All launch resources
Netlify deploy checklist

Netlify deploy cleared for launch?

netlify.toml headers, branch deploy vs production domain, and edge functions need the same clearance bar as Vercel — especially CSP, redirects, and SSL on custom domains.

Security & headers

Production deploys need baseline HTTP hardening before you share the URL.

  • Define Strict-Transport-Security and CSP in _headers or netlify.toml.

    Audit check SEC-001 · security

  • Set X-Content-Type-Options and Referrer-Policy on all paths.

    Audit check SEC-006 · security

DNS & SSL

  • Custom domain TLS valid — check Netlify DNS vs external registrar setup.

    Audit check DNS-001 · dns ssl

Performance

Core Web Vitals and load behavior under real traffic — not just localhost.

  • Run Lighthouse on production domain after Netlify CDN cache warms.

    Audit check PERF-001 · performance

FAQ

Netlify launch questions

Where should Netlify security headers live?

Use public/_headers or [[headers]] in netlify.toml. Launch Auditor validates response headers on your live URL — the configuration location doesn't matter if browsers receive the right values.

Scan your Netlify production URL

Free tier · No credit card · Create account

Netlify Launch Checklist & Deploy Audit | Launch Auditor