Website-Pflichtencheckby Jurono
WebsiteMaintenanceTechnicalSecurityHosting

Website Handover: What Must Actually Be Delivered After Launch

A website is not properly handed over when the client only receives an admin login. This checklist covers ownership, access, documentation, and operational independence.

By Jurono
Updated: July 12, 2026

A website has not been properly handed over simply because it is live.

Many projects end with a URL, an admin login, and “contact us if anything comes up.” That feels convenient until a domain needs renewal, a plugin subscription expires, nobody controls Search Console, or a critical service still belongs to a freelancer’s personal account.

A good handover is not optional paperwork. It determines whether the client truly owns, maintains, and can recover the website.

What the client should own after launch

Access and ownership

Domains, DNS, hosting, repositories, CMS accounts, analytics, Search Console, tag management, email services, and payment providers should sit under traceable company-controlled accounts. Personal accounts belonging to individual suppliers create unnecessary dependency.

GitHub repository roles should be assigned deliberately. Google Search Console separates owners and users with different permissions. The goal is not to give everyone full access, but to keep the organization operational.

Technical documentation

At minimum, document:

  • architecture and services
  • deployment and rollback
  • environments and domains
  • backup and restore
  • secrets and rotation
  • integrations and webhooks
  • recurring maintenance tasks
  • known limitations and technical debt

Contracts, licences, and recurring cost

Who pays for hosting, plugins, fonts, stock assets, monitoring, email delivery, or CDN services? When do subscriptions renew? Which licences can be transferred? A launch without a cost inventory creates surprises instead of a plan.

Functional and acceptance status

The handover should record which features were tested, which browsers and devices were covered, and which items remain intentionally open. Otherwise, every later disagreement becomes a contest of memory.

Handover red flags

  • The agency owns the only administrator account.
  • The domain sits in a private account.
  • Nobody except one developer can deploy.
  • There is no current backup or restore evidence.
  • Licences cannot be transferred or are about to expire.
  • Consent, tracking, and form configurations are undocumented.
  • There is no list of external data recipients.
  • Monitoring and error alerts still go to former suppliers.

A useful handover session

A handover should do more than send files. Walk through deployment, user management, content editing, backup, recovery, and incident contacts together.

Test at least one critical process live. Let the client perform a deployment or content change where that matches the operating model. Documentation nobody can follow is decorative security.

What Website-Pflichtencheck would review

An independent handover review checks ownership, access, permissions, documentation, recurring costs, technical dependencies, privacy-relevant services, recovery capability, and the actual operating state.

This is particularly valuable before the final invoice, after an agency change, or when a website is moving in-house.

A professional handover ends dependency, not responsibility. If the website only works while one particular person remains available, the project is not technically finished.

Jurono logo

Jurono

Technical website audits, website fixes, and AI code rescue for small businesses, practices, law firms, and founders in Germany.

Get our free security checklist before you go.

Download free PDF

Matching offers

Move forward directly

Based on the topics in this article — without a long search.

Pflichtencheck Pro

When the website matters, but nobody knows which technical required signals, risks, and fixes actually have priority.

549

Audit, assessment, and concrete action plan within 3-5 business days.

  • Everything from the Quick Scan, assessed and documented in more depth
  • Concrete findings for cookie, tracking, and external service signals
  • Visible required areas checked technically, without legal advice
Request Pflichtencheck Pro

Website Protection & Maintenance

For small businesses without an internal web team that need ongoing technical calm instead of occasional emergencies.

279/month

Monthly technical support after a short onboarding check.

  • Updates and backups supported in a controlled way depending on system access
  • Monthly short check for new technical findings
  • Up to 90 minutes of small changes or fixes per month
Start Website Protection & Maintenance

Website Quick Scan

When nobody is sure which scripts, cookie signals, or technical risks are currently running on the site.

249

Technical first assessment and clear priorities within two business days.

  • Quickly see whether tracking, cookies, external services, or HTTPS look suspicious
  • Mobile, load time, and technical issues explained in plain language
  • The most important points in a short priority list
Continue with Website Quick Scan

Get clarity before you commit to fixes.

Start with a technical check. If the findings are minor, you can stop there, hand the report to your existing team, or book targeted fixes later.

Technical audit and implementation, not legal advice. I check visible signals, integrations, and delivery issues; legal texts and binding legal assessments remain the work of lawyers or privacy consultants.

Website Handover: What Must Actually Be Delivered After Launch