate

high

Serve all pages over HTTPS. Use HSTS header for strict transport security.

Content Security Policy (CSP) header

medium

Implement CSP to prevent XSS attacks and unauthorized script execution.

X-Frame-Options header set

medium

Prevent clickjacking by setting X-Frame-Options to DENY or SAMEORIGIN.

No mixed content warnings

high

Ensure all resources (images, scripts, styles) are loaded over HTTPS.

Input validation (client and server)

high

Validate all user inputs on both client and server side to prevent injection attacks.

Error handling with custom error pages

medium

Create custom 404 and 500 error pages that maintain site branding and navigation.

Proper 301 redirects for moved pages

high

Redirect old URLs to new ones with 301 status codes to preserve link equity.

No console errors in production

medium

Check browser console for JavaScript errors and fix them before launch.

Cross-browser testing completed

medium

Test in Chrome, Firefox, Safari, and Edge. Check mobile browsers too.

Performance budget established

low

Set limits for page weight, number of requests, and load time. Monitor continuously.

Automated testing (unit/integration)

medium

Write tests for critical functionality. Set up CI/CD to run tests automatically.

Environment variables for secrets

high

Never hardcode API keys or secrets. Use environment variables.