Last year, Google launched its URL Inspection Tool for webmasters using Search Console. The purpose of this tool is to provide information about Google’s indexed version of a specific page. However, now, a UK-based Search Engine Optimization (SEO) specialist Oliver HG Mason has discovered that the URL Inspection Tool contains a flaw that allows anyone to check URLs which they don’t even own.
To do so, according to Mason, the user requires to have a Google Search Console account to access the URL Inspection Tool. To be able to inspect a URL without authorization, one needs to set up a page on a URL you do have access to and redirect it to a page you do not have access to. If forwarding is set up, Search Console can examine the targeted URL – Simply put, one can inspect a URL without authorization.
Here are the steps:
(1) Have a Search Console account for a website you control.
(2) Set up a redirect to the desired URL on a property you don’t control.
(3) Inspect the redirected URL in Search Console.
According to a tweet from Screaming Frog, a search marketing agency and developer of the SEO Spider they have been “Personally outraged by this” while Berry Schwartz of The Search Engine Roundtable called it “Pretty insane.”
— Screaming Frog (@screamingfrog) January 23, 2019
Let’s hope Google will fix the flaw before it causes some serious damage.