Technical SEO Audit: The Full 120-Point Checklist

Most “technical audits“ we inherit from previous agencies are glorified Lighthouse screenshots. A real audit checks 120+ things across 8 categories, classifies them by business impact, and produces developer-ready tickets with acceptance criteria. Here is the exhaustive checklist we run.

1. Crawlability & indexation (22 checks)

• robots.txt syntax and sensibility
• XML sitemap presence, freshness and format
• Canonical tags on every URL
• Duplicate content via URL parameters
• HTTP vs HTTPS canonicalisation
• Trailing-slash consistency
• www vs non-www canonicalisation
• noindex tags on paginated pages
• Soft-404 detection
• Orphan pages
• Crawl budget waste (faceted filters, session IDs, search result pages)
• X-Robots-Tag header consistency
• Hreflang implementation if multi-regional
• Pagination: rel=next/prev legacy vs modern patterns
• JavaScript-rendered content crawlability
• Mobile vs desktop parity
• IP-based cloaking detection
• Server response codes (200 vs 301 vs 302)
• Redirect chains over 2 hops
• Redirect loops
• Broken internal links (4xx/5xx)
• Google Search Console coverage issues

2. Core Web Vitals (14 checks)

• LCP: largest contentful paint under 2.5s on field data
• INP: interaction to next paint under 200ms
• CLS: cumulative layout shift under 0.1
• FCP: first contentful paint
• TTFB: time to first byte
• Hero image preloading strategy
• Font loading strategy (swap, optional, block)
• Third-party script audit
• Render-blocking JavaScript
• Render-blocking CSS
• Main-thread blocking tasks
• Image lazy loading implementation
• Above-the-fold image format (AVIF, WebP)
• Responsive image srcset usage

3. Site architecture (16 checks)

• URL structure and readability
• Click depth from homepage
• Internal linking silo models
• Breadcrumb navigation + structured data
• Footer linking hygiene
• Anchor text distribution internal
• Orphan pages in internal graph
• Hub and spoke architecture
• Parent category structure
• Filter and facet URL rules
• Pagination architecture
• Tag page handling
• Author page canonicalisation
• Search result page noindex
• Faceted navigation canonical rules
• Mobile menu structure

4. Schema markup (12 checks)

• Organization schema on homepage
• WebSite schema with sitelinks search
• BreadcrumbList on every page
• Article schema on blog posts
• Product schema on e-commerce
• LocalBusiness schema if applicable
• FAQPage schema where relevant
• Review / AggregateRating schema
• Event, Recipe, HowTo as appropriate
• Valid JSON-LD syntax
• Rich Results Test validation
• Schema consistency across pages

5. Mobile & responsive (10 checks)

• Mobile-first indexing parity
• Viewport meta tag
• Tap target sizing
• Font size readability
• Horizontal scrolling detection
• Mobile menu usability
• Responsive image delivery
• Touch interaction delays
• Accelerated Mobile Pages (legacy audit)
• PWA manifest and service worker if applicable

6. Security (12 checks)

• HTTPS enforcement
• HSTS header
• Mixed content detection
• Content Security Policy
• X-Frame-Options
• X-Content-Type-Options
• Referrer-Policy
• Permissions-Policy
• TLS version (1.2+)
• Certificate validity and chain
• Vulnerable JavaScript library versions
• Directory listing exposure

7. International & accessibility (12 checks)

• Hreflang tag reciprocity
• Language-region code validity
• x-default implementation
• Language detection by URL, not IP
• Alt text on all images
• Semantic HTML5 landmarks
• Heading hierarchy (one H1 per page)
• Form label association
• Color contrast WCAG AA
• Keyboard navigation
• ARIA attributes correctness
• Screen reader testing

8. Analytics & tracking (12 checks)

• Google Analytics 4 implementation
• Google Search Console verification
• Bing Webmaster Tools verification
• Event tracking completeness
• Conversion goal setup
• Tag Manager container review
• Consent Mode v2 compliance
• Server-side tracking if applicable
• Sample rate and retention settings
• Cross-domain tracking
• Referral exclusions
• Bot and spam filtering

Prioritisation

Each finding is classified in three dimensions: severity (critical / high / medium / low), effort (S/M/L), and business impact (revenue / rankings / risk). The deliverable is not the audit — it is the prioritised ticket queue. A 120-check audit without prioritisation is a 400-page document nobody reads.

The output for each issue includes: what is wrong, why it matters, the fix (with code snippet if applicable), acceptance criteria, and expected impact. That is how you turn an audit into shipped improvements.