Site Audit Checklist for Solo Developers — 26 Items

When you ship side projects, it's easy to overlook security and SEO basics. This article walks through the 26-item audit checklist that DevForge uses, organized by category.

Security (7 items)

1. HTTPS

Does your URL use https://? Get a free cert from Let's Encrypt. Caddy / Vercel / Cloudflare handle this automatically.

2. HTTP→HTTPS redirect

Does http:// redirect to https://? Caddy does this by default.

3. HSTS (Strict-Transport-Security)

Header that forces browsers to use HTTPS. Add Strict-Transport-Security: max-age=31536000; includeSubDomains.

4. X-Frame-Options

Clickjacking protection. Add X-Frame-Options: DENY or use CSP frame-ancestors.

5. X-Content-Type-Options

MIME sniffing protection. Simply add X-Content-Type-Options: nosniff.

6. .env exposure

Is /.env publicly accessible? Highest-severity issue — block it in your web server config immediately.

7. Mixed Content

Are you loading http:// resources inside https:// pages? Make everything https:// or protocol-relative //.

SEO (9 items)

1. robots.txt

Do you have a crawler control file? Place /robots.txt at the root.

2. sitemap.xml

Is your sitemap referenced from robots.txt? In Next.js, app/sitemap.ts generates it dynamically.

3. Meta title

10-70 character <title> tag. The single most important element for search results.

4. Meta description

50-160 character description. Major impact on click-through rate.

5. Viewport

Mobile optimization meta. <meta name="viewport" content="width=device-width, initial-scale=1">

6. Canonical URL

7. OGP tags

og:title, og:description, og:image — essential for social share previews.

8. H1 tag

Exactly one H1 per page. Zero is terrible, multiple is confusing.

9. lang attribute

<html lang="en"> or similar. Required for multilingual sites.

LLMO (6 items)

For full context, read "What is LLMO" and "llms.txt Complete Guide" alongside this list. Quick summary here:

llms.txt — /llms.txt or /llms-full.txt is installed
AI crawler access — GPTBot, ClaudeBot etc. are not blocked in robots.txt
JSON-LD — schema.org structured data
Semantic HTML — use of article / main / section tags
Image alt coverage — 80%+ to pass
Content extractability — HTML has substantial text (1000+ chars to pass)

Integration (4 items)

1. Google Analytics

Is GA4 tracking installed and linked in DevForge's integration settings?

2. Search Console

Is your site registered with Search Console and linked to DevForge? Required for query analytics.

3. AdSense

If you use AdSense, is the tag installed? Skip this if you're not using it.

4. ads.txt

If you use AdSense, is /ads.txt installed to prevent ad fraud?

Automate it

Checking all 26 items manually is a pain. DevForge's site audit tool runs the entire checklist in about a minute and shows specific fixes for every issue — free, no signup.