Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/thedaviddias/Front-End-Checklist

๐Ÿ—‚ The perfect Front-End Checklist for modern websites and meticulous developers
https://github.com/thedaviddias/Front-End-Checklist

List: Front-End-Checklist

checklist css front-end-developer-tool front-end-development frontend guidelines html javascript lists reference resources web-development

Last synced: 10 days ago
JSON representation

๐Ÿ—‚ The perfect Front-End Checklist for modern websites and meticulous developers

Awesome Lists containing this project

README 

        





  Front-End Checklist

  


    


ย  Front-End Checklist

ย  





---

๐Ÿšจ Currently working on new version of frontendchecklist.io,
feel free to discuss any feature you would like to see. Thanks for your support!



---



The Front-End Checklist is an exhaustive list of all elements you need to have / to test before launching your website / HTML page to production.





ย  

ย ย ย  PRs Welcome

ย  

ย  ย  

ย ย ย  Contributors

ย  

ย  

ย ย ย  Frontโ€‘End_Checklist followed

  

ย  ย  

ย ย ย  CC0

ย  






ย  How To Use โ€ข Contributing โ€ข Website โ€ข Product Hunt





    Other Checklists:

    


ย  ๐ŸŽฎ Front-End Performance Checklist โ€ข ๐Ÿ’Ž Front-End Design Checklist




It is based on Front-End developer's years of experience, with the additions coming from some other open-source checklists.



---



## How to use?



All items in the **Front-End Checklist** are required for the majority of the projects, but some elements can be omitted or are not essential (in the case of an administration web app, you may not need RSS feed for example). We choose to use 3 levels of flexibility:



![Low][low_img] indicates that the item is recommended but can be omitted in certain situations.

![Medium][medium_img] indicates that the item is highly recommended but can potentially be omitted in very specific cases. However, omitting these elements can negatively impact performance or SEO.

![High][high_img] indicates that the item cannot be omitted under any circumstances. Removing these elements may result in page malfunctions or cause accessibility and SEO issues. Testing should prioritize these elements first.



Some resources possess an emoticon to help you understand which type of content / help you may find on the checklist:



* ๐Ÿ“–: documentation or article

* ๐Ÿ› : online tool / testing tool

* ๐Ÿ“น: media or video content



> You can contribute to the ***Front-End Checklist App*** reading the [CONTRIBUTING.md file](https://github.com/thedaviddias/Front-End-Checklist/blob/master/CONTRIBUTING.md) which explains everything about the project.



---



## Head



> **Notes:** You can find [a list of everything](https://github.com/joshbuchea/HEAD) that could be found in the `` of an HTML document.



### Meta tag



* [ ] **Doctype:** ![High][high_img] The Doctype is HTML5 and is at the top of all your HTML pages.



```html

 

```



> * ๐Ÿ“– [Determining the character encoding - HTML5 W3C](https://www.w3.org/TR/html5/syntax.html#determining-the-character-encoding)



*The next 2 meta tags (Charset and Viewport) need to come first in the head.*



* [ ] **Charset:** ![High][high_img] The charset (UTF-8) is declared correctly.



```html



```



* [ ] **Viewport:** ![High][high_img] The viewport is declared correctly.



```html



```



* [ ] **Title:** ![High][high_img] A title is used on all pages (SEO: Google calculates the pixel width of the characters used in the title, and it cuts off between 472 and 482 pixels. The average character limit would be around 55-characters).



```html



Page Title less than 55 characters

```



> * ๐Ÿ“– [Title - HTML - MDN](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/title)

> * ๐Ÿ›  [SERP Snippet Generator](https://www.sistrix.com/serp-snippet-generator/)



* [ ] **Description:** ![High][high_img] A meta description is provided, it is unique and doesn't possess more than 150 characters.



```html



```



> * ๐Ÿ“– [Meta Description - HTML - MDN](https://developer.mozilla.org/en-US/docs/Learn/HTML/Introduction_to_HTML/The_head_metadata_in_HTML#Adding_an_author_and_description)



* [ ] **Favicons:** ![Medium][medium_img] Each favicon has been created and displays correctly. If you have only a `favicon.ico`, put it at the root of your site. Normally you won't need to use any markup. However, it's still good practice to link to it using the example below. Today, **PNG format is recommended** over `.ico` format (dimensions: 32x32px).



```html



```



> * ๐Ÿ›  [Favicon Generator](https://www.favicon-generator.org/)

> * ๐Ÿ›  [RealFaviconGenerator](https://realfavicongenerator.net/)

> * ๐Ÿ“– [Favicon Cheat Sheet](https://github.com/audreyr/favicon-cheat-sheet)

> * ๐Ÿ“– [Favicons, Touch Icons, Tile Icons, etc. Which Do You Need? - CSS Tricks](https://css-tricks.com/favicon-quiz/)

> * ๐Ÿ“– [PNG favicons - caniuse](https://caniuse.com/#feat=link-icon-png)



* [ ] **Apple Web App Meta:** ![Low][low_img] Apple meta-tags are present.



```html



```



> * ๐Ÿ“– [Configuring Web Applications](https://developer.apple.com/library/content/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html)

> * ๐Ÿ“– [Supported Meta Tags](https://developer.apple.com/library/content/documentation/AppleApplications/Reference/SafariHTMLRef/Articles/MetaTags.html)



* [ ] **Windows Tiles:** ![Low][low_img] Windows tiles are present and linked.



```html



```



Minimum required xml markup for the `browserconfig.xml` file is as follows:



```xml



   

     

        

        

        

        

     

   



```



> * ๐Ÿ“– [Browser configuration schema reference](https://msdn.microsoft.com/en-us/library/dn320426(v=vs.85).aspx)



* [ ] **Canonical:** ![Medium][medium_img] Use `rel="canonical"` to avoid duplicate content.



```html



```



> * ๐Ÿ“– [Use canonical URLs - Search Console Help - Google Support](https://support.google.com/webmasters/answer/139066?hl=en)

> * ๐Ÿ“– [5 common mistakes with rel=canonical - Google Webmaster Blog](https://webmasters.googleblog.com/2013/04/5-common-mistakes-with-relcanonical.html)



### HTML tags



* [ ] **Language attribute:** ![High][high_img] The `lang` attribute of your website is specified and related to the language of the current page.



```html



```



* [ ] **Direction attribute:** ![Medium][medium_img] The direction of lecture is specified on the html tag (It can be used on another HTML tag).



```html



```



> * ๐Ÿ“– [dir - HTML - MDN](https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/dir)



* [ ] **Alternate language:** ![Low][low_img] The language tag of your website is specified and related to the language of the current page.



```html



```



* [ ] **x-default:** ![Low][low_img] The language tag of your website for international landing pages.



```html



```



> * ๐Ÿ“– [x-default - Google](https://webmasters.googleblog.com/2013/04/x-default-hreflang-for-international-pages.html)



* [ ] **Conditional comments:** ![Low][low_img] Conditional comments are present for IE if needed.



> * ๐Ÿ“– [About conditional comments (Internet Explorer) - MSDN - Microsoft](https://msdn.microsoft.com/en-us/library/ms537512(v=vs.85).aspx)



* [ ] **RSS feed:** ![Low][low_img] If your project is a blog or has articles, an RSS link was provided.



* [ ] **CSS Critical:** ![Medium][medium_img] The CSS critical (or "above the fold") collects all the CSS used to render the visible portion of the page. It is embedded before your principal CSS call and between `` in a single line (minified).



> * ๐Ÿ›  [Critical by Addy Osmani on GitHub](https://github.com/addyosmani/critical) automates this.



* [ ] **CSS order:** ![High][high_img] All CSS files are loaded before any JavaScript files in the ``. (Except the case where sometimes JS files are loaded asynchronously on top of your page).



### Social meta



Visualize and generate automatically our social meta tags with [Meta Tags](https://metatags.io/)



***Facebook OG*** and ***Twitter Cards*** are, for any website, highly recommended. The other social media tags can be considered if you target a particular presence on those and want to ensure the display.



* [ ] **Facebook Open Graph:** ![Low][low_img] All Facebook Open Graph (OG) are tested and no one is missing or with false information. Images need to be at least 600 x 315 pixels, although 1200 x 630 pixels is recommended.



> **Notes:** Using `og:image:width` and `og:image:height` will specify the image dimensions to the crawler so that it can render the image immediately without having to asynchronously download and process it.



```html



```



> * ๐Ÿ“– [A Guide to Sharing for Webmasters](https://developers.facebook.com/docs/sharing/webmasters/)

> * ๐Ÿ“– [Best Practices - Sharing](https://developers.facebook.com/docs/sharing/best-practices/)

> * ๐Ÿ›  Test your page with the [Facebook OG testing](https://developers.facebook.com/tools/debug/)



* [ ] **Twitter Card:** ![Low][low_img]



```html



```



> * ๐Ÿ“– [Getting started with cards โ€” Twitter Developers](https://developer.twitter.com/en/docs/tweets/optimize-with-cards/guides/getting-started)

> * ๐Ÿ›  Test your page with the [Twitter card validator](https://cards-dev.twitter.com/validator)



**[โฌ† back to top](#table-of-contents)**



---



## HTML



### Best practices



* [ ] **HTML5 Semantic Elements:** ![High][high_img] HTML5 Semantic Elements are used appropriately (header, section, footer, main...).



> * ๐Ÿ“– [HTML Reference](http://htmlreference.io/)



* [ ] **Error pages:** ![High][high_img] Error 404 page and 5xx exist. Remember that the 5xx error pages need to have their CSS integrated (no external call on the current server).



* [ ] **Noopener:** ![Medium][medium_img] In case you are using external links with `target="_blank"`, your link should have a `rel="noopener"` attribute to prevent tab nabbing. If you need to support older versions of Firefox, use `rel="noopener noreferrer"`.



> * ๐Ÿ“– [About rel=noopener](https://mathiasbynens.github.io/rel-noopener/)



* [ ] **Clean up comments:** ![Low][low_img] Unnecessary code needs to be removed before sending the page to production.



### HTML testing



* [ ] **W3C compliant:** ![High][high_img] All pages need to be tested with the W3C validator to identify possible issues in the HTML code.



> * ๐Ÿ›  [W3C validator](https://validator.w3.org/)



* [ ] **HTML Lint:** ![High][high_img] I use tools to help me analyze any issues I could have on my HTML code.



> * ๐Ÿ›  [Dirty markup](https://www.10bestdesign.com/dirtymarkup/)



> * ๐Ÿ›  [webhint](https://webhint.io/)



* [ ] **Link checker:** ![High][high_img] There are no broken links in my page, verify that you don't have any 404 error.



> * ๐Ÿ›  [W3C Link Checker](https://validator.w3.org/checklink)



* [ ] **Adblockers test:** ![Medium][medium_img] Your website shows your content correctly with adblockers enabled (You can provide a message encouraging people to disable their adblocker).



> * ๐Ÿ“– [Use AdBlocking in your Dev Environment](https://andreicioara.com/use-adblocking-in-your-dev-environment-48db500d9b86)



**[โฌ† back to top](#table-of-contents)**



---



## Webfonts



> **Notes:** Using web fonts may cause Flash Of Unstyled Text/Flash Of Invisible Text - consider having fallback fonts and/or utilizing web font loaders to control behavior.

> * ๐Ÿ“– [Google Technical considerations about webfonts](https://developers.google.com/fonts/docs/technical_considerations)



* [ ] **Webfont format:** ![High][high_img] WOFF, WOFF2 and TTF are supported by all modern browsers.



> * ๐Ÿ“– [WOFF - Web Open Font Format - Caniuse](https://caniuse.com/#feat=woff).

> * ๐Ÿ“– [WOFF 2.0 - Web Open Font Format - Caniuse](https://caniuse.com/#feat=woff2).

> * ๐Ÿ“– [TTF/OTF - TrueType and OpenType font support](https://caniuse.com/#feat=ttf)

> * ๐Ÿ“– [Using @font-face - CSS-Tricks](https://css-tricks.com/snippets/css/using-font-face/)



* [ ] **Webfont size:** ![High][high_img] Webfont sizes don't exceed 2 MB (all variants included).



* [ ] **Webfont loader:** ![Low][low_img] Control loading behavior with a webfont loader



> * ๐Ÿ›  [Typekit Web Font Loader](https://github.com/typekit/webfontloader)



**[โฌ† back to top](#table-of-contents)**



---



## CSS



> **Notes:** Take a look at [CSS guidelines](https://cssguidelin.es/) and [Sass Guidelines](https://sass-guidelin.es/) followed by most  Front-End developers. If you have a doubt about CSS properties, you can visit [CSS Reference](http://cssreference.io/). There is also a short [Code Guide](http://codeguide.co/) for consistency.



* [ ] **Responsive Web Design:** ![High][high_img] The website is using responsive web design.

* [ ] **CSS Print:** ![Medium][medium_img] A print stylesheet is provided and is correct on each page.

* [ ] **Preprocessors:** ![Low][low_img] Your project is using a CSS preprocessor (e.g [Sass](http://sass-lang.com/), [Less](http://lesscss.org/), [Stylus](http://stylus-lang.com/)).

* [ ] **Unique ID:** ![High][high_img] If IDs are used, they are unique to a page.

* [ ] **Reset CSS:** ![High][high_img] A CSS reset (reset, normalize or reboot) is used and up to date. *(If you are using a CSS Framework like Bootstrap or Foundation, a Normalize is already included into it.)*



> * ๐Ÿ“– [Reset.css](https://meyerweb.com/eric/tools/css/reset/)

> * ๐Ÿ“– [Normalize.css](https://necolas.github.io/normalize.css/)

> * ๐Ÿ“– [Reboot](https://getbootstrap.com/docs/4.0/content/reboot/)



* [ ] **JS prefix:** ![Low][low_img] All classes (or id- used in JavaScript files) begin with **js-** and are not styled into the CSS files.



```html






```



* [ ] **embedded or inline CSS:** ![High][high_img] Avoid at all cost embedding CSS in `` tags or using inline CSS: only use for valid reasons (e.g. background-image for slider, critical CSS).

* [ ] **Vendor prefixes:** ![High][high_img] CSS vendor prefixes are used and are generated accordingly with your browser support compatibility.



> * ๐Ÿ›  [Autoprefixer CSS online](https://autoprefixer.github.io/)



### Performance



* [ ] **Concatenation:** ![High][high_img] CSS files are concatenated in a single file *(Not for HTTP/2)*.

* [ ] **Minification:** ![High][high_img] All CSS files are minified.

* [ ] **Non-blocking:** ![Medium][medium_img] CSS files need to be non-blocking to prevent the DOM from taking time to load.



> * ๐Ÿ“– [loadCSS by filament group](https://github.com/filamentgroup/loadCSS)

> * ๐Ÿ“– [Example of preload CSS using loadCSS](https://gist.github.com/thedaviddias/c24763b82b9991e53928e66a0bafc9bf)



* [ ] **Unused CSS:** ![Low][low_img] Remove unused CSS.



> * ๐Ÿ›  [UnCSS Online](https://uncss-online.com/)

> * ๐Ÿ›  [PurifyCSS](https://github.com/purifycss/purifycss)

> * ๐Ÿ›  [PurgeCSS](https://github.com/FullHuman/purgecss)

> * ๐Ÿ›  [Chrome DevTools Coverage](https://developer.chrome.com/docs/devtools/coverage/)



### CSS testing



* [ ] **Stylelint:** ![High][high_img] All CSS or SCSS files are without any errors.



> * ๐Ÿ›  [stylelint, a CSS linter](https://stylelint.io/)

> * ๐Ÿ“– [Sass guidelines](https://sass-guidelin.es/)



* [ ] **Responsive web design:** ![High][high_img] All pages were tested at the following breakpoints: 320px, 768px, 1024px (can be more / different according to your analytics).

**Responsive Checker -**

> * ๐Ÿ›  [Am I Responsive?](http://ami.responsivedesign.is/)

> * ๐Ÿ›  [Mobile Friendly Test](https://search.google.com/test/mobile-friendly)

> * ๐Ÿ›  [Responsive Website Design Tester](https://responsivedesignchecker.com/)

> * ๐Ÿ›  [Responsinator](https://www.responsinator.com/)

> * ๐Ÿ›  [XRespond](https://xrespond.com/)



* [ ] **CSS Validator:** ![Medium][medium_img] The CSS was tested and pertinent errors were corrected.



> * ๐Ÿ›  [CSS Validator](https://jigsaw.w3.org/css-validator/)



* [ ] **Desktop Browsers:** ![High][high_img] All pages were tested on all current desktop browsers (Safari, Firefox, Chrome, Internet Explorer, EDGE...).

* [ ] **Mobile Browsers:**  ![High][high_img] All pages were tested on all current mobile browsers (Native browser, Chrome, Safari...).

* [ ] **OS:**  ![High][high_img] All pages were tested on all current OS (Windows, Android, iOS, Mac...).



* [ ] **Design fidelity:** ![Low][low_img] Depending on the project and the quality of the creatives, you may be asked to be close to the design. You can use some tools to compare creatives with your code implementation and ensure consistency.



> [Pixel Perfect - Chrome Extension](https://chrome.google.com/webstore/detail/perfectpixel-by-welldonec/dkaagdgjmgdmbnecmcefdhjekcoceebi?hl=en)



* [ ] **Reading direction:** ![High][high_img] All pages need to be tested for LTR and RTL languages if they need to be supported.



> * ๐Ÿ“– [Building RTL-Aware Web Apps & Websites: Part 1 - Mozilla Hacks](https://hacks.mozilla.org/2015/09/building-rtl-aware-web-apps-and-websites-part-1/)

> * ๐Ÿ“– [Building RTL-Aware Web Apps & Websites: Part 2 - Mozilla Hacks](https://hacks.mozilla.org/2015/10/building-rtl-aware-web-apps-websites-part-2/)



**[โฌ† back to top](#table-of-contents)**



---



## Images



> **Notes:** For a complete understanding of image optimization, check the free ebook **[Essential Image Optimization](https://images.guide/)** from Addy Osmani.



### Best practices



* [ ] **Optimization:** ![High][high_img] All images are optimized to be rendered in the browser. WebP format could be used for critical pages (like Homepage).



> * ๐Ÿ›  [Imagemin](https://github.com/imagemin/imagemin)

> * ๐Ÿ›  Use [ImageOptim](https://imageoptim.com/) to optimise your images for free.

> * ๐Ÿ›  Use [KeyCDN Image Processing](https://www.keycdn.com/support/image-processing) for image optimization in real time.

> * ๐Ÿ›  Use [Kraken.io](https://kraken.io/web-interface) awesome alternative for both png and jpg optimization. Up to 1mb per files on free plan.

> * ๐Ÿ›  [TinyPNG](https://tinypng.com/) optimises png, apng (animated png) and jpg images with very small loss in quality. Free and paid version available.

> * ๐Ÿ›  [ZorroSVG](http://quasimondo.com/ZorroSVG/) jpg-like compression for transparent images using svg masking.

> * ๐Ÿ›  [SVGO](https://github.com/svg/svgo) a Nodejs-based tool for optimizing SVG vector graphics files.

> * ๐Ÿ›  [SVGOMG](https://jakearchibald.github.io/svgomg/) a web-based GUI version of SVGO for optimising your svgs online.



* [ ] **Picture/Srcset:** ![Medium][medium_img] You use picture/srcset to provide the most appropriate image for the current viewport of the user.



> * ๐Ÿ“– [How to Build Responsive Images with srcset](https://www.sitepoint.com/how-to-build-responsive-images-with-srcset/)



* [ ] **Retina:** ![Low][low_img] You provide layout images 2x or 3x, support retina display.

* [ ] **Sprite:** ![Medium][medium_img] Small images are in a sprite file (in the case of icons, they can be in an SVG sprite image).

* [ ] **Width and Height:** ![High][high_img] Set `width` and `height` attributes on `<img>` if the final rendered image size is known (can be omitted for CSS sizing).

* [ ] **Alternative text:** ![High][high_img] All `<img>` have an alternative text which describes the image visually.



> * ๐Ÿ“– [Alt-texts: The Ultimate Guide](https://axesslab.com/alt-texts/)



* [ ] **Lazy loading:** ![Medium][medium_img] Images are lazyloaded (A noscript fallback is always provided).

> * ๐Ÿ›  [Native lazy loading polyfill](https://github.com/mfranzke/loading-attribute-polyfill/)



**[โฌ† back to top](#table-of-contents)**



---



## JavaScript



### Best practices



* [ ] **JavaScript Inline:** ![High][high_img] You don't have any JavaScript code inline (mixed with your HTML code).

* [ ] **Concatenation:** ![High][high_img] JavaScript files are concatenated.

* [ ] **Minification:** ![High][high_img] JavaScript files are minified (you can add the `.min` suffix).



> * ๐Ÿ“– [Minify Resources (HTML, CSS, and JavaScript)](https://developers.google.com/speed/docs/insights/MinifyResources)



* [ ] **JavaScript security:** ![High][high_img]



> * ๐Ÿ“– [Guidelines for Developing Secure Applications Utilizing JavaScript](https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet#Guidelines_for_Developing_Secure_Applications_Utilizing_JavaScript)



* [ ] **`noscript` tag:** ![Medium][medium_img] Use `<noscript>` tag in the HTML body if a script type on the page is unsupported or if scripting is currently turned off in the browser. This will be helpful in client-side rendering heavy apps such as React.js, see [examples](https://webdesign.tutsplus.com/tutorials/quick-tip-dont-forget-the-noscript-element--cms-25498).



```html

<noscript>

  You need to enable JavaScript to run this app.

</noscript>

```



* [ ] **Non-blocking:** ![Medium][medium_img] JavaScript files are loaded asynchronously using `async` or deferred using `defer` attribute.



> * ๐Ÿ“– [Remove Render-Blocking JavaScript](https://developers.google.com/speed/docs/insights/BlockingJS)



* [ ] **Optimized and updated JS libraries:** ![Medium][medium_img] All JavaScript libraries used in your project are necessary (prefer Vanilla Javascript for simple functionalities), updated to their latest version and don't overwhelm your JavaScript with unnecessary methods.



> * ๐Ÿ“– [You may not need jQuery](http://youmightnotneedjquery.com/)

> * ๐Ÿ“– [Vanilla JavaScript for building powerful web applications](https://plainjs.com/)



* [ ] **Modernizr:** ![Low][low_img] If you need to target some specific features you can use a custom Modernizr to add classes in your `<html>` tag.



> * ๐Ÿ›  [Customize your Modernizr](https://modernizr.com/download?setclasses)



### JavaScript testing



* [ ] **ESLint:** ![High][high_img] No errors are flagged by ESLint (based on your configuration or standards rules).



> * ๐Ÿ“– [ESLint - The pluggable linting utility for JavaScript and JSX](https://eslint.org/)



**[โฌ† back to top](#table-of-contents)**



---



## Security



### Scan and check your web site



> * [securityheaders.io](https://securityheaders.io/)

> * [Observatory by Mozilla](https://observatory.mozilla.org/)



### Best practices



* [ ] **HTTPS:** ![High][high_img] HTTPS is used on every page and for all external content (plugins, images...).



> * ๐Ÿ›  [Let's Encrypt - Free SSL/TLS Certificates](https://letsencrypt.org/)

> * ๐Ÿ›  [Free SSL Server Test](https://www.ssllabs.com/ssltest/index.html)

> * ๐Ÿ“– [Strict Transport Security](http://caniuse.com/#feat=stricttransportsecurity)



* [ ] **HTTP Strict Transport Security (HSTS):** ![Medium][medium_img] The HTTP header is set to 'Strict-Transport-Security'.



> * ๐Ÿ›  [Check HSTS preload status and eligibility](https://hstspreload.org/)

> * ๐Ÿ“– [HTTP Strict Transport Security Cheat Sheet - OWASP](https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html)

> * ๐Ÿ“– [Transport Layer Protection Cheat Sheet - OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html)



* [ ] **Cross Site Request Forgery (CSRF):** ![High][high_img] You ensure that requests made to your server-side are legitimate and originate from your website / app to prevent CSRF attacks.



> * ๐Ÿ“– [Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet  - OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html)



* [ ] **Cross Site Scripting (XSS):** ![High][high_img] Your page or website is free from XSS possible issues.



> * ๐Ÿ“– [XSS (Cross Site Scripting) Prevention Cheat Sheet  - OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html)

> * ๐Ÿ“– [DOM based XSS Prevention Cheat Sheet  - OWASP](https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html)



* [ ] **Content Type Options:** ![Medium][medium_img] Prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server.



> * ๐Ÿ“– [X-Content-Type-Options - Scott Helme](https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options)



* [ ] **X-Frame-Options (XFO):** ![Medium][medium_img] Protects your visitors against clickjacking attacks.



> * ๐Ÿ“– [X-Frame-Options - Scott Helme](https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options)

> * ๐Ÿ“– [RFC7034 - HTTP Header Field X-Frame-Options](https://tools.ietf.org/html/rfc7034)



* [ ] **Content Security Policy:** ![Medium][medium_img] Defines how content is loaded on your site and from where it is permitted to be loaded. Can also be used to protect against clickjacking attacks.



> * ๐Ÿ“– [Content Security Policy - An Introduction - Scott Helme](https://scotthelme.co.uk/content-security-policy-an-introduction/)

> * ๐Ÿ“– [CSP Cheat Sheet - Scott Helme](https://scotthelme.co.uk/csp-cheat-sheet/)

> * ๐Ÿ“– [CSP Cheat Sheet - OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html)

> * ๐Ÿ“– [Content Security Policy Reference](https://content-security-policy.com/)



**[โฌ† back to top](#table-of-contents)**



---



## Performance



### Best practices



* [ ] **Goals to achieve:** ![Medium][medium_img] Your pages should reach these goals:

  * First Meaningful Paint under 1 second

  * Time To Interactive under 5 seconds for the "average" configuration (a $200 Android on a slow 3G network with 400ms RTT and 400kbps transfer speed) and under 2 seconds for repeat visits

  * Critical file size under 170Kb gzipped



> * ๐Ÿ›  [Website Page Analysis](https://tools.pingdom.com)

> * ๐Ÿ›  [WebPageTest](https://www.webpagetest.org/)

> * ๐Ÿ“– [Size Limit: Make the Web lighter](https://evilmartians.com/chronicles/size-limit-make-the-web-lighter)



* [ ] **Minified HTML:** ![Medium][medium_img] Your HTML is minified.



* [ ] **Lazy loading:** ![Medium][medium_img] Images, scripts and CSS need to be lazy loaded to improve the response time of the current page (See details in their respective sections).



* [ ] **Cookie size:** ![Medium][medium_img] If you are using cookies be sure each cookie doesn't exceed 4096 bytes and your domain name doesn't have more than 20 cookies.



> * ๐Ÿ“– [Cookie specification: RFC 6265](https://tools.ietf.org/html/rfc6265)

> * ๐Ÿ“– [Cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies)

> * ๐Ÿ›  [Browser Cookie Limits](http://browsercookielimits.squawky.net/)



* [ ] **Third party components:** ![Medium][medium_img] Third party iframes or components relying on external JS (like sharing buttons) are replaced by static components when possible, thus limiting calls to external APIs and keeping your user's activity private.



> * ๐Ÿ›  [Simple sharing buttons generator](https://simplesharingbuttons.com/)



### Preparing upcoming requests



> * ๐Ÿ“– [Explanation of the following techniques](https://css-tricks.com/prefetching-preloading-prebrowsing/)



* [ ] **DNS resolution:** ![Low][low_img] DNS of third-party services that may be needed are resolved in advance during idle time using `dns-prefetch`.



```html

<link rel="dns-prefetch" href="https://example.com">

```



* [ ] **Preconnection:** ![Low][low_img] DNS lookup, TCP handshake and TLS negotiation with services that will be needed soon is done in advance during idle time using `preconnect`.



```html

<link rel="preconnect" href="https://example.com">

```



* [ ] **Prefetching:** ![Low][low_img] Resources that will be needed soon (e.g. lazy loaded images) are requested in advance during idle time using `prefetch`.



```html

<link rel="prefetch" href="image.png">

```



* [ ] **Preloading:** ![Low][low_img] Resources needed in the current page (e.g. scripts placed at the end of `<body>`) in advance using `preload`.



```html

<link rel="preload" href="app.js">

```



> * ๐Ÿ“– [Difference between prefetch and preload](https://medium.com/reloading/preload-prefetch-and-priorities-in-chrome-776165961bbf)



### Performance testing



* [ ] **Google PageSpeed:** ![High][high_img] All your pages were tested (not only the homepage) and have a score of at least 90/100.



> * ๐Ÿ›  [Google PageSpeed](https://developers.google.com/speed/pagespeed/insights/)

> * ๐Ÿ›  [Test your mobile speed with Google](https://testmysite.withgoogle.com)

> * ๐Ÿ›  [WebPagetest - Website Performance and Optimization Test](https://www.webpagetest.org/)

> * ๐Ÿ›  [GTmetrix - Website speed and performance optimization](https://gtmetrix.com/)

> * ๐Ÿ›  [Speedrank - Improve the performance of your website](https://speedrank.app/)



**[โฌ† back to top](#table-of-contents)**



---



## Accessibility



> **Notes:** You can watch the playlist [A11ycasts with Rob Dodson](https://www.youtube.com/playlist?list=PLNYkxOF6rcICWx0C9LVWWVqvHlYJyqw7g) ๐Ÿ“น



### Best practices



* [ ] **Progressive enhancement:** ![Medium][medium_img] Major functionality like main navigation and search should work without JavaScript enabled.



> * ๐Ÿ“– [Enable / Disable JavaScript in Chrome Developer Tools](https://www.youtube.com/watch?v=kBmvq2cE0D8)



* [ ] **Color contrast:** ![Medium][medium_img] Color contrast should at least pass WCAG AA (AAA for mobile).



> * ๐Ÿ›  [Contrast ratio](https://leaverou.github.io/contrast-ratio/)



#### Headings



* [ ] **H1:** ![High][high_img] All pages have an H1 which is not the title of the website.

* [ ] **Headings:** ![High][high_img] Headings should be used properly and in the right order (H1 to H6).



> * ๐Ÿ“น [Why headings and landmarks are so important -- A11ycasts #18](https://www.youtube.com/watch?v=vAAzdi1xuUY&index=9&list=PLNYkxOF6rcICWx0C9LVWWVqvHlYJyqw7g)



### Semantics



* [ ] **Specific HTML5 input types are used:** ![Medium][medium_img] This is especially important for mobile devices that show customized keypads and widgets for different types.



> * ๐Ÿ“– [Mobile Input Types](http://mobileinputtypes.com/)



### Form



* [ ] **Label:** ![High][high_img] A label is associated with each input form element. In case a label can't be displayed, use `aria-label` instead.



> * ๐Ÿ“– [Using the aria-label attribute - MDN](https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes/aria-label)



### Accessibility testing



* [ ] **Accessibility standards testing:** ![High][high_img] Use the WAVE tool to test if your page respects the accessibility standards.



> * ๐Ÿ›  [Wave testing](http://wave.webaim.org/)



* [ ] **Keyboard navigation:** ![High][high_img] Test your website using only your keyboard in a previsible order. All interactive elements are reachable and usable.

* [ ] **Screen-reader:** ![Medium][medium_img] All pages were tested in a screen-reader (VoiceOver, ChromeVox, NVDA or Lynx).

* [ ] **Focus style:** ![High][high_img] If the focus is disabled, it is replaced by visible state in CSS.



> * ๐Ÿ“น [Managing Focus - A11ycasts #22](https://www.youtube.com/watch?v=srLRSQg6Jgg&index=5&list=PLNYkxOF6rcICWx0C9LVWWVqvHlYJyqw7g)



**[โฌ† back to top](#table-of-contents)**



---



## SEO



* [ ] **Google Analytics:** ![Low][low_img] Google Analytics is installed and correctly configured.



> * ๐Ÿ›  [Google Analytics](https://analytics.google.com/analytics/web/)

> * ๐Ÿ›  [GA Checker (and others)](http://www.gachecker.com/)



* [ ] **Search Console:** ![Low][low_img] Search Console is installed and correctly configured. It is a free service offered by Google that helps you monitor, maintain, and troubleshoot your site's presence in Google Search results.



> * ๐Ÿ›  [Search Console](https://search.google.com/search-console/about)



* [ ] **Headings logic:** ![Medium][medium_img] Heading text helps to understand the content in the current page.



> * ๐Ÿ›  [Tota11y, tab Headings](http://khan.github.io/tota11y/#Try-it)



* [ ] **sitemap.xml:** ![High][high_img] A sitemap.xml exists and was submitted to Google Search Console (previously Google Webmaster Tools).



> * ๐Ÿ›  [Sitemap generator](https://websiteseochecker.com/html-sitemap-generator/)



* [ ] **robots.txt:** ![High][high_img] The robots.txt is not blocking webpages.



> * ๐Ÿ“– [The robots.txt file](https://varvy.com/robottxt.html)

> * ๐Ÿ›  Test your robots.txt with [Google Robots Testing Tool](https://www.google.com/webmasters/tools/robots-testing-tool)



* [ ] **Structured Data:** ![High][high_img] Pages using structured data are tested and are without errors. Structured data helps crawlers understand the content in the current page.



> * ๐Ÿ“– [Introduction to Structured Data - Search - Google Developers](https://developers.google.com/search/docs/guides/intro-structured-data)

> * ๐Ÿ“– [JSON-LD](https://json-ld.org/)

> * ๐Ÿ“– [Microdata](https://www.w3.org/TR/microdata/)

> * ๐Ÿ›  Test your page with the [Rich Results Test](https://search.google.com/test/rich-results)

> * ๐Ÿ›  Complete list of vocabularies that can be used as structured data. [Schema.org Full Hierarchy](http://schema.org/docs/full.html)



* [ ] **Sitemap HTML:** ![Medium][medium_img] An HTML sitemap is provided and is accessible via a link in the footer of your website.



> * ๐Ÿ“– [Sitemap guidelines - Google Support](https://support.google.com/webmasters/answer/183668?hl=en)



**[โฌ† back to top](#table-of-contents)**



---



## Translations



The Front-End Checklist is also available in other languages. Thanks for all translators and their awesome work!



* ๐Ÿ‡ฏ๐Ÿ‡ต Japanese: [miya0001/Front-End-Checklist](https://github.com/miya0001/Front-End-Checklist)

* ๐Ÿ‡ช๐Ÿ‡ธ Spanish: [eoasakura/Front-End-Checklist-ES](https://github.com/eoasakura/Front-End-Checklist-ES)

* ๐Ÿ‡จ๐Ÿ‡ณ Chinese: [JohnsenZhou/Front-End-Checklist](https://github.com/JohnsenZhou/Front-End-Checklist)

* ๐Ÿ‡ฐ๐Ÿ‡ท Korean: [kesuskim/Front-End-Checklist](https://github.com/kesuskim/Front-End-Checklist)

* ๐Ÿ‡ง๐Ÿ‡ท Portuguese: [jcezarms/Front-End-Checklist](https://github.com/jcezarms/Front-End-Checklist)

* ๐Ÿ‡ป๐Ÿ‡ณ Vietnamese: [euclid1990/Front-End-Checklist](https://github.com/euclid1990/Front-End-Checklist)

* ๐Ÿ‡น๐Ÿ‡ผ Traditional Chinese: [EngineLin/Front-End-Checklist](https://github.com/EngineLin/Front-End-Checklist)

* ๐Ÿ‡ซ๐Ÿ‡ท French: [ynizon/Front-End-Checklist](https://github.com/ynizon/Front-End-Checklist)

* ๐Ÿ‡ท๐Ÿ‡บ Russian: [ungear/Front-End-Checklist](https://github.com/ungear/Front-End-Checklist)

* ๐Ÿ‡น๐Ÿ‡ท Turkish: [eraycetinay/Front-End-Checklist](https://github.com/eraycetinay/Front-End-Checklist)

* ๐Ÿ‡ฉ๐Ÿ‡ช German: [xfuture603/Front-End-Checklist](https://github.com/xFuture603/Front-End-Checklist)

* ๐Ÿ‡ต๐Ÿ‡ฑ Polish: [mbiesiad/Front-End-Checklist](https://github.com/mbiesiad/Front-End-Checklist)

* ๐Ÿ‡ฎ๐Ÿ‡ฉ Indonesian: [nniinnoo/Front-End-Checklist](https://github.com/nniinnoo/Front-End-Checklist)



---



## Front-End Checklist Badge



If you want to show you are following the rules of the Front-End Checklist, put this badge on your README file!



โž” [![Frontโ€‘End_Checklist followed](https://img.shields.io/badge/Frontโ€‘End_Checklist-followed-brightgreen.svg)](https://github.com/thedaviddias/Front-End-Checklist/)



```md

[![Frontโ€‘End_Checklist followed](https://img.shields.io/badge/Frontโ€‘End_Checklist-followed-brightgreen.svg)](https://github.com/thedaviddias/Front-End-Checklist/)

```



**[โฌ† back to top](#table-of-contents)**



---



## Contributing



**Open an issue or a pull request to suggest changes or additions.**



### Guide



The **Front-End Checklist** repository consists of two branches:



#### 1. `master`



This branch consists of the `README.md` file that is automatically reflected on the [Front-End Checklist](https://frontendchecklist.io) website.



#### 2. `develop`



This branch will be used to make some significant changes to the structure, content if needed. It is preferable to use the master branch to fix small errors or add a new item.



## Support



If you have any question or suggestion, don't hesitate to use Gitter or Twitter:



* [Chat on Gitter](https://gitter.im/Front-End-Checklist/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link)

* [Facebook](https://www.facebook.com/frontendchecklist/)

* [Twitter](https://twitter.com/thedaviddias)



## Author



**[David Dias](https://github.com/thedaviddias)**



## Contributors



This project exists thanks to all the people who contribute. [[Contribute]](.github/CONTRIBUTING.md).

<a href="https://github.com/thedaviddias/Front-End-Checklist/graphs/contributors"><img src="https://opencollective.com/front-end-checklist/contributors.svg?width=890" /></a>



## Backers



Thank you to all our backers! ๐Ÿ™ [[Become a backer](https://opencollective.com/front-end-checklist#backer)]



<a href="https://opencollective.com/front-end-checklist#backers" target="_blank"><img src="https://opencollective.com/front-end-checklist/backers.svg?width=890"></a>



## Sponsors



Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/front-end-checklist#sponsor)]



<a href="https://opencollective.com/front-end-checklist/sponsor/0/website" target="_blank"><img src="https://opencollective.com/front-end-checklist/sponsor/0/avatar.svg"></a>

<a href="https://opencollective.com/front-end-checklist/sponsor/1/website" target="_blank"><img src="https://opencollective.com/front-end-checklist/sponsor/1/avatar.svg"></a>

<a href="https://opencollective.com/front-end-checklist/sponsor/2/website" target="_blank"><img src="https://opencollective.com/front-end-checklist/sponsor/2/avatar.svg"></a>

<a href="https://opencollective.com/front-end-checklist/sponsor/3/website" target="_blank"><img src="https://opencollective.com/front-end-checklist/sponsor/3/avatar.svg"></a>

<a href="https://opencollective.com/front-end-checklist/sponsor/4/website" target="_blank"><img src="https://opencollective.com/front-end-checklist/sponsor/4/avatar.svg"></a>

<a href="https://opencollective.com/front-end-checklist/sponsor/5/website" target="_blank"><img src="https://opencollective.com/front-end-checklist/sponsor/5/avatar.svg"></a>

<a href="https://opencollective.com/front-end-checklist/sponsor/6/website" target="_blank"><img src="https://opencollective.com/front-end-checklist/sponsor/6/avatar.svg"></a>

<a href="https://opencollective.com/front-end-checklist/sponsor/7/website" target="_blank"><img src="https://opencollective.com/front-end-checklist/sponsor/7/avatar.svg"></a>

<a href="https://opencollective.com/front-end-checklist/sponsor/8/website" target="_blank"><img src="https://opencollective.com/front-end-checklist/sponsor/8/avatar.svg"></a>

<a href="https://opencollective.com/front-end-checklist/sponsor/9/website" target="_blank"><img src="https://opencollective.com/front-end-checklist/sponsor/9/avatar.svg"></a>



## License



[![CC0](https://i.creativecommons.org/p/zero/1.0/88x31.png)](https://creativecommons.org/publicdomain/zero/1.0/)



**[โฌ† back to top](#table-of-contents)**



[low_img]: data/images/priority/low.svg

[medium_img]: data/images/priority/medium.svg

[high_img]: data/images/priority/high.svg