How to audit DeFi protocol SEO in under an hour

A 22-point checklist for DeFi SEO audits. Built from 200+ Crawlux audits. Covers schema, AI bot config, indexability, internal linking and the 4 errors specific to DeFi (paywall pattern, token list pagination, governance pages, audit report linking). Workable in 47 minutes.

Why DeFi protocols need a different audit checklist

Generic SEO audit checklists were built for ecommerce, SaaS and content sites. They miss the patterns that matter for DeFi. We have run 200+ DeFi protocol audits since 2023. The same 4 errors show up in 60% of them and none of the generic tools flag them.

The errors are structural. Paywall-pattern schema on yield pages that look like content but are actually app routes. Pagination on token lists that breaks crawl chains. Governance pages that index governance forums instead of the protocol. Audit report PDFs linked from the homepage with no inline summary. These are not on Ahrefs or Semrush dashboards.

This checklist covers the 22 items we run on every DeFi audit. The first 12 are general SEO checks scoped to DeFi context. The last 10 are DeFi-specific. Workable in 47 minutes if you know where to look.

Items 1 to 6: technical foundation (12 minutes)

Start with crawlability. The protocol homepage and app should both return 200. Many DeFi sites split the marketing site from app.protocol.com. Both need to be crawlable. If app subdomain is blocked the AI engines lose half the entity context.

robots.txt allows GPTBot, ClaudeBot, PerplexityBot, CCBot. Check the file directly. 67% of crypto sites accidentally block at least one.
Sitemap submitted and includes all key pages. /pools/, /vaults/, /governance/ pages should be in the sitemap.
Canonical tags consistent and not self-conflicting. App pages that exist on multiple subdomains often have broken canonicals.
HTTPS with valid cert. No mixed content. This breaks more often than expected for DeFi sites running on Cloudflare with custom origins.
Core Web Vitals passing on /pools/ or /vaults/. The most-trafficked routes need LCP under 2.5s.
No noindex on key pages. We have seen noindex on the homepage twice in the last year. Both were copy-paste errors that survived deploy review.

Items 7 to 12: content and structure (10 minutes)

These checks verify that the protocol can be understood by AI engines from the HTML alone.

H1 on every key route. App routes often skip the H1 because the UI does not need it. AI engines do.
Schema.org entities present and correctly typed. FinancialProduct for vaults and pools. CryptoExchange for the protocol entity. Organization for the team.
Internal links from homepage to top 5 most important pages with descriptive anchor text. Not "click here". Not "learn more".
OG tags filled for every public page. AI engines use og:title and og:description as fallbacks when the page title is too short.
TVL or other key metrics in HTML, not just JS. Numbers in JS are invisible to AI engines. Server-render the top-line metrics even if the live updates happen via JS.
Documentation site (typically docs.protocol.com) linked from main nav. Many protocols hide docs behind footer-only links. Move them up.

Items 13 to 22: DeFi-specific checks (25 minutes)

This is the part generic audits miss. Each check below directly addresses a pattern we see fail.

TVL freshness signal. Add dateModified to the schema, not just the page footer. AI engines prefer recent data.
Token list pagination uses rel=next/prev or single-page infinite scroll. Paginated /tokens/?page=2 needs proper hreflang or AI engines truncate after page 1.
Audit reports linked from homepage with inline summaries. PDFs alone do not get parsed. Add a 200-word summary above the PDF link.
Governance pages on protocol domain not Snapshot or Tally. If governance lives off-site link to both but keep a canonical proposal index on your domain.
Yield rates labeled as APY or APR explicitly. AI engines treat unlabeled rate numbers as ambiguous and skip them.
Risk disclosures present and indexed. AI engines penalize finance content without risk disclosure. This includes one-line warnings, not full ToS pages.
Pool detail pages have unique titles. Auto-generated pool pages with title patterns like "USDC-ETH 0.3%" are common. Customize for top 50 pools.
Chain support clearly listed on homepage. AI engines miss multi-chain context if the chain list is buried.
Smart contract addresses present on relevant pages. Use itemprop="identifier" or schema identifier field.
No empty pages from feature flags. Routes for unlaunched features often render empty with 200. Either 404 or noindex them.

How to fix what you find

Triage the findings. Critical fixes block all AI citation: robots.txt blocking, noindex on homepage, missing canonicals. These are deploy-day fixes.

High-impact fixes: schema upgrades, internal link gaps, missing TVL in HTML. Plan as a 2-week sprint.

Optimization fixes: pool detail titles, OG fallbacks, governance routing. Backlog and tackle as content sprints.

Run the audit again 30 days post-fix. Most teams skip this. The before-and-after data is what proves the changes worked. It also catches regression when a future deploy reintroduces old bugs.

Frequently asked questions

How long does a full DeFi SEO audit take?

47 minutes if you have access to the site and Search Console. Add 30 minutes for the AI citation baseline check.

Can I use Ahrefs or Semrush for DeFi audits?

Yes for general SEO. No for DeFi-specific checks (items 13 to 22). Use them in combination with this checklist.

What if my protocol is multi-chain?

Run items 13 to 22 for each chain. Multi-chain protocols often have different schema implementations on each chain deployment. They all need to match.

Should I audit before or after a token launch?

Both. The pre-launch audit catches structural issues while you can still fix them at the template level. The post-launch audit catches launch-specific issues like incorrect price schema and missing token contract addresses.