Website Audit Checklist: 50 Things to Check

Performance (items 1–12): Page load time under 3 seconds on mobile (test with PageSpeed Insights). Largest Contentful Paint under 2.5 seconds. Cumulative Layout Shift under 0.1. First Input Delay under 100ms. Images optimized and using modern formats (WebP/AVIF). CSS and JavaScript minified and bundled. Font loading optimized (preload critical fonts, use font-display: swap). Server response time under 200ms. HTTP/2 or HTTP/3 enabled. CDN configured for static assets. Browser caching headers set correctly. No render-blocking resources.

SEO (items 13–25): Every page has a unique title tag (30–60 characters). Every page has a unique meta description (50–155 characters). H1 tag on every page (exactly one per page). Logical heading hierarchy (H1 → H2 → H3). XML sitemap exists and is current. Robots.txt configured correctly. Canonical tags on every page. No duplicate content across URLs. Structured data (JSON-LD) for appropriate page types. Internal linking between related pages. Image alt text on all meaningful images. Mobile-responsive design. Page URLs are clean and descriptive.

Security (items 26–35): HTTPS enforced on all pages. HTTP redirects to HTTPS. Security headers present (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Content-Security-Policy). SSL certificate valid and not expiring soon. No mixed content (HTTP resources on HTTPS pages). Forms use CSRF protection. Admin areas not publicly accessible. Dependencies up to date (no known vulnerabilities). API endpoints not exposed in sitemap or robots.txt. Error pages don't reveal server information.

Conversion (items 36–45): Clear call-to-action on every page. Contact information easily accessible. Forms work correctly on all devices. Form submission confirmation/feedback. Page load doesn't cause layout shifts around CTA buttons. Mobile tap targets at least 44×44 pixels. No broken links (internal or external). 404 page is helpful (not default server error). Social proof visible (testimonials, reviews, logos). Trust signals present (certifications, security badges, privacy policy).

Accessibility and compliance (items 46–50): Color contrast meets WCAG 2.1 AA standards. Images have descriptive alt text. Keyboard navigation works throughout the site. Forms have properly associated labels. Site works with screen readers. A website that passes all 50 items performs better in search, converts more visitors, and reduces security risk — the three things every business website needs to do well.

Tools for running your own audit: Google PageSpeed Insights (free, performance), Screaming Frog (free up to 500 URLs, SEO crawl), Google Search Console (free, search performance), SSL Labs (free, HTTPS testing), WAVE (free, accessibility), GTmetrix (free, detailed performance metrics), Ahrefs/SEMrush (paid, comprehensive SEO). For a professional audit with expert analysis and prioritized fix recommendations, our technology audit service covers all 50 items plus business-specific optimization opportunities.