Technical SEO Audit Checklist: 60+ Points to Review

A comprehensive technical SEO audit checklist covering crawlability, indexation, site architecture, Core Web Vitals, mobile-friendliness, security, and structured data.

Published 2026-03-28

This checklist covers every technical aspect of your website that affects search engine crawling, indexation, and ranking. Work through each section systematically, documenting issues and their severity as you go.

Crawlability Checks

  • Robots.txt exists and is accessible: Visit yoursite.com/robots.txt. Verify it loads correctly and doesn't accidentally block important sections.
  • No critical pages blocked by robots.txt: Check that Disallow rules don't prevent search engines from accessing key content, CSS, or JavaScript files.
  • XML sitemap exists and is valid: Verify your sitemap at yoursite.com/sitemap.xml. It should list all indexable URLs and return a 200 status.
  • Sitemap submitted to GSC and Bing: Check both Google Search Console and Bing Webmaster Tools to confirm sitemap submission and processing.
  • Sitemap URLs match canonical URLs: Every URL in the sitemap should be the canonical version — no redirects, no non-canonical variants.
  • Crawl budget isn't wasted: Check for excessive parameter URLs, infinite scroll pagination, calendar pages, or faceted navigation generating thousands of crawlable URLs.
  • No orphan pages: Every indexable page should be reachable through at least one internal link. Use Screaming Frog to find pages in the sitemap but not in the crawl.
  • Crawl errors resolved: Check GSC's Page Indexing report for crawl errors. Fix server errors (5xx) first, then soft 404s, then redirect issues.
  • JavaScript-rendered content is crawlable: If your site uses client-side rendering (React, Vue, Angular), verify that Googlebot can see the rendered content using Google's URL Inspection tool.

Indexation Checks

  • Important pages are indexed: Run site:yoursite.com in Google. Compare the indexed count with the number of pages in your sitemap.
  • No accidental noindex tags: Crawl your site and check for meta robots noindex tags on pages that should be indexed.
  • Canonical tags are correct: Every page should have a self-referencing canonical tag. Cross-domain canonicals should only point to the original source.
  • No duplicate content issues: Check for www vs non-www, HTTP vs HTTPS, trailing slash vs non-trailing slash variants all serving the same content.
  • Pagination is handled correctly: Paginated content should use rel="next" and rel="prev" or load-more patterns. Each paginated page should have a unique canonical.
  • Hreflang tags are correct (if multilingual): Each language version should reference all other versions including itself. X-default should point to the language selector or default version.
  • Thin/empty pages are noindexed or removed: Pages with little or no content dilute your site's quality signals. Either add content or noindex them.

Site Architecture Checks

  • Click depth is under 4: Important pages should be reachable within 3 clicks from the homepage. Check with Screaming Frog's crawl depth report.
  • URL structure is logical and flat: URLs should follow a clear hierarchy (domain.com/category/page/) without unnecessary depth or parameters.
  • URLs are clean and descriptive: No session IDs, excessive parameters, or meaningless strings. URLs should contain relevant keywords.
  • Internal linking is strategic: Important pages should have the most internal links pointing to them. Check with Screaming Frog's inlinks report.
  • Breadcrumbs are implemented: Breadcrumb navigation helps users and search engines understand your site hierarchy. Add BreadcrumbList schema.
  • No redirect chains: A links to B which redirects to C which redirects to D. Each hop loses PageRank. Fix chains so links point directly to the final destination.
  • No broken internal links: Crawl your site and fix any links returning 404 status codes. These waste crawl budget and create poor user experience.
  • 404 page is helpful: Your 404 page should return a proper 404 status code (not 200) and help users find what they were looking for.

Core Web Vitals Checks

  • LCP (Largest Contentful Paint) under 2.5s: Check in PageSpeed Insights. Common fixes: optimise images, preload hero image, reduce server response time.
  • INP (Interaction to Next Paint) under 200ms: Measures responsiveness. Fix: reduce JavaScript execution time, break up long tasks, use web workers.
  • CLS (Cumulative Layout Shift) under 0.1: Prevent layout shifts by setting explicit width/height on images and embeds, avoiding late-loading content above the fold.
  • Field data passes in GSC: Lab data (Lighthouse) is simulated. Check real-user data in GSC's Core Web Vitals report for actual pass/fail status.
  • No render-blocking resources: Defer non-critical CSS and JavaScript. Inline critical CSS for above-the-fold content.
  • Images are optimised: Use modern formats (WebP/AVIF), appropriate sizing, lazy loading for below-fold images, and responsive srcset attributes.

Mobile Checks

  • Viewport meta tag is set: Every page needs <meta name="viewport" content="width=device-width, initial-scale=1">.
  • Text is readable without zooming: Base font size should be at least 16px. Line height should be at least 1.5.
  • Tap targets are properly sized: Buttons and links should be at least 48x48px with adequate spacing between them.
  • No horizontal scrolling: Content should fit within the viewport width. No elements overflowing the screen.
  • Mobile menu works correctly: Navigation should be accessible and usable on mobile devices. Test on actual devices, not just browser emulation.
  • No intrusive interstitials: Pop-ups that cover the main content on mobile can trigger Google's intrusive interstitial penalty.
  • Mobile page speed is fast: Test mobile-specific speed in PageSpeed Insights. Mobile often has different issues than desktop (network latency, CPU constraints).

Security Checks

  • HTTPS is enforced: All HTTP URLs should 301 redirect to HTTPS. No mixed content warnings.
  • SSL certificate is valid: Check expiration date, certificate chain, and protocol versions with SSL Labs.
  • HSTS header is set: Strict-Transport-Security header tells browsers to always use HTTPS. Include max-age of at least 31536000.
  • Security headers are configured: Check Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy with securityheaders.com.
  • No mixed content: All resources (images, scripts, stylesheets, fonts) must load over HTTPS when the page is served over HTTPS.

Structured Data Checks

  • Schema markup is implemented: Use JSON-LD format. At minimum, add Organization schema on the homepage and Article schema on content pages.
  • Schema validates without errors: Test every schema type with Google's Rich Results Test. Fix all errors; warnings are lower priority.
  • BreadcrumbList schema matches visible breadcrumbs: The structured data should mirror what users see on the page.
  • Product/Service schema is used where applicable: If you sell products or services, add the relevant schema to enable rich snippets.
  • FAQ schema is used for FAQ content: FAQ pages or sections with question-answer format should use FAQPage schema.
  • No spammy or misleading schema: Only mark up content that's actually visible on the page. Don't add review schema for self-reviews or FAQ schema for content that isn't in Q&A format.

Server and Hosting Checks

  • Server response time (TTFB) under 600ms: Time to First Byte measures how fast your server responds. Slow TTFB affects every other speed metric.
  • Gzip/Brotli compression is enabled: Text-based resources should be compressed. Check with PageSpeed Insights or browser DevTools Network tab.
  • Browser caching is configured: Static assets should have Cache-Control headers with appropriate max-age values. Check with Lighthouse.
  • CDN is in use: A Content Delivery Network serves assets from edge locations closer to users, reducing latency globally.
  • Server returns correct status codes: 200 for found pages, 301 for permanent redirects, 404 for missing pages. No soft 404s (404 content with 200 status).
  • Error pages return proper status codes: Your custom 404 page must return HTTP 404, not 200. Your server error page should return 503 during maintenance.

Use this checklist alongside our technical audit guide for detailed explanations of each check and how to fix common issues. For a comprehensive audit that covers all these points and more, see our professional audit services.

Get Your Free Website Audit

Find out what's holding your website back. Our 72-checkpoint audit reveals exactly what to fix.

Start Free Audit

No credit card required • Results in 60 seconds

Or get free SEO tips delivered weekly

Free • No spam • Unsubscribe anytime