Django Production Launch

A Django specific production checklist used at Vinta before launching projects we've been working on. Access Github Repo.
quality-assurance python django good-practices
Checks are saved in your local storage



SEO & Analytics


Django Settings

Transactional Emails

  • Check if DEFAULT_FROM_EMAIL is set to a friendly reply email
  • Check if email templates are correct
  • Configure SendGrid, Mailgun, or another transactional email service
  • Set an automatic BCC on SendGrid
  • Save metadata of every email sent, use


  • Check no sensitive data is being logged

  • Check if logs are prefixed according to task/feature

  • Configure Papertrail or another logging service

  • Set Papertrail alerts and integrate with Slack and email

  • Configure Sentry for backend, including Celery

  • Configure Sentry for frontend

  • Configure Uptime Robot

  • Configure New Relic


  • Check the SaaS CTO Security Checklist:
  • Run Observatory:
  • Add all accesses of third-party tools to LastPass or another password manager service
  • Update OAuth callback/deauthorize URLs in all third-party services
  • Rotate OAuth keys of all third-party services
  • Change passwords of all third-party services
  • Check if buckets/blob storages of AWS/Azure are private
  • Setup AWS S3 buckets encryption
  • Set Django shell to be read-only


  • Check records
  • Check TTL, set low when launching, set high after everything is fine
  • [Heroku] Add a custom domain:
  • Move API to a different subdomain (like ), this allows a different server for frontend
  • Enforce or remove www subdomain (and set PREPEND_WWW in Django if necessary)


  • [Heroku] Check if latest stack is being used
  • Check if latest server OS version is being used
  • Check if latest server Python version is being used
  • Configure Redis maxmemory and eviction policy (likely volatile-ttl )
  • Configure RabbitMQ:
  • Configure SSL for everything
  • Test SSL health:
  • Configure SSL certificates autorenewal
  • [Heroku] Set a "Standard" database or higher
  • Tune PostgreSQL settings:
  • Configure database backups generation scripts
  • Configure entire database server disk backup
  • Guarantee Celery and other services aren't running as sudo
  • Configure application firewall for application servers
  • Limit file size for uploads
  • Validate uploads media types:
  • Configure throttling
  • Configure autoscaling
  • Enable HTTP/2
  • Check if all services are able to handle autoscaling upper limits. (Eg.: will your Redis be able to handle connections if X servers are provisioned)
  • Configure Cloudflare DNS/caching
    • Enable Brotli Compression
    • Check and enable the speed features that don't interfere with your application
  • Enable other speed/WAF features if you have a paid plan