Pre-Launch Domain Checklist: Everything to Verify Before Going Live
Before launching a new website, run through this domain and infrastructure checklist. Missing any item can cause SEO damage, email delivery failures, or security vulnerabilities on day one.
Pre-Launch Domain Checklist: Everything to Verify Before Going Live
Launching a new website is exciting. Launching it with a missing DMARC record, broken SSL chain, or blocked crawl rules is not. This checklist covers every domain-level item to verify before you flip the switch.
DNS Configuration
A Records:
- Root domain (example.com) points to correct server IP
- www subdomain: either A record to same IP, or CNAME to root domain
- Verify propagation: run DNS Propagation Checker for A records globally
Email DNS:
- MX records configured for your email provider
- MX records point to hostnames (not CNAMEs)
- Multiple MX records with different priorities (redundancy)
Other subdomains:
- All subdomains you use have DNS records configured
- No stale/leftover records from development (dev., staging., test. subdomains should be removed or secured)
- No dangling CNAMEs pointing to decommissioned services
Verification:
- Run Full Domain Scan in ElasticDomain to see all DNS records
- Check DNS Propagation Checker — A records resolving globally?
SSL Certificate
- SSL certificate installed and valid
- Certificate covers all domains you serve (check SANs list): example.com AND www.example.com
- Certificate chain is complete (chain valid = Yes in ElasticDomain SSL tab)
- Expiry is more than 60 days away
- HTTP redirects to HTTPS (HTTPS enforced = Yes)
- HSTS header is present
- TLS version: TLS 1.2 and/or 1.3 only (TLS 1.0 and 1.1 disabled)
Verification:
- Test HTTPS in browser — padlock shows, no warnings
- Check SSL tab in ElasticDomain after scanning domain
- Run TLS Auditor tool (Tools → TLS Auditor) for full configuration audit
Email Authentication
- SPF record present and valid at domain root
- SPF includes all services that will send email (transactional, marketing)
- DKIM enabled in your email provider — key published in DNS
- DMARC record present at _dmarc.yourdomain.com
- DMARC policy is at minimum p=none (monitoring mode)
Verification:
- Run Email Deliverability Tester (Tools → Email Deliverability)
- Target score: 75 or higher
- Send a test email and verify it arrives in inbox (not spam)
Security Headers
- HSTS — Strict-Transport-Security header present
- X-Frame-Options — SAMEORIGIN or DENY
- X-Content-Type-Options — nosniff
- Referrer-Policy — strict-origin-when-cross-origin
- Content-Security-Policy — basic policy at minimum
Verification:
- Run HTTP Header Analyzer (Tools → Header Analyzer)
- Grade should be B or better before launch
Blacklist Check
- Domain is not on any DNS blacklist
- Server IP is not on any DNS blacklist
- Check even on brand new domains — shared hosting IPs sometimes have baggage
Verification:
- Run Full Domain Scan in ElasticDomain
- Security tab → blacklist status: all clear
SEO Foundation
robots.txt:
- robots.txt exists at yourdomain.com/robots.txt
- Not blocking CSS, JavaScript, or images (prevents Google from rendering pages)
- Contains Sitemap: directive pointing to your sitemap URL
- Not accidentally blocking entire site (Disallow: / for all agents)
sitemap.xml:
- sitemap.xml exists and is valid
- Includes all indexable pages
- No 404 URLs in sitemap
- Submit sitemap to Google Search Console after launch
Basic on-page:
- Every page has a unique title tag (under 60 characters)
- Every page has a unique meta description (under 160 characters)
- One H1 per page
- No duplicate content between HTTP and HTTPS (HTTPS should be canonical)
Verification:
- Run Robots.txt Validator (Tools → Robots Validator)
- Run SEO Scan (1,500 credits) after launch — fix any critical issues before indexing
Uptime and Monitoring Setup
Domain added to ElasticDomain with type OWNED
Check interval set to 24 hours (or 6 hours for business-critical)
Alert rules configured:
- Domain expiry at 60, 30, 14 days
- SSL expiry at 30, 14 days
- Blacklist detected
- Nameserver changed
- Uptime down
Uptime check passes (domain responds with HTTP 200)
Response time under 1 second
Final Go/No-Go
Before going live, run a full scan in ElasticDomain and verify:
- Health score: 80 or higher
- SSL: valid, chain complete, HTTPS enforced
- DNS: all records present, no unexpected changes
- Security: not blacklisted, security headers present
- Uptime: responding correctly
- Email: SPF, DKIM, DMARC all passing
If any of these fail, fix them before announcing the launch. A domain that starts with a broken email setup or missing security headers is much harder to fix after users and search engines have already indexed it.