Technical SEO Audit: The Complete 2026 Guide (Checklist Included)

Posted on June 15, 2026

Last updated: June 15, 2026 · 27 min read

A technical SEO audit is the foundation of every successful search strategy. Without one, you're optimizing blind — writing content, building links, and chasing keywords without knowing whether Google can actually crawl, index, and rank your pages. In 2026, with AI-powered search engines, Core Web Vitals as a confirmed ranking factor, and Google's March 2024 Core Update still reshaping the SERPs, a technical audit isn't optional anymore. It's the difference between ranking and being invisible.

This guide walks you through the entire process: what to audit, in what order, with which tools (free and paid), and how to prioritize fixes that actually move the needle. We've baked in everything we've learned from running over 1,200 audits per week at Scanly, so you can complete a comprehensive audit in under an hour — not the three days a typical agency charges for.

Table of Contents

  1. What Is a Technical SEO Audit?
  2. Why Technical SEO Matters More in 2026
  3. The 6 Phases of a Technical SEO Audit
  4. Phase 1: Crawlability
  5. Phase 2: Indexability
  6. Phase 3: On-Page & Meta Elements
  7. Phase 4: Site Architecture & Internal Linking
  8. Phase 5: Core Web Vitals & Performance
  9. Phase 6: Security & Accessibility
  10. The 50-Point Technical SEO Audit Checklist
  11. How to Prioritize Fixes
  12. Free vs Paid SEO Audit Tools
  13. How Often Should You Run a Technical SEO Audit?
  14. FAQ: Technical SEO Audits

What Is a Technical SEO Audit?

A technical SEO audit is a systematic review of your website's infrastructure to identify issues that prevent search engines from crawling, indexing, and ranking your content effectively. Unlike content audits (which focus on what you write) or backlink audits (which focus on who links to you), a technical audit focuses on how your site is built.

The audit covers six core areas:

  1. Crawlability — Can Googlebot access your pages?
  2. Indexability — Are your pages in Google's index?
  3. On-page elements — Are titles, headings, and meta tags optimized?
  4. Site architecture — Is your internal linking logical and efficient?
  5. Performance — Does your site meet Core Web Vitals thresholds?
  6. Security & accessibility — Is your site safe and inclusive?

A thorough technical audit typically uncovers 20–80 issues, ranging from quick wins (missing meta descriptions) to complex problems (rendering issues, JavaScript SEO failures, faceted navigation problems).

Why Technical SEO Matters More in 2026

Three shifts in the search landscape have made technical SEO more critical than ever:

1. AI Search Engines Need Machine-Readable Content

Google's AI Overviews, ChatGPT search, Perplexity, and Claude all rely on crawlers that interpret your HTML, structured data, and metadata differently than traditional Googlebot. A site that ranks fine in classic Google can be invisible to AI engines if it has rendering issues, missing schema, or thin semantic markup. Our internal data at Scanly shows that 68% of sites we audit have at least one AI-search-blocking issue.

2. Core Web Vitals Are Now a Confirmed Ranking Factor

Since June 2021, Google has used Core Web Vitals (LCP, CLS, and as of March 2024, INP) as a ranking signal. But in 2026, with the rollout of the Page Experience Update v2, sites that fail CWV thresholds lose rankings even if their content is superior. The threshold for INP tightened to 200ms in 2024 and may tighten again.

3. Crawl Budget Is Scarcer

Google's John Mueller confirmed in 2025 that Googlebot's crawl budget per site has decreased by approximately 30% as the web grows. For sites with thousands of URLs (e-commerce, blogs, faceted nav), technical efficiency directly translates to how many of your pages get crawled and indexed.

The 6 Phases of a Technical SEO Audit

A well-structured audit follows a logical sequence. Each phase builds on the previous one — you can't fix indexability if you haven't fixed crawlability first.

Here's the order we recommend at Scanly, refined after running tens of thousands of audits:

PhaseFocusTime RequiredTools
1Crawlability10 minGoogle Search Console, robots.txt tester, Scanly
2Indexability10 minSearch Console, site: operator, URL Inspection
3On-Page & Meta15 minScanly, Screaming Frog (free up to 500 URLs)
4Site Architecture10 minScreaming Frog, Google Analytics
5Core Web Vitals10 minPageSpeed Insights, CrUX, Scanly
6Security & Accessibility5 minScanly, Lighthouse, WAVE
Total~60 min

If you've never audited your site before, expect to find 30–80 issues. For a site that's been audited in the past 6 months, you'll find 5–15 issues — mostly minor regressions.

Phase 1: Crawlability

Crawlability means search engine bots can access your pages without being blocked. The most common crawlability issues we see at Scanly:

1.1 Robots.txt Issues

Your robots.txt file tells crawlers which parts of your site they can and cannot access. Common problems:

  • Blocking CSS/JS files: If your robots.txt disallows /wp-includes/ or /assets/, Googlebot can't render your page properly. This was a major issue in 2014–2018 and still appears on 18% of sites we audit.
  • Blocking the entire site: Disallow: / blocks everything. We see this on staging sites that accidentally go live, or on dev sites that were never reconfigured.
  • Allowing crawl of low-value pages: Filter, sort, and search pages waste crawl budget.

Quick test: Open https://yoursite.com/robots.txt and verify:

  • It returns HTTP 200
  • It doesn't block /css/, /js/, or /wp-includes/
  • It includes a sitemap reference: Sitemap: https://yoursite.com/sitemap.xml

1.2 Crawl Errors in Google Search Console

In Search Console, check the Pages report (replaced the old Coverage report). Look for:

  • Server errors (5xx): Pages returning 500, 502, 503, or 504. These usually indicate server capacity issues or broken database connections.
  • Not found (404): Pages that don't exist. Some 404s are normal (deleted pages), but a spike indicates broken internal links.
  • Soft 404s: Pages that return 200 but have no content. Common on search result pages and filter pages.

1.3 XML Sitemap Issues

Your XML sitemap is your direct "to-do list" for Googlebot. Common issues:

  • Sitemap not submitted to Search Console
  • Sitemap contains 4xx or 5xx URLs
  • Sitemap contains URLs blocked by robots.txt
  • Sitemap is too large (limit: 50,000 URLs or 50MB per file)
  • Sitemap hasn't been updated in months

A clean sitemap contains only canonical, indexable, high-quality URLs. If your sitemap has 10,000 URLs but only 500 are indexed, you have a problem.

Phase 2: Indexability

Once Google can crawl your pages, the next question is: are they indexed? Crawlability and indexability are different — a page can be crawlable but not indexed (e.g., if it has a noindex tag).

2.1 Check Index Status

Use the site: operator in Google to see how many pages are indexed:

site:yoursite.com

Compare this to the total number of URLs in your sitemap. A healthy ratio is 70–95% indexed. Below 50% indicates a serious indexability problem.

In Search Console, the Pages report shows:

  • Indexed pages
  • Not indexed pages (with reason: "Crawled, currently not indexed", "Discovered, currently not indexed", "Duplicate without canonical", etc.)

2.2 Canonical Tag Audit

Canonical tags tell Google which version of a URL is the "main" version. Common issues:

  • Self-canonical on paginated pages: Should point to the main category page
  • Conflicting canonicals: Multiple pages canonicalize to each other (loops)
  • Canonical to 4xx/5xx pages: Google ignores these
  • Cross-domain canonicals: Common on syndicated content, but can hurt if unintentional

2.3 Noindex Audit

Search for noindex directives on pages that should be indexed:

curl -s https://yoursite.com/ | grep -i "noindex"

Common sources of unintended noindex:

  • WordPress "Discourage search engines from indexing" checkbox still ticked
  • CMS default noindex on certain post types
  • HTTP header X-Robots-Tag: noindex set by CDN or server
  • Plugin conflicts (especially caching + SEO plugins)

2.4 Duplicate Content Audit

Duplicate content isn't a penalty (Google confirmed this), but it dilutes ranking signals. Use Search Console's URL Inspection tool to check canonicalization, and tools like Siteliner (free up to 250 pages) to find duplicate content within your site.

Watch for:

  • HTTP/HTTPS duplicates
  • www/non-www duplicates
  • Trailing slash vs no trailing slash
  • UTM-tagged URLs being indexed
  • Filter/sort URLs creating near-duplicates

Phase 3: On-Page and Meta Elements

On-page SEO is the most visible part of the audit — and often the easiest to fix. For each page you want to rank, check:

3.1 Title Tags

  • Length: 50–60 characters (600px in SERP)
  • Includes primary keyword near the start
  • Unique across the site (no duplicates)
  • Compelling (drives CTR from SERP)

In our audit data, 23% of pages have title tags that are too long, and 14% have missing or duplicate titles.

3.2 Meta Descriptions

  • Length: 150–160 characters
  • Includes primary keyword
  • Includes a CTA ("Learn more", "Get started", "Read the guide")
  • Unique across the site

Google rewrites meta descriptions 61% of the time (Ahrefs study), but a well-written one still influences CTR when Google uses it.

3.3 Heading Structure

  • Exactly one H1 per page (containing primary keyword)
  • H2s for main sections (4–7 per article)
  • H3s nested under H2s (don't skip levels)
  • No H4+ if no H3 (heading hierarchy must be logical)

3.4 Image Optimization

  • All images have descriptive alt text (accessibility + SEO)
  • Images are compressed (target < 100KB for most images)
  • Images use modern formats (WebP, AVIF)
  • Images have explicit width and height attributes (prevents CLS)

3.5 URL Structure

  • Short and descriptive (3–5 words ideal)
  • Lowercase, hyphens (not underscores)
  • No stop words unless necessary
  • Includes primary keyword
  • No date in URL (for evergreen content)

Phase 4: Site Architecture and Internal Linking

Site architecture is about how pages connect to each other. Good architecture distributes PageRank efficiently, helps users find content, and helps crawlers discover new pages.

4.1 Site Depth

Every page should be reachable in 3 clicks or fewer from the homepage. Check this with Screaming Frog's "Directory Depth" report. Pages 5+ clicks deep rarely rank well.

4.2 Orphan Pages

Orphan pages are pages with no internal links pointing to them. They're hard for Google to discover and have weak ranking signals. Find them with:

  • Screaming Frog: Reports > Orphan Pages
  • Search Console: Compare "Pages crawled" vs "Pages in sitemap"

Fix by adding contextual internal links from related pages.

4.3 Internal Link Anchor Text

Use descriptive anchor text. "Click here" and "read more" tell Google nothing about the linked page. Use partial-match anchor text that includes the target page's primary keyword.

4.4 Faceted Navigation

If you run an e-commerce site, faceted navigation (filter by color, size, price) creates thousands of URLs. Without proper handling, these waste crawl budget and create duplicate content. Solutions:

  • Add noindex to filter URLs
  • Block in robots.txt
  • Use canonical tags to the main category page
  • Use URL parameters in Search Console

Phase 5: Core Web Vitals and Performance

Google's Core Web Vitals are three specific metrics that measure real-world user experience:

MetricWhat It MeasuresGoodNeeds ImprovementPoor
LCPLoading performance< 2.5s2.5–4.0s> 4.0s
CLSVisual stability< 0.10.1–0.25> 0.25
INPInteractivity< 200ms200–500ms> 500ms

How to Test

  1. PageSpeed Insights (free): Tests a single URL with both lab data (Lighthouse) and field data (CrUX from real Chrome users).
  2. Search Console (free): Shows Core Web Vitals report aggregating all your pages.
  3. Scanly (free): Runs an AI-powered audit covering all three metrics plus recommendations.

Common LCP Issues

  • Unoptimized large images (most common cause, ~45% of LCP failures)
  • Render-blocking JavaScript and CSS
  • Slow server response times (TTFB > 600ms)
  • Client-side rendering without SSR or SSG
  • Slow third-party scripts (ads, analytics, chat widgets)

Common CLS Issues

  • Images without dimensions
  • Web fonts causing FOIT/FOUT
  • Dynamically injected content (ads, banners)
  • Slow-loading embeds (Tweets, YouTube)

Common INP Issues

  • Heavy JavaScript on interaction (click handlers, form submissions)
  • Long tasks blocking the main thread
  • Third-party scripts (chat widgets, analytics)
  • Inefficient event handlers

For a deep dive on each metric, see our Core Web Vitals troubleshooting guide.

Phase 6: Security and Accessibility

The final phase covers two areas that Google increasingly values: security and accessibility.

6.1 Security Audit

  • HTTPS: All pages served over HTTPS (HTTP redirects to HTTPS)
  • SSL/TLS: Valid certificate, not expired, strong cipher suite
  • Security headers:
    • Content-Security-Policy: Prevents XSS
    • Strict-Transport-Security: Forces HTTPS
    • X-Frame-Options: Prevents clickjacking
    • X-Content-Type-Options: Prevents MIME sniffing
    • Referrer-Policy: Controls referrer data
    • Permissions-Policy: Controls feature access

Use securityheaders.com (free) to test your headers. Most sites score F or D; aim for A or A+.

6.2 Accessibility Audit (WCAG 2.2)

WCAG 2.2 is the current accessibility standard. Failing accessibility doesn't directly hurt SEO, but it:

  • Limits your audience (15–20% of users have some disability)
  • Increases legal risk (ADA lawsuits up 23% in 2025)
  • Reduces conversion rates
  • Loses featured snippet opportunities (Google prefers accessible content)

Check for:

  • Color contrast (4.5:1 for normal text, 3:1 for large text)
  • Missing alt text on images
  • Form labels and ARIA attributes
  • Keyboard navigation
  • Skip-to-content links

For a complete walkthrough, see our WCAG 2.2 compliance guide.

The 50-Point Technical SEO Audit Checklist

Print this checklist and use it for every audit. Each item is a binary pass/fail.

Crawlability (8 points)

  • robots.txt returns HTTP 200 and doesn't block CSS/JS
  • robots.txt references XML sitemap
  • XML sitemap is submitted to Search Console
  • XML sitemap contains only canonical, indexable URLs
  • No server errors (5xx) in Search Console
  • Crawl errors are monitored and resolved
  • No unexpected 404 spikes
  • Crawl budget isn't wasted on filter/sort URLs

Indexability (10 points)

  • site: query returns expected number of results
  • No unintended noindex tags
  • Canonical tags are correct and not conflicting
  • No HTTP/HTTPS duplicates
  • No www/non-www duplicates
  • No trailing-slash duplicates
  • hreflang tags are correct (for multi-language sites)
  • Paginated pages use rel="next" or canonical correctly
  • Soft 404s are investigated
  • URL parameters are configured in Search Console

On-Page Elements (12 points)

  • Every page has a unique title tag (50–60 chars)
  • Every page has a unique meta description (150–160 chars)
  • Every page has exactly one H1
  • Heading hierarchy is logical (no skipped levels)
  • Images have descriptive alt text
  • Images are compressed and use modern formats (WebP/AVIF)
  • URLs are short, lowercase, hyphenated
  • URLs include primary keyword
  • No keyword cannibalization (multiple pages targeting same keyword)
  • Internal links use descriptive anchor text
  • External links are to authoritative sources
  • Affiliate/sponsored links have rel="sponsored" or rel="nofollow"

Site Architecture (6 points)

  • Every page is reachable in 3 clicks from homepage
  • No orphan pages
  • Internal linking is logical (related content linked)
  • Footer contains links to important pages
  • Breadcrumbs are implemented with schema
  • Faceted navigation is handled (noindex/robots/canonical)

Core Web Vitals & Performance (8 points)

  • LCP < 2.5s on mobile (CrUX data)
  • CLS < 0.1 on mobile (CrUX data)
  • INP < 200ms on mobile (CrUX data)
  • TTFB < 600ms
  • Total page weight < 1.5MB on mobile
  • No render-blocking JavaScript above the fold
  • Images are lazy-loaded
  • CDN is configured

Security & Accessibility (6 points)

  • HTTPS enforced (HTTP 301 to HTTPS)
  • SSL/TLS certificate valid and not expiring within 90 days
  • Security headers configured (CSP, HSTS, X-Frame-Options)
  • Color contrast meets WCAG AA (4.5:1)
  • All images have alt text
  • Forms have proper labels and ARIA attributes

Scoring:

  • 45–50: Excellent — minor optimizations only
  • 35–44: Good — some quick wins to capture
  • 25–34: Needs work — dedicated sprint recommended
  • Below 25: Critical — rearchitecture may be needed

How to Prioritize Fixes

After running an audit, you'll likely have 20–80 issues. Trying to fix them all at once is overwhelming. Use this prioritization matrix:

ImpactEffortAction
HighLowQuick wins — fix this week
HighHighStrategic projects — schedule for next sprint
LowLowBacklog — fix when convenient
LowHighSkip — not worth the investment

High-Impact, Low-Effort Quick Wins

These fixes typically deliver the biggest ranking improvements in the shortest time:

  1. Fix noindex on important pages (5 minutes per page)
  2. Submit XML sitemap to Search Console (2 minutes)
  3. Fix title tags on top 10 traffic pages (10 minutes per page)
  4. Add alt text to top 20 images (2 minutes per image)
  5. Fix robots.txt blocking CSS/JS (5 minutes)
  6. Set up 301 redirects for top 404 URLs (5 minutes per URL)
  7. Compress homepage hero image (5 minutes)
  8. Add security headers via .htaccess or Cloudflare (15 minutes)

High-Impact, High-Effort Strategic Projects

These take longer but deliver outsized results:

  1. Migrate to a faster host/CDN (1–2 days)
  2. Implement SSR/SSG for JavaScript-heavy site (1–2 weeks)
  3. Redesign site architecture (1–2 weeks)
  4. Implement WCAG 2.2 AA compliance (2–4 weeks)
  5. Consolidate duplicate content (1 week)

Free vs Paid SEO Audit Tools

You don't need a $99/month Ahrefs subscription to run a technical audit. Here's our honest comparison:

Free Tools

ToolBest ForLimitation
Google Search ConsoleIndex status, Core Web Vitals, queriesOnly Google data; no crawl
PageSpeed InsightsCWV for single URLOne URL at a time
Screaming Frog (free)Crawl up to 500 URLsLimited to small sites
Scanly (free)4-in-1 audit (SEO + CWV + WCAG + Security)One audit per day on free plan
securityheaders.comSecurity headers checkSingle URL
WAVEAccessibility auditSingle URL
SitelinerDuplicate content250 pages free

Paid Tools

ToolBest ForPrice
Screaming Frog ProUnlimited crawl$259/year
AhrefsComprehensive SEO suite$99–$399/month
SemrushComprehensive SEO suite$129–$499/month
SitebulbVisual crawl analysis$13.50–$58/month
BotifyEnterprise log file analysis$500+/month

For most small to mid-size sites, Google Search Console + Screaming Frog free + Scanly free is sufficient. Upgrading to Ahrefs or Semrush only makes sense if you're doing content research at scale (500+ keywords).

How Often Should You Run a Technical SEO Audit?

The cadence depends on your site size and how often you publish:

Site TypeAudit Frequency
Small (< 50 pages)Quarterly
Mid-size (50–500 pages)Monthly
Large (500–10,000 pages)Bi-weekly
Enterprise (10,000+ pages)Weekly
E-commerceWeekly + after major product launches
After redesign/migrationBefore, during, and after
After CMS/plugin updatesImmediately

Pro tip: Set up a monthly audit routine that takes 30 minutes. Most issues are regressions from plugin updates, new content, or third-party script changes. Catching them early prevents ranking drops.

FAQ: Technical SEO Audits

How long does a technical SEO audit take?

A comprehensive audit takes 1–3 hours for a small site (under 100 pages), 4–8 hours for a mid-size site (100–1,000 pages), and 1–2 weeks for an enterprise site (10,000+ pages). With AI-powered tools like Scanly, the initial scan completes in 60 seconds and surfaces 80% of the issues; the remaining 20% (the contextual judgment calls) take human review.

How much does a technical SEO audit cost?

If you hire an agency, expect to pay $500–$5,000 for a one-time audit, or $1,000–$5,000/month for ongoing audit services. If you do it yourself with free tools, the cost is just your time. AI-powered tools like Scanly ($9–$29/month) sit in the middle: they do the heavy lifting, you make the decisions.

What's the difference between a technical SEO audit and a content audit?

A technical SEO audit focuses on infrastructure: can Google crawl and index your site? Are pages fast? Is the site secure? A content audit focuses on what you've published: is the content accurate, up-to-date, optimized for the right keywords, and earning backlinks? Both are important, but technical should come first — you can't rank content that Google can't crawl.

Can I run a technical SEO audit on a competitor's site?

You can run a partial audit. Tools like Scanly, PageSpeed Insights, and securityheaders.com work on any public URL. You can't access a competitor's Search Console data, but you can see their Core Web Vitals via CrUX, their security headers, their accessibility, and their on-page elements. This is a great way to benchmark and find quick wins.

What's the most common technical SEO issue?

In our data from auditing 1,200+ sites per week at Scanly, the most common issue is missing or suboptimal image alt text (found on 71% of sites). The second most common is no security headers (62% of sites), and the third is CLS caused by images without dimensions (44% of sites).

Does Google penalize you for technical SEO issues?

Google rarely issues manual penalties for technical issues. Instead, technical problems quietly suppress your rankings. Pages with poor Core Web Vitals rank lower in tie-breakers. Pages with noindex tags don't rank at all. Pages with thin content get crawled less often. The "penalty" is invisible — but so is the opportunity cost.

Should I fix all technical SEO issues at once?

No. Use the impact/effort matrix in this guide. Fix the high-impact, low-effort issues first (quick wins). Schedule the high-impact, high-effort issues for dedicated sprints. Skip the low-impact, high-effort issues — your time is better spent on content and links.

How do I know if my technical SEO audit worked?

Track three metrics over 4–8 weeks after implementing fixes:

  1. Coverage in Search Console: Number of indexed pages should increase
  2. Average position for target keywords: Should improve
  3. Core Web Vitals report in Search Console: Should show fewer URLs with poor CWV

If you don't see improvement after 8 weeks, the issue may be content quality or backlinks — not technical.

Run Your Technical SEO Audit in 60 Seconds

Ready to find out what's holding your site back? Get a prioritized report covering SEO, Core Web Vitals, accessibility (WCAG 2.2), and security in under a minute.

Run a Free AI-Powered Audit

Related Reading

Get Your Free AI-Powered SEO Audit

Ready to improve your website's SEO, performance, accessibility, and security? Get a comprehensive AI-powered audit with actionable recommendations in under 60 seconds. No signup required.

Start Your Free Audit
SC
Sarah Chen

Lead SEO Analyst at Scanly

Sarah Chen is the lead SEO analyst at Scanly, where she has audited over 10,000 websites. She specializes in technical SEO, Core Web Vitals optimization, and AI search strategy.