Skillget

Front-End-Checklist

agent
Security Audit
Warn
Health Warn
  • No license — Repository has no license file
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 72749 GitHub stars
Code Warn
  • process.env — Environment variable access in .github/workflows/e2e.yml
  • fs module — File system access in .github/workflows/e2e.yml
  • fs module — File system access in .github/workflows/pr.yml
  • process.env — Environment variable access in apps/e2e/config/test.config.ts
Permissions Pass
  • Permissions — No dangerous permissions requested

No AI report is available for this listing yet.

SUMMARY

🗂 The essential checklist for modern web development, for humans and AI agents

README.md

Frontend Checklist

Backers on Open Collective
Support via Open Collective

Frontend Checklist is the open-source front-end quality system for humans and AI agents. It turns front-end best practices into a practical review workflow you can browse on the web, run through with MCP-compatible tools, or work through directly in this README.

Companion project: UX Patterns for Devs helps developers choose the right UI pattern before using Frontend Checklist to verify implementation quality.

[!IMPORTANT]
Use the website for browsing and filtering, the MCP server for agent workflows, and this README when you want the checklist in one place.

What you get

  • 385 English rules across 11 active categories
  • 11 MCP tools exposed by the hosted server
  • Rule pages with explanations, remediation guidance, and verification steps

How to use this checklist

  1. Start with the category navigator below and jump straight to the part of the checklist you need.
  2. Work through the checkbox items that apply to your project, audit, or pull request.
  3. Open the linked rule pages when you need the full guidance, examples, verification steps, and AI prompts.
  4. Use frontendchecklist.io for interactive browsing, and frontendchecklist.io/mcp when you want agents to use the same rule corpus directly.

Priority legend

  • Critical means site-breaking, compliance-sensitive, or security-sensitive issues that should be fixed first.
  • High means issues with major impact on user experience, accessibility, performance, or discoverability.
  • Medium means strong best practices that should be part of normal frontend quality review.
  • Low means useful improvements that are situational or lower urgency.

Choose your workflow

Browse online

Choose the right pattern first

Frontend Checklist helps you review implementation quality. If you are still deciding what interface to build, use UX Patterns for Devs to compare common UI patterns, understand tradeoffs, and find practical guidance for forms, navigation, data display, feedback states, authentication, and AI interfaces.

Contribute to the checklist

  • Install dependencies: pnpm install
  • Run local development: pnpm dev
  • Validate structure: pnpm validate:rule-structure
  • Score the corpus: pnpm score:rules
  • Regenerate derived artifacts: pnpm generate:skills and pnpm generate:readme

Use with MCP

Connect an MCP-capable agent to Frontend Checklist for structured rule lookup, audits, and remediation workflows.

[!TIP]
Best first use: point an MCP-capable agent at a real component, page, or public URL and ask for the highest-confidence Frontend Checklist findings first.

What you can do:

  • Review pasted code or file contents against the checklist
  • Audit a live public URL
  • Fetch a specific rule with remediation guidance
  • Search rules by keyword, category, or priority
  • Get a workflow or quick reference for a focused audit

Example prompts:

  • Review this component against the Frontend Checklist and report the highest-confidence findings first.
  • Audit https://example.com for accessibility, performance, and SEO issues.
  • Explain the canonical URL rule and suggest a fix with code examples.

Use with skills

Install Frontend Checklist skills when you want reusable audit workflows or focused rule-specific guidance in tools that support them.

Install:

npx skills add frontendchecklist/skills
npx skills add frontendchecklist/skills --skill https

Useful entry points:

Example uses:

  • Run a broad frontend audit against the full Frontend Checklist corpus
  • Use a focused skill like https for security review on one concern
  • Use rule-specific skills to explain why a rule matters and how to fix it

Checklist

Jump to a category

Categories

HTML

25 rules. Semantic markup, metadata, forms, and document structure rules.

Browse HTML on frontendchecklist.io

Back to top

CSS

32 rules. Layout, typography, responsive design, and styling rules.

Browse CSS on frontendchecklist.io

Back to top

JavaScript

26 rules. Client-side behavior, async patterns, and runtime quality rules.

Browse JavaScript on frontendchecklist.io

Back to top

Performance

43 rules. Loading speed, rendering, optimization, and Core Web Vitals rules.

Browse Performance on frontendchecklist.io

Back to top

Accessibility

95 rules. Keyboard, screen reader, ARIA, and inclusive UX rules.

Browse Accessibility on frontendchecklist.io

Back to top

SEO

94 rules. Crawlability, metadata, structured data, and search visibility rules.

Browse SEO on frontendchecklist.io

  • 4XX Pages in Sitemap High: Checks for sitemap URLs that return 4XX HTTP status codes, indicating broken or removed pages.
  • Add a favicon to every page Medium: Checks for favicon presence and correct link element configuration
  • Add disclaimers to sensitive content Medium: Checks for appropriate disclaimers on sensitive content types such as medical, legal, financial, and affiliate pages
  • Add FAQPage schema markup Medium: Validates FAQPage JSON-LD structured data for question-and-answer content
  • Add internal links to key pages Medium: Validates that key pages receive adequate internal links from other site pages
  • Add internal links to orphan pages Medium: Detects pages with no internal links pointing to them
  • Add LocalBusiness schema markup Medium: Validates LocalBusiness schema for local SEO
  • Add Organization schema markup Medium: Validates Organization schema for brand presence
  • Add outgoing links to dead-end pages Medium: Pages with no outgoing internal links, potentially trapping users and crawlers
  • Add Product schema markup Medium: Validates Product schema for e-commerce
  • Add relevant external links Medium: Validates that pages include outgoing links to authoritative external sources where appropriate
  • Add Review schema markup Medium: Validates Review and AggregateRating schema on product, service, and business pages to enable star-rating rich results.
  • Add share buttons to content pages Low: Checks for social sharing buttons on articles, blog posts, and other shareable content pages.
  • Add structured data markup High: Schema.org structured data (JSON-LD) is implemented for rich search results.
  • Add Twitter Card meta tags Medium: Validates Twitter (X) Card meta tags for correct card type, image dimensions, and required fields.
  • Add VideoObject schema to video pages Medium: Checks for VideoObject structured data on pages containing video content to enable video rich results in Google Search.
  • Audit all noindex pages Medium: Lists and reviews all pages blocked from indexing to ensure critical content is accessible.
  • Audit and refine AI-generated content Medium: Detects and reviews content that appears to be primarily AI-generated to ensure quality.
  • Avoid conflicting indexability signals Medium: Detects conflicting signals between robots.txt, meta robots, X-Robots-Tag headers, and canonical tags
  • Avoid duplicate meta descriptions Medium: Checks for duplicate meta descriptions across the site
  • Avoid keyword stuffing Medium: Detects excessive keyword repetition in content, titles, or meta tags that signals manipulative SEO
  • Avoid multi-hop redirect chains High: Detects multi-hop redirect chains that waste crawl budget
  • Avoid nofollow on internal links Medium: Flags internal links with rel=nofollow
  • Avoid nosnippet on important pages Medium: Detects pages preventing search engine snippets
  • Avoid redirect chains on canonical URLs Medium: Ensures that canonical tags point directly to the final destination URL without intermediate redirects.
  • Avoid thin content on key pages Medium: Checks content length on key pages to identify thin content that may underperform in search results.
  • Check for broken links Medium: All links are tested and none are broken. Links redirect to intended destinations.
  • Cite authoritative external sources Medium: Checks for citations to reputable external websites to back up factual claims and build trust.
  • Create a comprehensive Contact page Medium: Checks for a dedicated contact page with multiple methods for users to reach out.
  • Create a dedicated About page Medium: Checks for a dedicated about or company page with meaningful content.
  • Create and submit an XML sitemap High: An XML sitemap is available at /sitemap.xml and includes all important pages.
  • Display a physical business address Medium: Checks for visible physical address information
  • Display clear author bylines Medium: Checks for visible author names on content pages to establish transparency and trust.
  • Do not link from HTTPS to HTTP Medium: Detects links from HTTPS pages to HTTP destinations, which trigger mixed content warnings and lose ranking signals
  • Fix invalid links Medium: Detects malformed, empty, or syntactically invalid link formats on the page
  • Fix malformed HTML structure Medium: Ensures that the HTML document is well-formed with correctly nested and closed tags.
  • Fix or remove broken external links Medium: Detects and resolves external links that return error codes or have timed out.
  • Geo Meta Tags Medium: Checks for geographic meta tags for local or regional targeting
  • Highlight author credentials and expertise Medium: Checks for author bios and credentials to establish expertise and trust.
  • Identify YMYL content on your site High: Detects Your Money or Your Life (YMYL) content that is subject to Google's elevated E-E-A-T quality standards.
  • Implement comprehensive author markup Medium: Uses structured data to provide machine-readable metadata about content authors.
  • Implement valid Article structured data High: Validates that articles use the correct Schema.org properties for improved search visibility.
  • Implement valid BreadcrumbList schema Medium: Adds structured data to breadcrumb navigation for better site hierarchy and search appearance.
  • Include indexable pages in your sitemap Medium: Checks for canonical-url, indexable pages that are missing from the XML sitemap.
  • Include keywords in URL slugs Medium: Checks if URL slugs contain descriptive, keyword-relevant words instead of IDs, random strings, or vague terms.
  • Keep HTML documents under crawl limits Medium: Checks HTML document size against Googlebot crawl limits
  • Keep linked PDFs under 60 MB Medium: Checks linked PDF sizes against Googlebot 60MB truncation limit
  • Keep NAP details consistent Medium: Checks for consistent Name, Address, Phone across site
  • Keep page titles unique High: Checks that the tag is unique across all pages of the site to avoid duplicate title SEO issues.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/sitemap-domain">Keep sitemap URLs on the correct domain</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks that all URLs in the sitemap belong to the same domain and protocol as the sitemap itself.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/length">Keep URLs concise</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks URL length for optimal crawlability and usability</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/sitemap-valid">Keep XML sitemaps valid</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Validates sitemap XML structure against the sitemaps.org protocol, URL limits, and encoding requirements.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/parameters">Limit unnecessary URL parameters</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks for excessive URL parameters</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/redirect-chains">Link directly to final destination URLs</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Detects URLs that redirect and links pointing to redirects</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/social-profiles">Link to active social profiles</a> <img src="./apps/web/public/priority/low.svg" alt="Low">: Checks for links to the organization's social media profiles to help search engines connect the site to its social entity and build E-E-A-T signals.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/llm-parsability">Make content easy for LLMs to parse</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Analyzes how well LLMs can parse and understand the content</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/indexability">Make important pages indexable</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Identifies important pages blocked from search engine indexing by noindex, robots.txt, or other directives</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/meta-in-body">Meta Tags in Body</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Detects meta tags incorrectly placed in document body</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/mime-type">MIME Type Validation</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Detects Content-Type header mismatches with file extensions</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/noindex-in-sitemap">Noindex in Sitemap</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Checks for noindexed pages listed in sitemap</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/og-image-size">OG Image Size</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks og:image meets recommended size (1200x630)</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/og-url-match">OG URL Match</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks that og:url matches canonical URL</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/og-tags">Open Graph Tags</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Validates Open Graph meta tags for social sharing</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/article-links">Optimize article link density</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Ensures articles have a healthy balance of internal and external links relative to their length.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/affiliate-disclosure">Provide clear affiliate disclosures</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks for affiliate and sponsored content disclosures to maintain transparency.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/robots-txt">Publish a robots.txt file</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Checks if robots.txt exists at the root, is accessible, and contains valid directives.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/editorial-policy">Publish an editorial policy page</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks for editorial and content policy pages that demonstrate site-wide trustworthiness</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/quality">Publish high-quality content</a> <img src="./apps/web/public/priority/high.svg" alt="High">: LLM-based content quality analysis for SEO</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/llms-txt">Publish llms.txt for documentation-heavy sites</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Offer an optional llms.txt index that points AI tools to high-value documentation pages and, when useful, a fuller llms-full.txt companion.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/broken-links">Resolve internal broken links</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Detects and fixes internal links that return 404 or 5xx errors to improve user experience.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/robots-meta-conflict">Robots Meta Conflict</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Detects pages blocked by robots.txt that also carry noindex meta tags, creating a paradox where the directive is never read.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/schema-noindex-conflict">Schema + Noindex Conflict</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Detects pages that carry rich result schema markup but are blocked from indexing via noindex or robots.txt.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/service-area">Service Area Pages</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks for properly structured service-area or location pages for businesses serving multiple geographic regions.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/canonical-url">Set canonical URLs for all pages</a> <img src="./apps/web/public/priority/high.svg" alt="High">: A canonical URL tag is present to prevent duplicate content issues.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/robots-meta">Set robots meta directives correctly</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Checks robots meta tag for valid indexing directives in the page head.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/freshness">Show content freshness signals</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks for last-modified and published date signals that help Google assess content currency</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/content-dates">Show published and updated dates</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks for published and modified dates on content pages</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/trust-signals">Show trust signals on key pages</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks for trust badges, certifications, client logos, testimonials, and social proof on high-conversion pages.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/canonical-header">Sync HTML canonical tags and Link headers</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Ensures consistency between HTML rel="canonical" tags and HTTP Link canonical-url headers.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/tel-mailto">Tel & Mailto Links</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Validates that phone numbers use the tel: scheme and email addresses use the mailto: scheme for one-click contact on mobile devices.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/special-chars">URL Special Characters</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks for problematic special characters in URL paths that can cause crawling, parsing, or canonicalization issues.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/stop-words">URL Stop Words</a> <img src="./apps/web/public/priority/low.svg" alt="Low">: Flags common stop words in URL slugs that add length without improving keyword relevance.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/h1">Use a single descriptive H1</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Validates that each page has exactly one H1 tag containing a descriptive, keyword-relevant heading</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/pagination">Use canonicals on paginated pages</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks that paginated pages have proper canonicals</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/anchor-text">Use descriptive anchor text</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks for descriptive, keyword-rich anchor text that provides context for users and search engines.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/hyphens">Use hyphens in URLs</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks that URL slugs use hyphens as word separators, not underscores or spaces</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/lowercase">Use lowercase URLs</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks that URLs are lowercase</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/trailing-slash">Use trailing slashes consistently</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Checks for consistent trailing slash usage across all URLs to avoid duplicate content and canonicalization issues.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/json-ld-valid">Use valid JSON-LD structured data</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Validates JSON-LD structured data for syntax correctness, required properties, and schema.org compliance</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/weak-internal-links">Weak Internal Links</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Detects pages with very few dofollow internal links pointing to them, indicating poor link equity distribution and crawl discoverability.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/website-search">WebSite Search Schema</a> <img src="./apps/web/public/priority/low.svg" alt="Low">: Checks for WebSite schema with SearchAction to enable the Sitelinks Searchbox in Google Search results.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/meta-title">Write a descriptive page title</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Validates page title presence and length</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/meta-description">Write a meta description for each page</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Validates meta description presence and length</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/seo/reading-level">Write at a clear reading level</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Analyzes content readability using Flesch-Kincaid</li> </ul> <p><strong><a href="#frontend-checklist">Back to top</a></strong></p> <h3>Security</h3> <p><em>22 rules. Headers, transport, safe linking, and frontend security rules.</em></p> <p><a href="https://frontendchecklist.io/rules/security">Browse Security on frontendchecklist.io</a></p> <ul> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/element-hiding">Adblock Element Hiding</a> <img src="./apps/web/public/priority/low.svg" alt="Low">: Checks for HTML elements and CSS classes that would be hidden by common adblockers, causing layout breaks or missing functionality for users with ad blocking enabled.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/dependency-audit">Audit dependencies for known vulnerabilities</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Dependencies are regularly scanned for known security vulnerabilities using automated tooling, and critical findings are remediated before deployment.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/mixed-content">Avoid mixed content on HTTPS pages</a> <img src="./apps/web/public/priority/high.svg" alt="High">: An HTTPS page that loads resources over HTTP has mixed content — browsers block or warn about these requests, breaking functionality and undermining transport security.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/blocked-links">Blocked Tracking Links</a> <img src="./apps/web/public/priority/low.svg" alt="Low">: Links and resources pointing to known tracking or advertising domains may be blocked by adblockers, breaking navigation and functionality for a significant portion of users.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/new-tab">External Link Security</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Links that open in a new tab using target='_blank' must include rel='noopener noreferrer' to prevent the opened page from accessing the opener's window context.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/content-security-policy">Implement a content security policy</a> <img src="./apps/web/public/priority/high.svg" alt="High">: A Content Security Policy is implemented to prevent XSS attacks and control resource loading.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/leaked-secrets">Leaked Environment Variables</a> <img src="./apps/web/public/priority/critical.svg" alt="Critical">: Checks for exposed API keys, tokens, passwords, and other secrets embedded in HTML source, JavaScript bundles, or client-accessible files.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/terms-of-service">Link to your terms of service in the footer</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Websites offering services to users should publish Terms of Service and link to them from every page — this establishes the legal agreement governing use of the service.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/stack-trace-exposure">Prevent stack trace exposure in production error responses</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Production error responses never include stack traces, internal file paths, framework internals, or other debugging detail that could aid an attacker (OWASP A09).</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/form-captcha">Protect public forms with CAPTCHA</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Public forms that accept user input without authentication must include bot protection to prevent spam, credential stuffing, and automated abuse.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/http-to-https">Redirect HTTP to HTTPS</a> <img src="./apps/web/public/priority/critical.svg" alt="Critical">: All HTTP requests must be permanently redirected (301) to HTTPS to prevent users from accessing your site over an insecure connection.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/password-field-security">Secure password input fields</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Password fields implement security best practices including proper autocomplete, show/hide toggle, and strength indicators.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/https">Serve all pages over HTTPS</a> <img src="./apps/web/public/priority/critical.svg" alt="Critical">: Every page and resource on your site must be delivered over HTTPS to protect user data in transit and enable modern browser features.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/permissions-policy">Set a Permissions-Policy header</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: The Permissions-Policy header lets servers restrict which browser features (camera, microphone, geolocation, etc.) can be used in a page or its embedded iframes.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/referrer-policy">Set a Referrer-Policy header</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: The Referrer-Policy header controls how much referrer information is sent when navigating from your site to another, protecting user privacy and preventing leaking sensitive URL parameters.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/hsts">Set an HSTS header</a> <img src="./apps/web/public/priority/high.svg" alt="High">: The Strict-Transport-Security response header tells browsers to always use HTTPS for your domain, preventing protocol downgrade attacks and cookie hijacking.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/x-frame-options">Set an X-Frame-Options header</a> <img src="./apps/web/public/priority/high.svg" alt="High">: The X-Frame-Options header controls whether your page can be embedded in an iframe, frame, or object — preventing clickjacking attacks.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/session-cookie-flags">Set Secure, HttpOnly, and SameSite flags on session cookies</a> <img src="./apps/web/public/priority/high.svg" alt="High">: All session and authentication cookies are issued with the Secure, HttpOnly, and an appropriate SameSite flag to prevent interception, JavaScript exfiltration, and cross-site request forgery.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/x-content-type">Set X-Content-Type-Options: nosniff</a> <img src="./apps/web/public/priority/high.svg" alt="High">: The X-Content-Type-Options: nosniff header prevents browsers from MIME-sniffing a response away from the declared Content-Type, blocking a class of drive-by download and XSS attacks.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/token-storage-security">Store authentication tokens securely</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Sensitive authentication tokens are stored in httpOnly cookies rather than localStorage or sessionStorage to prevent theft via cross-site scripting attacks (OWASP A07).</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/form-https">Submit forms over HTTPS</a> <img src="./apps/web/public/priority/critical.svg" alt="Critical">: All HTML form actions must point to HTTPS URLs to ensure form data is encrypted in transit and cannot be intercepted by network attackers.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/security/cross-origin-isolation">Use COOP, COEP, and CORP for cross-origin isolation when needed</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Sensitive or high-capability applications use COOP, COEP, and CORP deliberately, audit third-party embeds, and verify cross-origin isolation in the browser before relying on it.</li> </ul> <p><strong><a href="#frontend-checklist">Back to top</a></strong></p> <h3>Images</h3> <p><em>25 rules. Formats, responsive delivery, optimization, and media quality rules.</em></p> <p><a href="https://frontendchecklist.io/rules/images">Browse Images on frontendchecklist.io</a></p> <ul> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/image-compression">Compress images without quality loss</a> <img src="./apps/web/public/priority/high.svg" alt="High">: All images are compressed without significant quality loss to reduce file sizes.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/broken-images">Fix broken images</a> <img src="./apps/web/public/priority/high.svg" alt="High">: No images return 404 errors or display broken-image icons to users.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/error-images">Handle image loading errors gracefully</a> <img src="./apps/web/public/priority/low.svg" alt="Low">: Broken images are handled gracefully with fallback images or placeholder content.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/responsive-images">Implement responsive images with srcset</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Images use srcset and sizes attributes for responsive delivery across devices.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/image-file-size">Keep image file sizes within recommended limits</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Individual image files are compressed to reasonable sizes to avoid wasted bandwidth and slow load times, especially on mobile networks.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/offscreen-lazy">Lazy load offscreen images</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Images below the visible viewport use loading="lazy" to defer download until the user scrolls near them, reducing initial page load time.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/svg-inline">Manage inline SVG size and complexity</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Large or complex SVGs inlined in HTML are extracted to external files or components, preventing them from bloating the HTML document and blocking parsing.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/optimized">Optimise images for faster loading</a> <img src="./apps/web/public/priority/high.svg" alt="High">: All images are compressed and metadata-stripped before deployment, removing unnecessary bytes without visible quality loss.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/image-optimization">Optimize all images for web</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Images are optimized with appropriate formats, compression, and modern techniques.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/svg-optimization">Optimize SVG files</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: SVG files are optimized with SVGO to remove unnecessary metadata and reduce size.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/critical-images">Prioritize loading critical images</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Hero and above-the-fold images are preloaded with high fetch priority for LCP.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/alt-text">Provide meaningful alt text for images</a> <img src="./apps/web/public/priority/critical.svg" alt="Critical">: Every informative image has a descriptive alt attribute; decorative images use alt="" to be ignored by screen readers.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/responsive-size">Serve images at the correct display size</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Images are not significantly larger than their display dimensions—serving a 2000px image for a 400px container wastes bandwidth and hurts LCP.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/image-cdn">Serve images from a CDN</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Images are served from a CDN with automatic optimization, resizing, and format conversion.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/dimensions">Set explicit width and height on images</a> <img src="./apps/web/public/priority/high.svg" alt="High">: All <img> elements have explicit width and height attributes so browsers can reserve space before the image loads, preventing layout shift.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/retina-display">Support high-DPI retina displays</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: High-resolution images (2x, 3x) are provided for retina and high-DPI displays.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/figure-figcaption">Use <figure> and <figcaption> for image captions</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Images with visible captions are wrapped in <figure> with a <figcaption> child, creating a semantic association between image and caption.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/picture-element">Use <picture> with an <img> fallback</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Every <picture> element contains a required <img> fallback as its last child, ensuring images display in all browsers including those that don't support <picture>.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/avif-format">Use AVIF format for modern browsers</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Images support AVIF format for superior compression with proper browser fallbacks.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/filename-quality">Use descriptive image filenames</a> <img src="./apps/web/public/priority/low.svg" alt="Low">: Image filenames are descriptive and human-readable, using lowercase letters, hyphens as separators, and meaningful words that reflect the image content.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/sprite-generation">Use image sprites where appropriate</a> <img src="./apps/web/public/priority/low.svg" alt="Low">: Small images and icons use sprites or SVG to reduce HTTP requests.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/modern-format">Use modern image formats (WebP, AVIF)</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Images are served in modern formats (WebP or AVIF) instead of legacy JPEG/PNG where browser support allows, reducing file size without visible quality loss.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/progressive-jpeg">Use progressive JPEG encoding</a> <img src="./apps/web/public/priority/low.svg" alt="Low">: JPEG images use progressive format for better perceived loading performance.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/srcset">Use srcset for responsive images</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Images wider than 100px use the srcset attribute to offer multiple resolution variants, letting the browser download the optimal size for the user's viewport and device pixel ratio.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/images/webp-format">Use WebP format with fallbacks</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Images are served in WebP format with fallbacks for older browsers.</li> </ul> <p><strong><a href="#frontend-checklist">Back to top</a></strong></p> <h3>Testing</h3> <p><em>13 rules. Unit, integration, E2E, monitoring, and quality assurance rules.</em></p> <p><a href="https://frontendchecklist.io/rules/testing">Browse Testing on frontendchecklist.io</a></p> <ul> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/performance-budget">Enforce performance budgets in CI</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Define measurable performance thresholds (bundle size, Lighthouse scores, Core Web Vitals) and fail CI builds automatically when they're exceeded.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/mock-best-practices">Follow mocking best practices</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Use mocks strategically to isolate units under test without over-mocking.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/contract-testing">Implement consumer-driven contract testing for API boundaries</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Consumer-driven contract tests (Pact) define and verify the API contracts between the frontend consumer and backend provider, catching integration mismatches before they reach production.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/e2e-testing">Implement end-to-end testing</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Use E2E testing frameworks like Playwright or Cypress to test critical user journeys.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/accessibility-testing">Include accessibility testing</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Automate accessibility testing with tools like axe-core, jest-axe, or Playwright's accessibility testing.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/error-monitoring">Integrate real-time error monitoring in production</a> <img src="./apps/web/public/priority/high.svg" alt="High">: A real-time error monitoring service captures, groups, and alerts on unhandled exceptions and promise rejections in production so issues are discovered before users report them.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/test-coverage">Maintain test coverage thresholds</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Set and enforce minimum code coverage thresholds to ensure adequate test coverage.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/cross-browser-testing">Test across all major browsers</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Website works correctly across major browsers (Chrome, Firefox, Safari, Edge).</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/mobile-testing">Test on real mobile devices and viewports</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Verify your application on real mobile devices and browser DevTools device emulation to catch touch interaction issues, viewport bugs, and mobile-specific rendering problems.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/mutation-testing">Use mutation testing to measure how well tests detect bugs</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Run Stryker mutation testing on critical business logic to verify that your test suite will actually catch real bugs, not just achieve line coverage.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/visual-regression">Use visual regression testing</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Capture screenshots of components and pages, then automatically compare them against approved baselines to detect unintended visual changes before they reach production.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/integration-testing">Write integration tests for key workflows</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Test how multiple units of code work together — API routes with their database queries, form submissions with validation, and component trees with their state management.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/testing/unit-tests">Write unit tests</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Critical functionality has unit tests with good coverage for reliability.</li> </ul> <p><strong><a href="#frontend-checklist">Back to top</a></strong></p> <h3>Privacy</h3> <p><em>5 rules. Consent, tracking, retention, and user data rights rules.</em></p> <p><a href="https://frontendchecklist.io/rules/privacy">Browse Privacy on frontendchecklist.io</a></p> <ul> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/privacy/third-party-cookies">Avoid third-party cookies</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Third-party cookies set by external domains track users across sites without their knowledge. Modern browsers are phasing them out, and regulations like GDPR and CCPA require consent before setting them.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/privacy/data-minimisation">Collect only the minimum personal data necessary</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Limit data collection to only what is strictly required for the stated purpose, in line with GDPR Article 5(1)(c) data minimisation principles.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/privacy/right-to-erasure">Implement a user-facing data deletion mechanism</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Provide users with a clear way to request deletion of their personal data, fulfilling GDPR Article 17 (right to erasure / right to be forgotten).</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/privacy/privacy-policy">Link to your privacy policy in the footer</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Websites that collect any personal data must publish a privacy policy and link to it prominently — this is a legal requirement under GDPR, CCPA, and most other privacy regulations.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/privacy/cookie-consent">Show a cookie consent notice</a> <img src="./apps/web/public/priority/high.svg" alt="High">: Websites that set non-essential cookies must obtain prior, informed user consent under GDPR, CCPA, and similar privacy regulations before cookies are placed.</li> </ul> <p><strong><a href="#frontend-checklist">Back to top</a></strong></p> <h3>Internationalization</h3> <p><em>5 rules. Localization, RTL, language handling, and translation workflow rules.</em></p> <p><a href="https://frontendchecklist.io/rules/i18n">Browse Internationalization on frontendchecklist.io</a></p> <ul> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/i18n/hreflang">Add hreflang tags for multilingual sites</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Hreflang tags indicate language and regional variations for multilingual sites.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/i18n/text-expansion">Design UI components to accommodate text expansion from translation</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Ensure that layouts use flexible sizing so that translated text — which can be 30–50% longer than English — does not overflow, clip, or break the UI.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/i18n/pluralization">Handle plural forms with Intl.PluralRules or ICU MessageFormat</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Select the correct grammatical plural category for every language using Intl.PluralRules or an ICU-aware i18n library instead of simple singular/plural branching.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/i18n/currency-formatting">Use Intl APIs for currency, number, and date formatting</a> <img src="./apps/web/public/priority/medium.svg" alt="Medium">: Format monetary values, numbers, and dates using the browser's built-in Intl.NumberFormat and Intl.DateTimeFormat APIs instead of manual string manipulation.</li> <li><input disabled="" type="checkbox"> <a href="https://frontendchecklist.io/rules/i18n/locale-images">Use locale-neutral images and provide cultural overrides when needed</a> <img src="./apps/web/public/priority/low.svg" alt="Low">: Default to abstract, culture-neutral icons and illustrations, and supply locale-specific image variants only when visual content carries meaning that differs across regions.</li> </ul> <p><strong><a href="#frontend-checklist">Back to top</a></strong></p> <!-- rules-catalog:end --> <h2>Monorepo overview</h2> <table> <thead> <tr> <th>Area</th> <th>Purpose</th> </tr> </thead> <tbody><tr> <td><code>apps/web</code></td> <td>Public website, rule pages, checklists, and MCP HTTP entrypoints</td> </tr> <tr> <td><code>packages/content</code></td> <td>Source MDX content for rules and checklists</td> </tr> <tr> <td><code>packages/mcp</code></td> <td>MCP server and tool definitions</td> </tr> <tr> <td><code>packages/rules</code></td> <td>Public rules package for external consumers</td> </tr> <tr> <td><code>packages/design-system</code></td> <td>Shared UI primitives and custom components</td> </tr> <tr> <td><code>packages/auth</code>, <code>packages/data-layer</code>, <code>packages/schemas</code>, <code>packages/types</code></td> <td>Shared auth, data, schema, and type infrastructure</td> </tr> </tbody></table> <h2>Common commands</h2> <ul> <li><code>pnpm dev</code> - Run local development tasks</li> <li><code>pnpm build</code> - Build all apps and packages with Turborepo</li> <li><code>pnpm lint</code> - Run Biome linting</li> <li><code>pnpm typecheck</code> - Run TypeScript checks across the repo</li> <li><code>pnpm test</code> - Run the test suite</li> <li><code>pnpm validate:rule-structure</code> - Validate rule heading structure</li> <li><code>pnpm score:rules</code> - Score the rule corpus against the quality gate</li> <li><code>pnpm generate:skills</code> - Regenerate installable skills from the rules</li> <li><code>pnpm generate:readme</code> - Regenerate the root README checklist and the generated catalog copy</li> </ul> <h2>Contributing</h2> <p>Most content work happens in <code>packages/content/rules/en</code>. A typical rule-editing flow is:</p> <ol> <li>Edit or add the relevant rule MDX files.</li> <li>Run <code>pnpm score:rules</code>.</li> <li>Run <code>pnpm validate:rule-structure</code>.</li> <li>Run <code>pnpm validate:sources</code> when source metadata changes.</li> <li>Run <code>pnpm generate:skills</code>.</li> <li>Run <code>pnpm generate:readme</code> if rule titles or descriptions changed.</li> </ol> <p>See <a href="AGENTS.md"><code>AGENTS.md</code></a>, <a href="scripts/README.md"><code>scripts/README.md</code></a>, and <a href="docs/generated/rules-catalog.md"><code>docs/generated/rules-catalog.md</code></a> for repo conventions, script docs, and the generated standalone catalog copy.</p> <h2>Contributors</h2> <p>Thanks goes to these wonderful people (<a href="https://allcontributors.org/docs/en/emoji-key">emoji key</a>):</p> <a href="https://github.com/thedaviddias/Front-End-Checklist/graphs/contributors"> <img src="https://contrib.rocks/image?repo=thedaviddias/Front-End-Checklist" /> </a> <h2>Support</h2> <ul> <li>GitHub repo: <a href="https://github.com/thedaviddias/Front-End-Checklist">thedaviddias/Front-End-Checklist</a></li> <li>Issues: <a href="https://github.com/thedaviddias/Front-End-Checklist/issues">open an issue</a></li> <li>License: <a href="LICENSE">MIT</a></li> </ul>

Reviews (0)

No results found