Operator note

Google quietly sealed a one-letter URL trick that erased webpages from Search - are you affected?

A capitalization exploit in Google's Remove Outdated Content tool let attackers deindex pages. The patch is live - was your site hit?

Author: Andrii Daniv2 min readAug 1, 2025
Minimalist illustration of a human avatar erasing Google search results with a browser address bar and warning icons

Google has patched a vulnerability in its public Remove Outdated Content tool that let anyone deindex virtually any web page without authentication. The company says it has restored the “tiny fraction” of URLs removed by the exploit and that the form now validates requests correctly.

What happened

The flaw came to light in a Freedom of the Press Foundation report that documented hundreds of legitimate pages disappearing from Google Search between late 2023 and early 2024. Attackers submitted the target URL with altered capitalization, which returned a 404 for Google’s crawler and triggered automatic removal of the live page.

Google confirmed the issue and said indexing has been restored for affected sites.

Key details

  • At least 400 news articles were temporarily deindexed.
  • The Remove Outdated Content form required no Search Console access or site ownership.
  • Google Search Liaison Danny Sullivan acknowledged the bug in a Search Console Help Community post on 15 May 2024.
  • Google issued a fix in early June 2024 and reinstated affected URLs.
  • The company has not provided exact figures, calling the impact “tiny.”

Why it matters

The Remove Outdated Content tool, launched in 2020, lets anyone request cleanup of pages that return a 404 or refresh snippets that no longer match live text. Researchers had warned since 2023 that the form could be exploited for negative SEO because it did not fully verify URL case sensitivity. Publishers could reverse removals in Search Console, but attackers could resubmit requests, forcing constant monitoring.

Google says the form now checks canonical versions and ignores malicious case changes, closing the loophole.

What site owners should do

  • Review the Removals report in Google Search Console to confirm all valid pages are indexed.
  • Set up alerts for unexpected drops in indexed URLs.
  • Maintain consistent canonical tags and monitor 404 responses after URL changes.

Keep reading

Related articles

AI powered shopping cart protocol illustration with funnel price tag alert loyalty user tapping toggleInside Google's Universal Commerce Protocol that lets AI agents tap carts, catalogs and loyalty pricing2 min readMinimalist illustration of AI checkout hub with Cart Catalog Identity cards and user tapping settingsGoogle quietly upgrades AI shopping protocol: what Cart, Catalog and Identity Linking change next2 min readMinimalist tablet health UI privacy risk toggle character adjusting shield and prescription funnelGoogle and DocMorris Launch AI Health Companion for Europe - What Changes Next2 min readMinimalist site health dashboard illustration with 404 410 toggle funnel filtering errors into green checksWorried About Endless 404 Reports In Search Console? John Mueller Reveals What They Really Mean3 min read
logo
Ready to speak with amarketing expert?
Check Paid Spend Leakage

Learn what AI says about us

Services
SEOSEO for E-commerceGoogle AdsGoogle Ads for E-commerceMeta AdsContent GenerationAI IntegrationAI SEO setup
Resources
BlogCase studies
Pricing
Pricing overviewSEO pricingGoogle Ads pricing
Industries
E-commerceAutoFashionBeautyIndustrial
© 2026 Etavrian. All Rights Reserved.
Privacy Policy & Terms of Use