Every PrestaShop fix we catalog

Reduce Largest Contentful Paint (LCP) to under 2.5 seconds by serving your hero image in a modern format, preloading it, and eliminating render-blocking resources.

On PrestaShop

1. Convert your hero/slider images to WebP and upload them via Back Office → Design → Image Slider (or your installed slider module, e.g., ps_imageslider).
2. Install the 'psgdpr' or a dedicated performance module like 'PrestaSEO Speed' or 'Krona SEO & Speed' from the PrestaShop Addons marketplace to handle JS/CSS minification and deferral.
3. Edit your theme's header.tpl (themes/YourTheme/templates/_partials/head.tpl) to add: <link rel='preload' as='image' href='{$hero_image_url}' fetchpriority='high'>.
4. In the slider module settings, ensure the first slide image does NOT have lazy loading enabled.
5. Enable PrestaShop's built-in CCC (Combine, Compress, Cache) settings: Back Office → Shop Parameters → General → CCC → enable for CSS and JS.
6. Clear the cache (Advanced Parameters → Performance → Clear cache) and verify with PageSpeed Insights.

Write a unique, page-specific meta description for every page on your store so Google can display a relevant snippet in search results.

On PrestaShop

1. For product pages: Admin → Catalog → Products → Edit product → 'SEO' tab → 'Meta description' field → Save.
2. For category pages: Admin → Catalog → Categories → Edit category → 'SEO' tab → 'Meta description' → Save.
3. For CMS pages: Admin → Design → Pages → Edit page → 'SEO' section → Meta description → Save.
4. For bulk updates: use a module such as 'SEO Expert' or export/import products via Admin → Advanced Parameters → Import/Export with the meta_description column.

Write a unique, descriptive title tag for every page on your store so no two pages share the same title.

On PrestaShop

1. For products: go to Catalog → Products → open a product → 'SEO' tab → edit the 'Meta title' field.
2. For categories: Catalog → Categories → open a category → 'SEO' tab → 'Meta title'.
3. For CMS pages: Design → Pages → open a page → edit 'Meta title'.
4. For the shop's default title settings: Shop Parameters → General → set 'Shop name' which is appended to page titles; ensure templates use {$meta_title} in the head.tpl Smarty template.
5. For bulk updates use a CSV import module or an SEO module (e.g. SEO Expert by PrestaHero) that lets you set title templates with dynamic product/category name variables.

Point every faceted/filter URL's canonical tag to the clean, unfiltered category URL (or add noindex) so Google treats filtered pages as one authoritative page instead of thousands of duplicates.

On PrestaShop

1. Go to Shop Parameters → Traffic & SEO. PrestaShop's default behavior may not automatically canonicalize filtered category URLs — you typically need a module.
2. Install an SEO module such as 'SEO Expert' or 'SEO Manager' (available in the PrestaShop Addons Marketplace) that provides canonical tag management for category and filter pages.
3. In the SEO module's settings, configure filtered/faceted URLs to output a canonical pointing to the base category URL.
4. If using the native Faceted Search module (ps_facetedsearch): go to Modules → Faceted Search → Configure. Look for an SEO section and enable 'noindex' for filter combinations or canonical-to-category-page behavior.
5. Verify by viewing page source of a filtered category URL and confirming the canonical tag.

Add descriptive alt text to every image on your store so search engines can understand them and all shoppers can access your content.

On PrestaShop

1. FOR PRODUCT IMAGES: Go to Catalog > Products, open a product, click the 'Images' tab, click on an image, and fill in the 'Caption' field for each language (this outputs as the alt attribute). Save.
2. FOR CMS PAGE IMAGES: Go to Design > Pages, open a CMS page, click the image in the TinyMCE/rich-text editor, then click 'Edit image' and complete the 'Image description (alt text)' field.

Shorten your meta description to 150–160 characters so Google displays your full message in search results instead of cutting it off with "…".

On PrestaShop

1. For Products: go to Catalog → Products → select the product → click the 'SEO' tab → edit the 'Meta description' field (keep under 160 characters) → Save.
2. For Category pages: go to Catalog → Categories → select the category → SEO tab → edit Meta description → Save.
3. For CMS pages: go to Design → Pages → select the page → edit Meta description → Save.
4. PrestaShop displays the remaining character count in the meta description field — use that counter as your guide.

Expand every meta description to 120–160 characters so Google shows your custom summary in search results instead of auto-generating one.

On PrestaShop

1. For a product: Admin → Catalog → Products → Edit product → 'SEO' tab → edit the 'Meta description' field → Save.
2. For a category: Admin → Catalog → Categories → Edit category → 'SEO' tab → Meta description → Save.
3. For a CMS page: Admin → Design → Pages → Edit → 'SEO' section → Meta description → Save.
4. For the homepage: Admin → Shop Parameters → SEO & URLs → find the 'index' page → Edit → Meta description → Save.

Add a self-referencing canonical tag to every page so Google knows which URL is the "official" version of that content.

On PrestaShop

1. Go to Shop Parameters → SEO & URLs → ensure 'Canonical URL' is set to '301 Moved Permanently' or '302 Temporary Redirect' to consolidate duplicate URLs.
2. PrestaShop outputs canonical tags natively on product and category pages in modern versions (1.7+); verify in page source.
3. For older versions or custom themes, install the 'SEO Expert' or 'SEO Manager' module from the PrestaShop Addons Marketplace to enable canonical tag management.
4. In the module settings, enable self-referencing canonical tags for product, category, CMS, and manufacturer pages.
5. Clear the smarty cache under Advanced Parameters → Performance → Clear Cache after changes.

Write a unique meta description of 120–160 characters for every page so Google has compelling snippet text to show in search results.

On PrestaShop

1. For a product: Back Office → Catalog → Products → click the product → 'SEO' tab → fill 'Meta description' field → Save.
2. For a category: Back Office → Catalog → Categories → click the category → 'SEO' tab → fill Meta description → Save.
3. For a CMS page: Back Office → Design → Pages → click the page → fill 'Meta description' → Save.
4. For the homepage: Back Office → Shop Parameters → SEO & URLs → click 'index' in the page list → fill Meta description → Save.

Add an og:description meta tag to every page so social platforms display a compelling preview when your store's links are shared.

On PrestaShop

1. Go to your PrestaShop admin → Catalog → Products → select a product → click the 'SEO' tab → fill in the 'Meta description' field.
2. PrestaShop's default themes use this value in the og:description tag. Confirm by checking themes/[your-theme]/templates/_partials/head.tpl for the og:description line.
3. If the line is missing, add: {if $page.meta.description}<meta property="og:description" content="{$page.meta.description|escape:'html':'UTF-8'}">{/if} inside the <head> block in head.tpl.
4. For categories: Catalog → Categories → select category → SEO tab → Meta description.
5. Flush the cache: Advanced Parameters → Performance → Clear cache, then validate with Facebook Sharing Debugger.

Add an og:image meta tag to every page so social media platforms and messaging apps display a rich preview image when someone shares your store's link.

On PrestaShop

1. Go to Modules → Module Catalog and search for an SEO module such as 'SEO Expert' or 'Open Graph Tags' — install and configure it.
2. In the module settings, map the og:image field to the product's cover/main image for product pages, and set a static fallback image URL for other page types.
3. Alternatively, edit your theme's header.tpl file (located in themes/[your-theme]/templates/_partials/head.tpl) to manually add og:image meta tags using Smarty variables like {$product.cover.bySize.large_default.url}.
4. Clear the PrestaShop cache (Advanced Parameters → Performance → Clear cache) and validate with the Meta Sharing Debugger.

Add an og:title meta tag to every page so your store looks great when shared on Facebook, Pinterest, LinkedIn, and other social platforms.

On PrestaShop

1. Install a dedicated SEO module such as 'SEO Expert' or 'SEO Manager' from the PrestaShop Addons Marketplace — these automatically add og:title tags to all page types.
2. Alternatively, edit your theme's header.tpl file (found in themes/your-theme/templates/_partials/head.tpl or similar) and add: <meta property="og:title" content="{$page.meta.title|escape:'html':'UTF-8'}" /> inside the <head> block.
3. For product pages, the Smarty variable {$product.name} gives the product title; you can conditionally output it: {if isset($product)}<meta property="og:title" content="{$product.name|escape:'html':'UTF-8'}" />{/if}
4. Save the template file and clear the PrestaShop cache via Advanced Parameters → Performance → Clear Cache.
5. Validate using the Facebook Sharing Debugger.

Add a unique, descriptive title tag (30–60 characters) to every page that is missing one.

On PrestaShop

1. For a product: go to Catalog → Products → select the product → click the 'SEO' tab → fill in 'Meta title'.
2. For a category: go to Catalog → Categories → select the category → 'SEO' tab → 'Meta title'.
3. For a CMS page: go to Design → Pages → select the page → fill in 'Meta title'.
4. Click Save.

Remove or replace the `noindex` directive on any page you want Google to find and rank, then verify the change with Google Search Console.

On PrestaShop

1. Admin → Shop Parameters → Traffic & SEO → SEO & URLs — edit the page meta entry and ensure the 'Indexed' option is enabled.
2. For product/category pages: Catalog → Products (or Categories) → edit item → SEO tab → check the Robots field and set to `index, follow`.
3. Also check your theme's `meta.tpl` or `head.tpl` files in `/themes/your-theme/templates/_partials/` for any hard-coded noindex tags.

Add a noindex robots meta tag to all internal search results pages and block the search path in robots.txt to prevent thin, duplicate, near-infinite pages from polluting Google's index.

On PrestaShop

1. Access your PrestaShop back office and go to Shop Parameters → Traffic & SEO → SEO & URLs.
2. Find the 'search' page entry in the list and click Edit.
3. In the meta robots field, set the value to 'noindex, follow' and save.
4. For robots.txt: go to Shop Parameters → Traffic & SEO → scroll to the 'Robots' section → click 'Generate robots.txt file'. Manually edit the generated file on your server (root/robots.txt) to add: Disallow: /search or use the text area in the admin to include the Disallow rule before regenerating.
5. Verify by loading a live search URL and inspecting the <head> for the robots meta tag.

Write a unique 100–200 word description for every product category page explaining what it contains and who it's for.

On PrestaShop

1. In your PrestaShop admin, go to Catalog → Categories.
2. Click 'Edit' on the category you want to update.
3. In the 'Description' tab, use the rich-text editor to add your 100–200 word description.
4. In the 'SEO' tab within the same edit screen, fill in the 'Meta description' field.
5. Click 'Save'. The description will appear on the category page in your theme wherever the {$category.description} Smarty variable is rendered.

Expand your category page description to at least 150–300 words of genuinely useful, keyword-rich content that explains what shoppers will find in the category.

On PrestaShop

1. Go to Admin → Catalog → Categories.
2. Click 'Edit' on the target category.
3. In the 'Description' rich-text field, write your expanded content. PrestaShop supports a full TinyMCE editor here.
4. Click 'Save'.
5. Verify the description appears on the category page front-end; if not, check your active theme's 'category.tpl' file for the {$category.description} variable.

Expand thin product descriptions to at least 300 words of unique, keyword-rich content that answers real shopper questions and gives Google enough text to understand what you sell.

On PrestaShop

1. Go to Back Office → Catalog → Products → click the product to edit.
2. Select the 'Basic Settings' tab. You will see 'Summary' (short description, shown in listing pages) and 'Description' (full content, shown on the product page).
3. Expand your content in the 'Description' rich-text field — this is what appears on the product detail page and what Google indexes most heavily.
4. Click 'Save'. PrestaShop renders descriptions server-side.

Replace filename-based alt text on product images with short, descriptive phrases that accurately describe each image's content.

On PrestaShop

1. Go to Catalog → Products in your back office and open a product.
2. Click the 'Images' tab.
3. Click a product image to select it; a caption/alt text field will appear below or beside the image.
4. Enter your descriptive alt text in the 'Caption' field (PrestaShop uses captions as alt text).
5. Click 'Update' and then save the product.

Add a valid GTIN (and/or MPN) to your Product structured data so Google can match your listings to its product catalog and show them in Shopping results and AI-powered product features.

On PrestaShop

1. In your PrestaShop back office, go to Catalog → Products → select a product → open the 'Shipping' or 'Details' tab.
2. PrestaShop has an 'EAN-13' field and a 'UPC' field built in — enter the appropriate barcode value in the relevant field.
3. To inject these into Product structured data JSON-LD, install a module such as 'SEO Expert' or 'Rich Snippets & Structured Data' from the PrestaShop Addons Marketplace that reads EAN/UPC fields and outputs schema.
4. Alternatively, edit your theme's product template (themes/<yourtheme>/templates/catalog/product.tpl) and add a JSON-LD block referencing '{$product.ean13}' and '{$product.upc}'.
5. Clear PrestaShop cache and verify with Google's Rich Results Test.

Add visible stock availability text to each product page and set the correct `availability` property (InStock, OutOfStock, or PreOrder) in your Product structured data (JSON-LD schema).

On PrestaShop

1. In your PrestaShop back office, go to Catalog → Products → edit a product → Quantities tab and set stock quantity and availability labels.
2. PrestaShop has basic schema support, but for robust Product JSON-LD with `availability`, install a module such as 'SEO Expert' or 'Structured Data / Schema.org' from the PrestaShop Addons Marketplace.
3. Alternatively, edit your product page template (`/themes/<your-theme>/templates/catalog/product.tpl`) to inject a JSON-LD block that reads `{$product.availability}` from the Smarty template variable.
4. Use `{if $product.availability_date}PreOrder{elseif $product.quantity > 0}InStock{else}OutOfStock{/if}` to build the dynamic schema.org URL.
5. Verify with the Rich Results Test after clearing your theme cache.

Add at least 4 high-quality product images (multiple angles, detail shots, and lifestyle/in-use photos) to every product listing to increase click-through rates and conversions.

On PrestaShop

1. Go to Admin (Back Office) → Catalog → Products → click the product name.
2. Select the 'Images' tab on the product edit page.
3. Click 'Choose files' or drag images into the upload area to add multiple photos.
4. After uploading, click each image thumbnail to edit its 'Caption / Alt text' field. Set one image as 'Cover' (main image).
5. Drag images to set display order and click 'Save'.

Rewrite generic product page titles to include the product name plus at least one differentiating attribute (material, colour, size, pack size, or brand) in a natural, keyword-rich format.

On PrestaShop

1. Go to Catalog → Products → [select your product] → Edit.
2. Click the 'SEO' tab in the product editor.
3. Update the 'Meta title' field with your optimised product title.
4. Click 'Save'. PrestaShop outputs this as the <title> tag on the product page.
5. If the field is blank, PrestaShop uses the product name — always populate it explicitly to avoid generic defaults.

Remove product variant URLs (e.g. ?variant=, ?sku=) from your XML sitemap so only the canonical product page URL is submitted to Google.

On PrestaShop

1. PrestaShop generates its sitemap via the Google Sitemap module (or a third-party equivalent). Go to Modules → Module Manager → search for 'Google Sitemap' or your installed SEO module → Configure.
2. In the sitemap module configuration, look for a setting related to product attributes, combinations, or variations and ensure these are excluded from the sitemap. Combinations in PrestaShop generate URLs like /product?id_product=1&id_product_attribute=5 — these should be excluded.
3. If no such toggle exists, consider switching to a more capable SEO module (e.g., SEO Expert, Yoast for PrestaShop) that explicitly excludes combination/attribute URLs.
4. Ensure a canonical meta tag pointing to the clean product URL is present on all combination URLs. This can typically be set in your theme's product.tpl file or via an SEO module's canonical settings.
5. Regenerate and redownload the sitemap from the module, upload or point Google Search Console to the new sitemap URL.

Add a canonical tag to every product variant URL pointing back to the base product page, so Google consolidates ranking signals onto one authoritative URL instead of splitting them across hundreds of near-duplicate pages.

On PrestaShop

1. In your PrestaShop back office, go to Shop Parameters → Traffic & SEO.
2. Scroll to 'SEO & URLs' settings and ensure 'Canonical URL' is set to generate canonical tags for product pages.
3. For attribute/combination URLs (e.g. /product?id_product_attribute=12), install or configure an SEO module such as 'SEO Expert' or 'Yoast SEO for PrestaShop' to output a canonical pointing to the base product URL for all combination pages.
4. If editing theme files directly, open your product.tpl template and add: <link rel="canonical" href="{$product.url}"> inside the <head> block, ensuring {$product.url} resolves to the clean base product URL, not the combination URL.
5. Clear the PrestaShop cache (Advanced Parameters → Performance → Clear cache) and verify with page source inspection.

Expand your page title to between 50 and 60 characters so it displays fully in Google search results and gives shoppers a clear reason to click.

On PrestaShop

1. Go to the item to edit: Catalog → Products (for products) or Catalog → Categories (for categories).
2. Open the item and click the 'SEO' tab.
3. Update the 'Meta title' field with your new 50–60 character title.
4. Click 'Save'. Clear the store cache under Advanced Parameters → Performance if needed.

Add FAQPage (and BreadcrumbList) JSON-LD structured data to pages that contain FAQ content so Google can display rich results directly in search.

On PrestaShop

1. Access your back office and go to Modules › Module Manager.
2. Search for and install an SEO module such as 'SEO Expert' or 'Structured Data' by PrestaHero/others from the Addons Marketplace — most include FAQPage and BreadcrumbList schema generators.
3. Alternatively, edit your theme's CMS page template directly: open themes/<your-theme>/templates/cms/page.tpl and paste your <script type='application/ld+json'> FAQPage block near the closing </body>.
4. For BreadcrumbList: most PrestaShop themes include a breadcrumb snippet — find templates/layouts/layout-full-width.tpl and add the BreadcrumbList JSON-LD block, substituting Smarty variables like {$breadcrumb.links} for dynamic data.
5. Clear the cache under Advanced Parameters › Performance › Clear Cache after making changes.
6. Validate with Google's Rich Results Test.

Add HowTo and BreadcrumbList structured data (JSON-LD) to pages that contain step-by-step instructions so Google can display them as rich results and answer-engine snippets.

On PrestaShop

1. Use a structured data module from the PrestaShop Marketplace (search 'JSON-LD schema') or add custom code.
2. For manual injection: override the relevant CMS page template (cms.tpl or cms-category.tpl in your theme's /templates/cms/ folder) and add the <script type='application/ld+json'> block before </body>.
3. Use a hook (hookDisplayHeader or hookDisplayFooter) in a custom module to inject JSON-LD only on designated CMS pages, checking the controller type with $this->context->controller->php_self == 'cms'.
4. Validate with Google's Rich Results Test.

Add a LocalBusiness JSON-LD schema block to your store so search engines and AI assistants can surface your business name, address, phone number, and hours in rich results and answer boxes.

On PrestaShop

1. Go to Modules → Module Manager and install a structured data module such as 'SEO & Rich Snippets' or 'Structured Data Markup'.
2. Fill in your LocalBusiness details in the module's configuration panel.
3. Alternatively, edit your active theme's header.tpl file (located in themes/<your-theme>/templates/_partials/head.tpl) to paste the JSON-LD block before </head>, then clear the cache via Advanced Parameters → Performance → Clear Cache.

Add Organization schema markup to your store's homepage so search engines and AI systems can definitively identify your business, logo, and social profiles.

On PrestaShop

1. In your PrestaShop back office, go to Design → Theme & Logo → Advanced Customization (or access your theme files via FTP).
2. Open the file themes/<your-theme>/templates/_partials/head.tpl.
3. Paste your <script type='application/ld+json'>…</script> block just before the closing </head> tag.
4. Save and clear PrestaShop's cache under Advanced Parameters → Performance → Clear cache.
5. Validate with Google's Rich Results Test.

Remove or replace the invalid `role="presentation"` (or other disallowed ARIA role) on HTML elements where that role is not permitted, so assistive technologies can correctly interpret your page.

On PrestaShop

1. Navigate to your PrestaShop admin → Design → Theme & Logo → click 'Use this theme' on your active theme to confirm it, then access theme files via FTP at `/themes/<your-theme>/`.
2. Search `.tpl` Smarty template files for the offending role attribute (e.g., `grep -r 'role="presentation"' themes/`).
3. Edit the relevant `.tpl` file to remove or correct the role attribute.
4. Clear the PrestaShop cache: Admin → Advanced Parameters → Performance → Clear cache.
5. Verify with axe DevTools.

Add a discernible, screen-reader-accessible name to every button, link, and menuitem that uses an ARIA command role so assistive technology can announce what it does.

On PrestaShop

1. In your PrestaShop back office, go to Design → Theme & Logo → Your current theme and use the theme editor or FTP/file manager to access theme templates.
2. Locate the relevant .tpl (Smarty) file (e.g., themes/your-theme/templates/_partials/header.tpl or cart-summary.tpl).
3. Find the unlabelled `<button>` or `<a>` and add `aria-label="Descriptive action"`. For SVG icons, add `aria-hidden="true"`.
4. Clear the PrestaShop cache (Advanced Parameters → Performance → Clear cache) and verify on the front end with axe DevTools.

Remove `aria-hidden="true"` from any element that contains focusable children (links, buttons, inputs), or remove the focusable elements from inside the hidden container.

On PrestaShop

1. In your PrestaShop back office, go to Design → Theme & Logo → your active theme.
2. Navigate to your theme directory on the server (typically `themes/<your-theme>/templates/`) and search for `aria-hidden` using your file manager or SSH: `grep -r 'aria-hidden' themes/<your-theme>/`.
3. Open the relevant `.tpl` (Smarty) file, locate the `aria-hidden="true"` on the parent container, and fix the markup so no focusable element is a descendant.
4. Clear the PrestaShop cache (Advanced Parameters → Performance → Clear Cache) and test on the storefront with axe DevTools.

Add a meaningful accessible name (label) to every ARIA input field so screen readers can identify and announce it to users.

On PrestaShop

1. In your PrestaShop back office, go to Design → Theme & Logo → and use 'Edit current theme' or access files via FTP.
2. Locate the template file for the affected form — common locations are themes/<yourtheme>/templates/checkout/, themes/<yourtheme>/templates/customer/, or module override templates.
3. Open the .tpl (Smarty) file and add a <label for="field-id">Descriptive name</label> before the input, or add aria-label="..." directly to the <input> tag.
4. Clear the PrestaShop cache via Advanced Parameters → Performance → Clear cache, then verify the fix in a browser with the axe extension.

Ensure every ARIA parent role contains only its required, permitted child roles — and remove focusable elements (e.g. tabindex on img or a) that are not allowed inside that ARIA context.

On PrestaShop

1. Go to your PrestaShop back office → Design → Theme & Logo → (active theme). The template files live in /themes/[your-theme]/templates/.
2. Use FTP/SFTP or your hosting file manager to open the relevant .tpl (Smarty) template (e.g. _partials/header.tpl, catalog/listing/product-list.tpl).
3. Locate the parent ARIA role, check its children, and add the missing child role attributes or remove the disallowed tabindex from img/a elements.
4. Clear PrestaShop's cache via Advanced Parameters → Performance → Clear Cache, then re-test with axe DevTools.

Wrap every ARIA child role (such as `tab`, `option`, `listitem`, `row`, etc.) in the correct required ARIA parent container role (such as `tablist`, `listbox`, `list`, `rowgroup`, or `grid`) so assistive technologies can correctly interpret the widget's structure.

On PrestaShop

1. In your PrestaShop back office, go to Design → Theme & Logo → select your theme → click 'Use this theme'.
2. Via FTP/SFTP, navigate to `themes/<your-theme>/templates/` and find the template rendering the flagged widget (e.g., a product tabs template).
3. Add the required ARIA parent role (e.g., `role="tablist"`) to the wrapper element surrounding the child role elements.
4. Clear the Smarty cache in Advanced Parameters → Performance → Clear cache, then test the storefront.

Audit every ARIA attribute on your pages and correct any that point to a non-existent element ID, use a disallowed value, or reference an empty/misspelled target so that assistive technologies can correctly interpret your page.

On PrestaShop

1. In your PrestaShop back office, go to Design → Theme & Logo → click 'Use this theme' or navigate to your active theme's files via FTP.
2. In your active child theme folder (themes/<your-theme>/), search all .tpl (Smarty template) files for ARIA attributes using a code editor.
3. Correct ID-reference mismatches and invalid keyword values directly in the template files.
4. Clear the theme cache via Design → Theme & Logo → Advanced Settings → Clear cache, then retest with axe DevTools.

Add a visible or programmatically accessible name to every button so screen readers can announce what it does.

On PrestaShop

1. In your theme directory (themes/<your-theme>/templates/), locate the relevant .tpl file (e.g. _partials/header.tpl, catalog/product.tpl).
2. Find the <button> element and add aria-label="{l s='Descriptive name' d='Shop.Theme'}" using PrestaShop's translation helper.
3. Clear the PrestaShop cache under Advanced Parameters → Performance → Clear Cache, then verify with axe DevTools.

Add a unique, descriptive <title> element to every page so browsers, screen readers, and search engines can identify it.

On PrestaShop

1. For product pages: Catalog → Products → [select product] → SEO tab → 'Meta title' field.
2. For category pages: Catalog → Categories → [select category] → SEO tab → 'Meta title'.
3. For CMS pages (About, Contact, etc.): Design → Pages → [select page] → 'Meta title' field.
4. For the homepage: Shop Parameters → SEO & URLs → find 'index' in the pages list → Edit → 'Page title'.
5. For global default title tag settings: Shop Parameters → SEO & URLs → 'Set up URLs' tab → review title format options.
6. Clear the cache: Advanced Parameters → Performance → Clear cache.

Add a valid `lang` attribute to the `<html>` element so browsers and assistive technologies know what language your page is written in.

On PrestaShop

1. In PrestaShop, the `<html>` tag is in your theme's `templates/layouts/layout-full-width.tpl` (or `layout-both-columns.tpl`, etc.) Smarty template files.
2. Open the relevant layout `.tpl` file in your theme (always use a child/custom theme to avoid overwriting on upgrades).
3. Locate the `<html` tag and ensure it includes the Smarty language variable: `<html lang="{$language.iso_code}">`.
4. The `$language.iso_code` variable is automatically set to the active store language configured under International → Translations → Languages.
5. Save the file and clear the cache under Advanced Parameters → Performance → Clear Cache. Verify via View Source.

Set a valid BCP 47 language code on the `lang` attribute of your page's `<html>` element (e.g., `lang="en"`) so browsers, screen readers, and search engines correctly identify the page language.

On PrestaShop

1. PrestaShop derives the `lang` attribute from the active store language. Go to Back Office → International → Translations → Languages and confirm the correct language is installed and active.
2. In your theme's `templates/_partials/head.tpl` (or the root layout, often `templates/layouts/layout-full-width.tpl`), find the `<html` tag and ensure it uses the Smarty variable: `<html lang="{$language.iso_code}">`.
3. Clear your theme cache via Back Office → Design → Theme & Logo → (Advanced Customization) or via Advanced Parameters → Performance → Clear Cache.
4. Verify the rendered page source shows a valid ISO language code on the `<html>` tag.

Add a descriptive `alt` attribute to every `<img>` element on your store so screen readers and search engines can understand what each image shows.

On PrestaShop

1. **Product images:** Back Office → Catalog → Products → edit a product → Images tab → click an image → fill in the 'Caption' field (this becomes the alt attribute) for each active language → Save.
2. **CMS page images:** Back Office → Design → Pages → edit a CMS page → in the TinyMCE editor, right-click an image → Image Properties → fill in the 'Alternative description (alt text)' field.
3. **Theme template files:** Edit the relevant `.tpl` file (e.g., `themes/<your-theme>/templates/catalog/_partials/product-cover-thumbnails.tpl`) and ensure `{$image.legend}` or a similar variable is output as the `alt` attribute.

Remove or empty the alt attribute on images whose caption or surrounding text already describes them, so screen readers don't announce the same information twice.

On PrestaShop

1. For product images: go to Admin → Catalog → Products → select the product → Images tab → click the image → clear the 'Caption' field (used as alt text) for each language → Save.
2. For CMS page images: Admin → Design → Pages → select the page → in the TinyMCE editor, click the image → Image Properties → clear the 'Alternative Description' field → OK → Save.
3. For theme template images: edit the relevant .tpl file in /themes/<your-theme>/ → find the <img> tag → set alt="" → clear template cache under Admin → Advanced Parameters → Performance.

Add a visible, persistent label to every form field so it is never labeled only by a tooltip (title) or hidden description (aria-describedby).

On PrestaShop

1. In your PrestaShop admin, go to Design → Theme & Logo → and use FTP to access your active theme's template files under `themes/YOUR_THEME/templates/`.
2. Locate the relevant `.tpl` file — common files are `customer/authentication.tpl` (login/register), `checkout/checkout.tpl` (checkout fields), and `_partials/header.tpl` (search).
3. For each `<input>` that has only a `title` attribute, add `<label for="FIELD_ID">Visible Label</label>` before the input and add `id="FIELD_ID"` to the `<input>` tag. For icon-only search bars, add `aria-label="Search"` to the input.
4. Clear the PrestaShop cache (Advanced Parameters → Performance → Clear cache) and verify with an accessibility scanner.

Ensure your site's banner landmark (<header> or role="banner") sits at the top level of the page, not nested inside another landmark region.

On PrestaShop

1. In your PrestaShop back office, go to Design → Theme & Logo → click 'Edit theme' or access files via FTP under `themes/<your-theme>/templates/`.
2. Open `layouts/layout-full-width.tpl` or `layouts/layout-left-column.tpl` (whichever your theme uses) — this is the master page template.
3. Locate the `{block name='header'}` or the `<header>` element and confirm it is rendered as a direct child of `<body>`, not inside a `{block name='main'}` or any element with a landmark role.
4. If the header is nested inside a landmark, restructure the template blocks so the header comes before and outside the main content landmark.
5. Clear the PrestaShop cache (Advanced Parameters → Performance → Clear cache) and verify with axe DevTools.

Move your footer element (or any element with role="contentinfo") to the top level of the page so it is not nested inside another landmark region.

On PrestaShop

1. In your PrestaShop admin, go to Design → Theme & Logo → select your active theme → click 'Configure'.
2. Via FTP or your hosting file manager, navigate to `themes/<your-theme>/templates/_partials/footer.tpl` (or `footer.tpl` in the root templates folder).
3. Open the file and check that the `<footer>` tag is not wrapped inside another landmark element within this file.
4. Also check `themes/<your-theme>/templates/layouts/layout-full-width.tpl` (and other layout files) to confirm that the `{block name='footer'}` include appears after the closing `</main>` tag, not inside it.
5. Save changes, clear the PrestaShop cache (Advanced Parameters → Performance → Clear Cache), and validate with axe DevTools.

Ensure your page has only one banner landmark (a single `<header>` element or `role="banner"`) so assistive technologies can navigate your site correctly.

On PrestaShop

1. Via FTP or your hosting file manager, go to themes/<your-theme>/templates/layouts/ and open layout-full-width.tpl (or whichever layout your store uses).
2. Search for '<header' and 'role="banner"'. Ensure only one top-level <header> exists for the site header.
3. Change any duplicate <header> elements (in module template files under modules/<module-name>/views/templates/) to <div> and remove role="banner".
4. Clear PrestaShop's cache: Back Office → Advanced Parameters → Performance → Clear cache.
5. Verify with axe DevTools.

Add a single `<main>` landmark element (or `role="main"`) to every page so that screen-reader users and assistive technologies can skip directly to the primary content.

On PrestaShop

1. In your theme folder (typically `themes/<your-theme>/`), open `templates/layouts/layout-full-width.tpl` (and any other layout `.tpl` files you use).
2. Find the content wrapper — often `<div id="main">` — and change it to `<main id="main-content" role="main">`.
3. Update the closing tag accordingly.
4. Add a skip link in `templates/_partials/header.tpl` just after the `<body>` tag: `<a class="sr-only sr-only-focusable" href="#main-content">Skip to main content</a>`.
5. Clear the PrestaShop cache (Advanced Parameters → Performance → Clear cache) and re-test.

Add a descriptive, screen-reader-accessible label to every link on your store so assistive technologies can announce where each link leads.

On PrestaShop

1. In the back office, go to Design → Theme & Logo → (your active theme) → Use this theme.
2. Via FTP or your hosting file manager, navigate to themes/<your-theme>/templates/ and open the template file containing the unnamed link (e.g. _partials/header.tpl for the header, catalog/listing/product-list.tpl for product cards).
3. Add aria-label='<descriptive text>' to the relevant <a> tag or a descriptive alt attribute to the <img> inside it.
4. If using a child theme or theme override, place edits in the child theme to survive updates.
5. Clear the PrestaShop cache in Advanced Parameters → Performance → Clear cache, then re-test.

Remove `user-scalable=no` (and any `maximum-scale` value below 5) from your site's `<meta name="viewport">` tag so visitors can pinch-to-zoom on mobile devices.

On PrestaShop

1. Via FTP or your hosting file manager, navigate to `themes/<your-theme>/templates/_partials/head.tpl`.
2. Search for `meta name="viewport"` and remove `user-scalable=no` / correct `maximum-scale`.
3. Save the file and clear PrestaShop's cache: Back Office → Advanced Parameters → Performance → Clear cache.
4. Test on a mobile device.

Remove or raise the `maximum-scale` value in your site's `<meta name="viewport">` tag so mobile users can pinch-to-zoom freely.

On PrestaShop

1. Via FTP or your hosting file manager, open your active theme folder: themes/<your-theme>/templates/_partials/head.tpl.
2. Find `<meta name="viewport"` and remove `maximum-scale=1` or `user-scalable=no`.
3. Save the file and clear PrestaShop's smarty cache under Advanced Parameters → Performance → Clear cache.

Remove or restructure focusable elements nested inside interactive controls so that no interactive element contains another focusable child.

On PrestaShop

1. In your PrestaShop back office, go to Design → Theme & Logo → (your theme) and note the active theme name.
2. Via FTP/SFTP, navigate to themes/<your-theme>/templates/catalog/_partials/miniatures/product.tpl — this is the product card template.
3. Open the file and find the wrapping <a> or interactive element that contains nested focusable children (e.g. a quick-view button or Add to Cart inside a link).
4. Restructure using the sibling pattern: use a non-interactive <div> as the card wrapper, and place the product link and action buttons as direct siblings.
5. Clear the PrestaShop cache: Advanced Parameters → Performance → Clear cache.
6. Test keyboard navigation on the category page.

Add a descriptive, programmatically associated label to every `<select>` dropdown element on the site so assistive technologies can announce its purpose to users.

On PrestaShop

1. In your PrestaShop back office, go to Design → Theme & Logo → your active theme. Template files are in '/themes/YOUR-THEME/templates/'.
2. Find the template rendering the unlabelled <select> — common files: 'catalog/product.tpl' (variant selectors), 'checkout/checkout.tpl' (address country/state), '_partials/form-fields.tpl' (generic form fields).
3. Add a <label for="MATCHING-ID">{l s='Descriptive text' d='Shop.Theme'}</label> before the <select> tag, or add aria-label="{l s='Descriptive text' d='Shop.Theme'}" on the element itself.
4. Clear the PrestaShop cache via Advanced Parameters → Performance → Clear cache, then verify.

Add a valid, matching target ID to every skip-navigation link so keyboard and assistive-technology users can bypass repeated header content and jump directly to the main content area.

On PrestaShop

1. In your PrestaShop back office go to Design → Theme & Logo → your active theme → then edit the theme files directly via FTP or your hosting file manager.
2. Open themes/<your-theme>/templates/_partials/header.tpl. Add a skip link as the first element: `<a href='#main' class='skip-link'>Skip to main content</a>` and include the visibility CSS.
3. Open themes/<your-theme>/templates/index.tpl (and product.tpl, category.tpl as needed). Locate the <main> element and add `id='main' tabindex='-1'` if not already present.
4. Clear the Smarty cache in Advanced Parameters → Performance → Clear Cache and test.

Remove all positive tabindex values (tabindex="1" or higher) from your store's HTML elements, replacing them with tabindex="0" or relying on natural document order to control keyboard focus.

On PrestaShop

1. Connect via FTP/SFTP or use the Admin File Manager. Navigate to themes/<your-theme>/templates/ and search all .tpl (Smarty) files for 'tabindex'.
2. Edit the offending .tpl file and remove or set the tabindex to 0. Always work in a child theme or custom theme to avoid losing changes on updates.
3. Also check any installed modules (modules/<module-name>/views/templates/) for positive tabindex values and override them via the theme's module template override folder.
4. Clear the PrestaShop cache: Admin → Advanced Parameters → Performance → 'Clear cache'. Verify with keyboard navigation.

Add a valid BCP 47 language code to every `lang` attribute on your pages so assistive technologies can read content in the correct language.

On PrestaShop

1. PrestaShop generates the `<html lang>` attribute from the active language. Go to Admin → International → Translations → Languages and verify the language code (ISO code field) for each installed language is a valid two-letter ISO 639-1 code (e.g. `en`, `fr`, `de`).
2. In your active theme, open `templates/_partials/head.tpl` (or the root layout file). Find the `<html` tag and ensure it uses the Smarty variable `{$language.iso_code}` rather than a hard-coded value.
3. If using a custom or third-party theme that hard-codes an invalid `lang` value, override the template in your child theme and correct it.
4. Save, clear cache (Admin → Advanced Parameters → Performance → Clear cache), and verify.

Strengthen your DMARC policy from p=none (monitor-only) to p=quarantine, then p=reject, to actively block email spoofing of your domain.

On PrestaShop

1. PrestaShop is self-hosted; update the _dmarc TXT record at your registrar or hosting DNS panel.
2. Change p=none to p=quarantine and save the record.
3. Verify your PrestaShop transactional mail SMTP settings (Advanced Parameters > E-mail) and confirm the sending domain's SPF and DKIM are published.
4. After a monitoring period with clean reports, update the DMARC record to p=reject.

Enable HTTP Strict-Transport-Security (HSTS) by setting a max-age of at least 31536000 seconds (one year) so browsers always use HTTPS when visiting your store.

On PrestaShop

1. In PrestaShop Admin, go to Shop Parameters → General and enable 'Force HTTPS for all pages' — this enables redirects but does not itself set the HSTS header.
2. Add the HSTS header at the server level: for Nginx add `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;` in your server block; for Apache add `Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"` in your VirtualHost or .htaccess.
3. Alternatively, add it in PrestaShop's .htaccess file in the root directory (Apache only), after the existing security headers section.
4. Verify via browser DevTools after deployment.

Increase your HSTS max-age to at least 31536000 (one year) so browsers enforce HTTPS-only connections for a meaningful period.

On PrestaShop

1. In the PrestaShop Admin, go to Shop Parameters → General and ensure 'Enable SSL' and 'Enable SSL on all pages' are both ON.
2. PrestaShop does not natively set HSTS headers; add them at the web-server level.
3. Apache: In your <VirtualHost *:443> block or .htaccess: Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
4. Nginx: In your server {} block: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
5. Reload the web server and verify at securityheaders.com.

Enable HTTPS by installing a valid SSL/TLS certificate and redirecting all HTTP traffic to the secure HTTPS version of your store.

On PrestaShop

1. Install an SSL certificate via your hosting control panel (cPanel Let's Encrypt or your host's SSL manager).
2. In your PrestaShop Back Office, go to Shop Parameters → General.
3. Set 'Enable SSL' to 'Yes' and 'Enable SSL on all pages' to 'Yes'.
4. Save the configuration. PrestaShop will now serve all pages over HTTPS and redirect HTTP requests automatically.
5. Flush PrestaShop's cache under Advanced Parameters → Performance → Clear cache.

Remove or obscure the Server HTTP response header so your web server software name and version are no longer exposed to the public internet.

On PrestaShop

1. PrestaShop is self-hosted — apply the fix at the web server level, not within PrestaShop's admin.
2. For Apache: add `ServerTokens Prod` and `ServerSignature Off` to `httpd.conf` or the `.htaccess` file in the PrestaShop root.
3. For nginx: add `server_tokens off;` to the nginx server block for your PrestaShop site, then reload nginx.
4. Verify with `curl -I https://yourstore.com` — `Server` should be absent or show only `Apache` or `nginx` with no version number.

Remove or mask the X-Powered-By HTTP response header to stop advertising your server technology stack to attackers.

On PrestaShop

1. For Apache hosting: Add `Header unset X-Powered-By` to your PrestaShop root .htaccess file (mod_headers must be active).
2. For Nginx hosting: Add `more_clear_headers 'X-Powered-By';` to the server block in your vhost config, then reload Nginx.
3. In php.ini (or .user.ini in your web root): Set `expose_php = Off` to prevent PHP from emitting its version in this header.
4. Alternatively, add `header_remove('X-Powered-By');` in /config/defines.inc.php or a custom override module.

Set the HttpOnly, Secure, and SameSite=Strict flags on every session and CSRF cookie your store sets so they cannot be stolen by malicious scripts or sent over unencrypted connections.

On PrestaShop

1. Go to Back Office → Advanced Parameters → Administration and ensure 'SSL enabled' and 'SSL on all pages' are both set to 'Yes'.
2. Open config/defines.inc.php (via FTP/SSH or File Manager) and verify `define('_PS_SSL_ENABLED_', 1);` is set.
3. For session cookie flags, edit config/config.inc.php or override in a custom module: call `session_set_cookie_params(['secure' => true, 'httponly' => true, 'samesite' => 'Strict'])` before `session_start()`.
4. Alternatively, install a security hardening module from the PrestaShop Addons Marketplace (search 'security headers') that manages cookie flags through the module's configuration UI.
5. Clear the PrestaShop cache (Advanced Parameters → Performance → Clear Cache) and verify flags in DevTools.

Add a Content-Security-Policy (CSP) response header to every page so browsers block unauthorized scripts, styles, and resources from loading.

On PrestaShop

1. In PrestaShop 1.7.7+ go to Back Office → Advanced Parameters → Administration, and look for the 'Security' section — enable the HTTP headers / CSP option if available.
2. For full control, edit your `.htaccess` file in the PrestaShop root directory (Apache): add `Header always set Content-Security-Policy "default-src 'self'; object-src 'none'"`
3. For Nginx, add the `add_header` directive to your site's server block config.
4. Alternatively, install a security-headers module from the PrestaShop Marketplace (search 'security headers') to manage CSP via the admin UI.
5. Test checkout flows carefully — PrestaShop payment modules often load external scripts that must be whitelisted.

Add a DMARC DNS TXT record at _dmarc.yourdomain.com to protect your domain from email spoofing and phishing.

On PrestaShop

1. PrestaShop is self-hosted — add the DMARC TXT record at your domain registrar or DNS provider: Name = '_dmarc', Type = TXT, Value = v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
2. In PrestaShop admin, go to Advanced Parameters → E-mail and set the email method to SMTP. Enter the credentials for an authenticated sending provider (SendGrid, Mailgun, etc.) that has SPF and DKIM configured for your domain.
3. Save and send a test email to verify DKIM and SPF pass in the email headers before tightening DMARC policy.

Add a Permissions-Policy HTTP response header to explicitly restrict which browser features (camera, microphone, geolocation, etc.) your store's pages are allowed to use.

On PrestaShop

1. For Apache: edit .htaccess in PrestaShop root (Back Office → Advanced Parameters → Performance has a 'Generate htaccess' option — edit the generated file or add via FTP): add `Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"`
2. For Nginx: add `add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;` to your server block and reload Nginx.
3. Alternatively, create a custom PrestaShop module that hooks into actionDispatcher or uses PHP's header() call early in the bootstrap to set the header.
4. Verify with Chrome DevTools or securityheaders.com.

Add a `Referrer-Policy: strict-origin-when-cross-origin` HTTP response header to every page so browsers control what referrer information is sent with requests.

On PrestaShop

1. Open your `.htaccess` file in the PrestaShop root and add: `Header always set Referrer-Policy "strict-origin-when-cross-origin"` inside a `<IfModule mod_headers.c>` block.
2. For Nginx, add `add_header Referrer-Policy "strict-origin-when-cross-origin" always;` in your server block and reload Nginx.
3. Alternatively, edit `config/smarty.config.inc.php` or create an override/module that hooks into the `Header` smarty template to inject the `<meta>` tag into `<head>`.
4. Verify with browser DevTools or securityheaders.com.

Add a DNS TXT record containing a valid SPF policy to your domain so email servers can verify that messages sent from your domain are legitimate.

On PrestaShop

1. DNS is managed at your registrar or hosting control panel, not inside PrestaShop.
2. Add a TXT record at '@' with your SPF value at your DNS provider.
3. In PrestaShop back office, go to Advanced Parameters → Email to see the outbound mail method (PHP mail vs. SMTP) and the SMTP server configured. Add that provider's SPF include: directive.
4. Verify propagation with a free SPF lookup tool.

Add an HTTP Strict-Transport-Security (HSTS) response header with at least `max-age=31536000; includeSubDomains` to every HTTPS response your store sends.

On PrestaShop

1. PrestaShop runs on Apache or Nginx — add the HSTS header at the server config level.
2. Apache: Edit .htaccess in the PrestaShop root or your VirtualHost config. Add inside `<IfModule mod_headers.c>`: `Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"`.
3. Nginx: In the SSL server block add: `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;`
4. Reload the web server and verify with DevTools or curl.

Add the `X-Content-Type-Options: nosniff` HTTP response header to every page of your store so browsers never guess at file types.

On PrestaShop

1. For Apache hosting: open the .htaccess file in your PrestaShop root directory (or generate a new one via Admin → Advanced Parameters → Performance → Generate .htaccess file) and add: Header always set X-Content-Type-Options "nosniff"
2. For Nginx: add 'add_header X-Content-Type-Options nosniff always;' inside your server {} block in the Nginx config file.
3. Alternatively, install a PrestaShop security module such as 'Security Headers' from the PrestaShop Addons marketplace, which provides a UI for setting response headers.
4. Clear PrestaShop's cache (Admin → Advanced Parameters → Performance → Clear Cache) and verify in browser dev-tools.

Add an X-Frame-Options HTTP response header set to DENY or SAMEORIGIN to prevent your store's pages from being embedded in iframes on other websites.

On PrestaShop

1. In your PrestaShop hosting environment, open your .htaccess file (root of your PrestaShop installation) and add: Header always set X-Frame-Options SAMEORIGIN
2. If using Nginx, add to your server{} block: add_header X-Frame-Options SAMEORIGIN always;
3. Alternatively, install a security-headers module from the PrestaShop Marketplace (search 'security headers') which adds X-Frame-Options via a back-office toggle.
4. Clear PrestaShop cache: Advanced Parameters → Performance → Clear Cache.
5. Verify via DevTools → Network → Response Headers.

Complement passive security scans with active Dynamic Application Security Testing (DAST) against a staging copy of your store before each release.

On PrestaShop

1. PrestaShop is self-hosted — set up a staging copy on a private subdomain, keeping it IP-restricted so bots and customers cannot reach it.
2. Copy your production database (anonymised — remove real customer data) to staging and point staging's configuration to it.
3. Install OWASP ZAP locally. Target your staging URL, configure an authenticated session using a test-customer account to cover the cart, checkout, and My Account areas.
4. Run Active Scan, focusing on custom modules in /modules/ and any overrides in /override/ — these are the most frequent sources of custom vulnerabilities in PrestaShop.
5. Remediate High/Critical findings, then redeploy the patched code to staging and re-scan before promoting to production.
6. Use PrestaShop's built-in Security page (Admin → Advanced Parameters → Security) to review additional hardening options alongside DAST results.

Renew your SSL/TLS certificate before it expires to keep your store secure, trusted, and visible in search results.

On PrestaShop

1. SSL is managed at the server/hosting level. Renew via your hosting control panel (cPanel, Plesk) or via Let's Encrypt CLI on your server.
2. After renewal, go to PrestaShop Admin → Shop Parameters → General → Enable SSL → set to 'Yes', and also enable 'Force SSL on all pages'.
3. Clear PrestaShop cache: Admin → Advanced Parameters → Performance → Clear cache.

Install a valid SSL/TLS certificate that exactly matches your store's domain name, so browsers trust your site and customer data is encrypted in transit.

On PrestaShop

1. SSL in PrestaShop is managed at the server level (same as self-hosted Magento — install the certificate via your hosting panel or server config).
2. After installing the correct certificate on your server, go to PrestaShop Admin → Shop Parameters → General. Set 'Enable SSL' to Yes and 'Enable SSL on all pages' to Yes. Save.
3. If you use a hosting control panel (cPanel), use Security → SSL/TLS → Let's Encrypt to provision a free certificate for your exact domain, then enable SSL in PrestaShop Admin as above.

Replace or reissue your SSL/TLS certificate so it is valid for the exact domain name your store uses, eliminating the hostname mismatch error.

On PrestaShop

1. SSL is managed at the hosting layer for self-hosted PrestaShop installations.
2. Log in to your hosting control panel and issue or re-issue an SSL certificate (Let's Encrypt recommended) covering yourstore.com and www.yourstore.com.
3. In PrestaShop Admin → Shop Parameters → General, enable 'SSL' and 'Force SSL on all pages'.
4. Ensure 'Shop domain' and 'SSL domain' fields (Admin → Configure → Shop Parameters → General → Set Shop URL) exactly match the domain on the certificate.
5. Clear PrestaShop cache: Admin → Advanced Parameters → Performance → Clear cache.

Enable HTTPS on your store by opening port 443 and installing a valid SSL/TLS certificate so every page is served over a secure connection.

On PrestaShop

1. Ensure port 443 is open on your server/hosting firewall and a valid SSL certificate is installed (via cPanel SSL/TLS or Certbot).
2. In PrestaShop Admin → Shop Parameters → General, enable 'SSL' by toggling 'Enable SSL' to 'Yes'.
3. Also enable 'Enable SSL on all pages' to force HTTPS sitewide.
4. Click 'Save'. PrestaShop will now serve all pages over HTTPS via port 443.

Add a hard-fail (-all) or soft-fail (~all) mechanism to your SPF DNS record so that mail servers are explicitly told to reject or flag email from senders not listed in your record.

On PrestaShop

1. PrestaShop does not manage DNS. Log in to your domain registrar or hosting DNS panel.
2. Find the TXT record for your root domain (@) starting with v=spf1.
3. If you send email via your server's native PHP mail or a configured SMTP (set in PrestaShop Back Office → Advanced Parameters → Email), ensure the sending server IP or SMTP relay's include: entry is present.
4. Append -all to the end of the record and save.

Set the X-Content-Type-Options response header to exactly `nosniff` (once, not duplicated) on every page and asset your store serves.

On PrestaShop

1. Edit your Apache `.htaccess` file in the PrestaShop root, or your Nginx server block config.
2. Apache: add `Header always set X-Content-Type-Options "nosniff"` inside a `<IfModule mod_headers.c>` block.
3. Nginx: add `add_header X-Content-Type-Options "nosniff" always;` in the server block.
4. Remove any duplicate directives or conflicting module settings.
5. Reload the web server and verify with DevTools.

Identify your ecommerce platform and CMS version, then ensure it is always kept up to date to protect your store from security vulnerabilities and avoid loss of vendor support.

On PrestaShop

1. Log in to PrestaShop Admin → Dashboard: look for the update notification widget that shows your current version vs. the latest available.
2. Use the official '1-Click Upgrade' module (autoupgrade) — install it from PrestaShop Addons Marketplace if not already installed, then go to Modules → 1-Click Upgrade and run the upgrade wizard.
3. Always back up your database and files before upgrading — the module prompts you to do this.
4. After upgrading, go to Advanced Parameters → Information to confirm the new version is active and check for any module compatibility warnings.

Enable auto-renew on your domain registration and set calendar reminders well before expiry to prevent accidental loss of your store's address.

On PrestaShop

1. PrestaShop does not manage domain registrations. Log in to your domain registrar's control panel directly.
2. Enable auto-renew and update payment details at the registrar.
3. If PrestaShop is hosted on a platform that also registered the domain (e.g. OVHcloud, 1&1 IONOS), find the Domains section in that hosting control panel.

Install Google Tag Manager on your store and configure GA4 with ecommerce event tracking (view_item, add_to_cart, purchase) so you can measure what's driving revenue.

On PrestaShop

1. In PrestaShop Admin, go to Modules → Module Manager → search for 'Google Tag Manager'. Install a compatible module such as 'Google Tag Manager + GA4 Enhanced Ecommerce' from the PrestaShop Addons Marketplace.
2. Configure the module with your GTM Container ID. The module automatically pushes GA4 ecommerce dataLayer events for view_item, add_to_cart, and purchase.
3. Alternatively, edit your active theme's header.tpl and footer.tpl files to paste the GTM snippets manually.
4. Set up GA4 tags in GTM, test with Preview and GA4 DebugView, then publish.

Add a correct `lang` attribute to your site's `<html>` tag so browsers, search engines, and assistive technologies know what language your store is written in.

On PrestaShop

1. In your PrestaShop admin, the lang attribute is rendered by the theme's layout template.
2. Navigate to your active theme folder at themes/<your-theme>/templates/layouts/ and open layout-full-width.tpl (or layout-both-columns.tpl etc., whichever is used as the base).
3. Find the <html tag. PrestaShop's Smarty templates typically output the language using {$language.iso_code} or {$language.language_code}.
4. Update the tag to: <html lang="{$language.iso_code}"> — this dynamically pulls the ISO code of the active language.
5. Save and clear the PrestaShop cache via Advanced Parameters › Performance › Clear cache, then verify via View Page Source.

Update the `offers.availability` field in your Product schema to `OutOfStock` (or `PreOrder`/`Discontinued`) whenever a product sells out, so Google's data matches your real inventory.

On PrestaShop

1. PrestaShop outputs Product schema via its theme or an SEO module. Go to Admin > Catalog > Products, open the out-of-stock product, and on the 'Quantities' tab set the quantity to 0 and ensure 'Allow orders when out of stock' is set to 'No'.
2. For schema specifically, check your active theme's product template (themes/[your-theme]/templates/catalog/product.tpl) for a JSON-LD block. If availability is hard-coded, replace it with a Smarty conditional: '{if $product.availability == "available"}https://schema.org/InStock{else}https://schema.org/OutOfStock{/if}'.
3. Alternatively, install an SEO module such as 'SEO Expert' or 'SEO Pack' from the PrestaShop Addons Marketplace, which typically handles dynamic availability in schema automatically.
4. Clear the PrestaShop cache (Admin > Advanced Parameters > Performance > Clear cache) and validate.

Add internal links from category pages, navigation, and related-product sections to every product page so crawlers and shoppers can find them without relying solely on your sitemap.

On PrestaShop

1. In the back office, go to Catalog → Products. Use the 'Category' column to sort and identify products with no category assignment.
2. Click Edit on each orphaned product, go to the 'Categories' tab, and assign it to a 'Default Category' and any additional relevant categories.
3. Ensure categories are enabled and visible: go to Catalog → Categories and verify the relevant categories are active and appear in your menu (Modules → Main Menu).
4. For related products: on the product edit page, go to the 'Associations' tab and add relevant accessories/related products in the 'Accessories' field.
5. Use a module like 'Related Products Pro' from the PrestaShop Addons Marketplace to automate related-product links across your catalog.

Add every canonical product URL to your XML sitemap so search engines can discover and index your products faster.

On PrestaShop

1. Install or enable the 'Google Sitemap' module (bundled with many PrestaShop versions): go to Modules → Module Manager → search for 'Sitemap' → Configure.
2. In the module settings, ensure 'Products' is checked as a content type to include, then click 'Generate Sitemap'.
3. Verify the output at yourdomain.com/sitemap.xml.
4. Submit to Google Search Console → Sitemaps.

Audit every page, asset, and third-party embed on your store to ensure no HTTP resources are loaded on HTTPS pages, and fix any mixed-content violations before they silently break security warnings or block content in visitors' browsers.

On PrestaShop

1. In the admin panel, go to Shop Parameters → General and enable 'Force HTTPS' — this forces all store pages to use HTTPS.
2. Go to Advanced Parameters → Performance and flush all caches after making changes.
3. Search your theme files (under /themes/your-theme/) for any hardcoded http:// asset references in .tpl, .css, and .js files; update to https://.
4. In the admin back office, check CMS Pages (Design → Pages), product descriptions, and category descriptions for any http:// image URLs embedded via the rich-text editor.
5. For modules that inject external scripts (Modules → Module Manager), check each module's configuration for HTTP embed codes; update to HTTPS versions.
6. Add a Content-Security-Policy header via your server config or a PrestaShop security module to enforce upgrade-insecure-requests as a safety net.
7. Clear the cache (Advanced Parameters → Performance → Clear cache) and verify the storefront in a browser with DevTools open.

Confirm your store has a correct responsive viewport meta tag so it displays properly on phones and tablets.

On PrestaShop

1. Open your active theme directory on your server: themes/<your-theme>/templates/_partials/head.tpl (or head.thtml depending on theme version).
2. Search for 'viewport'. Add or correct the tag inside the <head> block: <meta name="viewport" content="width=device-width, initial-scale=1">.
3. Clear PrestaShop's template cache under Advanced Parameters → Performance → Clear cache.
4. Verify with Google's Mobile-Friendly Test.

Remove or suppress the Server version header so your web server software and version number are no longer exposed in every HTTP response.

On PrestaShop

1. PrestaShop is self-hosted, so the fix is applied at the server level.
2. On Apache: open .htaccess in your PrestaShop root (or the server's httpd.conf/vhost config) and add `Header unset Server` and `Header unset X-Powered-By`. Ask your host to set `ServerTokens Prod` in the main config.
3. On Nginx: add `server_tokens off;` in nginx.conf or the site server block; use headers_more to fully clear the header.
4. In PrestaShop's back office, there is no built-in setting for this — it must be done at the server/host level.
5. Set `expose_php = Off` in php.ini if your host allows it.
6. Use a hosting control panel (cPanel, Plesk) if available to modify PHP settings and .htaccess.

Monitor your SSL/TLS certificate expiry date and set up auto-renewal so your store never goes offline or shows a security warning to shoppers.

On PrestaShop

1. SSL is managed at the web-hosting or server level, not inside PrestaShop.
2. Log into your hosting control panel and enable auto-renewal for your SSL certificate (Let's Encrypt or paid cert).
3. Once the certificate is active, go to PrestaShop Admin → Shop Parameters → General → Enable SSL → set to 'Yes', and also enable 'Enable SSL on all pages'.
4. Save, then browse your storefront to confirm the padlock appears and no mixed-content warnings are shown in the browser console.