Introduction
This isn’t your average SEO blog. This is a full-on, no-holds-barred technical SEO deep dive — every issue, every fix, and Pedro’s no-bullshit take on the lot. If your site’s got crawling issues, dodgy redirects, slow load times or some XML sitemap that looks like it was written in crayon, it’s all in here. We’re talking proper technical breakdowns with real-world fixes — not waffle.
It’s detailed, yes. But still human. You’ll leave knowing what’s broken and exactly how to sort it. Even Darren could follow it — and Darren thought a canonical tag was something the Pope wears.
Canonicals: Non-Indexable Canonical
Type: Issue
Priority: High
Description:
Pages with a canonical URL that is non-indexable. This will include canonicals which are blocked by robots.txt, no response, redirect (3XX), client error (4XX), server error (5XX), are ‘noindex’ or ‘canonicalised’ themselves. This means the search engines are being instructed to consolidate indexing and link signals to a non-indexable page, which often leads to them ignoring the canonical, but may also lead to unpredictability in indexing and ranking.
How to Fix:
Ensure canonical URLs are to accurate indexable pages to avoid them being ignored by search engines, and any potential indexing or ranking unpredictability.
Pedro’s Take:
This is like telling Google, Hey, dont look at me look at Steve! But Steve is either missing, on holiday, behind a locked door, or just straight-up dead. So now Googles confused, ignores your advice, and maybe doesnt trust either of you. If you’re gonna point to another page as the real one, make sure that page is actually alive, well, and welcoming visitors not hiding in a server error dungeon.
Response Codes: Internal Client Error (4xx)
Type: Issue
Priority: High
Description:
Internal URLs with a client-side error. This indicates a problem occurred with the URL request and can include responses such as 400 bad request, 403 Forbidden, 404 Page Not Found, 410 Removed, 429 Too Many Requests and more. A 404 ‘Page Not Found’ is the most common, and often referred to as a broken link.
How to Fix:
All links on a website should ideally resolve to 200 ‘OK’ URLs. Errors such as a 404 or 410 should be updated to their correct locations, removed and redirected where appropriate.
Pedro’s Take:
4xx errors are like dead ends on your website someone clicks a link and ends up face-first in a brick wall that says Nope. Whether its a 404 (Page Not Found), 403 (Forbidden), or any other client-side error, it means somethings broken, missing, or off-limits. Thats bad for users and even worse for SEO. Fix broken links, redirect where needed.
Security: HTTP URLs
Type: Issue
Priority: High
Description:
HTTP URLs that are encountered in the crawl. All websites should be secure over HTTPS today on the web. Not only is it important for security, but it’s now expected by users. Chrome and other browsers display a ‘Not Secure’ message against any URLs that are HTTP, or have mixed content issues (where they load insecure resources on them).
How to Fix:
All URLs should be to secure HTTPS pages. Pages should be served over HTTPS, any internal links should be updated to HTTPS versions and HTTP URLs should 301 redirect to HTTPS versions. HTTP URLs identified in this filter that are redirecting to HTTPS versions already should be updated to link to the correct HTTPS versions directly.
Pedro’s Take:
Still using HTTP is like locking your house, but leaving the windows wide open sure, it looks secure, but its not fooling anyone. Modern browsers now slap a Not Secure label on HTTP pages, and that makes users nervous and search engines twitchy. You should be serving everything over HTTPS, redirecting old HTTP links, and updating any internal links that still point to the insecure versions. Its 2025 dont let your site wander the internet wearing flip-flops in a storm.
Pagination: Pagination URL Not in Anchor Tag
Type: Issue
Priority: High
Description:
URLs contained in either, or both, the rel=”next” and rel=”prev” attributes of the page, are not found as a hyperlink in an HTML anchor element on the page itself. Paginated pages should be linked to with regular links to allow users to click and navigate to the next page in the series. They also allow Google to crawl from page to page, and PageRank to flow between pages in the series.
How to Fix:
Ensure paginated URLs are linked to within tags. This will allow them to be crawled and indexed, and pass PageRank onto any URLs they link to.
Response Codes: Internal No Response
Type: Issue
Priority: High
Description:
Internal URLs with no response returned from the server. Usually due to a malformed URL, connection timeout, connection error, or connection refused.
How to Fix:
Malformed URLs should be updated to the correct location.
Pedro’s Take:
Some pages on your site are linking to other pages that dont respond at all like sending someone to a room that doesnt exist. This could be because the links broken, the address is wrong, or the page just isnt there anymore. To users, it feels like the site hit a dead end, which doesnt exactly scream professional. Check those broken links and either fix them or remove them nobody likes clicking into a black hole.
Validation: Multiple Tags
Type: Issue
Priority: High
Description:
Pages with multiple elements in the HTML. There should only be one element in the HTML which contains all content for the document. Browsers and Googlebot will try to combine content from subsequent elements, however this should not be relied upon and is open to potential mix ups.
How to Fix:
Ensure all pages have a single valid element with appropriate content for the document.
Pedro’s Take:
Your page has more than one tag, which is like giving a person two actual bodies confusing, creepy, and definitely not normal. Browsers and Google might try to mash everything together, but its risky and messy. You should only ever have one per page its the container for all your content, and doubling up can lead to layout issues, broken features, or missing info. Clean it up so your site isnt walking around like a coding Frankenstein.
Mobile: Contains Unsupported Plugins
Type: Issue
Priority: High
Description:
Pages with browser plugins such as Flash, Silverlight, or Java Applets that most mobile devices and browsers do not support and search engines cannot index.
How to Fix:
Remove old plugin files from pages. For any pages that still rely on any of these plugins, migrate to more modern open web technologies, which are faster, more power-efficient and secure. Consider converting plugin-based content to HTML, such as Flash to HTML5 video.
Pedro’s Take:
If your page still uses Flash or Java applets, its basically trying to play a VHS tape on a smartphone its outdated, unsupported, and totally invisible to most users and search engines. Mobile browsers dont load these old plugins, which means that content just doesnt show up. Its time to bin the ancient tech and replace it with something modern, like HTML5. If your page depends on this stuff, its not just a tech issue its a full-on time warp.
Hreflang: Non-200 hreflang URLs
Type: Issue
Priority: High
Description:
URLs contained within rel=”alternate” hreflang annotations that do not have a 200 response code, such as URLs blocked by robots.txt, no responses, 3XX (redirects), 4XX (client errors) or 5XX (server errors). Hreflang URLs must be crawlable and indexable and therefore non-200 URLs are treated as errors, and ignored by the search engines.
How to Fix:
Ensure URLs within hreflang annotations are to the correct canonical and indexable pages. If Google can’t see pages pointing to each other due to a non-200 response, the tags will be ignored.
Pedro’s Take:
Your hreflang tags are pointing to pages that dont load properly like giving someone a list of alternate language versions, but half the doors are locked or lead to error pages. If the linked page returns a redirect, a 404, or anything other than a clean 200 status, Google throws the whole hreflang setup in the bin. For these language links to work, they all need to be alive, crawlable, and properly connected. Fix the broken ones or risk having your international targeting completely ignored.
Hreflang: Not Using Canonical
Type: Issue
Priority: High
Description:
URLs not using the canonical URL on the page in its own hreflang annotation. Hreflang should only include canonical versions of URLs.
How to Fix:
Update hreflang annotations to include canonical versions of URLs only. They should not include links which are canonicalised to other URLs.
Pedro’s Take:
Youre telling Google, Heres the Spanish version of this page, but the link youre giving points to a non-canonical (i.e. second-rate) version. Google doesnt like playing guessing games hreflang tags must always point to the canonical URLs, not ones that redirect or are being overridden. Fix the tags to reference the proper, canonical versions only, or you risk your multilingual setup being misread or completely ignored.
Response Codes: Internal Server Error (5xx)
Type: Issue
Priority: High
Description:
Internal URLs where the server failed to fulfill an apparently valid request. This can include common responses such as 500 Internal Server Errors, and 503 Service Unavailable. View URLs that link to errors using the lower ‘inlinks’ tab and export them in bulk via ‘Bulk Export > Response Codes > Internal > Server Error (5xx) inlinks’.
How to Fix:
All URLs should respond with a 200 ‘OK’ status and this might indicate a server that struggles under load, or a misconfiguration that requires investigation. Check 500 internal server errors exist in a browser and fix any valid issues.
Pedro’s Take:
If your sites throwing a 500 or 503, it means something’s broken on your end not the users. These errors stop search engines and customers in their tracks. It might be a server overload, bad plugin, or code bug. Whatever the cause, fix it fast.
Security: Form URL Insecure
Type: Issue
Priority: High
Description:
HTML pages that contain a form with an action attribute URL that is insecure (HTTP). This means that any data entered into the form is not secure, as it could be viewed in transit.
How to Fix:
All URLs contained within forms across a website should be encrypted and therefore need to be HTTPS.
Pedro’s Take:
Sending form data over HTTP is like whispering your secrets through a megaphone in a crowded room – anyone can listen in. If your site’s asking for info, it better wrap that request in a secure HTTPS blanket. Otherwise, you’re just handing over your visitors’ data to anyone lurking in the digital shadows. Fix it fast – privacy ain’t optional.
Security: Form on HTTP URL
Type: Issue
Priority: High
Description:
This indicates that a form is on an HTTP page. Any data entered into the form, including usernames and passwords is not secure.
How to Fix:
All HTTP pages with forms should be changed to HTTPS to avoid security issues for users, and problems loading in a browser.
Pedro’s Take:
Hosting a form on an HTTP page is like asking someone to write their bank details on a postcard – easy for anyone to intercept. If you’re collecting info, even something as simple as a name, it needs to be protected. Switch to HTTPS or risk scaring off users and getting flagged by browsers. Privacy is power – lock it down.
Canonicals: Outside
Type: Issue
Priority: High
Description:
Pages with a canonical link element that is outside of the element in the HTML. The canonical link element should be within the element, or search engines will ignore it.
How to Fix:
Ensure canonical link elements are in the element of a page’s HTML to be considered by search engines.
Pedro’s Take:
Putting the canonical tag outside the is like trying to RSVP to a party by scribbling your name on the back fence – no one is going to see it. Search engines are picky and only look in the for that tag. If it is not there, they will just ignore it. So keep it where it belongs, upfront and easy to find, like a name on the guest list at the front door.
Validation: Multiple Tags
Type: Issue
Priority: High
Description:
Pages with multiple elements in the HTML. There should only be one element in the HTML which contains all critical metadata for the document. Browsers and Googlebot will combine metadata from subsequent elements if they are both before the , however this should not be relied upon and is open to potential mix-ups. Any tags after the starts will be ignored.
How to Fix:
Ensure all pages have a single valid element with appropriate metadata for the document that is the first element in the element.
Pedro’s Take:
Having more than one tag is like starting a movie with two intros – it’s confusing, messy, and someone’s bound to miss the plot. Browsers try to piece things together, but it’s risky and can lead to metadata mix-ups. Stick to one at the top and keep it clean so everything important is right where it should be.
Validation: Missing Tag
Type: Issue
Priority: High
Description:
Pages missing a element within the HTML. The element is a container for metadata about the page, that’s placed between the and tag. Metadata is used to define the page title, character set, styles, scripts, viewport and other data that’s critical to the page. Browsers and Googlebot will automatically generate a element if it’s omitted in the markup, however it may not contain meaningful metadata for the page and this should not be relied upon.
How to Fix:
Ensure all pages have a valid element with appropriate metadata for the document that is the first element in the element.
Pedro’s Take:
Missing a tag is like showing up to a job interview without your name, resume, or pants. The browser might try to guess what you meant, but do you really want Google winging it? The is where all your page’s vital stats live. No means no proper intro, no style, no direction. Always include one, right after , like a pro.
Validation: Missing Tag
Type: Issue
Priority: High
Description:
Pages missing a element within the HTML. The element contains all the content of a page, including links, headings, paragraphs, images and more. There should be one element in the HTML of the page. Browsers and Googlebot will automatically generate a element if it’s omitted in the markup, however this should not be relied upon.
How to Fix:
Ensure all pages have a single valid element with appropriate content for the document.
Pedro’s Take:
Missing a tag is like throwing a party but forgetting the room. All your content – text, images, links – has nowhere to live. Browsers might make one for you, but it is like guessing the layout after the guests arrive. Do not gamble with structure. Always wrap your content in a proper – one tag, one home, no surprises.
Pagination: Non-200 Pagination URLs
Type: Issue
Priority: High
Description:
URLs contained in the rel=”next” and rel=”prev” attributes do not respond with a 200 ‘OK’ status code. This can include URLs blocked by robots.txt, no responses, 3XX (redirects), 4XX (client errors) or 5XX (server errors). Pagination URLs must be crawlable and indexable and therefore non-200 URLs are treated as errors, and ignored by the search engines.
How to Fix:
Ensure paginated URLs are to canonical, indexable pages – so they can be crawled and indexed.
Pedro’s Take:
Broken rel=”next” or rel=”prev” links are like giving someone a book series with missing pages or dead-end chapters. Google tries to follow the path and ends up in a 404 swamp, a redirect maze, or just gets blocked at the door. If the pagination chain is busted, your content might get ignored. Make sure every paginated URL actually loads, is indexable, and leads somewhere real. Otherwise, your site’s story ends before it even gets good.
Directives: Outside
Type: Issue
Priority: High
Description:
Pages with a meta robots that is outside of the element in the HTML. The meta robots should be within the element, or search engines may ignore it. Google will typically still recognise meta robots such as a ‘noindex’ directive, even outside of the element, however this should not be relied upon.
How to Fix:
To ensure that search engines follow specified directives, include meta robots tags in the element of a page’s HTML.
Pedro’s Take:
Putting a meta robots tag outside the is like whispering instructions after the meeting’s already ended. Google might still hear you, but it’s not paying full attention. That tag tells bots what to do – so don’t shove it in the wrong place and hope for the best. Keep it in the , loud and clear, right at the start. Directives only work if they show up to the right party.
Pagination: Sequence Error
Type: Issue
Priority: Low
Description:
URLs that have an error in the rel=”next” and rel=”prev” HTML link elements sequence. This check ensures that URLs contained within rel=”next” and rel=”prev” HTML link elements reciprocate and confirm their relationship in the series.
How to Fix:
Ensure paginated URLs contained within rel=”next” or rel=”prev” attributes and within tags are to the correct pages in the sequence.
Pedro’s Take:
Pagination sequence errors are like reading a book where chapter 3 says next is chapter 5, and chapter 5 says previous was chapter 2. It throws off the flow and confuses both users and search engines trying to follow the story. The rel=”next” and rel=”prev” tags are meant to keep paginated content linked in the right order like breadcrumbs through a long article or product list. If theyre pointing to the wrong pages, fix the chain so everything connects properly and nobody gets lost in the series.
URL: Contains Space
Type: Issue
Priority: Low
Description:
URLs that contain a space. These are considered unsafe and could cause the link to be broken when sharing the URL. Hyphens should be used as word separators instead of spaces.
How to Fix:
Ideally hyphens should be used as word separators, rather than spaces. However, changing URLs is a big decision. If URLs are changed, then appropriate 301 redirects must be implemented.
Pedro’s Take:
URLs with spaces are like giving someone a street address that includes a blank spot it might still work, but its risky and awkward. Spaces arent technically allowed in URLs, so they get converted into weird-looking %20, which can break links or look messy when shared. Use hyphens instead theyre cleaner, safer, and play nice with both users and search engines. And if you change the URL, dont forget the 301 redirect so no one ends up lost.
URL: Multiple Slashes
Type: Issue
Priority: Low
Description:
URLs that have multiple forward slashes in the path (example.com/page1//). This is generally by mistake and as best practice URLs should only have a single slash between sections of a path to avoid any potential mix ups and duplicate URLs within the string. This is excluding use within the protocol (https://).
How to Fix:
Ideally only a single slash should be used for URLs. However, changing URLs is a big decision, and often it’s not worth changing them for SEO purposes alone. If URLs are changed, then appropriate 301 redirects must be implemented.
Pedro’s Take:
Double slashes in URLs are like stuttering directions – “Go to page one… no wait, page one again?” It might still work, but it looks sloppy and can confuse search engines or create duplicates. Outside of https://, you only need one slash between parts of a path. Clean it up if you can, and if you change URLs, do it with proper 301 redirects. One slash is smooth, two is a trip hazard.
Directives: Noindex
Type: Warning
Priority: High
Description:
URLs containing a ‘noindex’ directive in either a robots meta tag or X-Robots-Tag in the HTTP header. This instructs the search engines not to index the page. The page will still be crawled (to see the directive), but it will then be dropped from the index.
How to Fix:
URLs with a ‘noindex’ should be reviewed carefully to ensure they are correct and shouldn’t be indexed. If these pages should be indexed, then the ‘noindex’ directive should be removed.
Pedro’s Take:
Telling Google noindex is like hanging a big DO NOT ENTER sign on your shop window but leaving the door wide open so Google can peek inside, get excited… and then be told to scram. Sometimes thats what you want (like for private pages or test stuff), but if its on important pages, youre basically ghosting your own content. Double-check youre not accidentally banishing your best work to the digital void.
Response Codes: Internal Blocked by Robots.txt
Type: Warning
Priority: High
Description:
Internal URLs blocked by the site’s robots.txt. This means they cannot be crawled and is a critical issue if you want the page content to be crawled and indexed by search engines.
How to Fix:
Review URLs to ensure they should be disallowed. If they are incorrectly disallowed, then the site’s robots.txt should be updated to allow them to be crawled. Consider whether you should be linking internally to these URLs and remove links where appropriate.
Pedro’s Take:
Blocking your own pages with robots.txt is like hanging a Do Not Enter sign on your front door while shouting, Come check out my cool stuff! If search engines cant crawl the page, they cant index it so its basically invisible, no matter how good it is. Sometimes thats intentional (like admin pages), but if its blocking something important, youre shooting yourself in the SEO foot. Double-check what youre blocking, and stop linking to stuff youve told bots not to visit its like inviting guests to a locked room.
Pagination: Non-Indexable
Type: Warning
Priority: High
Description:
The paginated URL is non-indexable. Generally they should all be indexable, unless there is a ‘view-all’ page set, or there are extra parameters on pagination URLs, and they require canonicalising to a single URL. One of the most common mistakes is canonicalising page 2+ paginated pages to the first page in a series. Google recommend against this implementation because the component pages don’t actually contain duplicate content. Another common mistake is using ‘noindex’, which can mean Google drops paginated URLs from the index completely and stops following outlinks from those pages, which can be a problem for the products on those pages.
How to Fix:
Ensure paginated URLs are to canonical, indexable pages – so they can be crawled and indexed.
Pedro’s Take:
Non-indexable paginated URLs are like publishing a book series but only letting Google read page one then locking the rest away behind a curtain. If youre using noindex or pointing every page back to page 1 with a canonical tag, Google cant access the rest, and that means the content (like products or articles) on those pages might never get seen or ranked. Unless youve got a proper view all version, each paginated page should be indexable. Otherwise, its like having shelves full of stuff and hiding them behind a nothing to see here sign.
Validation: Invalid HTML Elements in <head>
Type: Warning
Priority: High
Description:
Pages with invalid HTML elements within the <head>. When an invalid element is used in the <head>, Google assumes the end of the <head> element and ignores any elements that appear after the invalid element. This means critical <head> elements that appear after the invalid element will not be seen. The <head> element as per the HTML standard is reserved for <title>, <meta>, <link>, <script>, <style>, <base>, <noscript> and <template> elements only.
How to Fix:
Ensure the <head> element only uses valid elements as per HTML specifications to ensure critical tags are seen by search engines. Common invalid elements include <img> and <iframe>.
Pedro’s Take:
Putting the wrong stuff inside the <head> is like interrupting a recipe halfway through with a cat photo — it confuses the chef and they stop reading. Google sees an invalid tag (like an <img> or <iframe>), assumes the <head> is over, and ignores anything that comes after — even important stuff like meta tags or tracking scripts. Only use the tags that are allowed there. If you really need to shove something weird in the <head>, stick it at the very end so it doesn’t ruin the whole dish.
Directives: Nofollow
Type: Warning
Priority: High
Description:
URLs containing a ‘nofollow’ directive in either a robots meta tag or X-Robots-Tag in the HTTP header. This is a ‘hint’ which tells the search engines not to follow any links on the page for crawling. This is generally used by mistake in combination with ‘noindex’, when there is no need to include this directive as it stops ‘PageRank’ from being passed onwards.
How to Fix:
URLs with a ‘nofollow’ should be reviewed carefully to ensure that links shouldn’t be crawled and PageRank shouldn’t be passed on. If outlinks should be crawled and PageRank should be passed onwards, then the ‘nofollow’ directive should be removed.
Pedro’s Take:
A nofollow directive is like putting up a sign that says Dont follow any links here, nothing to see. It tells search engines to ignore all the links on that page no crawling, no PageRank passed along. Thats fine if you really dont want search engines snooping around, but in most cases, its added by accident and ends up cutting off your sites flow. If the page is already set to noindex, you usually dont need nofollow too thats just double-locking a door no ones trying to open. Check if its needed, and if not, get rid of it.
Validation: Not First In Element
Type: Warning
Priority: High
Description:
Pages with an HTML element that precede the element in the HTML. The should be the first element in the element. Browsers and Googlebot will automatically generate a element if it’s not first in the HTML. While ideally elements would be in the , if a valid element is first in the it will be considered as part of the generated . However, if non elements such as
, , etc. are used before the intended element and its metadata, then Google assumes the end of the element. This means the intended element and its metadata will be seen in the and ignored.
How to Fix:
Ensure all pages have a valid element with appropriate metadata for the document that is the first element in the element.
Pedro’s Take:
Putting stuff before your tag is like trying to hang curtains before building the window. Google sees it and goes, “Welp, guess that was the head!” — then ignores the actual one with all your good stuff. Keep the tag first inside , like it is the brain of the page. No rogue
or crashing the brain party before it starts. Structure matters — do not let your metadata get lost in the crowd.
Validation: Element Preceding
Type: Warning
Priority: High
Description:
Pages that have a body element preceding the opening element. Browsers and Googlebot will automatically assume the start of the and generate an empty element before it. This means the intended element below and its metadata will be seen in the and ignored.
How to Fix:
Ensure elements do not precede the element and they are only in the element.
Pedro’s Take:
Putting a before is like walking into a house through the roof. Browsers freak out, slap on an empty , and dump your real one into the like junk mail. Google misses the good stuff and your metadata gets ignored. Always start with , then , then . It is not just order – it is sanity.
Canonicals: Missing
Type: Warning
Priority: Medium
Description:
Pages that have no canonical URL present either as a link element, or via HTTP header. If a page doesn’t indicate a canonical URL, Google will identify what they think is the best version or URL. This can lead to ranking unpredictability when there are multiple versions discovered, and hence generally all URLs should specify a canonical version
How to Fix:
Specify a canonical URL for every page to avoid any potential ranking unpredictability if multiple versions of the same page are discovered on different URLs.
Pedro’s Take:
Missing canonicals is like letting Google choose which version of your page is the real one and lets be honest, Googles smart but its not always right. If youve got the same content at more than one URL, Google might pick the wrong one to rank, or split your SEO juice between versions. A canonical tag simply says, Hey, this is the official version rank this one. Without it, you’re basically leaving your content up for interpretation, and thats a gamble.
URL: Uppercase
Type: Warning
Priority: Low
Description:
URLs that have uppercase characters within them. URLs are case sensitive, so as best practice generally URLs should be lowercase, to avoid any potential mix ups and duplicate URLs.
How to Fix:
Ideally lowercase characters should be used for URLs only. However, changing URLs is a big decision, and often it’s not worth changing them for SEO purposes alone. If URLs are changed, then appropriate 301 redirects must be implemented.
Pedro’s Take:
Using uppercase in URLs is like yelling random words in a sentence FOR NO REASON. It confuses Google, and Google does not like being confused its basically a big nerd that likes things tidy. MAINpage and mainpage might look the same to you, but to a search engine, its like meeting twins named Bob and BOB and now it doesnt know who to invite to the party. Just use lowercase, redirect if needed, and stop shouting at your URLs.
Security: Missing X-Frame-Options Header
Type: Warning
Priority: Low
Description:
URLs missing an X-Frame-Options response header with a ‘DENY’ or ‘SAMEORIGIN’ value. This instructs the browser not to render a page within a frame, iframe, embed or object. This helps avoid ‘clickjacking’ attacks, where your content is displayed on another web page that is controlled by an attacker.
How to Fix:
To minimise security issues, the X-Frame-Options response header should be supplied with a ‘DENY’ or ‘SAMEORIGIN’ value.
Pedro’s Take:
Not setting X-Frame-Options is like letting strangers stick your website inside their dodgy old van and drive it around town pretending it’s theirs. Thats clickjacking your page looks normal, but its actually been hijacked and is being used in shady ways. By setting DENY or SAMEORIGIN, youre slamming the door shut and saying, No free rides, mate. Its a one-line fix that tells attackers to get lost.
URL: Non ASCII Characters
Type: Warning
Priority: Low
Description:
URLs with characters outside of the ASCII character-set. Standards outline that URLs can only be sent using the ASCII character-set and some users may have difficulty with subtleties of characters outside this range.
How to Fix:
URLs should be converted into a valid ASCII format, by encoding links to the URL with safe characters (made up of % followed by two hexadecimal digits). Today browsers and the search engines are largely able to transform URLs accurately.
Pedro’s Take:
Using weird symbols in URLs is like naming your dog Mr. Flff? and expecting everyone to shout it clearly at the park. Most browsers try to understand, but they might just panic and bark back %C3%BC%C3%9F. It’s best to stick with plain, boring letters and let the internet do its job without needing a decoder ring. Keep your URLs simple, unless you want them looking like robot swearing.
Security: Missing Secure Referrer-Policy Header
Type: Warning
Priority: Low
Description:
URLs missing ‘no-referrer-when-downgrade’, ‘strict-origin-when-cross-origin’, ‘no-referrer’ or ‘strict-origin’ policies in the Referrer-Policy header. When using HTTPS, it’s important that the URLs do not leak in non-HTTPS requests. This can expose users to ‘man in the middle’ attacks, as anyone on the network can view them.
How to Fix:
Consider setting a referrer policy of strict-origin-when-cross-origin. It retains much of the referrer’s usefulness, while mitigating the risk of leaking data cross-origins.
Pedro’s Take:
Not setting a Referrer-Policy is like your website loudly blurting out your visitors’ private info every time they click a link Hey! They came from this exact page! Most of the time, thats fine, but on dodgy connections, its like sending secret notes through a nosy postman. By setting a smart policy like strict-origin-when-cross-origin, you keep things useful for analytics but stop oversharing with shady strangers. It’s basically teaching your site to keep its mouth shut in risky situations.
Security: Missing HSTS Header
Type: Warning
Priority: Low
Description:
URLs that are missing the HSTS response header. The HTTP Strict-Transport-Security response header (HSTS) instructs browsers that it should only be accessed using HTTPS, rather than HTTP. If a website accepts a connection to HTTP, before being redirected to HTTPS, visitors will initially still communicate over HTTP. The HSTS header instructs the browser to never load over HTTP and to automatically convert all requests to HTTPS.
How to Fix:
The HSTS header should be used across all pages to instruct the browser that it should always request pages via HTTPS, rather than HTTP.
Pedro’s Take:
Not using HSTS is like locking your front door but still letting people knock on the dodgy side entrance first. Even if your site uses HTTPS, without this rule, browsers might still try the insecure version (HTTP) before redirecting and that little gap is enough for hackers to stick their nose in. HSTS stands for HTTP Strict Transport Security which is just a fancy way of saying, Oi browser, from now on, only talk to this site over the secure connection. No shortcuts, no backdoors. Its one line of code that slams the door shut before trouble even shows up.
Response Codes: Internal Redirection (3xx)
Type: Warning
Priority: Low
Description:
Internal URLs which redirect to another URL. These will include server-side redirects, such as 301 or 302 redirects (and more).
How to Fix:
Ideally all internal links would be to canonical resolving URLs, and avoid linking to URLs that redirect. This reduces latency of redirect hops for users, and enhanced efficiency for search engines.
Pedro’s Take:
Linking to a URL that redirects is like telling someone to go to the kitchen, only for them to find a note that says, Actually, go to the living room. It gets them there eventually, but its slower and a bit annoying. Every redirect adds a tiny delay for users and for Google and too many of them can make your site feel clunky. Best practice? Just link straight to the final destination and skip the detour.
Response Codes: External Client Error (4xx)
Type: Warning
Priority: Low
Description:
External URLs with a client-side error. This indicates a problem occurred with the URL request and can include responses such as 400 bad request, 403 Forbidden, 404 Page Not Found, 410 Removed, 429 Too Many Requests and more. A 404 ‘Page Not Found’ is the most common, and often referred to as a broken link.
How to Fix:
All links on a website should ideally resolve to 200 ‘OK’ URLs. Errors such as 404 broken links should be updated so users are taken to the correct URL, or removed.
Pedro’s Take:
External 4xx errors are like recommending your friend visit a cool restaurant that turns out to be boarded up or tells them youre not welcome. Broken links to other sites make you look sloppy and frustrate users. Fix the links if theres a correct URL, or just remove them if theyre leading to the digital graveyard.
URL: Repetitive Path
Type: Warning
Priority: Low
Description:
URLs that have repetitive paths or subfolders within the string (example.com/page1/page/page1/page2). In some cases this can be legitimate and logical, however it also often points to poor URL structure and potential improvements. It can also help identify issues with incorrect relative linking, causing infinite URLs.
How to Fix:
While not always an issue repetitive paths aren’t particularly user friendly, or could be causing crawling issues if due to incorrect relative linking. Ideally any URL should be as concise as possible. However, changing URLs is a big decision, and often it’s not worth changing them for SEO purposes alone. If URLs are changed, then appropriate 301 redirects must be implemented.
Pedro’s Take:
Repetitive paths in URLs are like giving someone directions that go in circles Go to /shoes/shoes/shoes/shoes/red-shoes. It looks messy, confuses users, and can hint at broken linking logic or sloppy site structure. Sometimes its harmless, but other times it creates endless URL variations that waste crawl budget and hurt performance. Keep your URLs clean and straight to the point and if you do fix them, dont forget the 301 redirect so no one gets lost retracing the same steps.
Response Codes: External Server Error (5xx)
Type: Warning
Priority: Low
Description:
External URLs where the server failed to fulfill an apparently valid request. This can include common responses such as 500 Internal Server Errors and 503 Service Unavailable.
How to Fix:
All URLs should respond with a 200 ‘OK’ status and this might indicate a server that struggles under load, or a misconfiguration that requires investigation. If they can be viewed in a browser, then it’s often not an issue.
Pedro’s Take:
External 5xx errors are like inviting your users to a party at someone elses house and when they arrive, the host slams the door with a Server Error sign. Its not your fault directly, but it still makes you look bad. These errors usually mean the other site is having issues overloaded, broken, or badly set up. If the link still works fine in a browser, it might be a temporary blip. But if it keeps happening, either swap the link or prepare for your visitors to get ghosted.
URL: Parameters
Type: Warning
Priority: Low
Description:
URLs that include parameters such as ‘?’ or ‘&’. This isn’t an issue for Google or other search engines to crawl unless at significant scale, but it’s recommended to limit the number of parameters in a URL which can be complicated for users, and can be a sign of low value-add URLs.
How to Fix:
Where possible use a static URL structure without parameters for key indexable URLs. However, changing URLs is a big decision, and often it’s not worth changing them for SEO purposes alone. If URLs are changed, then appropriate 301 redirects must be implemented.
Pedro’s Take:
URLs with parameters like ?page=2&sort=weird are like handing someone a messy receipt instead of a clean menu it works, but its ugly and hard to read. Google can crawl them just fine, but they can clutter your site and confuse users, especially at scale. If the page is important, try using a nice clean static URL. And as always, if you change it, slap a 301 redirect on the old one so nobody gets lost in query-string limbo.
Response Codes: External No Response
Type: Warning
Priority: Low
Description:
External URLs with no response returned from the server. Usually due to a malformed URL, connection timeout, connection error, or connection refused.
How to Fix:
Malformed URLs should be updated to the correct location.
Pedro’s Take:
Some of the links on your site lead to places that dont respond at all its like telling your visitors, Hey, check this out! and then sending them to a blank screen. That could mean the website youre linking to doesnt exist, is broken, or was typed in wrong. Either way, it looks bad and wastes your visitors time. Its best to fix the link, point it to the right place, or just remove it if its no longer useful. No one likes being sent to nowhere.
Hreflang: Missing X-Default
Type: Warning
Priority: Low
Description:
URLs missing an x-default hreflang attribute. This is optional, and not necessarily an issue.
How to Fix:
Consider adding a fallback page for unmatched languages, especially on language/country selectors or auto-redirecting homepages.
Pedro’s Take:
Missing an x-default hreflang tag is like having a hotel with signs in 10 languages but no welcome sign for people who speak none of them. Its not a huge problem, but adding an x-default gives Google a fallback option when it cant match a visitors language. Its especially useful on homepages or language selectors, helping make sure someone gets pointed in the right direction, even if their language isnt listed.
URL: GA Tracking Parameters
Type: Warning
Priority: Low
Description:
URLs that contain Google Analytics tracking parameters. In addition to creating duplicate pages that must be crawled, using tracking parameters on links internally can overwrite the original session data. utm= parameters strip the original source of traffic and starts a new session with the specified attributes. _ga= and _gl= parameters are used for cross-domain linking and identify a specific user, including this on links prevents a unique user ID from being assigned.
How to Fix:
Remove the tracking parameters from links. Event Tracking is recommended in place of utm parameters for tracking additional interactions on a page such as downloads, link clicks, form submissions, and video plays.
Pedro’s Take:
Using Google Analytics tracking parameters like utm= in your URLs is like shouting Hey, a new visitor! every time someone clicks around your own site it breaks the session and messes up your data. Internally, these parameters can create duplicate pages, confuse tracking, and wipe out the original traffic source. Its fine for external campaigns, but inside your own site? Big no. Clean it up and use proper event tracking instead your analytics will thank you, and so will your SEO.
Hreflang: Missing Self Reference
Type: Warning
Priority: Low
Description:
URLs missing their own self referencing rel=”alternate” hreflang annotation. It was previously a requirement to have a self-referencing hreflang, but Google has updated their guidelines to say this is optional. It is however good practice and often easier to include a self referencing attribute.
How to Fix:
Consider adding a self referencing rel=”alternate” hreflang annotation as Google still describe this as best practice in their documentation.
Pedro’s Take:
Not having a self-referencing hreflang is like handing out business cards for all your colleagues but forgetting to include your own. Its not technically wrong, but its cleaner and easier for Google if every page points to itself too. Adding that self-reference helps complete the hreflang loop and keeps everything tidy. Its one of those not required, but smart to do things like washing behind your ears.
Directives: NoODP
Type: Warning
Priority: Low
Description:
URLs containing a ‘noodp’ directive in either a robots meta tag or X-Robots-Tag in the HTTP header. This is an old meta tag that used to instruct Google not to use the Open Directory Project for its snippets.
How to Fix:
What year is it?! The ‘noodp’ directive can be removed from URLs as it’s no longer in use.
Pedro’s Take:
Using the ‘noodp’ tag today is like putting up a sign saying “No VHS tapes allowed” – no one’s using them anymore, and Google stopped caring ages ago. It’s digital clutter from a bygone era. Clear it out, tidy up, and let your meta tags focus on the stuff that actually matters now.
Canonicals: Multiple
Type: Warning
Priority: Low
Description:
Pages with multiple canonicals set for a URL (either multiple link elements, HTTP header, or both combined). This can lead to unpredictability, as there should only be a single canonical URL set by a single implementation (link element, or HTTP header) for a page and might lead to mix-ups.
How to Fix:
Specify a single canonical URL using a single approach (link element, or HTTP header) for every page to avoid any potential mix ups.
Pedro’s Take:
Having multiple canonicals on a page is like giving someone directions with two different maps – they will probably end up lost, or worse, ignore both. Google sees the mess and does not know which version to trust, so your link equity might split or vanish. Stick to one voice, one method – either a tag or an HTTP header, not both. Pick your preferred URL and make it crystal clear. No need to confuse the satnav.
URL: Over 115 Characters
Type: Opportunity
Priority: Low
Description:
URLs that are more than the configured length. This is generally not an issue, however research has shown that users prefer shorter, concise URL strings.
How to Fix:
Where possible use logical and concise URLs for users and search engines. However, changing URLs is a big decision, and often it’s not worth changing them for SEO purposes alone. If URLs are changed, then appropriate 301 redirects must be implemented.
Pedro’s Take:
Super long URLs are like giving someone directions that include every step you took since birth Turn left at the tree, then right at where I dropped my ice cream in 1996… Nobody wants to read that. Shorter URLs are cleaner, easier to share, and look way less like a ransom note. If you do shorten them, make sure to set up a 301 redirect from the old URL to the new one that way, anyone using the old link still ends up in the right place, and you dont lose traffic or search rankings.
URL: Underscores
Type: Opportunity
Priority: Low
Description:
URLs with underscores, which are not always seen as word separators by search engines.
How to Fix:
Ideally hyphens should be used as word separators, rather than underscores. However, changing URLs is a big decision, and often it’s not worth changing them for SEO purposes alone. If URLs are changed, then appropriate 301 redirects must be implemented.
Pedro’s Take:
Underscores_in_URLs_are_like_talking_like_this hard to read and awkward for search engines to split into proper words. Google prefers-hyphens-instead theyre cleaner, easier to read, and actually treated as word separators. If youre going to change them, just remember to set up a 301 redirect so your visitors and Google dont get dumped into a digital void.
nan
Type: nan
Priority: nan
Description:
nan
How to Fix:
nan
Pedro’s Take:
nan
Security: Missing X-Content-Type-Options Header
Type: Warning
Priority: Low
Description:
URLs that are missing the ‘X-Content-Type-Options’ response header with a ‘nosniff’ value. In the absence of a MIME type, browsers may ‘sniff’ to guess the content type to interpret it correctly for users. However, this can be exploited by attackers who can try and load malicious code, such as JavaScript via an image they have compromised.
How to Fix:
To minimise security issues, the X-Content-Type-Options response header should be supplied and set to ‘nosniff’. This instructs browsers to rely only on the Content-Type header and block anything that does not match accurately. This also means the content-type set needs to be accurate.
Pedro’s Take:
Imagine your website is a nightclub, and the bouncers (browsers) check IDs (content types) at the door. Without the nosniff rule, the bouncers might start guessing whos legit based on looks and thats how sneaky hackers in fake mustaches (malicious files) slip in pretending to be harmless images. By setting X-Content-Type-Options: nosniff, youre basically telling the bouncers: Stick to the guest list only. No guessing. Its a small rule with big security perks and no one wants a JavaScript brawl in the VIP section.
Leave a Reply