← rooo.pro

Auditing 3 sites and clearing 24 items in a single day

2026-05-07 / Vol. 3 / draft at time of publishing

Day 4 after launch.
I had already gotten three sites running on the same workflow. Today became a day in the "tighten up" direction.

Conclusion: I had the three sites audited cross-cutting, surfacing 24 items, and closed every single one of them on the same day. Everything except the long-term Astro migration is now closed.


That morning, a notification came from Search Console

I opened Gmail and there was a Google Search Console notification about karaha.org: "Alternate page with proper canonical tag." I didn't understand what it meant, so I dropped a screenshot to Claude.

This notification appears when Google has decided "not to index" a page. In this case, an old URL /home/ is returning 404. URLs from your Google Sites era are still around, and Google is hitting 404s when traffic comes from search results.

Right, I thought.
karaha.org used to run on Google Sites and was migrated to Cloudflare Pages. /home doesn't exist on the new site.

Two lines added to _redirects:

/home / 301
/home/* /:splat 301

Now /home and /home/whatever all 301 to the top. Hit "Validate fix" in GSC and done.

Old Google Sites legacy was buried at one more site too

It was a one-line fix, but I started wondering: "are esynet.jp and rooo.pro affected by the same pattern?" I asked Claude to check.

esynet.jp — yes.
/ホーム/所在地連絡先, /ホーム/お知らせ, /ホーム/blog, /ホーム/主な取扱商品, /ホーム/運営取引情報, /ホーム/お問い合わせ, and /ホーム itself. All 7 returning 404.

Handled with 7 lines in _redirects. Japanese paths needed URL encoding to match in Cloudflare, so I used Python to encode them. Each was routed to the corresponding v2 page: /legal/tokutei/ (legal address page), /#products anchor, /#contact anchor, the top, etc.

rooo.pro started from a blank slate so there were no legacy URL assets, no critical issues. GSC just had a stale sitemap submission and an orphan URL prefix property — deleted both, cleaned up.

"While we're at it, run a full audit"

All three sites' GSC warnings were settled. But I thought: "there's probably way more that's not in order yet."

Three days from launch. Things were running but I'd surely missed plenty. Better to comb through preemptively than scramble after each warning. I asked Claude:

Please do a comprehensive cross-cutting check on all three sites with various perspectives, and propose improvements.

Claude ran a research agent and after a while returned suggestions organized by 10 lenses × per site. SEO, a11y, performance, security, mobile, UX, content, maintainability, cross-site consistency, build-in-public fitness.

24 items total. Priority breakdown: 6 high / 13 medium / 5 low. As "currently safe but worth flagging" Claude added esynet.jp's lack of an operator name in its commercial law disclosure.

The most heart-stopping item

At the very top of the audit, Claude wrote:

esynet.jp and karaha.org's privacy policies explicitly state "Cloudflare Web Analytics is used," but the beacon script is NOT actually in the HTML. For business sites, this kind of inconsistency is among the worst.

I curled all three sites in production — the beacon really was not present anywhere.
For a business site, claiming "we use it" while not actually using it is legally questionable.

Cloudflare's dashboard showed Web Analytics "auto setup" was ON, but somehow it wasn't in the HTML. The reason: auto-injection doesn't work on Cloudflare Pages-hosted sites. So I switched to manual setup — issue tokens, insert the beacon right before </body> in all 33 files, push.

A few minutes later, curl confirmed the beacon on all 3 sites. The moment privacy policy and implementation aligned, the day's biggest worry disappeared.

OG images are something AI can't fully take on

One high-priority item was "rooo.pro's og:image is unset on all 4 pages." When you paste a URL into X or Slack, you get a blank card.

This isn't something to hand off entirely to Claude. It needs uploading an image to Cloudinary, and the judgment call about the image itself is on me.

While I worked on that, Claude continued with other fixes. I separately generated an OG image with another AI — based on the letters "rooo" with Google-color-ish circles and triangles scattered — uploaded to Cloudinary, gave the URL to Claude, who reflected it across 4 pages' meta tags. We rejoined the flow.

You can't automate "make an image." But the moment Claude points out "this work needs this kind of input," I won't miss it. As a division of labor, this is healthy.

Compressing Tailwind from 3MB to 29.3KB

One big audit finding: karaha.org was using Tailwind CDN (cdn.tailwindcss.com) in production.

Tailwind official explicitly states "not for production"; runs the 3MB-class JIT on every load.

I had been aware of this long-term. Today I decided to clear it.

But I didn't have Node.js locally. Setting up the build environment looked like a big deal. Claude proposed an alternative: "Use Tailwind's standalone CLI binary — Node not required."

Downloaded Tailwind v3.4 standalone for Windows (a 40MB single executable) to /tmp → created tailwind.config.js and src/main.css → built with the standalone CLI → produced styles.css at 29.3KB.

Replaced <script src="https://cdn.tailwindcss.com"></script> with <link rel="stylesheet" href="/styles.css"> across each HTML file (15 files, mechanical).

3MB+ JIT on every load became a 29.3KB static CSS. FCP should change visibly.

Closing out the mid-tier items in order

From here, "5 to 30-minute" tasks in sequence. I told Claude "proceed in order" and shifted myself into review/approve mode.

canonical tag unified across 3 sites (rooo.pro and esynet.jp were missing it; karaha.org had it from the start)
og:locale / twitter:card / twitter:site unified across all
・Added <lastmod> to rooo.pro's sitemap.xml
・Added skip-link and <main> landmark to all rooo.pro pages (excluding the frozen versions/v0/)
・Brightened the event-card text color on karaha.org by one step to hit WCAG AAA contrast
・Unified karaha.org's Google Fonts loading: from <style>@import url(...)</style> to <link rel="preconnect"> + <link rel="stylesheet">
・Added f_auto,q_auto,w_* transformations to esynet.jp's Cloudinary image URLs (hero / 5 product images)
・Added Organization JSON-LD to esynet.jp
・Added width / height / loading / fetchpriority attributes to esynet.jp's hero image
・Lightened the Google Maps iframe grayscale on esynet.jp for better mobile readability
・Added noindex meta to esynet.jp's old v1-era /blog page
・Added Content-Security-Policy to all 3 sites' _headers (whitelist for script/style/img/font/connect/frame sources)
・Consolidated karaha.org's :root CSS variables into src/main.css, removing duplication from each HTML

After CSP was set, I checked the browser console for violations on all 3 sites. Zero.

For the first time, the cross-site benefit became real

The same problem existed on all 3 sites simultaneously. So the fix could be written across all 3 simultaneously.

For example, canonical tags: rooo.pro and esynet.jp were missing them → added in one go. Cloudflare Web Analytics: all 3 sites had "zero implementation" → grabbed 3 tokens, inserted beacon to 3 sites. CSP: same structure across all 3 _headers (only domain differences per site).

When I wrote "I want to operate the 3 sites cross-cuttingly" two days ago, that was a vague hope.
Today it became a felt benefit.

What only I can decide

The last audit item was esynet.jp's commercial law disclosure. The current state was "operator name omitted, disclosed on request" — fully legal (an explicitly approved method per the 2022 Consumer Affairs Agency revision). Yahoo! Shopping side already discloses my name.

Claude returned: "Currently safe. This is a user judgment call." And stopped. Handed the decision to me.

I hesitated a bit, then decided. Operator: Eiji Asano. Phone: 080-4865-0476. Both public.

On X (@eijiasano_) my name is already out there as the operator of rooo.pro. There's not much point in hiding now. Phone number being open is, I think, more honest as a business.

Updated esynet.jp's commercial law page, the home Contact section, the Organization JSON-LD's founder and telephone, all in one go. Now when "esy net" hits Google's knowledge panel, the operator and contact info are properly there.

An emerging shape of how to operate with AI

Three days from launch, having unfinished items is normal. Switching from "notice and fix piecemeal as I go" to "audit-frame and surface everything at once" let me move faster and deeper than I expected.

This is a big benefit of running with AI as a partner. Building an audit checklist alone is exhausting. Throw "do a comprehensive audit" at Claude and it returns the items lens-by-lens, comprehensively. The rest is reading, deciding, executing.

The other striking thing: Claude doesn't decide on its own and stops at "this is a user judgment call". The commercial-law name disclosure, the OG image creation, certain URL intent confirmations — all clearly returned as "human territory." Not "let AI do everything," but "the boundary of judgment is visible." For a single-operator setup, this design feels really important.

What's next

The remaining future task is just the rooo.pro Astro migration. Fine to leave until article count grows.
In a few days, real Cloudflare Web Analytics data should start showing. I had decided "don't look at numbers until month 2," so I won't make decisions on them. Just confirm things are running.

Audit, fix, alignment check — all in a single day.
This is what I'll call Day 4.