Implementation overview

Minimize Use of Third-Party Scripts and Widgets

Defer Non-Critical JavaScript

Use Vanilla JavaScript or Lightweight Frameworks When Possible

Use secure frame headers

Enable HSTS for subdomains.

Enable HSTS preload header

Implement HTTPS by Setting Up an SSL Certificate

Use ARIA (Accessible Rich Internet Applications) Landmarks and Roles

Ensure WCAG 2.1 Compliance for Accessibility

Make video accessible

Make simple and accessible animations.

Add Descriptive Alt Text for all important Images.

Ensure Sufficient Color Contrast for Text

Implement Keyboard Navigable Menus and Forms

Set your Robot.txt file

Set Up Proper 404 Error Pages with Useful Navigation

Implement Structured Data (Schema Markup) for Rich Snippets

Disable Webflow subdomain indexing

Use Global canonical URL

Optimize Fonts and Reduce Font Loading Times

Use a Content Delivery Network (CDN) for Faster Content Delivery

Minify CSS, JavaScript, and HTML

Implement Browser Caching and CDNs

Compress and render better images after uploading.

Optimize and Compress Images before uploading

Appropriate Sizing and Background Images

Set Imgae Above the Fold set to Eager.

Implement Lazy Loading for Images and Videos

Use Asynchronous Loading for custom CSS and JavaScript

Mobile testing focus

Implement Touch-Friendly Design Elements for Mobile Users

Optimize Layouts for Different Screen Sizes and Orientations

Ensure Responsive Images Using srcset and sizes Attributes

Make Text Responsive with Fluid Typography

Mobile essential content

Ensure Breadcrumb Navigation for Better User Experience and SEO

Design a Logical and User-Friendly Navigation Menu

Create Intuitive URL Structures & Readable Slugs

Conduct a Heading Hierarchy

Use HTML5’s Semantic Tags For Better Architecture

Set a Clear Navigation and Structure Upfront

How to Enable HSTS for subdomains on Webflow?

Enabling HSTS (HTTP Strict Transport Security) for subdomains is essential for ensuring that all your website's subdomains enforce HTTPS connections, enhancing overall security. This is particularly important for preventing potential man-in-the-middle attacks on any subdomain.

This feature is worthless if you don’t have any subdomain on your website.

How to do it on Webflow?

Enable SSL: Ensure SSL is enabled for your site in Webflow’s hosting settings.‍
Add the HSTS Header for subdomains: Toggle the HSTS preload header for subdomains in your hosting settings.

Do's

Don'ts

Tools

Don't have the Checklist yet?

Download the Checklist