8 quick site checks: security, speed, accessibility & privacy — no drama
A pragmatic checklist you can run tonight: what to verify, which tools to use, and how to know your site won’t surprise people at the worst moment.
This isn’t about dramatic hacks — it’s routine hygiene so people can read, book, and pay without wrestling the UI.
1) Connection & page security
What to check: HTTPS, forced HTTPS (HSTS), CSP, cookie flags (Secure/HttpOnly/SameSite), anti-embedding (frame-ancestors/X-Frame-Options).
Why it matters: lower risk of session theft, page tampering, and XSS.
Owner’s tasks:
- Enforce HTTPS & HSTS; test with SSL Labs.
- Add CSP (Report-Only to start) — MDN: Content Security Policy.
- Set cookie flags — MDN: Cookies.
- Block framing — MDN: X-Frame-Options / frame-ancestors.
2) Uptime & availability
Check: consistent responses and recovery time.
Tools: UptimeRobot for basic external monitoring.
3) Performance (speed)
Check & improve with: PageSpeed Insights / Lighthouse.
Compress images & fonts, defer heavy scripts, use a CDN.
Good reads: web.dev — Performance.
4) Accessibility (a11y)
Check: contrast, readable copy, alt text, keyboard nav, screen reader labels.
Tools: WAVE, axe DevTools, WCAG, MDN A11y.
5) Privacy & tracking
Check: which pixels run, any session replay, where data goes.
Act: keep only essential analytics (Plausible/Fathom/Umami), get consent right (GDPR — gdpr.eu).
Use DevTools network tab to spot third-party calls.
6) DNS & mail hygiene
Check: DNS correctness, DNSSEC, email records (SPF/DKIM/DMARC).
Tools: Verisign DNSSEC Analyzer, MXToolbox.
7) Markup validity & broken links
Tools: W3C HTML Validator and a link checker in CI.
8) Structured data (rich results)
Add & test: schema.org markup; verify with Google Rich Results Test.
Short wrap-up
- Security: HTTPS/HSTS/CSP/cookies/framing — protects accounts and data.
- Uptime & speed: saves time and nerves.
- Accessibility: usable for everyone.
- Privacy: less unnecessary tracking.
- DNS/mail, validity, structured data: reliability and predictable behavior.
One-evening checklist
- A+ on SSL Labs, HSTS on
- CSP (Report-Only minimum), safe cookies
- Uptime monitor + alerts
- PageSpeed run & compressed assets
- Basic WCAG check (contrast, alt, keyboard)
- Unnecessary trackers removed; consent correct
- SPF/DKIM/DMARC & DNSSEC (if available)
- HTML validator & rich results test