We don’t start a CBD SEO engagement without a compliance audit first. The reason is selfish — engagements that start on broken compliance foundations stall around month 3 when the underlying issues catch up to the ranking work. Better to fix the compliance layer before doing the SEO work than to redo the SEO work in month 4 with proper compliance baked in.
This piece is the 14-point checklist. Run it on your own site if you’re DIY; ask us to run it free (top 3 findings) if you’re considering an engagement.
Page-level checks (5)
Check 1 — Google Ads policy exposure. Open every product page and read the copy as if you’re a Google Ads policy reviewer. Flag any health claims, before/after testimonials without disclosure, dosage recommendations beyond “consult your doctor,” and miracle-cure language patterns.
Pages that fail: medical claims, “cures,” “treats,” “prevents,” before/after photos, customer testimonials with implied claims, percentage discount messaging triggering “miracle product” classifiers.
Check 2 — FDA disclaimer placement. The FDA disclaimer needs to be above-the-fold on every product and educational page, AND included in the Article/Product schema description. Footer-only placement fails.
Disclaimer language: “These statements have not been evaluated by the FDA. This product is not intended to diagnose, treat, cure or prevent any disease.”
Check 3 — Age-gate functionality. Real DOB input or ID verification on first visit, with cookie persistence and server-side enforcement on checkout. Cosmetic modal that anyone can dismiss without entering an age fails Google’s quality-rater check.
Check 4 — COA availability. Every product must have a per-batch Certificate of Analysis accessible via direct URL or QR code on the product page. Schema markup should reference the COA URL.
Check 5 — Author/reviewer bylines.
Every educational page (blog, FAQ, condition-related content) needs a named author with Person schema, real LinkedIn, real photo. Anonymous or “the team” bylines fail YMYL E-E-A-T.
Sitewide checks (5)
Check 6 — State-restriction map accuracy. Pull the live state-restriction map from product pages and cross-reference against the May 2026 reality (~16 states banned delta-8, more restrict hemp-derived delta-9, all states allow CBD with varying age rules). Outdated maps trigger Google Merchant Center disqualification.
Check 7 — Privacy / Terms / Cookies / Disclaimer pages. All four must exist, accessible from footer, with substantive content (not Yoast/Shopify defaults). Privacy must address CCPA/CPRA for US visitors and GDPR for EU.
Check 8 — Robots.txt + llms.txt. Robots.txt should allow GPTBot, ChatGPT-User, OAI-SearchBot, ClaudeBot, Claude-Web, PerplexityBot, Google-Extended, Applebot-Extended, CCBot, Bytespider, Amazonbot, FacebookBot, cohere-ai. llms.txt should exist with proper structure (see llms.txt for CBD brands).
Check 9 — Schema validation pass.
Run Google Rich Results Test on top 20 pages. Validation errors get fixed; warnings get evaluated. Common findings: missing priceValidUntil, AggregateRating without Review schema, broken image references.
Check 10 — WAF / firewall AI-bot access. Test every major AI bot user-agent against the live site. Cloudflare WAF rules sometimes block AI bots even when robots.txt allows them. Document and fix any cloak before continuing.
Transactional checks (4)
Check 11 — Payment-processor disclosure. Most CBD brands use specialty payment processors (TSYS, Square Reader for CBD-eligible categories, Cornerstone Payment Systems). Disclosure on checkout reduces bounce rate and improves trust signals.
Some brands route through banking partners that explicitly handle CBD; others rely on standard processors that may suspend the account at any time. Either is fine — the failure mode is no disclosure at all, which leaves customers confused at checkout.
Check 12 — Shipping carrier compliance. USPS, UPS, FedEx all ship hemp-derived CBD federally. Some carriers refuse delta-8 or hemp-derived delta-9 at the carrier level. Document carrier acceptance per product class. State-availability indicator on product pages should match.
Check 13 — Refund / return policy.
CBD products are typically perishable + ingestible — refund policies need to be explicit about what’s returnable. Schema markup hasMerchantReturnPolicy should reflect actual policy. Generic Shopify defaults usually don’t.
Check 14 — Compliance counsel relationship. Does the brand have qualified CBD-industry counsel on retainer or accessible? Ranges from formal retainer to “we email Sarah at [law firm] when there’s a question.” For brands operating in regulated industries, having an answer to “who do you call when FDA sends a letter” is a continuity check.
This isn’t directly an SEO check, but it’s a flag — brands without compliance counsel relationships tend to make ad-hoc decisions that compound into trust-signal problems six months later.
How the audit is structured
We deliver findings in 3 categories:
Critical (must-fix before SEO engagement starts):
- Google Ads policy exposure on landing pages
- Age-gate failures
- COA missing or inaccessible
- WAF cloaking AI bots
- Privacy/Terms missing entirely
High (fix in first 60 days of engagement):
- FDA disclaimer placement
- State-restriction map accuracy
- Schema validation errors
- Payment-processor disclosure gaps
Medium (fix in 90–180 days):
- Author byline depth
- Refund policy specificity
- Shipping disclosure variance
- Counsel-relationship documentation
A typical CBD site we audit fails 5–8 of 14 checks. We’ve never audited a brand that passed all 14 on first review.
Free vs paid audit
The free version: top 3 findings delivered by email within 24 hours. No call required. We use it as a sales tool — most brands realize they need help after seeing the report.
The paid version: full 14-point audit, priority-ranked fix list, before/after framing, schema sample code where applicable. Included in Foundation tier ($1,500/mo) as the discovery-week deliverable.
Send your URL to hello@cbdseoagency.co for the free version, or book a discovery call to discuss the full engagement.
Compliance posture → · Google Ads CBD policy → · Meta CBD policy → · State restrictions map →