Webmaster and SEO Tools
Free diagnostic tools and related guides for checking Webmaster and SEO issues in one place.
What should I check first for Webmaster and SEO issues?
For Webmaster and SEO issues, start with SEO Analyzer to capture the current state, then use robots.txt Checker to narrow the cause. If the result is unclear, read the related guide and open the next tool before changing settings.
Recommended Check Order
Open the tools in this order to narrow the issue before you change DNS, email, security, privacy, or network settings.
Check the current state: SEO Analyzer
Analyze core SEO elements including title, description, and structure hints.
Narrow the cause: robots.txt Checker
Fetch and parse robots.txt rules and sitemap directives.
Cross-check the result: Redirect Checker
Trace redirect hops and identify final URL and response status.
Common Symptoms
Common problem patterns grouped by tool. If a symptom matches, start with that check.
A page is not indexed or is missing from search.
Check final status code, noindex, robots blocking, canonical target, and redirect chain for conflicts.
Run robots and redirect checks against the final crawler-visible URL before changing content.
An important page appears blocked by robots.txt.
Review user-agent-specific Disallow rules, Allow exceptions, sitemap location, and the real final URL path.
Pair SEO analysis with redirect checking to see whether the final URL matches a blocked path.
The final URL is correct, but SEO warnings remain.
Review intermediate hops, http/https, www/non-www, trailing slash, and canonical consistency.
Inspect headers and robots/canonical signals on the final response.
The response is 200, but cache or security behavior is wrong.
Inspect Cache-Control, HSTS, CSP, X-Frame-Options, CORS, and referrer policy headers.
Run security headers and redirect checks against the final URL, not only the first URL.
The site works, but the security header score is low.
Working pages can still miss HSTS, CSP, frame protection, referrer policy, or clickjacking controls.
Compare HTTP headers and SSL state, then apply low-conflict headers first.
The certificate is valid, but browsers show a security warning.
Check intermediate chain, hostname match, www/non-www coverage, and CDN versus origin certificates.
Pair SSL check with security headers and redirect checks to find mixed configuration.
Which tool should I open first?
Use this matrix to match the symptom to the right tool, the signal to check, and the next action.
SEO Analyzer
Analyze core SEO elements including title, description, and structure hints.
Use the SEO Analyzer result to narrow Webmaster and SEO issues.
After reviewing the result, cross-check it with a related tool or guide.
robots.txt Checker
Fetch and parse robots.txt rules and sitemap directives.
Use the robots.txt Checker result to narrow Webmaster and SEO issues.
After reviewing the result, cross-check it with a related tool or guide.
Redirect Checker
Trace redirect hops and identify final URL and response status.
Use the Redirect Checker result to narrow Webmaster and SEO issues.
After reviewing the result, cross-check it with a related tool or guide.
HTTP Headers
Fetch HTTP response headers, status code, and timing information.
Use the HTTP Headers result to narrow Webmaster and SEO issues.
After reviewing the result, cross-check it with a related tool or guide.
Security Headers Checker
Audit HTTP security headers and hardening coverage.
Use the Security Headers Checker result to narrow Webmaster and SEO issues.
After reviewing the result, cross-check it with a related tool or guide.
SSL Check
Inspect SSL certificate issuer, validity period, and chain status.
Use the SSL Check result to narrow Webmaster and SEO issues.
After reviewing the result, cross-check it with a related tool or guide.
How To Choose The Right Tool
Chrome “This Site Can’t Be Reached”: Causes and Fixes
Chrome “This site can’t be reached” is a broad symptom, not one root cause. DNS failures, timeouts, refused ports, server outages, proxy or VPN issues, routing problems, and SSL errors can all appear under this message.
HTTP Headers
Fetch HTTP response headers, status code, and timing information.
Frequently Asked Questions
Webmaster and SEO: what should I check first?
For Webmaster and SEO issues, start with SEO Analyzer to capture the current state, then use robots.txt Checker to narrow the cause. If the result is unclear, read the related guide and open the next tool before changing settings.
Which tools should I run first?
Run SEO Analyzer, robots.txt Checker, Redirect Checker in that order to separate current state, likely cause, and cross-check signals.
What should I read if the result is unclear?
If the result is unclear, open Chrome “This Site Can’t Be Reached”: Causes and Fixes and review the same problem as a checklist.
Tools To Run
SEO Analyzer
Analyze core SEO elements including title, description, and structure hints.
robots.txt Checker
Fetch and parse robots.txt rules and sitemap directives.
Redirect Checker
Trace redirect hops and identify final URL and response status.
HTTP Headers
Fetch HTTP response headers, status code, and timing information.
Security Headers Checker
Audit HTTP security headers and hardening coverage.
SSL Check
Inspect SSL certificate issuer, validity period, and chain status.
Open Graph Preview
Enter a URL to preview how it looks when shared on KakaoTalk, Twitter, Facebook, and other platforms.
JSON Formatter / Validator
Format, validate, and minify JSON in your browser.
cURL Command Builder
Enter a URL, headers, method, and body to instantly generate a ready-to-run cURL command.
Guides To Read
Chrome “This Site Can’t Be Reached”: Causes and Fixes
Chrome “This site can’t be reached” is a broad symptom, not one root cause. DNS failures, timeouts, refused ports, server outages, proxy or VPN issues, routing problems, and SSL errors can all appear under this message.
ERR_HTTP2_PROTOCOL_ERROR: Causes and Fixes
ERR_HTTP2_PROTOCOL_ERROR means the browser hit a protocol-level problem while handling an HTTP/2 connection with a server, CDN, or proxy. Compression headers, CDN edge behavior, TLS, server push, gRPC, WAF rules, cache, and recent deployments can all be involved.
ERR_CACHE_MISS: Causes and Fixes
ERR_CACHE_MISS appears when Chrome cannot safely reuse cached data or needs to resubmit a request. Back-button POST flows, form submission, cache headers, redirects, service workers, sessions, and browser extensions should be separated.
ERR_BLOCKED_BY_CLIENT: Causes and Fixes
ERR_BLOCKED_BY_CLIENT usually means the request was blocked by the browser, an extension, a content blocker, security software, or privacy settings rather than by the origin server. Images, scripts, analytics files, CDN paths, and filename patterns should be checked separately.
PR_CONNECT_RESET_ERROR: Causes and Fixes
PR_CONNECT_RESET_ERROR appears in Firefox when an HTTPS connection is reset before it can complete. TLS, proxy settings, VPN, security software HTTPS inspection, server resets, CDN origin connectivity, and firewalls should be checked together.
PR_END_OF_FILE_ERROR in Firefox: Causes and Fixes
PR_END_OF_FILE_ERROR appears when Firefox reaches the end of a TLS connection before the handshake can complete. The cause can be TLS version policy, cipher suites, HTTPS inspection by security software, proxies, VPNs, CDN settings, or origin SSL behavior.
SEC_ERROR_UNKNOWN_ISSUER in Firefox: Causes and Fixes
SEC_ERROR_UNKNOWN_ISSUER means Firefox does not trust the certificate issuer. Self-signed certificates, missing intermediates, corporate HTTPS inspection, CDN and origin chain mismatches, or a local root store issue can all create the same warning.
SSL_ERROR_NO_CYPHER_OVERLAP: Causes and Fixes
SSL_ERROR_NO_CYPHER_OVERLAP appears when Firefox and the server cannot agree on a TLS protocol or cipher suite. Old TLS-only servers, overly narrow cipher policies, CDN and origin policy mismatches, and HTTPS inspection devices can all cause it.
MOZILLA_PKIX_ERROR_MITM_DETECTED: Causes and Fixes
MOZILLA_PKIX_ERROR_MITM_DETECTED means Firefox suspects that something between the browser and site changed the HTTPS certificate. Corporate proxies, antivirus HTTPS inspection, malicious proxies, VPNs, local root certificates, and captive portals should be separated carefully.
ERR_CONNECTION_ABORTED: Causes and Fixes
ERR_CONNECTION_ABORTED means the browser started a connection but it was cancelled or cut off along the path. Server resets, proxies, VPNs, firewalls, CDN-to-origin issues, large response limits, browser extensions, and network changes should be separated.
ERR_CONNECTION_FAILED: Causes and Fixes
ERR_CONNECTION_FAILED is a broad Chrome error for a connection that could not be established. DNS, open ports, firewalls, proxies, VPNs, SSL, CDN status, and origin availability should be narrowed in order.
ERR_PROXY_CONNECTION_FAILED: Causes and Fixes
ERR_PROXY_CONNECTION_FAILED appears when the browser cannot reach a site through the configured proxy. Wrong proxy addresses, PAC files, authentication failures, VPN policy, corporate security gateways, DNS, and HTTPS tunnel failures should be separated.
ERR_QUIC_PROTOCOL_ERROR: Causes and Fixes
ERR_QUIC_PROTOCOL_ERROR appears when Chrome fails while handling a QUIC or HTTP/3 connection. UDP 443 blocking, CDN HTTP/3 settings, TLS, proxy or VPN paths, firewalls, browser cache, and extensions should be checked together.
ERR_NAME_NOT_RESOLVED: Causes and Fixes
ERR_NAME_NOT_RESOLVED appears when the browser cannot resolve the hostname to an IP address. Misspelled domains, missing DNS records, nameserver propagation, corporate DNS, VPN DNS, and browser cache can all create the same visitor-facing error.
Server IP Address Could Not Be Found: Causes and Fixes
“Server IP address could not be found” means the browser could not translate the hostname into an IP address. Typos, missing www records, deleted DNS records, nameserver propagation, expired domains, and local DNS cache can all cause it.
DNS_PROBE_FINISHED_BAD_CONFIG: Causes and Fixes
DNS_PROBE_FINISHED_BAD_CONFIG appears when the DNS configuration used by the browser is broken or unstable. Router DNS, operating-system DNS, browser Secure DNS, VPN DNS, corporate DNS, and DNS cache should be separated before changing site records.
DNS Server Not Responding: Causes and Fixes
“DNS server not responding” means the browser or operating system could not get a usable response from the resolver that turns names into IP addresses. Router DNS, ISP resolver outages, VPN DNS, Secure DNS, and broken domain records should be separated.
DNS_PROBE_FINISHED_NO_INTERNET: Causes and Fixes
DNS_PROBE_FINISHED_NO_INTERNET appears when the browser cannot use DNS or an internet route reliably. Real internet disconnection, DNS resolver failure, VPN kill switches, proxies, router problems, and ISP outages should be separated.
ERR_CONNECTION_REFUSED: Causes and Fixes
ERR_CONNECTION_REFUSED often means the target IP was reached but the destination port did not accept the connection. Stopped server processes, wrong ports, firewall reject rules, local dev servers, proxies, and CDN origin settings should be separated before changing DNS.
ERR_ADDRESS_UNREACHABLE: Causes and Fixes
ERR_ADDRESS_UNREACHABLE appears when the browser cannot reach the target IP address or network route. Local routing, wrong IPs, VPN or proxy paths, routers, CGNAT, IPv6 behavior, and firewalls should be checked before treating the site as down.
ERR_EMPTY_RESPONSE: Causes and Fixes
ERR_EMPTY_RESPONSE appears when the browser connects but receives no usable HTTP response or body. Server process crashes, proxy or CDN disconnects, firewall drops, redirect conflicts, compression bugs, and malformed headers can all create the same browser symptom.
ERR_CONNECTION_RESET: Causes and Fixes
ERR_CONNECTION_RESET means the connection was established and then forcibly closed in the path. Server restarts, firewall reset rules, proxy or CDN timeouts, unstable VPN routes, MTU issues, HTTP/2, and TLS policy conflicts can all trigger it.
ERR_CONNECTION_CLOSED: Causes and Fixes
ERR_CONNECTION_CLOSED means the connection between the browser and server closed before the response finished. App shutdowns, reverse proxy closes, CDN origin issues, TLS or HTTP/2 conflicts, and security appliances can all cause it.
ERR_TUNNEL_CONNECTION_FAILED: Causes and Fixes
ERR_TUNNEL_CONNECTION_FAILED appears when the browser cannot create an HTTPS tunnel through a proxy or VPN path. Wrong proxy addresses, failed authentication, corporate blocking, split tunneling, DNS handling, and HTTPS inspection certificates should be checked together.
HTTP 403 Forbidden: Causes and Fixes
HTTP 403 Forbidden means the server understood the request but refused access. Login permissions, IP blocks, firewall or WAF rules, robots policy, file permissions, security headers, and CDN rules can all produce the same visitor-facing status.
HTTP 404 Not Found: Causes and Fixes
HTTP 404 Not Found means the server could not find a resource for the requested URL. Deleted pages, broken internal links, slash or case differences, missing redirects, routing bugs, and stale sitemap URLs can all reduce search traffic.
HTTP 500 Internal Server Error: Causes and Fixes
HTTP 500 Internal Server Error means the server failed while processing the request. Application exceptions, PHP or runtime configuration errors, database failures, permission problems, plugin conflicts, and upstream proxy failures can all appear as the same status.
HTTP 502 Bad Gateway: Causes and Fixes
HTTP 502 Bad Gateway appears when a gateway, proxy, load balancer, or CDN receives an invalid response from the origin or upstream service. CDN edge behavior, reverse proxy rules, origin availability, DNS, SSL mode, and upstream ports should be separated.
HTTP 503 Service Unavailable: Causes and Fixes
HTTP 503 Service Unavailable means the service is temporarily unable to handle the request. Maintenance mode, overload, exhausted workers, rate limits, autoscaling delay, origin downtime, and CDN protection modes can all create this status.
HTTP 504 Gateway Timeout: Causes and Fixes
HTTP 504 Gateway Timeout appears when a gateway, proxy, CDN, or load balancer does not receive an upstream response in time. Origin latency, database queries, external APIs, routing delay, worker queues, and timeout settings should be checked together.
Cloudflare 520 Web Server Returned an Unknown Error: Causes and Fixes
Cloudflare 520 appears when Cloudflare receives an origin response that does not fit a normal HTTP error. Empty responses, malformed headers, origin app exceptions, WAF behavior, compression, HTTP/2, cookies, and large headers should be checked together.
Cloudflare 521 Web Server Is Down: Causes and Fixes
Cloudflare 521 appears when Cloudflare tries to connect to the origin server but the origin refuses or cannot accept the connection. Stopped web servers, closed 80 or 443 ports, firewall rules, security groups, and blocked Cloudflare IP ranges should be checked first.
Cloudflare 522 Connection Timed Out: Causes and Fixes
Cloudflare 522 appears when Cloudflare cannot establish or maintain a TCP connection to the origin in time. Origin overload, route delay, firewall drops, routing problems, and slow port response should be checked before tuning the application alone.
Cloudflare 523 Origin Is Unreachable: Causes and Fixes
Cloudflare 523 appears when Cloudflare can identify the origin target but cannot reach that origin network. Stale origin IPs, broken routing, firewall rules, cloud security groups, and BGP or ASN path problems should be checked together.
Cloudflare 524 A Timeout Occurred: Causes and Fixes
Cloudflare 524 appears when Cloudflare establishes a connection to the origin but the origin does not finish the HTTP response in time. Slow database queries, external APIs, long jobs, worker shortage, cache misses, and timeout settings should be checked.
Cloudflare 526 Invalid SSL Certificate: Causes and Fixes
Cloudflare 526 appears when Cloudflare cannot trust the certificate presented by the origin server. In Full strict mode, expiration, self-signed certificates, hostname mismatch, missing intermediates, CAA or DNS changes, and origin SNI should be checked.
Cloudflare 1016 Origin DNS Error: Causes and Fixes
Cloudflare 1016 appears when Cloudflare cannot resolve the hostname configured as the origin. Missing A or AAAA records, deleted CNAME targets, wrong origin names, private DNS names, DNSSEC issues, and nameserver delegation should be checked first.
Cloudflare 1020 Access Denied: Causes and Fixes
Cloudflare 1020 appears when a firewall rule, WAF rule, bot rule, country block, ASN block, or IP policy denies the request. Access policy and request signals should be checked before treating it as an origin outage.
ERR_TOO_MANY_REDIRECTS: How to Fix Redirect Loops
ERR_TOO_MANY_REDIRECTS means the browser followed redirects until it looped back instead of reaching a final page. HTTP/HTTPS rules, www/non-www rules, trailing slashes, CDN SSL mode, application routing, and cookie-based redirects should be checked together.
“Your Connection Is Not Private”: Causes and Fixes
Chrome “Your connection is not private” is a broad security warning that can come from expired certificates, hostname mismatch, untrusted authorities, revoked certificates, corporate proxies, or an incorrect device clock.
ERR_SSL_PROTOCOL_ERROR: Causes and Fixes
ERR_SSL_PROTOCOL_ERROR happens when the browser starts a TLS connection but the handshake fails because of protocol, certificate, SNI, CDN SSL mode, redirect, firewall, or proxy issues. It is broader than simple certificate expiration, so SSL, headers, and redirects should be checked together.
SSL_ERROR_RX_RECORD_TOO_LONG: Causes and Fixes
SSL_ERROR_RX_RECORD_TOO_LONG often appears when the browser expects HTTPS but the server sends a non-TLS response, or when port 443, virtual hosts, proxies, or CDN SSL mode are misaligned. Check the port and actual response, not only certificate issuance.
Cloudflare 525 SSL Handshake Failed: Causes and Fixes
Cloudflare 525 SSL Handshake Failed appears when the Cloudflare edge cannot complete a TLS handshake with the origin server. Origin certificates, SNI, TLS versions, firewalls, port 443, and Cloudflare SSL mode should be checked together.
NET::ERR_CERT_AUTHORITY_INVALID: How to Fix It
NET::ERR_CERT_AUTHORITY_INVALID appears when the browser cannot trust the certificate authority that issued the certificate. Self-signed certificates, missing intermediates, corporate proxies, security software TLS interception, and broken certificate chains should be separated before changing DNS.
NET::ERR_CERT_REVOKED: Causes and Fixes
NET::ERR_CERT_REVOKED appears when the browser believes the SSL certificate has been revoked or should no longer be trusted. Real revocation, CA issues, OCSP or CRL responses, intermediate certificates, and corporate TLS inspection should be checked together.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH: Causes and Fixes
ERR_SSL_VERSION_OR_CIPHER_MISMATCH appears when the browser and server cannot agree on a TLS version or cipher suite. Old TLS settings, weak ciphers, CDN versus origin SSL policy mismatch, and legacy server configuration can all trigger the same browser error.
NET::ERR_CERT_DATE_INVALID: How to Fix It
NET::ERR_CERT_DATE_INVALID appears when an SSL certificate is expired, not yet valid, or the client clock is wrong. Separate certificate validity, the certificate actually served, CDN versus origin state, and local device time before changing DNS or server settings.
NET::ERR_CERT_COMMON_NAME_INVALID: How to Fix It
NET::ERR_CERT_COMMON_NAME_INVALID usually means the hostname you opened does not match the names covered by the SSL certificate. Check www/non-www, subdomains, CDN edge certificates, redirects, and certificate SAN entries together.
NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: How to Fix It
NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM appears when the certificate or chain uses a signing algorithm Chrome considers too weak or outdated. Check the served certificate, intermediate chain, CA path, TLS policy, CDN edge, and origin together.
NET::ERR_CERT_SYMANTEC_LEGACY: How to Fix It
NET::ERR_CERT_SYMANTEC_LEGACY appears when Chrome detects an old Symantec-family certificate or legacy chain that is no longer trusted. Reissue the certificate, replace intermediates, and deploy the new chain everywhere users connect.
NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED: How to Fix It
NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED means Chrome did not receive enough Certificate Transparency proof for the served certificate. Separate CA logging status, certificate deployment, CDN edge cache, and CAA policy before reissuing.
NET::ERR_CERT_VALIDITY_TOO_LONG: How to Fix It
NET::ERR_CERT_VALIDITY_TOO_LONG appears when the certificate lifetime exceeds current browser policy. Long-lived public, private, or stale origin certificates should be replaced with a certificate that matches modern validity limits.
NET::ERR_CERT_INVALID: Causes and Fixes
NET::ERR_CERT_INVALID is a broad Chrome certificate failure. Expiration, name mismatch, untrusted CA, revocation, weak signatures, Certificate Transparency, and proxy replacement can all trigger it, so collect the exact certificate evidence first.
ERR_BAD_SSL_CLIENT_AUTH_CERT: Causes and Fixes
ERR_BAD_SSL_CLIENT_AUTH_CERT appears when a site asks for a client certificate and Chrome cannot provide one the server accepts. Unlike normal server SSL errors, user certificates, mTLS, proxies, and server trust lists must be checked.
SSL Mismatch Between www and non-www
www.example.com and example.com can behave differently for TLS certificates, redirects, canonicals, and HSTS. If only one hostname is valid, some visitors may see certificate errors while search signals split across URL variants.
DNS_PROBE_FINISHED_NXDOMAIN: Causes and Fixes
DNS_PROBE_FINISHED_NXDOMAIN means the browser could not find an IP address for the hostname. Typos, expired domains, nameserver changes, missing DNS records, propagation delay, and local DNS cache can all cause the same browser error.
ERR_CONNECTION_TIMED_OUT: Causes and Fixes
ERR_CONNECTION_TIMED_OUT means the browser tried to connect but did not receive a response before the timeout. Server downtime, firewall rules, blocked ports, DNS delay, routing failure, CDN issues, and hosting outages can all look the same to visitors.
Search Console CTR Drop: What to Check First
When organic traffic falls, do not treat every click drop as a ranking drop. Separate impressions, CTR, average position, query, page, country, and device in the Search Console Performance report so you know whether to fix snippets, indexing, canonical signals, mobile layout, or answer quality first.
Why Google Shows a Different Title Link
Google title links are generated automatically and may not match the title tag exactly. If the title element, H1, og:title, prominent page heading, internal anchor text, external link text, and site-name signals disagree, Search can choose a different title link and weaken CTR.
Why Meta Description Is Not Showing in Google
Google snippets are generated automatically around the user query and page content, so the meta description is not guaranteed to appear. If the description is generic or does not match the visible answer, headings, and structured data, Search may use another passage from the page.
Google Discover Traffic Dropped: What to Check
Discover traffic is less predictable than query-based Search traffic, and changes can vary by page, country, date, and appearance type. When Discover clicks fall, separate real traffic loss from preliminary report data, then inspect images, titles, trust signals, content quality, freshness, and crawler access.
Search Traffic Dropped After a Site Migration
If organic traffic drops after changing domains, HTTPS, paths, or URL structure, diagnose the migration before rewriting content. Site moves are processed URL by URL, so old and new URLs need aligned redirects, canonicals, sitemaps, hreflang, internal links, Search Console properties, and server-log signals.
Traffic Dropped After a Google Core Update
If traffic changes line up with a Google core update, avoid looking for one magic tag to fix. Compare the real affected scope, rule out technical issues, then evaluate helpful content, trust signals, search-intent fit, stale answers, duplicate or thin pages, and internal continuation across the site.
Indexed Page Has No Search Impressions
A page can be indexed and still receive almost no impressions. Low search demand, unclear intent, deep crawl depth, weak internal anchors, canonical competition, duplicate URLs, or a poor title and first answer can keep an indexed page from becoming a useful search result.
AI Overview and AI Mode Visibility Checklist
To be eligible as a supporting link in Google AI Overviews or AI Mode, a page does not need a special AI file or special schema. It needs to be indexed, eligible to appear in Google Search with a snippet, technically accessible, and useful in visible text. Align robots, snippet controls, canonical signals, structured data, internal links, and the visible answer before chasing AI-specific hacks.
Featured Snippet or People Also Ask Not Showing
You cannot mark a page as a featured snippet. Google systems decide whether a page is a good answer for a search request. To improve eligibility for answer-style surfaces, keep the page indexable and snippet-eligible, then place a concise answer, steps, table, definition, or comparison in visible body text that matches the title, H1, meta description, and structured data.
AI Search Query Fan-Out and Answer Coverage Checklist
AI Mode and AI Overviews can explore complex questions through multiple related searches across subtopics and sources. A page that repeats one short keyword but misses follow-up questions is weaker for complex answer journeys. Strengthen the main question, causes, review order, comparisons, exceptions, related tools, and internal links so the content can support broader query exploration.
Search Console Query, Page CTR, and Revenue Stagnation Diagnosis
When AdSense revenue is flat, AdSense metrics alone do not show whether organic traffic fell, search impressions stayed but SERP CTR weakened, or average position slipped on revenue pages. Split the Search Console Performance report by clicks, impressions, CTR, average position, query, page, country, and device to isolate the search-side cause before changing ads.
Content Refresh and Search Traffic Decay Recovery Checklist
Even if you keep publishing new pages, stale high-traffic pages can hold back total revenue. Google emphasizes helpful, reliable, people-first content, and its starter guidance recommends revisiting, updating, or removing outdated content as needed. Refreshing should mean improving the actual answer, examples, tool links, and dateModified signals, not just changing the date.
Internal Linking, Crawl Depth, and New Content Discovery Checklist
Publishing more content will not compound revenue if hub, category, related article, and tool-card links do not help search engines discover the new pages and understand their place in the site. Google uses links to find new pages and to understand relevance, and every important page should be linked from at least one other crawlable page. Internal links are not just navigation; they are the growth infrastructure that connects high-intent content, tools, and monetizable sessions.
Google Discover And Large Image Preview SEO Checklist
Weak large image previews on Search, Google Images, and Discover can reduce CTR and ad-funded visits even when impressions are stable. ipnawa already allows max-image-preview:large globally, but each important landing page still needs aligned og:image, structured data image, HTTPS image responses, correct Content-Type, sufficient dimensions, and crawler access.
Sitemap lastmod And Recrawl Freshness Checklist
When new or refreshed revenue pages do not recover search traffic quickly, discovery signals may be the bottleneck. Google says sitemap lastmod can be used as a recrawl scheduling signal when it is consistently and verifiably accurate, but changing dates without meaningful page changes is not a trust signal. The sitemap lastmod, Article dateModified, visible update content, canonical, hreflang, and internal links should all point to the same real update.
Crawled - Currently Not Indexed: Causes and Fixes
Crawled - currently not indexed means Google fetched the URL but is not indexing it right now. A 200 status alone is not enough: content quality, duplication, canonical signals, noindex, internal links, structured data, and search-intent fit should be reviewed together.
Discovered - Currently Not Indexed: Causes and Fixes
Discovered - currently not indexed means Google knows about the URL but has not crawled it yet or has assigned it lower priority. Weak internal links, stale sitemap lastmod, slow responses, duplicate URL patterns, and crawl-budget noise can keep URLs in this state longer.
Duplicate Without User-Selected Canonical: How to Fix It
Duplicate without user-selected canonical appears when Google sees similar URLs but the site has not clearly stated a preferred canonical. Search-result URLs, sorting and filters, UTMs, HTTP/HTTPS, www/non-www, and locale variants can split signals across duplicates.
Alternate Page With Proper Canonical: Meaning and Checks
Alternate page with proper canonical means Google treats the current URL as an alternate or duplicate and indexes another canonical URL instead. This can be correct, but if an important landing page falls into this state, canonical, internal link, sitemap, and hreflang signals need review.
Soft 404 in Search Console: Causes and Fixes
A soft 404 happens when a URL returns 200 but looks like an empty page, error page, unavailable item, deleted content, or no-results page. Status code, body value, redirects, canonicals, and internal links should be fixed together.
Search Console Redirect Error: Causes and Fixes
Redirect error can appear when Google follows a URL through a loop, long chain, blocked target, bad final URL, HTTP/HTTPS conflict, or mobile/language redirect mismatch. The final URL seen by users and Googlebot should converge quickly and consistently.
Googlebot blocked by robots.txt: causes and fixes
If important pages, images, favicon files, or structured-data resources are blocked in robots.txt, crawling, indexing, rich results, and search appearance can suffer. A page that looks fine in a browser may still be unavailable to Googlebot.
Meta robots noindex found: what to check
A noindex directive tells search engines not to show the page in search results. It can come from a template default, HTTP X-Robots-Tag, staging setting, plugin, or canonical conflict and may silently remove a public page from index eligibility.
Why Google selected a different canonical URL
Google uses rel canonical as a hint, but duplicate content, internal links, sitemap URLs, redirects, hreflang, HTTP status, and noindex signals can lead Google to choose a different representative URL.
Rich results not showing in Google Search: causes
Valid structured data does not guarantee a rich result. Page accessibility, content quality, structured-data policies, image crawlability, visible-content alignment, canonical selection, and manual actions all matter.
Structured data validation errors: troubleshooting order
Structured data errors often come from JSON syntax, unsupported @type values, missing required properties, bad date formats, inaccessible images, or canonical mismatches. Validate JSON-LD and the visible page together.
Favicon not showing in Google Search: causes and fixes
Search result favicons depend on a home-page icon link, stable favicon URL, square image, Googlebot and Googlebot-Image crawl access, and brand suitability. Changes may take time to appear after recrawling.
Largest Contentful Paint LCP: Causes and Fixes
LCP represents when the main content feels visible to a visitor. If the first-screen headline, result card, primary image, or tool explanation appears late, search visitors may leave before the page becomes useful. Server response, redirects, render-blocking CSS and JavaScript, image loading, and font behavior should be checked together.
Interaction to Next Paint INP: Causes and Fixes
INP measures how quickly the page visually responds after clicks, taps, and typing. If copy buttons, search inputs, menus, or tool-run buttons feel delayed, the page feels slow even after it has loaded. Long JavaScript tasks, heavy event handlers, third-party scripts, and large DOM updates should be reduced.
Cumulative Layout Shift CLS: Causes and Fixes
CLS measures unexpected movement while a page is being read or used. Images, fonts, result cards, dynamic notices, embeds, and widgets that do not reserve space can push content and controls after the visitor has started interacting. Stable dimensions and reserved containers are the core fix.
Render-Blocking Resources: How to Reduce Them
Render-blocking resources are CSS, JavaScript, fonts, or external requests the browser waits for before painting useful content. As the number of blocking files grows, both LCP and interaction responsiveness can suffer. Keep critical CSS small, defer nonessential scripts, and make static resources cacheable and direct.
Unused JavaScript and CSS Cleanup Checklist
Unused JavaScript and CSS slow first paint, input responsiveness, and mobile data use. Tool sites often ship every feature to every page, even when the current visitor needs only one tool. Split page-specific code, common behavior, and delayed features so the initial bundle stays focused.
Slow Server Response TTFB: Causes and Fixes
TTFB is the time until the browser receives the first byte from the server. Slow TTFB delays LCP and can affect crawler scheduling and user abandonment. PHP rendering, DNS, TLS, redirects, caching, file IO, and external API waits should be separated instead of treated as one speed problem.
CORS preflight request failed: causes and fixes
CORS preflight failures usually mean the OPTIONS request was blocked, allowed methods or headers do not match the real request, or error responses such as 401, 403, and 429 omit CORS headers. Inspect the preflight response separately from the actual API call.
Access-Control-Allow-Origin missing: how to fix it
Browsers block cross-origin API responses when Access-Control-Allow-Origin is missing or does not match the request Origin. The same policy needs to apply on successful responses, errors, redirects, CDN cache hits, and preflight replies.
Mixed Content blocked: causes and fixes
Mixed content appears when an HTTPS page loads HTTP scripts, images, iframes, or API calls. Some passive resources may be upgraded automatically, but scripts and fetch requests are often blocked for security.
Content Security Policy refused to load: how to fix it
CSP refused-to-load errors happen when directives such as script-src, img-src, connect-src, or frame-src do not allow the resource origin. The goal is to add only the required source, not to weaken the whole policy.
HTTP 429 Too Many Requests: causes and fixes
HTTP 429 means a rate limit, API quota, bot protection rule, login attempt limit, or retry loop has been triggered. Read Retry-After and rate-limit headers, then identify whether the limit is keyed by IP, account, token, path, or user agent.
HTTP 401 Unauthorized: causes and fixes
HTTP 401 usually means authentication is missing or failed: an expired token, malformed Authorization header, missing cookie, cross-origin credential issue, or API gateway rule. Separate it from 403, which often means authenticated but not allowed.
SameSite cookie not sent: causes and fixes
A login or session cookie can disappear from a request when SameSite, cross-site navigation, iframes, redirects, fetch credentials, and CORS credentials do not line up. Confirm whether the browser sent the cookie before blaming the backend session.
Secure cookie not set or not sent: causes
Secure cookies are stored and sent only over HTTPS. HTTP callbacks, proxy HTTPS detection bugs, redirects, mixed content, HSTS, and certificate problems can make a login session appear to vanish.
Third-party cookies blocked: what breaks and how to fix it
When browsers block third-party cookies, iframe login, embedded widgets, payments, analytics, attribution, and SSO can fail. The durable fix is often a first-party flow, Storage Access, or server-side session exchange rather than forcing the old cookie model.
Cookies disabled and session lost: causes and fixes
If cookies are disabled or blocked by private mode, tracking protection, or security extensions, login, carts, language settings, and CSRF protection may reset. Separate storage failure from request-sending failure.
JavaScript disabled or blocked: why a site stops working
Buttons, login, forms, calculators, and API calls can stop when JavaScript is disabled or blocked by extensions, CSP, mixed content, wrong MIME type, or failed script responses. Separate disabled JavaScript from script load failure.
Structured Data and Visible Answer Alignment Checklist
Adding FAQ, HowTo, or Article JSON-LD is not enough if the visible answer, steps, dates, and canonical signals say something different. Google validates supported structured data through rich result tooling and expects markup to represent the content users can actually see. Hidden FAQ markup or date-only Article updates can become a quality risk instead of an AEO or revenue recovery signal.
Search Result Snippet and CTR Recovery Checklist
If search impressions exist but CTR and answer-style visibility are weak, inspect what search users see before changing ad code. Google creates title links from signals such as title elements, visible main titles, H1s, og:title, anchors, and WebSite structured data. Snippets are mainly generated from page text and meta descriptions, while nosnippet, max-snippet, and data-nosnippet controls can limit ordinary snippets, featured snippets, and AI or answer-style surfaces.
Brand Entity, Site Name, and Operator Trust Signal Checklist
If search results make the site feel like a loose set of tools instead of a recognizable source, clicks and AEO trust can suffer. Google uses home-page WebSite structured data, og:site_name, title, headings, and other signals to understand site names, while Organization and Logo structured data help identify the publisher entity. Helpful content guidance also asks publishers to make Who, How, and Why clear for readers.
AI Answer Visibility and Snippet Control Checklist
If you want visibility in AI Overviews, AI Mode, featured snippets, and ordinary search snippets, pages must be indexable and eligible to appear in Search with snippets. Google documents that controls such as nosnippet, data-nosnippet, max-snippet, and noindex can limit the information shown from pages in Search and AI features. Google-Extended is a separate robots.txt signal for Gemini model training and some grounding use, so it should not be confused with Search snippet eligibility.
URL Parameters, Duplicate Results, and Crawl Budget Checklist
Tool sites can easily generate thin duplicate URLs through inputs, searches, sorting, filters, UTMs, and language parameters. Google recommends simple crawlable URL structures, and notes that sorting, filtering, session identifiers, and other parameters that do not provide new content can consume crawl budget. High-value landing pages should consolidate signals on canonical URLs, and internal links plus sitemaps should point to the same representative URLs.
Search Intent and Answer Content Gap Checklist
When new organic traffic stalls, adding more pages is less useful than finding missing user questions, quick answers, step-by-step fixes, and related tool links. Google’s systems try to reward original people-first content and passages that answer a search request directly.
Multilingual hreflang, x-default, and Canonical Checklist
If a multilingual site has weak traffic in specific locales or the wrong language page appears in search, language signals may be the bottleneck before content volume. Google recommends unique URLs for language versions and aligned hreflang, x-default, canonical, and sitemap alternate signals for each cluster.
robots.txt, noindex, and canonical conflicts
Crawl blocking, index exclusion, and canonical URL selection are different signals. Blocking a noindex page with robots.txt or pointing canonical and redirects at different URLs can make search engines treat the page differently than intended.
robots.txt and Crawler Behavior
robots.txt is a crawl-routing file, not a removal tool. To control discovery, crawling, and indexing correctly, you need to separate robots rules, canonicals, and noindex signals.
Why Open Graph images do not show
Missing share-card images can come from absent og:image tags, relative URLs, small images, robots blocking, redirects, wrong Content-Type, or platform cache. Validate the image URL itself, not only the page markup.
SSL Certificate Errors and Fix Order
Browser SSL errors often come from expiration, hostname mismatch, missing intermediate certificates, or CDN/origin differences. Read the served certificate, redirect path, security headers, and DNS path together before changing production settings.
SSL Chains and Intermediate Certificates
Browsers trust a certificate only when the leaf, intermediate, and root chain can be built correctly. A missing intermediate often breaks only some clients, which makes the problem easy to miss.
Security Headers Implementation Checklist
HSTS, CSP, X-Frame-Options, Referrer-Policy, and Permissions-Policy affect both browser security and trust signals. Apply them in a staged order so you improve safety without breaking ads, analytics, or scripts.
Redirects, Canonicals, and Preferred URLs
Redirect chains and canonical signals tell browsers and crawlers which URL should win. Mixed protocol or host patterns often create SEO and caching confusion.
FAQ
Webmaster and SEO: what should I check first?
Which tools should I run first?
What should I read if the result is unclear?
Data Handling & Privacy
ipnawa is a diagnostics service. Inputs are used to produce results and are not intended for account-based profiling.
- Server-side tools (WHOIS, SSL, DNS, header checks) send your input domain/IP to our server for lookup.
- Browser-side tools (fingerprint, cookies, JavaScript) run primarily in your browser when supported.
- Standard web/server security logs may include IP address, timestamp, and User-Agent.
- Some checks call external providers such as ipinfo.io and bigdatacloud.net.
- Ads and non-essential cookies are loaded only after your consent choice.
External Processors
- ipinfo.io (IP/ASN/location lookups)
- bigdatacloud.net (reverse geocoding)
- Advertising partners (only after ad-consent acceptance)
You can review or change cookie/ad consent at any time.