Website QA checklist before launch, ordered by what actually breaks

A pre-launch website QA checklist covers six areas: analytics and tracking, forms and console errors, links, SEO basics, consent, and your core user flows. Most checklists present those as equally important. They aren’t — we audited 49 freshly launched Show HN products with machine-verified checks, and this checklist is ordered by how often each item was actually broken on launch day, most common failure first.

The checklist at a glance:

1. Analytics and tracking — verify events actually fire (broken on 78% of launches)
2. Forms and the browser console — submit everything, watch for errors and 500s
3. Links — crawl or click every internal link (broken on 14 of 49 sites)
4. SEO basics — canonical, robots.txt, h1, meta description, Open Graph tags
5. Consent — a banner that actually gates tracking before analytics fires
6. User flows — signup, login, checkout, password reset, end to end on production

Every item below has a manual way to check it. Where Prufa automates the check, it’s noted; everything here is verifiable by hand if you have the patience.

1. Analytics and tracking — broken on 78% of launches

The single most common critical failure: no analytics events leaving the page at all. Launch traffic is the most informative traffic you’ll ever get, and most teams are blind to it.

How to check by hand:

• Open DevTools → Network, reload, and filter for your analytics host (for GA4, requests to /g/collect; for most other tools, look for an /e or /capture or /track endpoint). You are looking for event requests, not the script loading. The tag container loading is not the same thing as events firing — 3 of our 49 sites had the container load and zero events follow.
• Do it in a regular window and a private window. If you’ve dismissed your own cookie banner months ago, you may be the only visitor whose tracking works (or the reverse — consent default blocks everything, including the analytics you thought you had).
• Trigger one real conversion (signup, click the CTA) and confirm the event arrives in your analytics tool’s realtime/live view.

Prufa verifies this automatically: it captures all outgoing network traffic and flags pixels that are absent, double-firing, or loading without events.

2. Forms, and the console while you use them

Submit every form on the site — with valid input, with invalid input, and with empty input. Watch two things: where the response goes (a 500 from /api/invites is a finding, not a vibe) and the DevTools console while you interact. 10 of 49 launches had JavaScript errors at page load — errors visitors never report; they just leave.

If a form’s success path ends in an email (signup confirmation, password reset), check the email actually arrives. “Reset email not received” is one of the most damaging silent failures a product can ship.

Prufa runs forms in a real browser and verifies the captured responses and console output.

3. Links — 14 of 49 sites shipped broken ones

Click every link in your nav, footer, pricing page, and docs — or crawl them. Footer links and “read more” anchors rot fastest because nobody retests them after redesigns. Dead links bleed user trust and waste crawl budget.

Prufa crawls internal links and verifies response codes.

4. SEO basics — the five-minute tags that half the cohort missed

From the audit data, in order of frequency:

• Canonical link (24 sites missing; 2 sites pointed it at a different domain — template leftovers that tell Google to index someone else). Check <head> on your entry page: exactly one rel="canonical", pointing at your own production host.
• robots.txt (11 missing) — confirm yoursite.com/robots.txt returns 200 and doesn’t block everything (a common staging leftover).
• One <h1> on the entry page (12 sites had none).
• Meta description (10 missing) — it’s your SERP ad copy.
• Open Graph tags (7+ missing og:title/og:image) — this is what your launch post looks like when shared. Paste your URL into a social-card preview tool before someone else does.

All of these are in Prufa’s deterministic SEO checks — title, meta, canonical, social cards, headings, robots.txt, sitemap.

5. Consent — the banner has to actually gate tracking

If you show a consent banner, verify it actually gates tracking: reject consent in a private window and confirm the tracking requests from step 1 stop. The important launch failure is not the banner’s presence; it is analytics firing before the visitor has made a choice.

Prufa checks whether beacons fire before consent.

6. Your real user flows, end to end

Last in failure-frequency order, first in damage: create a fresh account on production. Sign up, log in, do the core thing, hit checkout if you have one, request a password reset. Use a clean browser profile and an email address you can actually receive on. The failures that kill launches — “signup is broken,” “checkout 500s” — only show up when you walk the path a stranger walks.

This is what Prufa is built around: describe the flow in plain English and it runs it in a real browser, with plain code verifying every step.

What this checklist deliberately leaves out

Performance (Core Web Vitals), cross-browser rendering, and deep accessibility audits matter — do them. They’re out of scope here for an honest reason: our data comes from checks we run deterministically, and we don’t automate those three, so we have no failure-rate data to rank them with.

The lazy version

All of sections 1–5, plus the flow run, is what a free Prufa audit does in about a minute: paste your URL on the homepage, no signup. Run it the week before launch, fix what’s critical, run it again on launch morning.