Production launch checklist
After you add a new site on Netlify, but before you release it to your customers, consider the following recommendations for getting your project ready for production.
Note that not all recommendations apply to all sites. Some recommendations are specific to when certain features are in use. Also, some recommended tasks can be completed once at the team level and apply to future sites you launch. While your project might not warrant taking action on all the recommendations below, we suggest that you at least review them all to consider which recommended tasks would benefit your business.
Extra benefits for Pro and Enterprise teams
Some of the below recommendations involve features that aren’t available on all plans. Plan requirements are indicated below.
# Finalize names
- Make any desired edits to your team name and site name before configuring anything else since some configuration values may depend on these slugs.
# Collaborate securely and efficiently
- Configure automatic deploy subdomains for unified branded URLs across your Deploy Previews and branch deploys.
- If you don’t intend for your branch deploys to be publicly searchable, use custom headers to prevent branch deploys from being indexed by search engines.
- Invite reviewers to get stakeholder sign-offs using collaborative Deploy Previews.
- Send your stakeholders the Reviewer quickstart to teach them how to share feedback.
# Pro and Enterprise teams
- Set up Slack notifications for team awareness of deploy activity.
- Protect non-production deploys from unauthorized access.
- Add team members with the minimum level of permissions required for their work to enable collaboration while keeping your sites secure.
- Add at least one other Team Owner so that while you’re away from work someone else can add team members, set user permissions, transfer sites, and more to keep things running smoothly.
# Enterprise teams only
- Enable and enforce SAML single sign-on for your team (or organization if applicable).
# Optimize performance and ensure quality
- Optimize your build performance and build time so your team can spend more time creating and less time waiting.
- Optimize the size and format of your images with Netlify Image CDN to improve the runtime performance and reliability of your site.
- Optimize the number of files updated for your deploys to reduce deploy times and make the most of Netlify’s CDN cache.
- Create cache key variations to optimize cache performance.
- Opt out of automatic cache invalidation for proxied responses to optimize cache performance.
- Add the durable cache for serverless function responses to reduce response times and variability in performance.
- Cache edge function responses for even faster response times.
- Customize edge function error handling to fail closed or open depending on your audience and content.
- Configure your serverless functions region to the closest to your data sources.
- Add unit testing and integration testing to your site builds.
- Plan synthetic performance testing to optimize your site performance before your initial launch and avoid performance regressions in the future.
- For example, set up embedded Lighthouse scores.
- Enable Site Analytics to monitor trends in site activity.
- If you want to monitor production traffic only, make Site Analytics distinguish between deployed branches.
# Pro and Enterprise teams
- Enable Real User Metrics to monitor your site’s usability and performance.
# Enterprise teams only
- Integrate content from multiple sources into a single data unification layer with Netlify Connect to ensure your sites and other web properties always have access to the latest content.
- Use the Connect JavaScript client to query your data layer’s GraphQL API and benefit from efficient caching of data for sites that use server-side rendering (SSR) with caching.
- Configure Log Drains to pipe data from Netlify’s CDN to third-party monitoring services for analysis, alerting, and data persistence.
# Secure your information
- If your site is connected to a public repository, review the following settings to make sure they balance your needs for protecting security and welcoming contributions:
- Import
.env
file variables for security and consistency between local and remote builds. - Confirm that you haven’t committed any sensitive environment variables to your repository.
# Pro and Enterprise teams
- Make variables available to only the scopes that need them for tighter control of your sensitive data.
- If you have multiple sites, use shared environment variables for non-sensitive values where possible for dev productivity.
# Enterprise teams only
- Flag your most sensitive environment variable values with Secrets Controller to apply stricter security measures and perform secrets scanning of your code and build output files.
- Configure Private Connectivity to reduce the risk to your backend environment.
# Prepare for production traffic
- Configure your site for HSTS preload to enhance performance and security.
- Check for consistent trailing slashes for SEO and enable pretty URLs if needed.
- Set up a custom 404 page in line with your branding.
- Work with your legal representation to make sure your site is following all privacy regulations that apply to your site. Then use country-based redirects to show appropriate disclosures and get the appropriate consent per location.
- Add a custom domain and configure DNS.
- If you’re using external DNS, confirm that your primary domain is
www
or another subdomain instead of an apex domain to optimize your use of our CDN. - If you plan to have more than 5 domain aliases that are subdomains of the same domain, manage your HTTPS certificates to avoid rate limiting for subdomains.
# Enterprise teams only
- Set up Firewall Traffic Rules to permit or block access to your site based on IP address or geographic location.
- Set up rate limiting rules to protect against API abuse, authentication attacks, and more.
- If you’re migrating an existing domain you’ve already used, and you have access to premium support, reach out to your dedicated account support team for help working through our Enterprise domain migration launch checklist.
- If you’re using external DNS, configure your domains to use the High-Performance Edge to benefit from proactive DDoS mitigation and optimize response times and cache hits.
- If your site will handle HIPAA-regulated data, visit our Trust Center to download our reference architecture for HIPAA-compliant composable sites on Netlify.
# Communicate with customers
- If your business involves emails:
- Set up the Netlify Email Integration to send emails and keep your templates version controlled alongside the rest of your project.
- Set up your domain to receive emails.
- If you’re using Netlify Forms:
- Add extra spam prevention.
- Add an
<input>
withname="email"
to streamline replying to form submitters. - Create a custom success page in line with your branding.
- Create a process for managing sensitive form data.
# Expect the unexpected
- Plan a maintenance page process.
- Familiarize your team with the following tools and resources:
- Rollbacks in case they need to revert site changes quickly.
- Manual deploy deletion in case they ever need to remove accidentally deployed sensitive information.
- Fix failed deploys and build errors with Netlify’s AI-enabled suggested solutions
# Pro and Enterprise teams
- Familiarize your team with our tips for requesting support by email.
# Enterprise teams only
- Familiarize your team with the following tools and resources:
- Build prioritization to reduce wait times for important builds in your team build queue.
- If you have Premium Support, your dedicated Slack channel and phone number for support.
Did you find this doc useful?
Your feedback helps us improve our docs.