/Cloaking
📘Concept

Cloaking

최종 업데이트:

Definition

Cloaking is a technique that intentionally serves different content to search engine crawlers and regular users. Google sees a page rich in E-E-A-T and keywords; actual users see spam, ads, or unrelated pages.

Google's Spam Policy defines cloaking as "showing users content that is different from what Google indexed, in order to provide relevant results to both users and Google," and explicitly prohibits it.


Summary

Self-check for cloaking: In GSC URL Inspection, capture "Page as Google saw it" and open the same URL in a normal browser to compare. If the two views differ, you have cloaking or cloaking-like behavior.


How Cloaking Works

Method 1: User-Agent-Based Branching

Check the User-Agent header in HTTP requests. Return an optimized page for Googlebot, a different page for normal browsers.

if "Googlebot" in request.headers.get("User-Agent", ""):
    return optimized_page()  # Page shown to Google
else:
    return spam_page()  # Page shown to users

Method 2: IP-Based Branching

Googlebot crawls from known IP ranges. Return a good page for Googlebot IP ranges, a different page otherwise.

Method 3: JavaScript-Based Cloaking

Googlebot may not execute some JavaScript or executes it with delay. Branch content based on JS execution. Server-side rendered keyword-rich content for Googlebot; ad pages or redirects for users.

Method 4: CSS/Style-Based Hiding

HTML contains keywords for Googlebot but CSS hides them from users.

.hidden-keywords {
  display: none; /* Hidden from users; bot reads HTML */
}

Why Google Punishes Cloaking Strictly

User Deception

Users trust search results and click. Cloaking creates mismatch between search results and the actual landing page, deceiving users.

Search Result Quality Degradation

When cloaked pages rank well, information users need gets pushed down. This threatens Google Search trust itself.

Malware and Spam Funnel Paths

In many real cloaking cases, users are funneled to malware downloads, phishing sites, or gambling/adult sites.


Cloaking vs. Legitimate User Customization

[COMPARISON_TABLE: Cloaking (Prohibited) vs. Normal User Branching (Allowed)]

Cloaking (Prohibited)

  • Intentionally different core content for bots and users
  • Mismatch between ranking keywords and actual page topic
  • High-quality content for bots, worthless content for users

Legitimate User Customization (Allowed)

  • Content adjusted for user language, location, device
  • Same content essence, different presentation
  • Googlebot can see the same content core as users

Edge Cases

Paywall: Partial preview + full content after payment is allowed. Structured data must declare paywall status.

A/B testing: Allowed when temporary and limited in scope. Bots must always see real content.

Multilingual: Different URLs per language with hreflang, handled consistently for bots, is allowed.


Penalties for Cloaking

Immediate Manual Action

When Google discovers cloaking, it applies manual actions most quickly. Cloaking is classified as "intentional fraud" and handled more strictly than other violations. See Google Manual Actions for details.

Sitewide Index Removal

Severe cloaking can remove the entire site from Google's index. Recovery is very difficult and time-consuming.

SpamBrain Auto-Detection

Google SpamBrain learns cloaking patterns and detects them automatically. Google regularly verifies sites through its own crawl infrastructure. See SpamBrain for details.


Cloaking Diagnosis Methods

Using GSC URL Inspection

  1. GSC → URL Inspection → enter URL
  2. Check "Rendered page" (screenshot of what Google saw)
  3. Open same URL in normal browser
  4. Compare the two views

If content essence differs, cloaking is possible.

Site Audit Tools

  • Chrome DevTools: Change User-Agent to Googlebot and compare responses
  • Third-party "Fetch as Googlebot" tools: View page from Googlebot perspective

Code Self-Audit

Review server code for User-Agent or IP-based branching. Sites where SEO agencies modified code in the past require mandatory review.


Cloaking Remediation Steps

  1. Remove cloaking code immediately: Delete User-Agent and IP-based branching code
  2. Serve identical content to all users: Bot = same content as regular users
  3. Clear server cache: Ensure cached cloaking responses are gone
  4. Request URL recrawl in GSC: Request recrawl after fixes
  5. Submit manual action reconsideration: If manual action existed, request review in GSC

English-Language Market Considerations

Cloaking Patterns Found in the Market

  • SEO agency injected code: Past cases of SEO agencies inserting cloaking code on client sites. Code audit needed during site migration or redesign.
  • Hacked site cloaking: Gambling/adult sites hacking normal sites to insert cloaking code. Found in GSC Security Issues tab.
  • Keyword cloaking: Ranking in Google for high-traffic keywords then funneling to unrelated pages.

Recommended Self-Checks

During site operation, check for cloaking if you see these signals:

  • Clicks in GSC but no GA visits (users redirected)
  • Abnormally high bounce rate on specific pages
  • GSC URL Inspection view differs from actual browser view

FAQ

Q. Am I penalized if cloaking happened by accident?
A. Google cannot easily prove intent. Even technical errors serving different content to bots and users can trigger algorithmic penalties. Fix immediately upon discovery; if manual action occurred, explain it was unintentional in the reconsideration request.

Q. Is showing different content to logged-in vs logged-out users also cloaking?
A. No. Content differences by login state are allowed. However, Googlebot always accesses logged-out, so logged-out content gets indexed. If core content appears only after login, indexing problems occur.

Q. Is showing different pages to mobile users also cloaking?
A. If content essence is the same and only UI/layout differs, it is normal. Redirecting mobile devices to different URLs (m.example.com) or responsive layouts are allowed. Googlebot must be handled the same way.

Q. Are there cases of cloaked sites recovering?
A. Yes. Cases exist where cloaking code was fully removed, reconsideration submitted, and manual actions lifted. However, if cloaking persisted long term, recovery may take months, and in some cases domain trust is too low for recovery.

Q. Cloaking occurred due to hacking. What should I do?
A. Immediately ①remove malicious code ②patch security vulnerabilities ③change all passwords ④confirm GSC security issue report ⑤submit reconsideration. Clearly stating victim status in the reconsideration request helps Google process faster.


Sources

이 페이지를 참조하는 항목

관련 항목

📙How-to
Google Manual Action: Penalty Causes and Removal Methods
A Google Manual Action is a penalty applied when Google staff directly review a site and determine it violates Google spam policies, demoting or excluding specific pages or the entire site from search results.
📘Concept
SpamBrain: Google's AI-Based Spam Detection System
SpamBrain is Google's AI-based link spam and content spam detection system operational since 2018, using machine learning to automatically detect abnormal link patterns and manipulated content.
📘Concept
Google Search Console
Google Search Console (GSC) is a free tool from Google for monitoring site search performance, diagnosing indexing issues, and submitting sitemaps — the essential foundation for SEO measurement.
📙How-to
Indexing Coverage Diagnosis
Indexing coverage diagnosis uses the GSC indexing report to check overall site indexing status, identify causes of unindexed pages, and fix them — a core SEO task.
📘ConceptPillar
GEO Master Guide: 5-Area Checklist
An execution guide for Generative AI Optimization covering GEO's five areas: content, structure, technical, off-site, and measurement.
📘ConceptPillar
What Is AEO?
AEO is the practice of optimizing content so AI answer engines cite it.
📘ConceptPillar
Black Hat SEO
Black hat SEO is the umbrella term for search ranking manipulation techniques that intentionally violate Google guidelines, pursuing short-term gains but causing penalties, index removal, and domain trust damage.
📘Concept
Doorway Pages
Doorway pages are low-quality pages created solely to rank for specific search keywords, primarily designed to funnel users elsewhere, and are explicitly prohibited under Google spam policies.
📘Concept
Google Spam Policies
Google Spam Policies are the official list of search guideline violations published by Google. Violations trigger penalties via SpamBrain auto-detection or manual actions. Three policies were added in 2024: Scaled Content Abuse, Site Reputation Abuse, and Expired Domain Abuse.
📘ConceptPillar
Thin Content
Thin content refers to shallow pages that fail to provide sufficient value to users. The Helpful Content system detects it and lowers overall site quality—a common SEO penalty trigger.
📘ConceptPillar
YMYL (Your Money Your Life)
YMYL (Your Money Your Life) is a content category that can affect users' money, health, safety, and life—a high-risk area where Google applies E-E-A-T most strictly.

이런 항목도 있어요

이 페이지가 도움이 됐나요?