Soft 404 (200 Status on a "not found" Page)
A page that says "not found" but returns HTTP 200 instead of 404 wastes crawl budget, can get indexed as a thin/empty page, and dilutes overall site quality in Google's eyes.
Why it matters
A page that says "not found" but returns HTTP 200 instead of 404 wastes crawl budget, can get indexed as a thin/empty page, and dilutes overall site quality in Google's eyes. Search engines rely on the status code to know a page is genuinely gone.
Schedule a fix in your next sprint. Warnings won't block your site but they consistently leave performance on the table. Estimated SEO impact: medium — measurable effect on click-through or relevance.
How to fix
- Return a real 404 (or 410) status for pages that no longer exist
- If the page should exist, add the missing content so it is no longer empty
- Redirect (301) to a relevant live page when the old URL has a clear replacement
Common causes
If the rule is firing across many pages, the root cause is almost always one of these:
- Mixed-content sub-resources from before HTTPS migration that escaped the rewrite.
- CDN or upstream proxy strips a security header that was set at the origin.
- Legacy redirects send HTTPS traffic through HTTP first.
- Test/staging hostnames leak into production HTML via hard-coded URLs.
Anti-patterns to avoid
Even with the best intentions, these "fixes" make the issue worse — recognise them so you don't ship them:
- Mixed HTTP/HTTPS resources after migration.
- Self-signed or expired certificates on production.
- Long-lived secrets in client-rendered HTML or JS bundles.
How atlookup detects this
Our crawler renders each page with a real headless browser, then inspects HTTPS state, response headers, mixed content, and certificate validity. Pages where the rule fires for soft 404 (200 status on a "not found" page) are flagged on the report.
If you'd like to see this rule fire on your own site, run a free 60-second audit — every page is reported with the exact lines that triggered it.
Tools to verify the fix
Once you've applied the fix, double-check with these external validators:
- SSL Labs — Grades certificate + protocol configuration.
- securityheaders.com — Audits response headers against best practice.
Frequently asked questions
Why does Soft 404 (200 Status on a "Not Found" Page) matter for SEO?
A page that says "not found" but returns HTTP 200 instead of 404 wastes crawl budget, can get indexed as a thin/empty page, and dilutes overall site quality in Google's eyes. Search engines rely on the status code to know a page is genuinely gone.
How do I fix soft 404 (200 status on a "not found" page)?
Return a real 404 (or 410) status for pages that no longer exist If the page should exist, add the missing content so it is no longer empty Redirect (301) to a relevant live page when the old URL has a clear replacement
Is this a critical SEO issue?
Schedule a fix in your next sprint. Warnings won't block your site but they consistently leave performance on the table. Estimated SEO impact: medium — measurable effect on click-through or relevance.
How does atlookup detect soft 404 (200 status on a "not found" page)?
Our crawler renders each page with a real headless browser, then inspects HTTPS state, response headers, mixed content, and certificate validity. Pages where the rule fires for soft 404 (200 status on a "not found" page) are flagged on the report.
How long does it take to fix?
5–15 minutes per page. Most teams batch similar issues across templates so the per-page time goes down at scale.
Related issues
FRAME_TAG_PRESENT
Deprecated frame/frameset Tag Present
<frame> and <frameset> are removed from HTML5 — not supported in modern browsers, bad for SEO, and catastrophic for accessibility.
FLASH_OBJECT_PRESENT
Flash Object on Page
Adobe Flash has been end-of-life since December 2020 — no browser runs it.
FORM_INSECURE_ACTION
Form Action Uses HTTP on HTTPS Page
A form that POSTs to an HTTP endpoint on an HTTPS page sends user data in the clear — a serious security and privacy failure.
MIXED_CONTENT_IFRAME
Mixed Content: HTTP iframe on HTTPS Page
HTTP iframes on HTTPS pages are blocked by modern browsers entirely — the embedded content simply does not render, breaking the user experience.