Cache de block activés ?
Pourcentage de block non cachable -> prevenir en cas de trop de block custom dont cache mal configuré
Views
Voir le nombre de vues activées, vérifier leur cachabilité
Modules Cache views, content cache ou row cache activés
Autre
Cache anonyme (detecter Varnish, ou cache drupal par défaut), check anonymous users really have cache hits (no sessions auto-activated by drupal_messages or special form things, for example)
Cookie Cache Bypass Advanced (cookie NO_CACHE)
Render cache ou Display cache activé
Entity cache et Entity Cache Loader
Memcache, Redis ou autre activé
Detection de mod_expires et sa configuration (2x wget d'un asset)
Si Rules présent -> prévenir préférer les hooks si pas besoin d'édition par l'admin
Conseiller CDN ?
Conseiller apdqc ?
Contrib
Fast 404 (module ou coeur) avec propositions de patterns dpuis dblog
Aggregation JS/CSS core ou advagg
Gulpifier - sprite - font d'icone (perf front)
Image info cache si beaucoup d'images et/ou beaucoup de styles et/ou beaucoup d'effets
Image API optimize
Modules installed
Disable update, overlay, statistics, color, ...
Disable UIs
Disable dblog, use syslog
Show number of notices and warning in dblog
Detect enable but missing modules
Patch too many modules https://drupal.org/node/2263365#comment-8786605
Detect custom modules, process percentage of hook/function in .modules and includes, prefer *_load_include
Locales bigger locale cache patch
Database
Detect DNS in database info (localhost, prefer 127.0.0.1 or unix socket)
Tune mysql (prendre mysql tuner ?)
Index slow queries
Use Shadow module
Optimize views http://redcrackle.com/blog/how-optimize-drupal-view-so-it-uses-inner-join-instead-left-join
Mysql query cache (256 or 512M)
innodb_file_per_table
increase max limits for table_cache and descriptors
use 50% of available RAM for inndb_buffer_pool_size
Move semaphore table to memory
Use READ COMMITTED for MySQL transactions
Waiting for table metadata locks on cache* tables
Server
Prefer nginx over Apache
Install PHP 5.5 for integrated APC with zend_opcode instead of apc, check opcode activation
Use php-fpm
Security
Check Drupal core is up to date
Check security issues for important modules (views, rules, etc)
Check Information disclosure in http headers (Apache ->Token Prod, Nginx server_tokens off, PHP expose_php off )
Check drupal roles/acl assignement
Check input filters configuration
Check all custom code and templates for $_GET or $_POST bad usage, absence of render() calls, absence of check_markup, etc. Start with search forms. Check that SEO code is not reusing page titles in some google js settings without escaping the simple and double quotes.
I edited some things in your comment, though it was a things-to-remember-I-have-to-do note. maybe I should have added theses things in a comment, sorry.
Caches
Blocks
Cache de block activés ? Pourcentage de block non cachable -> prevenir en cas de trop de block custom dont cache mal configuré
Views
Voir le nombre de vues activées, vérifier leur cachabilité Modules Cache views, content cache ou row cache activés
Autre
Cache anonyme (detecter Varnish, ou cache drupal par défaut), check anonymous users really have cache hits (no sessions auto-activated by drupal_messages or special form things, for example) Cookie Cache Bypass Advanced (cookie NO_CACHE) Render cache ou Display cache activé Entity cache et Entity Cache Loader Memcache, Redis ou autre activé Detection de mod_expires et sa configuration (2x wget d'un asset) Si Rules présent -> prévenir préférer les hooks si pas besoin d'édition par l'admin Conseiller CDN ? Conseiller apdqc ?
Contrib
Fast 404 (module ou coeur) avec propositions de patterns dpuis dblog Aggregation JS/CSS core ou advagg Gulpifier - sprite - font d'icone (perf front) Image info cache si beaucoup d'images et/ou beaucoup de styles et/ou beaucoup d'effets Image API optimize
Modules installed
Disable update, overlay, statistics, color, ... Disable UIs Disable dblog, use syslog Show number of notices and warning in dblog Detect enable but missing modules Patch too many modules https://drupal.org/node/2263365#comment-8786605 Detect custom modules, process percentage of hook/function in .modules and includes, prefer *_load_include Locales bigger locale cache patch
Database
Detect DNS in database info (localhost, prefer 127.0.0.1 or unix socket) Tune mysql (prendre mysql tuner ?) Index slow queries Use Shadow module Optimize views http://redcrackle.com/blog/how-optimize-drupal-view-so-it-uses-inner-join-instead-left-join Mysql query cache (256 or 512M) innodb_file_per_table increase max limits for table_cache and descriptors use 50% of available RAM for inndb_buffer_pool_size Move semaphore table to memory Use READ COMMITTED for MySQL transactions Waiting for table metadata locks on cache* tables
Server
Prefer nginx over Apache Install PHP 5.5
for integrated APCwith zend_opcode instead of apc, check opcode activation Use php-fpmSecurity
Check Drupal core is up to date Check security issues for important modules (views, rules, etc) Check Information disclosure in http headers (Apache ->Token Prod, Nginx server_tokens off, PHP expose_php off ) Check drupal roles/acl assignement Check input filters configuration Check all custom code and templates for $_GET or $_POST bad usage, absence of render() calls, absence of check_markup, etc. Start with search forms. Check that SEO code is not reusing page titles in some google js settings without escaping the simple and double quotes.