Google URL Inspection Tool flaw lets anyone inspect URLs without authorization

Last year, Google launched its URL Inspection Tool for webmasters using Search Console. The purpose of this tool is to provide information about Google’s indexed version of a specific page. However, now, a UK-based Search Engine Optimization (SEO) specialist Oliver HG Mason has discovered that the URL Inspection Tool contains a flaw that allows anyone to check URLs which they don’t even own.

To do so, according to Mason, the user requires to have a Google Search Console account to access the URL Inspection Tool. To be able to inspect a URL without authorization, one needs to set up a page on a URL you do have access to and redirect it to a page you do not have access to. If forwarding is set up, Search Console can examine the targeted URL – Simply put, one can inspect a URL without authorization.

Here are the steps:

(1) Have a Search Console account for a website you control.
(2) Set up a redirect to the desired URL on a property you don’t control.
(3) Inspect the redirected URL in Search Console.

According to a tweet from Screaming Frog, a search marketing agency and developer of the SEO Spider they have been “Personally outraged by this” while Berry Schwartz of The Search Engine Roundtable called it “Pretty insane.”

Let’s hope Google will fix the flaw before it causes some serious damage.

You Might Also Like

Leave a Reply