🚀 Launch Checklist/Glossary

Mortgage Glossary

The vocabulary lenders use. In plain English.

Pre-Launch Checklist

A pre-launch checklist is the set of technical, legal, and marketing tasks that must be completed before a website or app is made public. In 2026, a typical indie-hacker checklist has 60-80 items across 8 categories: SEO, Analytics, Legal, Payments, Performance, Security, Content, and Launch Day. About 1/3 of items are hard blockers (legal pages, HTTPS, tested payments); the rest improve launch outcomes but don't prevent ship.

Must-have vs Nice-to-have

In a launch checklist context, a must-have item is one that legally or practically blocks launch (privacy policy, HTTPS, tested payment flow). A nice-to-have improves outcomes but doesn't prevent shipping (blog, accessibility statement, case studies). The distinction is load-bearing: indie launches fail more often from skipping a must-have than from under-investing in nice-to-haves.

Core Web Vitals

Core Web Vitals are Google's three user-experience metrics used as ranking signals: Largest Contentful Paint (LCP, target under 2.5s), Interaction to Next Paint (INP, target under 200ms, replaced FID in 2024), and Cumulative Layout Shift (CLS, target under 0.1). Sites failing all three can see 10-30% organic traffic drops. Lighthouse in Chrome DevTools measures them.

Open Graph

Open Graph is the protocol that controls how your page looks when shared on Twitter/X, LinkedIn, Slack, Discord, Facebook, and messaging apps. The core tags are og:title, og:description, og:image (1200×630 recommended), and og:url. Missing OG tags are the #1 reason launch posts don't get shared — the preview looks broken. A single og-image.png in /public is enough for most launches.

Canonical URL

A canonical URL tells search engines which version of a page is the preferred one when similar content exists at multiple URLs (trailing slash variants, query parameters, http vs https, www vs apex). Set via <link rel="canonical" href="..." /> in the <head>. Missing canonicals are a top cause of "duplicate content" issues that split link equity and suppress rankings.

Stripe Webhook

A Stripe webhook is an HTTP callback from Stripe's servers to your app, delivering events like checkout.session.completed, customer.subscription.updated, or invoice.payment_failed. Webhooks are the only reliable source of truth for subscription state — never trust the client-side redirect after payment. A correctly configured webhook endpoint verifies the Stripe signature, logs the event, and is idempotent (can handle duplicate deliveries).

Idempotency

Idempotency means that repeating an operation produces the same result as doing it once. In payments, an idempotency key on charge creation prevents double-charging when a network retry delivers the same request twice. In webhooks, an idempotent handler is one that can safely process the same event multiple times. Both are critical for a launch-day payments stack.

Product Hunt Launch

A Product Hunt launch is a 24-hour event where a product is posted to producthunt.com for community voting. Products submitted at 00:01 Pacific Time compete for the day's #1 slot; results cascade into PH's newsletter (~600k subscribers) and category pages. In 2026, a top-10 PH launch averages 300-800 upvotes, driven mostly by the maker's existing audience rather than PH's organic traffic. Cold launches average 30-50 upvotes.

HSTS (HTTP Strict Transport Security)

HSTS is a response header (Strict-Transport-Security) that tells browsers to only connect to your domain over HTTPS for a specified duration. It prevents protocol downgrade attacks and cookie hijacking. A launch-ready config: max-age=31536000; includeSubDomains; preload. Cloudflare, Vercel, and Netlify can set this automatically in their dashboards.

Content Security Policy (CSP)

CSP is a response header that restricts which scripts, styles, images, and fonts a browser will load on your page. A minimal CSP blocks inline scripts and external sources you don't explicitly allow — mitigating XSS. For indie launches, start with a reporting-only CSP for two weeks, watch the violation reports, then tighten to enforcement. Launching without any CSP is not catastrophic but leaves XSS wider than needed.

Launch Day

Launch day is the 24-48 hour window when a product is publicly announced across channels. In 2026 indie-hacker practice, a coordinated launch day includes: Product Hunt submission at 00:01 PT (if chosen), Twitter/X thread pinned, newsletter sent, one Reddit post to a niche relevant sub, Hacker News Show HN if builder-facing, and support channel monitored. 83% of Reddit posts that crossed 100 upvotes in 2025 had same-day Twitter + PH + email activation.

Error Monitoring

Error monitoring is the practice of capturing runtime exceptions (both frontend and backend) and surfacing them in a dashboard you actually check. Sentry is the dominant indie-hacker tool; alternatives include Rollbar, Bugsnag, and self-hosted GlitchTip. Without error monitoring on launch day, the first critical bug is usually reported by an upset user 4 hours after it started — instead of alerting you in 30 seconds.