✨ Get 25% OFFon any plan. Use the coupon:

Cloaking: what it is and why this technique is penalized in SEO

By Tiago CostaUpdated on July 2, 2026

Illustration of a browser window split into two versions, one for the search robot and one for the user, representing cloaking.
Definition

Cloaking is showing one content to the search engine and another to the user on the same URL, to manipulate the ranking. It counts as cloaking, for example:

  • serving a text full of keywords only to the robot;
  • redirecting the user to a page different from the one Google saw;
  • detecting Googlebot by its user-agent or IP and swapping the content;
  • hiding text or links visible only to the crawler.

What cloaking is

Cloaking (from 'to cloak', to conceal) is the practice of serving the search engine one version of the page and the user another, on the same URL. The idea is to fool the algorithm: showing Google a polished, optimized content while the person who clicks sees something different, often an ad, a product or a text unrelated to the search.

By definition, it is a black hat SEO technique. Google's guidelines describe cloaking as 'the practice of presenting different content to users and search engines with the intent to manipulate search rankings and mislead users', according to the Google Search spam policies.

The key point is intent. It is not about any difference between versions, but about hiding from the search engine what the user will actually find. It is this breach of trust that Google fights.

How cloaking works

To serve different content, the server first needs to figure out who is accessing it. It does this by reading clues from each request and deciding, on the spot, which version to show. The most common methods are:

  • By user-agent: the site identifies the signature of the crawler (such as Googlebot) and serves one page; to everyone else, it serves another.
  • By IP address: the delivery changes according to the origin IP, isolating the known ranges of the search engines' robots.
  • Via JavaScript: the page loads one HTML for the robot and then rewrites the content in the user's browser.
  • By referrer: the content changes according to the referrer header, for example, whether or not the visit came from Google.

In every case, the logic is the same: recognize the search engine and show it something the user will never see.

Infographic of how cloaking works, with the server detecting whether the access is from the robot or the user and delivering different pages to each.
How cloaking works: the server detects who is accessing and delivers different content to the robot and to the user.

Types and examples of cloaking

Cloaking appears in several forms, from the crudest to the most disguised. The classic examples include:

TypeHow it shows up
Text cloakingA page rich in keywords for the robot and commercial content for the user.
Sneaky redirectGoogle sees one URL, but the user is taken to a very different one.
Image cloakingThe robot reads a text that, for the person, shows up as an image or not at all.
Ad cloakingOne page approved for the ad and another, the real one, shown to whoever clicks.

Ad cloaking deserves separate attention: it is the version of cloaking applied to advertising, where the advertiser shows a harmless page for the Google Ads review and another, often deceptive, to whoever clicks the ad. It also violates the policies and leads to account suspension.

Cloaking vs legitimate practices: not every different delivery is cloaking

Showing slightly different content to different people is not always cloaking. The difference lies in the intent to deceive the search engine. Some legitimate examples:

  • Dynamic rendering: serving a pre-rendered version to robots that struggle with JavaScript is a JavaScript SEO technique, as long as the content is equivalent.
  • Personalization and geolocation: adjusting language, currency or offers according to the user's region is acceptable, as long as the robot sees the same as a user from that location would.
  • Paywalls and gated content: requiring login or a subscription is allowed when properly signaled to Google, without hiding what is behind it.

The golden rule is simple: what Googlebot sees must be, in essence, what the user sees. When the versions diverge to manipulate the ranking, it stops being personalization and becomes cloaking.

Illustration comparing a legitimate delivery, where robot and user see the same page, and cloaking, where they see different pages.

Why cloaking is penalized

Cloaking attacks what Google protects most: the trust of the person searching. If the page that ranks is not the one the user finds, the result loses value. That is why cloaking is treated as a serious violation, alongside other black hat tactics fought at every spam update.

According to the Google spam policies, sites that break the rules 'may rank lower or not appear in results at all', and are also subject to a manual action. And the automated systems keep improving: Google itself states that SpamBrain helps keep more than 99% of visits from search free of spam.

In short, cloaking is a very high risk bet. The gain depends on Google not noticing the maneuver, and the trend is that it will notice, sooner or later, with a proportional penalty.

How to spot and avoid cloaking

Checking whether a site practices cloaking (yours or a competitor's) is simpler than it looks. It is worth checking:

  • URL inspection: use the URL inspection in Google Search Console to see exactly the HTML that Googlebot received and compare it with the real page.
  • Cached version and no JavaScript: opening the page with JavaScript disabled helps reveal content that appears only to the robot.
  • Cloaking checker tools: services that simulate Googlebot's user-agent and show whether the delivered content changes.

To avoid the problem, the recipe is direct: serve the same page to everyone. If you need to personalize by region or device, make sure the search engine sees a version equivalent to the user's. Following white hat SEO removes the risk at the root.

FAQ

Frequently asked questions

What is the cloaking technique?

Cloaking is the black hat technique that shows the search engine different content from what is displayed to the user, on the same URL, to manipulate the ranking. The server detects whether the access is from Googlebot or a person and serves different versions. It is forbidden by Google's guidelines.

What is a cloaker?

A cloaker is the tool or script used to apply cloaking, that is, to detect whether the visitor is a search robot or a user and serve different content to each. The person who uses this technique is also called a cloaker.

What does cloaking mean in Google ads?

It is what is called ad cloaking: the advertiser shows a harmless page for the Google Ads review and another, usually deceptive, to whoever clicks the ad. The practice violates Google's policies and usually leads to the suspension of the ads account.

Is cloaking illegal?

It is not necessarily a crime, but it is forbidden by the guidelines of search engines and ad platforms. When it involves fraud or deceptive advertising, it can have legal implications. In SEO, the most common consequence is a penalty or the removal of the page.

What is the difference between cloaking and a redirect?

A redirect takes everyone, robot and user, to the same destination, which is legitimate. Cloaking, including the sneaky redirect, shows Google one page and diverts the user to another. The difference lies in the intent to deceive the search engine.

Content that ranks without tricks

Automarticles writes and optimizes your blog articles on its own, with white hat SEO that shows the same quality page to Google and to your reader.

Start free trial
Keep learning

Related concepts

Black hatBlack hat SEO is the set of optimization techniques that break search engine guidelines to try to rank through manipulation rather than merit. These are forbidden practices such as keyword stuffing, hidden text, buying links and cloaking, all meant to fool Google's algorithm. They can bring quick gains, but they expose the site to penalties that can wipe out its traffic overnight.White hatWhite Hat SEO is the set of optimization practices that follow the official guidelines of search engines and put the user first. Instead of trying to trick the algorithm, white hat relies on useful content, solid technical structure and links earned honestly, aiming for sustainable results with no risk of penalty. The name is the opposite of black hat, which manipulates the ranking with forbidden techniques.Spam updateA Google Spam Update is an update in which Google strengthens its automatic anti-spam systems, targeting pages and sites that violate the search engine's spam policies. Unlike a core update, which reassesses the general quality of results, the spam update focuses on specific manipulative practices, such as mass-produced content, site reputation abuse, cloaking and link schemes. Hit sites usually lose positions until they fix what broke the rules.JavaScript SEOJavaScript SEO is the set of practices that ensures sites built with JavaScript are crawled, rendered and indexed correctly by search engines. Because JS content often only appears after the browser runs the code, Google needs an extra rendering step to see the page. Optimizing for JavaScript means making that content accessible to the search engine, without relying only on what the robot sees in the initial HTML.