` tag per page, 50–60 characters, primary keyword near the front - Write unique `<meta name="description">` per page, 140–160 characters, with active voice and CTA - Add full Open Graph set: `og:title` ,`og:description` ,`og:image` (1200×630),`og:type` ,`og:url` - Add Twitter Card tags: `twitter:card="summary_large_image"` ,`twitter:title` ,`twitter:description` ,`twitter:image` - Add `<meta name="theme-color">` matching brand color for mobile browser chrome - Add `<meta http-equiv="Content-Language">` and`<html lang="en">` for language signals - **Validation**: Run every URL through metatags.io and OpenGraph.xyz, screenshots match expected previews ### 4. SDO — Structured Data Optimization - Insert `Organization` and`WebSite` JSON-LD in`<head>` of every page (with`SearchAction` for sitelinks search) - Add `LocalBusiness` schema with full NAP, hours, geo coordinates, and`areaServed` for any business with a physical address - On article pages add `Article` +`Author` (Person) +`datePublished` +`dateModified` JSON-LD - On service pages add `Service` schema with`provider` ,`areaServed` ,`hasOfferCatalog` - On FAQ sections add `FAQPage` JSON-LD (only when content genuinely answers questions) - Use absolute URLs in all `@id` values to enable cross-schema linking - **Validation**: Every page passes Google Rich Results Test and Schema.org validator with zero errors ### 5. XSO — XML Sitemap Optimization - Enable dynamic XML sitemap via Yoast, Rank Math, or framework plugin (Next.js: `next-sitemap` ) - Confirm `<lastmod>` updates on every content edit, not just on publish - Split sitemaps when over 50,000 URLs or 50MB into a sitemap index - Exclude noindex pages, redirects, and parameter URLs from the sitemap - Add separate image sitemap and video sitemap when applicable - Submit sitemap URL in Google Search Console and Bing Webmaster Tools - **Validation**: Sitemap returns 200, validates as XML, and all listed URLs are indexable ### 6. RPO — Robots Protocol Optimization - Create exact `/robots.txt` at root: ``` User-agent: * Allow: / Disallow: /wp-admin/ Disallow: /staging/ Disallow: /*?*sessionid= Sitemap: https://yourdomain.com/sitemap.xml ``` - Add explicit `User-agent: GPTBot` ,`User-agent: ClaudeBot` ,`User-agent: PerplexityBot` rules (allow or disallow per client preference) - Block known scraper bots ( `SemrushBot` ,`AhrefsBot` ) only if the client requests it — not by default - Never block CSS, JS, or image directories — Google needs them to render - Test in Google Search Console robots.txt tester before deploying - **Validation**: yourdomain.com/robots.txt returns 200 plain text, GSC tester shows zero blocked critical resources ### 7. RDO — Redirect Optimization - Add 301 redirects only via server config ( `.htaccess` ,`nginx` , Cloudflare Rules) — never JS or meta refresh - Eliminate redirect chains — every redirect points directly to the final URL - Fix every 404 in GSC Coverage report with a 301 to the most relevant live URL, or return 410 if intentionally gone - Use 302 only for true temporary redirects (A/B tests, seasonal pages) - Maintain a redirect map spreadsheet for every site migration or restructure - **Validation**: Screaming Frog shows zero chains, zero 302s on permanent moves, zero 4xx in sitemap ### 8. EEA — E-E-A-T Entity Optimization - Add `Person` JSON-LD for the business owner with`sameAs` linking to Wikidata, LinkedIn, GitHub, social profiles - Reference your Wikidata Q-ID in author schema across all editorial content - Add `knowsAbout` array to Person schema listing topical expertise areas - Build out an author page per content contributor with bio, credentials, photo, and social links - Cross-link Organization schema to founder Person schema via `founder` property - Claim and complete Google Business Profile with verified ownership - **Validation**: Person schema validates, Wikidata entry resolves, knowledge panel candidate eligibility confirmed ### 9. INO — IndexNow Optimization - Generate IndexNow API key, place at `/{key}.txt` at root - Install IndexNow plugin (WordPress) or add publish-hook API call (Next.js, custom CMS) - Submit every new and updated URL via POST on save/publish - Use the `urlList` batch endpoint for bulk submissions during migrations - Monitor submission logs to confirm 200 responses from Bing/Yandex - **Validation**: Test submission returns HTTP 200, URL appears in Bing index within 24 hours ### 10. LMO — llms.txt Optimization - Create `/llms.txt` at root with site purpose, key URLs, and crawler rules - Create expanded `/llms-full.txt` with full markdown context for AI training and retrieval - Reference both files from `robots.txt` via`Sitemap:` style declarations - Format `llms.txt` per the emerging spec: H1 title, blockquote summary, sectioned link lists - Update on major content additions so AI crawlers retrieve fresh context - **Validation**: Both files return 200 plain text, llms.txt validates against current spec ## B. Performance (8) ### 11. CTO — Core Technical Optimization - Enable Brotli compression at the edge, Gzip as fallback ( `brotli on; brotli_types text/css application/javascript` ) - Set `Cache-Control: public, max-age=31536000, immutable` on all hashed static assets - Set `Cache-Control: public, max-age=3600, s-maxage=86400` on HTML pages - Add security headers: `X-Content-Type-Options: nosniff` ,`X-Frame-Options: SAMEORIGIN` ,`Referrer-Policy: strict-origin-when-cross-origin` ,`Permissions-Policy: camera=(), microphone=()` - Enable OCSP stapling for faster TLS handshake - Disable server signature/version disclosure ( `server_tokens off` in nginx) - **Validation**: securityheaders.com returns A+ grade, GTmetrix shows compression active ### 12. CDN — Content Delivery Network Configuration - Route all traffic through Cloudflare, Fastly, or Bunny CDN with origin shielding enabled - Replace all image, CSS, and JS URLs with CDN-hosted URLs in theme settings - Enable edge caching for HTML pages with `Cache-Tag` headers for selective purging - Set proper `Vary` headers (`Vary: Accept-Encoding, Accept` ) so personalization doesn't break cache - Configure cache purge webhook on publish/update events - Enable Cloudflare Polish (or equivalent) for automatic image optimization at edge - **Validation**:`cf-cache-status: HIT` on second request, edge response time under 50ms ### 13. HTO — HTTP/3 and QUIC Optimization - Confirm origin server negotiates HTTP/3 with `Alt-Svc: h3=":443"` header - Enable HTTP/3 in Cloudflare dashboard or nginx ( `listen 443 quic reuseport` ) - Fall back gracefully to HTTP/2, never serve HTTP/1.1 over TLS - Enable 0-RTT resumption only on idempotent requests (GET, HEAD) - Keep TLS 1.3 enabled, disable TLS 1.0 and 1.1 entirely - **Validation**: http3check.net confirms H3, SSL Labs returns A+ with TLS 1.3 only ### 14. DPO — DNS Preconnect Optimization - Add `<link rel="preconnect" href="https://fonts.googleapis.com" crossorigin>` for every third-party origin used above the fold - Add `<link rel="dns-prefetch" href="https://example.com">` as fallback for non-critical origins - Preload LCP image: `<link rel="preload" as="image" href="hero.webp" fetchpriority="high">` - Preload critical fonts: `<link rel="preload" href="font.woff2" as="font" type="font/woff2" crossorigin>` - Use `fetchpriority="low"` on below-the-fold images and non-critical resources - Limit total preconnects to 4–6 to avoid contention - **Validation**: WebPageTest waterfall shows DNS/TLS handshakes complete before resource fetch ### 15. WPO — Web Performance Optimization - Convert all images to AVIF with WebP fallback, JPEG/PNG as last resort - Serve responsive images via `<picture>` element with`srcset` and`sizes` - Add `loading="lazy"` to every image below the fold (above-the-fold images use`loading="eager"` ) - Add `decoding="async"` to all images - Minify CSS, JS, and HTML in production build (Terser, cssnano, html-minifier) - Tree-shake unused JS/CSS — audit with Coverage tab in Chrome DevTools - Remove unused fonts and font weights - **Validation**: PageSpeed Insights "Properly size images" and "Efficient image formats" both pass ### 16. CWV — Core Web Vitals Optimization - Target LCP under 2.5s — preload LCP element, optimize hero image, eliminate render-blocking - Target INP under 200ms — break up long tasks, debounce input handlers, defer non-critical JS - Target CLS under 0.1 — reserve space for ads/embeds, set image dimensions, avoid late-loading content - Add `content-visibility: auto` to below-the-fold sections - Use `will-change: transform` only on actively animating elements (remove after animation) - Monitor field data via CrUX dashboard and PageSpeed Insights, not just lab data - **Validation**: All three metrics in "Good" bucket for 75th percentile in CrUX over 28-day window ### 17. CRP — Critical Rendering Path Optimization - Inline above-the-fold critical CSS in `<style>` inside`<head>` (target under 14KB) - Async-load remaining CSS: `<link rel="preload" href="full.css" as="style" onload="this.rel='stylesheet'">` - Add `font-display: swap` to every`@font-face` rule to eliminate invisible text - Subset fonts to Latin characters only when full Unicode isn't needed - Move all non-critical JS to footer with `defer` attribute - Self-host fonts when possible to eliminate third-party origin handshake - **Validation**: Lighthouse "Eliminate render-blocking resources" passes, FCP under 1.8s ### 18. RNO — Render Optimization - Use `defer` on scripts that depend on DOM,`async` on independent scripts (analytics, ads) - Avoid `document.write()` entirely — it blocks parsing - Move all third-party tags (chat widgets, analytics, pixels) to load after `window.load` event - Use Partytown or web workers to offload third-party JS off main thread - Lazy-load embeds (YouTube, maps, social) with click-to-load facade pattern - Audit main thread time in DevTools Performance panel — target under 2s on Slow 4G - **Validation**: Lighthouse "Reduce JavaScript execution time" under 2 seconds, no long tasks over 50ms ## C. Experience & Access (5) ### 19. UXO — User Experience Optimization - Add `<meta name="viewport" content="width=device-width, initial-scale=1">` to every page - Set body font size minimum 16px, line-height 1.5–1.6, max line length 75 characters - Make all tap targets minimum 48×48px with 8px+ spacing between them - Maintain minimum 4.5:1 contrast ratio for body text, 3:1 for large text - Test on real devices: iPhone SE (smallest common viewport), Android mid-range, iPad - Eliminate horizontal scroll at all viewport widths from 320px to 2560px - Add `prefers-reduced-motion` media query to disable non-essential animations - **Validation**: Google Mobile-Friendly Test passes, manual touch test on real device confirms usability ### 20. ACO — Accessibility Optimization - Add descriptive `alt` text to every meaningful image; use`alt=""` for decorative images only - Add `aria-label` to icon-only buttons and links - Use exactly one `<h1>` per page with logical H2–H6 hierarchy (no skipped levels) - Place skip-to-content link as first focusable element on every page - Ensure full keyboard navigability — Tab order matches visual order, focus indicators visible - Use semantic HTML5: `<nav>` ,`<main>` ,`<article>` ,`<aside>` ,`<footer>` — not`<div>` everywhere - Add `aria-live` regions for dynamic content (form errors, cart updates, search results) - **Validation**: axe DevTools shows zero violations, manual keyboard-only navigation completes all key flows ### 21. IDO — Image Dimensions Optimization - Set explicit `width` and`height` attributes on every`<img>` and`<video>` element - Use `aspect-ratio` CSS property on responsive images to reserve space before load - For background images, set min-height on container so layout doesn't shift on load - For ads, embeds, and iframes, reserve fixed dimensions or use placeholder containers - Use `<picture>` with art-directed sources for different aspect ratios per breakpoint - Audit CLS contributors in PageSpeed Insights "Avoid large layout shifts" report - **Validation**: CLS score under 0.1 in field data, zero images flagged in Lighthouse layout-shift audit ### 22. FIO — Favicon and Icon Optimization - Generate full icon set: `favicon.ico` (32×32),`apple-touch-icon.png` (180×180),`icon-192.png` ,`icon-512.png` - Add complete `<link>` tag set in`<head>` : ``` <link rel="icon" type="image/x-icon" href="/favicon.ico"> <link rel="icon" type="image/png" sizes="32x32" href="/icon-32.png"> <link rel="apple-touch-icon" href="/apple-touch-icon.png"> <link rel="manifest" href="/site.webmanifest"> ``` - Create `site.webmanifest` with name, short_name, icons array, theme_color, background_color - Add `<meta name="theme-color">` matching brand for mobile browser chrome - Use SVG favicon for crisp rendering at all sizes when supported - **Validation**: realfavicongenerator.net checker passes all platforms, icons display in browser tabs/bookmarks ### 23. EPO — Error Page Optimization - Create custom 404 page with helpful navigation: search bar, top categories, recent posts, contact link - Return proper HTTP status codes — 404 for not found, 410 for permanently gone, never soft-404 - Create custom 500/503 pages with brand styling and contact info - Monitor GSC Coverage report weekly for soft-404s and crawl errors - Set up Cloudflare/server alerts for spikes in 4xx and 5xx responses - Log all 404s to identify broken inbound links worth redirecting - **Validation**: 404 pages return HTTP 404 (not 200), GSC shows zero soft-404 errors ## D. Security & Compliance (2) ### 24. SSO — Site Security Optimization - Enforce HTTPS sitewide with HSTS header: `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` - Submit domain to HSTS preload list at hstspreload.org - Add Content Security Policy header tailored to actual third-party sources - Enable automatic CMS, plugin, and theme security updates with rollback capability - Implement WAF rules via Cloudflare or Sucuri (block SQLi, XSS, known bot signatures) - Force strong admin passwords + 2FA on all CMS accounts - Disable XML-RPC in WordPress unless actively used - Run weekly malware scan (Wordfence, Sucuri, MalCare) - **Validation**: SSL Labs A+, securityheaders.com A+, zero vulnerabilities in WPScan or equivalent ### 25. GCO — GDPR and Compliance Optimization - Install consent banner that blocks all non-essential scripts until consent (Cookiebot, Termly, Iubenda) - Categorize cookies: strictly necessary, performance, functional, marketing — load only consented categories - Add comprehensive privacy policy with footer link covering data collected, purpose, retention, third parties, rights - Add "Your Privacy Choices" link in footer for U.S. state privacy laws (CA, CO, CT, VA, UT, TX, OR, MT) - Implement Google Consent Mode v2 for ad and analytics consent signals - Add accessibility statement page covering WCAG conformance level - Add terms of service and DMCA contact for U.S. compliance - **Validation**: Cookie scanner shows zero scripts firing pre-consent, privacy policy reviewed by qualified counsel ## E. Modern Web (3) ### 26. JSO — JavaScript SEO - Use server-side rendering (Next.js SSR/SSG, Astro, Nuxt) — never rely on pure client-side rendering for content pages - For SPAs, implement dynamic rendering or pre-rendering for bot user agents as fallback - Add `<noscript>` fallback for critical content and navigation - Verify rendered HTML contains all SEO-critical content (title, headings, body copy, links) via View Source - Test every template in Google Mobile-Friendly Test and URL Inspection's "Live Test" - Avoid hash-based routing ( `/#/page` ) — use clean paths only - **Validation**: Rendered HTML in GSC URL Inspection matches View Source, all content visible to bot ### 27. PWO — PWA Optimization - Create `/manifest.json` (or`/site.webmanifest` ) with name, short_name, start_url, display, theme_color, icons - Register service worker for offline fallback page and asset caching - Use Workbox or framework PWA plugin to manage cache strategies (cache-first, network-first, stale-while-revalidate) - Add install prompt button that appears after `beforeinstallprompt` event - Test offline mode in Chrome DevTools Application panel - Keep service worker scope and cache version controlled to avoid stale-content issues - **Validation**: Lighthouse PWA audit passes, app installs from browser on Android and desktop ### 28. LFO — Log File Optimization - Enable server access logs in nginx/Apache with full request data (status, user-agent, response time) - Block low-value bots in robots.txt and at WAF level ( `SemrushBot` ,`MJ12bot` ,`DotBot` per client preference) - Run monthly log analysis with Screaming Frog Log File Analyzer or Botify - Identify pages Googlebot crawls but rarely — candidates for internal link reinforcement - Identify pages Googlebot crawls excessively but rank poorly — candidates for noindex or consolidation - Monitor crawl budget allocation between Googlebot, Bingbot, and AI crawlers - **Validation**: Log analysis report shows Googlebot reaching all priority URLs within 30-day window ## Summary - **Total items**: 28 - **Sub-clusters**: 5 (Crawlability & Indexing, Performance, Experience & Access, Security & Compliance, Modern Web) - **Format**: Each item includes 5–7 implementation steps plus a validation criterion - **Position in stack**: Foundation tier — all subsequent tiers (T2 Search Visibility, T3 AI Domination, etc.) depend on this layer being implemented first ## About this series This is one of 14 articles in **ThatDevPro's Engine Optimization stack** — a productized SEO + AEO + AIO + GEO service. Each tier is a self-contained framework with concrete checklists, validation steps, and code patterns. **Canonical source for this article**: [https://www.thatdevpro.com/insights/seo-tier-1-foundation/](https://www.thatdevpro.com/insights/seo-tier-1-foundation/) **The 14-tier series**: [Tier 1 — Foundation](https://www.thatdevpro.com/insights/seo-tier-1-foundation/)[Tier 2 — Search Visibility](https://www.thatdevpro.com/insights/seo-tier-2-search-visibility/)[Tier 3 — AI Domination](https://www.thatdevpro.com/insights/seo-tier-3-ai-domination/)[Tier 4 — Entity and Authority](https://www.thatdevpro.com/insights/seo-tier-4-entity-and-authority/)[Tier 5 — Local Domination](https://www.thatdevpro.com/insights/seo-tier-5-local-domination/)[Tier 6 — Content and Multimedia](https://www.thatdevpro.com/insights/seo-tier-6-content-and-multimedia/)[Tier 7 — Social and Community](https://www.thatdevpro.com/insights/seo-tier-7-social-and-community/)[Tier 8 — Data, Analytics, Conversion](https://www.thatdevpro.com/insights/seo-tier-8-data-analytics-conversion/)[Tier 9 — Monitoring and Intelligence](https://www.thatdevpro.com/insights/seo-tier-9-monitoring-and-intelligence/)[Tier 10 — Workflow and Operations](https://www.thatdevpro.com/insights/seo-tier-10-workflow-and-operations/)[Tier 11 — Marketplace and Retail](https://www.thatdevpro.com/insights/seo-tier-11-marketplace-and-retail/)[Tier 12 — International](https://www.thatdevpro.com/insights/seo-tier-12-international/)[Tier 14 — Advanced and Immersive](https://www.thatdevpro.com/insights/seo-tier-14-advanced-and-immersive/) *Tier 13 is retired.* Need this implemented on your site? ThatDevPro ships the full 14-tier stack as a productized service. SDVOSB-certified veteran-owned. Cassville, Missouri. [See the Engine Optimization service](https://www.thatdevpro.com/services/engine-optimization/). **Open-source tooling powering this series**: - [aio-surfaces](https://github.com/Janady13/aio-surfaces)— Python toolkit (MIT) for generating llms.txt + aeo.json + entity.json + brand.json - [llms.txt generator](https://huggingface.co/spaces/Janady07/llms-txt-generator)

# Tier 1 — Foundation: the technical bedrock every site needs first > Source: > Published: 2026-05-23 19:45:38+00:00 Originally published atThis article is part of the 14-tier Engine Optimization stack from[thatdevpro.com].[ThatDevPro], an SDVOSB-certified veteran-owned web + AI engineering studio.You are reading the Dev.to republish; the canonical source is on ThatDevPro.com.Source repo for the AI-citation surfaces:[github.com/Janady13/aio-surfaces]. **Tier Explanation**: Non-negotiable technical bedrock. Every page, server config, and CMS gets these implemented before any other tier is touched. Items are grouped into five sub-clusters so the audit reads as a framework, not a list. ## Related Frameworks This tier implements the following framework documents in the `/Framework/` library. Consult them for canonical reference, audit rubrics, and detailed implementation patterns. - — Crawlability, indexing, canonicalization, redirects, URL structure`framework-technicalseo.md` - — JSON-LD,`framework-schema.md` [@id](https://dev.to/id)graph pattern, Organization/Person/WebSite/BreadcrumbList - — Core Web Vitals (LCP, INP, CLS), mobile usability, HTTPS`framework-pageexperience.md` - — Hub-and-spoke architecture, anchor text, crawl depth`framework-internallinking.md` - — Mobile-first indexing, mobile usability`framework-mobileseo.md` - — Security headers, HSTS, broader security posture`framework-security.md` ## A. Crawlability & Indexing (10) ### 1. TSO — Technical SEO Optimization - Set WordPress permalinks to `/%postname%/` ; in Next.js use file-based routing with consistent trailing-slash policy (pick one, stick to it sitewide) - Add `` to every page`` , self-referencing on canonical pages - Add `` to indexable pages - Force lowercase URLs in `.htaccess` or`nginx.conf` to prevent case-duplicate indexing - Resolve www/non-www and http/https with a single 301 redirect (one hop only, no chains) - 301-redirect or 410 all thin, duplicate, or orphan pages flagged in GSC - **Validation**: Screaming Frog crawl shows zero duplicate canonicals, zero redirect chains, zero mixed-case URLs ### 2. ARC — Site Architecture Optimization - Limit every page to a maximum of 3 clicks from homepage (use Sitebulb's Crawl Depth report to verify) - Add breadcrumb navigation to every non-homepage template with `BreadcrumbList` JSON-LD - Build a public `/sitemap.html` listing all top-level sections and key pages - Implement hub-and-spoke topical clusters: pillar page links to 5–15 sub-pages, each sub-page links back - Use descriptive anchor text on internal links (no "click here", no "read more" without context) - Keep URL slugs under 60 characters, no stop words, hyphens only - **Validation**: Crawl depth report shows zero pages beyond depth 3, breadcrumbs validate in Rich Results Test ### 3. MTO — Meta Tag Optimization - Write unique `` tag per page, 50–60 characters, primary keyword near the front - Write unique `<meta name="description">` per page, 140–160 characters, with active voice and CTA - Add full Open Graph set: `og:title` ,`og:description` ,`og:image` (1200×630),`og:type` ,`og:url` - Add Twitter Card tags: `twitter:card="summary_large_image"` ,`twitter:title` ,`twitter:description` ,`twitter:image` - Add `<meta name="theme-color">` matching brand color for mobile browser chrome - Add `<meta http-equiv="Content-Language">` and`<html lang="en">` for language signals - **Validation**: Run every URL through metatags.io and OpenGraph.xyz, screenshots match expected previews ### 4. SDO — Structured Data Optimization - Insert `Organization` and`WebSite` JSON-LD in`<head>` of every page (with`SearchAction` for sitelinks search) - Add `LocalBusiness` schema with full NAP, hours, geo coordinates, and`areaServed` for any business with a physical address - On article pages add `Article` +`Author` (Person) +`datePublished` +`dateModified` JSON-LD - On service pages add `Service` schema with`provider` ,`areaServed` ,`hasOfferCatalog` - On FAQ sections add `FAQPage` JSON-LD (only when content genuinely answers questions) - Use absolute URLs in all `@id` values to enable cross-schema linking - **Validation**: Every page passes Google Rich Results Test and Schema.org validator with zero errors ### 5. XSO — XML Sitemap Optimization - Enable dynamic XML sitemap via Yoast, Rank Math, or framework plugin (Next.js: `next-sitemap` ) - Confirm `<lastmod>` updates on every content edit, not just on publish - Split sitemaps when over 50,000 URLs or 50MB into a sitemap index - Exclude noindex pages, redirects, and parameter URLs from the sitemap - Add separate image sitemap and video sitemap when applicable - Submit sitemap URL in Google Search Console and Bing Webmaster Tools - **Validation**: Sitemap returns 200, validates as XML, and all listed URLs are indexable ### 6. RPO — Robots Protocol Optimization - Create exact `/robots.txt` at root: ``` User-agent: * Allow: / Disallow: /wp-admin/ Disallow: /staging/ Disallow: /*?*sessionid= Sitemap: https://yourdomain.com/sitemap.xml ``` - Add explicit `User-agent: GPTBot` ,`User-agent: ClaudeBot` ,`User-agent: PerplexityBot` rules (allow or disallow per client preference) - Block known scraper bots ( `SemrushBot` ,`AhrefsBot` ) only if the client requests it — not by default - Never block CSS, JS, or image directories — Google needs them to render - Test in Google Search Console robots.txt tester before deploying - **Validation**: yourdomain.com/robots.txt returns 200 plain text, GSC tester shows zero blocked critical resources ### 7. RDO — Redirect Optimization - Add 301 redirects only via server config ( `.htaccess` ,`nginx` , Cloudflare Rules) — never JS or meta refresh - Eliminate redirect chains — every redirect points directly to the final URL - Fix every 404 in GSC Coverage report with a 301 to the most relevant live URL, or return 410 if intentionally gone - Use 302 only for true temporary redirects (A/B tests, seasonal pages) - Maintain a redirect map spreadsheet for every site migration or restructure - **Validation**: Screaming Frog shows zero chains, zero 302s on permanent moves, zero 4xx in sitemap ### 8. EEA — E-E-A-T Entity Optimization - Add `Person` JSON-LD for the business owner with`sameAs` linking to Wikidata, LinkedIn, GitHub, social profiles - Reference your Wikidata Q-ID in author schema across all editorial content - Add `knowsAbout` array to Person schema listing topical expertise areas - Build out an author page per content contributor with bio, credentials, photo, and social links - Cross-link Organization schema to founder Person schema via `founder` property - Claim and complete Google Business Profile with verified ownership - **Validation**: Person schema validates, Wikidata entry resolves, knowledge panel candidate eligibility confirmed ### 9. INO — IndexNow Optimization - Generate IndexNow API key, place at `/{key}.txt` at root - Install IndexNow plugin (WordPress) or add publish-hook API call (Next.js, custom CMS) - Submit every new and updated URL via POST on save/publish - Use the `urlList` batch endpoint for bulk submissions during migrations - Monitor submission logs to confirm 200 responses from Bing/Yandex - **Validation**: Test submission returns HTTP 200, URL appears in Bing index within 24 hours ### 10. LMO — llms.txt Optimization - Create `/llms.txt` at root with site purpose, key URLs, and crawler rules - Create expanded `/llms-full.txt` with full markdown context for AI training and retrieval - Reference both files from `robots.txt` via`Sitemap:` style declarations - Format `llms.txt` per the emerging spec: H1 title, blockquote summary, sectioned link lists - Update on major content additions so AI crawlers retrieve fresh context - **Validation**: Both files return 200 plain text, llms.txt validates against current spec ## B. Performance (8) ### 11. CTO — Core Technical Optimization - Enable Brotli compression at the edge, Gzip as fallback ( `brotli on; brotli_types text/css application/javascript` ) - Set `Cache-Control: public, max-age=31536000, immutable` on all hashed static assets - Set `Cache-Control: public, max-age=3600, s-maxage=86400` on HTML pages - Add security headers: `X-Content-Type-Options: nosniff` ,`X-Frame-Options: SAMEORIGIN` ,`Referrer-Policy: strict-origin-when-cross-origin` ,`Permissions-Policy: camera=(), microphone=()` - Enable OCSP stapling for faster TLS handshake - Disable server signature/version disclosure ( `server_tokens off` in nginx) - **Validation**: securityheaders.com returns A+ grade, GTmetrix shows compression active ### 12. CDN — Content Delivery Network Configuration - Route all traffic through Cloudflare, Fastly, or Bunny CDN with origin shielding enabled - Replace all image, CSS, and JS URLs with CDN-hosted URLs in theme settings - Enable edge caching for HTML pages with `Cache-Tag` headers for selective purging - Set proper `Vary` headers (`Vary: Accept-Encoding, Accept` ) so personalization doesn't break cache - Configure cache purge webhook on publish/update events - Enable Cloudflare Polish (or equivalent) for automatic image optimization at edge - **Validation**:`cf-cache-status: HIT` on second request, edge response time under 50ms ### 13. HTO — HTTP/3 and QUIC Optimization - Confirm origin server negotiates HTTP/3 with `Alt-Svc: h3=":443"` header - Enable HTTP/3 in Cloudflare dashboard or nginx ( `listen 443 quic reuseport` ) - Fall back gracefully to HTTP/2, never serve HTTP/1.1 over TLS - Enable 0-RTT resumption only on idempotent requests (GET, HEAD) - Keep TLS 1.3 enabled, disable TLS 1.0 and 1.1 entirely - **Validation**: http3check.net confirms H3, SSL Labs returns A+ with TLS 1.3 only ### 14. DPO — DNS Preconnect Optimization - Add `<link rel="preconnect" href="https://fonts.googleapis.com" crossorigin>` for every third-party origin used above the fold - Add `<link rel="dns-prefetch" href="https://example.com">` as fallback for non-critical origins - Preload LCP image: `<link rel="preload" as="image" href="hero.webp" fetchpriority="high">` - Preload critical fonts: `<link rel="preload" href="font.woff2" as="font" type="font/woff2" crossorigin>` - Use `fetchpriority="low"` on below-the-fold images and non-critical resources - Limit total preconnects to 4–6 to avoid contention - **Validation**: WebPageTest waterfall shows DNS/TLS handshakes complete before resource fetch ### 15. WPO — Web Performance Optimization - Convert all images to AVIF with WebP fallback, JPEG/PNG as last resort - Serve responsive images via `<picture>` element with`srcset` and`sizes` - Add `loading="lazy"` to every image below the fold (above-the-fold images use`loading="eager"` ) - Add `decoding="async"` to all images - Minify CSS, JS, and HTML in production build (Terser, cssnano, html-minifier) - Tree-shake unused JS/CSS — audit with Coverage tab in Chrome DevTools - Remove unused fonts and font weights - **Validation**: PageSpeed Insights "Properly size images" and "Efficient image formats" both pass ### 16. CWV — Core Web Vitals Optimization - Target LCP under 2.5s — preload LCP element, optimize hero image, eliminate render-blocking - Target INP under 200ms — break up long tasks, debounce input handlers, defer non-critical JS - Target CLS under 0.1 — reserve space for ads/embeds, set image dimensions, avoid late-loading content - Add `content-visibility: auto` to below-the-fold sections - Use `will-change: transform` only on actively animating elements (remove after animation) - Monitor field data via CrUX dashboard and PageSpeed Insights, not just lab data - **Validation**: All three metrics in "Good" bucket for 75th percentile in CrUX over 28-day window ### 17. CRP — Critical Rendering Path Optimization - Inline above-the-fold critical CSS in `<style>` inside`<head>` (target under 14KB) - Async-load remaining CSS: `<link rel="preload" href="full.css" as="style" onload="this.rel='stylesheet'">` - Add `font-display: swap` to every`@font-face` rule to eliminate invisible text - Subset fonts to Latin characters only when full Unicode isn't needed - Move all non-critical JS to footer with `defer` attribute - Self-host fonts when possible to eliminate third-party origin handshake - **Validation**: Lighthouse "Eliminate render-blocking resources" passes, FCP under 1.8s ### 18. RNO — Render Optimization - Use `defer` on scripts that depend on DOM,`async` on independent scripts (analytics, ads) - Avoid `document.write()` entirely — it blocks parsing - Move all third-party tags (chat widgets, analytics, pixels) to load after `window.load` event - Use Partytown or web workers to offload third-party JS off main thread - Lazy-load embeds (YouTube, maps, social) with click-to-load facade pattern - Audit main thread time in DevTools Performance panel — target under 2s on Slow 4G - **Validation**: Lighthouse "Reduce JavaScript execution time" under 2 seconds, no long tasks over 50ms ## C. Experience & Access (5) ### 19. UXO — User Experience Optimization - Add `<meta name="viewport" content="width=device-width, initial-scale=1">` to every page - Set body font size minimum 16px, line-height 1.5–1.6, max line length 75 characters - Make all tap targets minimum 48×48px with 8px+ spacing between them - Maintain minimum 4.5:1 contrast ratio for body text, 3:1 for large text - Test on real devices: iPhone SE (smallest common viewport), Android mid-range, iPad - Eliminate horizontal scroll at all viewport widths from 320px to 2560px - Add `prefers-reduced-motion` media query to disable non-essential animations - **Validation**: Google Mobile-Friendly Test passes, manual touch test on real device confirms usability ### 20. ACO — Accessibility Optimization - Add descriptive `alt` text to every meaningful image; use`alt=""` for decorative images only - Add `aria-label` to icon-only buttons and links - Use exactly one `<h1>` per page with logical H2–H6 hierarchy (no skipped levels) - Place skip-to-content link as first focusable element on every page - Ensure full keyboard navigability — Tab order matches visual order, focus indicators visible - Use semantic HTML5: `<nav>` ,`<main>` ,`<article>` ,`<aside>` ,`<footer>` — not`<div>` everywhere - Add `aria-live` regions for dynamic content (form errors, cart updates, search results) - **Validation**: axe DevTools shows zero violations, manual keyboard-only navigation completes all key flows ### 21. IDO — Image Dimensions Optimization - Set explicit `width` and`height` attributes on every`<img>` and`<video>` element - Use `aspect-ratio` CSS property on responsive images to reserve space before load - For background images, set min-height on container so layout doesn't shift on load - For ads, embeds, and iframes, reserve fixed dimensions or use placeholder containers - Use `<picture>` with art-directed sources for different aspect ratios per breakpoint - Audit CLS contributors in PageSpeed Insights "Avoid large layout shifts" report - **Validation**: CLS score under 0.1 in field data, zero images flagged in Lighthouse layout-shift audit ### 22. FIO — Favicon and Icon Optimization - Generate full icon set: `favicon.ico` (32×32),`apple-touch-icon.png` (180×180),`icon-192.png` ,`icon-512.png` - Add complete `<link>` tag set in`<head>` : ``` <link rel="icon" type="image/x-icon" href="/favicon.ico"> <link rel="icon" type="image/png" sizes="32x32" href="/icon-32.png"> <link rel="apple-touch-icon" href="/apple-touch-icon.png"> <link rel="manifest" href="/site.webmanifest"> ``` - Create `site.webmanifest` with name, short_name, icons array, theme_color, background_color - Add `<meta name="theme-color">` matching brand for mobile browser chrome - Use SVG favicon for crisp rendering at all sizes when supported - **Validation**: realfavicongenerator.net checker passes all platforms, icons display in browser tabs/bookmarks ### 23. EPO — Error Page Optimization - Create custom 404 page with helpful navigation: search bar, top categories, recent posts, contact link - Return proper HTTP status codes — 404 for not found, 410 for permanently gone, never soft-404 - Create custom 500/503 pages with brand styling and contact info - Monitor GSC Coverage report weekly for soft-404s and crawl errors - Set up Cloudflare/server alerts for spikes in 4xx and 5xx responses - Log all 404s to identify broken inbound links worth redirecting - **Validation**: 404 pages return HTTP 404 (not 200), GSC shows zero soft-404 errors ## D. Security & Compliance (2) ### 24. SSO — Site Security Optimization - Enforce HTTPS sitewide with HSTS header: `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` - Submit domain to HSTS preload list at hstspreload.org - Add Content Security Policy header tailored to actual third-party sources - Enable automatic CMS, plugin, and theme security updates with rollback capability - Implement WAF rules via Cloudflare or Sucuri (block SQLi, XSS, known bot signatures) - Force strong admin passwords + 2FA on all CMS accounts - Disable XML-RPC in WordPress unless actively used - Run weekly malware scan (Wordfence, Sucuri, MalCare) - **Validation**: SSL Labs A+, securityheaders.com A+, zero vulnerabilities in WPScan or equivalent ### 25. GCO — GDPR and Compliance Optimization - Install consent banner that blocks all non-essential scripts until consent (Cookiebot, Termly, Iubenda) - Categorize cookies: strictly necessary, performance, functional, marketing — load only consented categories - Add comprehensive privacy policy with footer link covering data collected, purpose, retention, third parties, rights - Add "Your Privacy Choices" link in footer for U.S. state privacy laws (CA, CO, CT, VA, UT, TX, OR, MT) - Implement Google Consent Mode v2 for ad and analytics consent signals - Add accessibility statement page covering WCAG conformance level - Add terms of service and DMCA contact for U.S. compliance - **Validation**: Cookie scanner shows zero scripts firing pre-consent, privacy policy reviewed by qualified counsel ## E. Modern Web (3) ### 26. JSO — JavaScript SEO - Use server-side rendering (Next.js SSR/SSG, Astro, Nuxt) — never rely on pure client-side rendering for content pages - For SPAs, implement dynamic rendering or pre-rendering for bot user agents as fallback - Add `<noscript>` fallback for critical content and navigation - Verify rendered HTML contains all SEO-critical content (title, headings, body copy, links) via View Source - Test every template in Google Mobile-Friendly Test and URL Inspection's "Live Test" - Avoid hash-based routing ( `/#/page` ) — use clean paths only - **Validation**: Rendered HTML in GSC URL Inspection matches View Source, all content visible to bot ### 27. PWO — PWA Optimization - Create `/manifest.json` (or`/site.webmanifest` ) with name, short_name, start_url, display, theme_color, icons - Register service worker for offline fallback page and asset caching - Use Workbox or framework PWA plugin to manage cache strategies (cache-first, network-first, stale-while-revalidate) - Add install prompt button that appears after `beforeinstallprompt` event - Test offline mode in Chrome DevTools Application panel - Keep service worker scope and cache version controlled to avoid stale-content issues - **Validation**: Lighthouse PWA audit passes, app installs from browser on Android and desktop ### 28. LFO — Log File Optimization - Enable server access logs in nginx/Apache with full request data (status, user-agent, response time) - Block low-value bots in robots.txt and at WAF level ( `SemrushBot` ,`MJ12bot` ,`DotBot` per client preference) - Run monthly log analysis with Screaming Frog Log File Analyzer or Botify - Identify pages Googlebot crawls but rarely — candidates for internal link reinforcement - Identify pages Googlebot crawls excessively but rank poorly — candidates for noindex or consolidation - Monitor crawl budget allocation between Googlebot, Bingbot, and AI crawlers - **Validation**: Log analysis report shows Googlebot reaching all priority URLs within 30-day window ## Summary - **Total items**: 28 - **Sub-clusters**: 5 (Crawlability & Indexing, Performance, Experience & Access, Security & Compliance, Modern Web) - **Format**: Each item includes 5–7 implementation steps plus a validation criterion - **Position in stack**: Foundation tier — all subsequent tiers (T2 Search Visibility, T3 AI Domination, etc.) depend on this layer being implemented first ## About this series This is one of 14 articles in **ThatDevPro's Engine Optimization stack** — a productized SEO + AEO + AIO + GEO service. Each tier is a self-contained framework with concrete checklists, validation steps, and code patterns. **Canonical source for this article**: [https://www.thatdevpro.com/insights/seo-tier-1-foundation/](https://www.thatdevpro.com/insights/seo-tier-1-foundation/) **The 14-tier series**: [Tier 1 — Foundation](https://www.thatdevpro.com/insights/seo-tier-1-foundation/)[Tier 2 — Search Visibility](https://www.thatdevpro.com/insights/seo-tier-2-search-visibility/)[Tier 3 — AI Domination](https://www.thatdevpro.com/insights/seo-tier-3-ai-domination/)[Tier 4 — Entity and Authority](https://www.thatdevpro.com/insights/seo-tier-4-entity-and-authority/)[Tier 5 — Local Domination](https://www.thatdevpro.com/insights/seo-tier-5-local-domination/)[Tier 6 — Content and Multimedia](https://www.thatdevpro.com/insights/seo-tier-6-content-and-multimedia/)[Tier 7 — Social and Community](https://www.thatdevpro.com/insights/seo-tier-7-social-and-community/)[Tier 8 — Data, Analytics, Conversion](https://www.thatdevpro.com/insights/seo-tier-8-data-analytics-conversion/)[Tier 9 — Monitoring and Intelligence](https://www.thatdevpro.com/insights/seo-tier-9-monitoring-and-intelligence/)[Tier 10 — Workflow and Operations](https://www.thatdevpro.com/insights/seo-tier-10-workflow-and-operations/)[Tier 11 — Marketplace and Retail](https://www.thatdevpro.com/insights/seo-tier-11-marketplace-and-retail/)[Tier 12 — International](https://www.thatdevpro.com/insights/seo-tier-12-international/)[Tier 14 — Advanced and Immersive](https://www.thatdevpro.com/insights/seo-tier-14-advanced-and-immersive/) *Tier 13 is retired.* Need this implemented on your site? ThatDevPro ships the full 14-tier stack as a productized service. SDVOSB-certified veteran-owned. Cassville, Missouri. [See the Engine Optimization service](https://www.thatdevpro.com/services/engine-optimization/). **Open-source tooling powering this series**: - [aio-surfaces](https://github.com/Janady13/aio-surfaces)— Python toolkit (MIT) for generating llms.txt + aeo.json + entity.json + brand.json - [llms.txt generator](https://huggingface.co/spaces/Janady07/llms-txt-generator)— live Hugging Face Space