This is a checklist for browser-based Web App without the backend or with a 3rd-party backend.
- Licences of my app's 3rd-party dependencies are not violated
- My app does not violate cryptography policies and laws
- My app is compliant according to the organisation standards
- My app is accessible
- Colors and contrast are color-blind friendly OR there is a possiblity to switch to high-contrast mode
- My app is screenreader-friendly
- My app has keyboard navigation
- My app is served from CDN or cookie-less subdomain
- My app is served with forever cache headers for static assets
- My app static resources are gzipped
- My app can load it's assets in parallel (css, images and scripts)
- My app uses icon sprites
- My app does not hit browser HTTP requests limit per host
- My app loads all well-known javascript libraries from CDN
- My app has a cache-busting implemented (assets, object cache etc.)
- Have a 404-page
- Have a maintenance page
- Images support HDPI screens (Retina, etc)
- My app does not have memory leaks
- My app is passing performance tests with high grades
- My app is loading in less than 3 seconds
- Minified JavaScript files contain URL for source maps
- Thrown exceptions are handled and passed to storage (Sentry, Track.js, etc)
- Error storage process sourcemaped files
- My app gathers metrics about usage behaviour
- I have audited my system against:
- OWASP Top 10 Vulnerabilities
- Observatory
- securityheaders.io