All launch resources
Railway deploy checklist

Deployed on Railway — cleared for launch?

Railway makes backend deploys fast, but custom domains, env var hygiene, health checks, and security headers on public services need explicit verification before you share the URL.

DNS & SSL

Custom domains and certificate provisioning on Railway services.

  • Custom domain attached with valid TLS — not just the *.up.railway.app default.

    Audit check DNS-001 · dns ssl

  • Redirect apex→www or www→apex consistently — avoid duplicate content.

    Audit check SEO-011 · seo

Security & headers

Production deploys need baseline HTTP hardening before you share the URL.

  • No secrets in client bundles — audit NEXT_PUBLIC_* and leaked API keys in static frontend services.

    Audit check SEC-020 · dns ssl

  • Configure HSTS and security headers at CDN or reverse proxy in front of Railway.

    Audit check SEC-001 · security

Trust & legal

Policy pages, contact signals, and checkout trust before paid or viral traffic.

  • Status/health page linked before announcing — Railway restarts shouldn't surprise users.

    Audit check TRUST-006 · trust

Performance

Core Web Vitals and load behavior under real traffic — not just localhost.

  • Measure Core Web Vitals on custom domain after cold-start warmup — not preview URL.

    Audit check PERF-001 · performance

FAQ

Railway launch questions

Should I scan the Railway preview URL or custom domain?

Scan the exact URL you will share publicly. Preview domains differ in headers, SSL, and caching from your production custom domain.

Scan your Railway production URL

Free tier · No credit card · Create account

Railway Launch Checklist & Deploy Audit | Launch Auditor