A real technical audit is not a Screaming Frog export with a cover page. Here are the 120 checks we run on every site, grouped into 8 categories, with priority and why each matters.

Most “technical audits“ we inherit from previous agencies are glorified Lighthouse screenshots. A real audit checks 120+ things across 8 categories, classifies them by business impact, and produces developer-ready tickets with acceptance criteria. Here is the exhaustive checklist we run.

1. Crawlability & indexation (22 checks)

  • robots.txt syntax and sensibility
  • XML sitemap presence, freshness and format
  • Canonical tags on every URL
  • Duplicate content via URL parameters
  • HTTP vs HTTPS canonicalisation
  • Trailing-slash consistency
  • www vs non-www canonicalisation
  • noindex tags on paginated pages
  • Soft-404 detection
  • Orphan pages
  • Crawl budget waste (faceted filters, session IDs, search result pages)
  • X-Robots-Tag header consistency
  • Hreflang implementation if multi-regional
  • Pagination: rel=next/prev legacy vs modern patterns
  • JavaScript-rendered content crawlability
  • Mobile vs desktop parity
  • IP-based cloaking detection
  • Server response codes (200 vs 301 vs 302)
  • Redirect chains over 2 hops
  • Redirect loops
  • Broken internal links (4xx/5xx)
  • Google Search Console coverage issues

2. Core Web Vitals (14 checks)

  • LCP: largest contentful paint under 2.5s on field data
  • INP: interaction to next paint under 200ms
  • CLS: cumulative layout shift under 0.1
  • FCP: first contentful paint
  • TTFB: time to first byte
  • Hero image preloading strategy
  • Font loading strategy (swap, optional, block)
  • Third-party script audit
  • Render-blocking JavaScript
  • Render-blocking CSS
  • Main-thread blocking tasks
  • Image lazy loading implementation
  • Above-the-fold image format (AVIF, WebP)
  • Responsive image srcset usage

3. Site architecture (16 checks)

  • URL structure and readability
  • Click depth from homepage
  • Internal linking silo models
  • Breadcrumb navigation + structured data
  • Footer linking hygiene
  • Anchor text distribution internal
  • Orphan pages in internal graph
  • Hub and spoke architecture
  • Parent category structure
  • Filter and facet URL rules
  • Pagination architecture
  • Tag page handling
  • Author page canonicalisation
  • Search result page noindex
  • Faceted navigation canonical rules
  • Mobile menu structure

4. Schema markup (12 checks)

  • Organization schema on homepage
  • WebSite schema with sitelinks search
  • BreadcrumbList on every page
  • Article schema on blog posts
  • Product schema on e-commerce
  • LocalBusiness schema if applicable
  • FAQPage schema where relevant
  • Review / AggregateRating schema
  • Event, Recipe, HowTo as appropriate
  • Valid JSON-LD syntax
  • Rich Results Test validation
  • Schema consistency across pages

5. Mobile & responsive (10 checks)

  • Mobile-first indexing parity
  • Viewport meta tag
  • Tap target sizing
  • Font size readability
  • Horizontal scrolling detection
  • Mobile menu usability
  • Responsive image delivery
  • Touch interaction delays
  • Accelerated Mobile Pages (legacy audit)
  • PWA manifest and service worker if applicable

6. Security (12 checks)

  • HTTPS enforcement
  • HSTS header
  • Mixed content detection
  • Content Security Policy
  • X-Frame-Options
  • X-Content-Type-Options
  • Referrer-Policy
  • Permissions-Policy
  • TLS version (1.2+)
  • Certificate validity and chain
  • Vulnerable JavaScript library versions
  • Directory listing exposure

7. International & accessibility (12 checks)

  • Hreflang tag reciprocity
  • Language-region code validity
  • x-default implementation
  • Language detection by URL, not IP
  • Alt text on all images
  • Semantic HTML5 landmarks
  • Heading hierarchy (one H1 per page)
  • Form label association
  • Color contrast WCAG AA
  • Keyboard navigation
  • ARIA attributes correctness
  • Screen reader testing

8. Analytics & tracking (12 checks)

  • Google Analytics 4 implementation
  • Google Search Console verification
  • Bing Webmaster Tools verification
  • Event tracking completeness
  • Conversion goal setup
  • Tag Manager container review
  • Consent Mode v2 compliance
  • Server-side tracking if applicable
  • Sample rate and retention settings
  • Cross-domain tracking
  • Referral exclusions
  • Bot and spam filtering

Prioritisation

Each finding is classified in three dimensions: severity (critical / high / medium / low), effort (S/M/L), and business impact (revenue / rankings / risk). The deliverable is not the audit — it is the prioritised ticket queue. A 120-check audit without prioritisation is a 400-page document nobody reads.

The output for each issue includes: what is wrong, why it matters, the fix (with code snippet if applicable), acceptance criteria, and expected impact. That is how you turn an audit into shipped improvements.