Task Tracker

Click a task to mark it complete. Progress saves in your browser automatically.

SSR / Pre-Rendering for shops.beargrips.com

Priority: CRITICAL — If Google can't render the JavaScript, none of our SEO work matters.

Solution: Self-Hosted Prerender (FREE — use this)

Step 1: Install the open-source prerender server

This is the same rendering engine behind Prerender.io, just self-hosted. github.com/prerender/prerender (6.5K stars, actively maintained)

Step 2: Keep it running with PM2

Step 3: Add Express middleware to detect bots

In the shops Express app, add middleware that checks the User-Agent. If it's a crawler (Googlebot, Bingbot, etc.), proxy the request to the prerender server. Human visitors get the normal React SPA.

That's it. The prerender-node middleware automatically detects bot user-agents and routes them to the local prerender server. Human visitors are unaffected.

Step 4: Add Nginx caching (optional but recommended)

Cache pre-rendered pages so the prerender server doesn't re-render on every bot visit:

Alternative options (if self-hosted prerender doesn't fit)

Option B: Server-Side Rendering (SSR) — best long-term

• Migrate React app to Next.js (SSR/SSG built in)
• Renders on the server before sending to browser — Google sees full HTML natively
• More work upfront but eliminates the prerender layer entirely
• Cost: $0 (Vercel free tier or self-host on existing DO)

Option C: Static Site Generation (SSG) — for pages that don't change often

• Pre-build HTML for public pages at deploy time (homepage, pricing, features, catalog)
• Best performance — this is what the directory sites use
• Only works for pages that don't change often — vendor shops need prerender or SSR

How to verify it works

This should return full HTML with real content — NOT an empty <div id="app"></div>. If you see an empty div, Google sees the same thing = no indexing.

Sitemap & Robots.txt

The Gap: 17 URLs vs. ~6,900+ Total Pages

Pages that exist RIGHT NOW (not in sitemap)

Pages built and ready to deploy (not on site yet)

Part 1: Static Sitemap (What You Have Now)

The current sitemap.xml has 17 static URLs. Keep these, but rename the file to sitemap-static.xml and add it to a sitemap index (see below).

Part 2: Dynamic Sitemap for Vendor Shops + Products (CRITICAL)

Every live vendor shop and every published product is a page that should be in the sitemap. This must be generated dynamically from the database.

Dynamic Sitemap Architecture

Create an API endpoint that generates the sitemap XML on the fly from the database:

Rules:

• Only include LIVE/published shops and products — no drafts, no disabled shops
• Use real lastmod dates from the database (when the shop/product was last updated)
• Cache the output for 1 hour — don't query the DB on every request
• If total URLs exceed 50,000, split into multiple sitemap files with a sitemap index

Sitemap Index (ties everything together)

Create a sitemap index at /sitemap.xml that references all sub-sitemaps:

Part 3: Static Sitemap Pages

Rename the current sitemap.xml to sitemap-static.xml and keep it for the static pages:

Notes:

• Update URLs to match actual page paths on the site
• Do NOT include dashboard/vendor pages (anything behind login)
• Vendor shop pages (/proshops/[shopname]) and product pages go in the dynamic sitemap-shops.xml — see Part 2 above

Robots.txt

Place at: https://shops.beargrips.com/robots.txt

Create the file with this content:

Meta Tags & Canonical URLs

Canonical URLs — URGENT FIX

Add to the <head> of every public page:

React Implementation (copy-paste into your app)

If using React Router, add this hook or component that sets the canonical tag dynamically on every route change. Drop it into your root App component or layout:

If using SSR/prerender: Make sure the canonical tag is in the server-rendered HTML too, not just added by JS. Google prefers to see it in the initial HTML response.

This strips all query params (?ref=, ?sub_id=, etc.) so Google treats every URL variant as the same canonical page. This is the #1 quickest SEO win right now.

Tag Structure (Same for Every Page)

Every public page needs these tags in <head>. The values change per page, but the structure is always the same:

Part 1: Static Pages — Copy Provided (Just Paste These In)

OG Image for static pages: Use the Bear Grips logo or a branded social preview image. Same image for all static pages is fine. Recommended size: 1200x630px.

Part 2: Dynamic Meta Tags — Vendor Shops & Product Pages

Vendor Shop Pages: /proshops/{slug}

If vendor has a custom description: use it as the meta description instead of the template above.

Product Pages: /proshops/{slug}/product/{id}

Catalog Product Pages (if separate from vendor pages)

Draft/Unpublished Pages

Any vendor shop or product page that is NOT live/published must have:

This prevents Google from indexing half-built or inactive shops.

Framework Implementation

Use react-helmet or react-helmet-async in the React app. Set the meta tags in each page component using the data already available (vendor name, product name, description, price, image URL).

Schema Markup

This JSON-LD is already on the shops.beargrips.com homepage. Reference copy below for future pages:

Notes:

• Update the logo URL if it's different
• This goes on the homepage only for now
• KJ will provide additional schema for specific pages later

Page Speed & SSL

Page Speed — Target 90+

Test at: pagespeed.web.dev

Common Fixes

• Compress images: Use WebP format. Tools: Squoosh or Sharp
• Lazy load images: Add loading="lazy" to below-fold images
• Minimize JS bundle: Code-split, tree-shake, remove unused dependencies
• Minimize CSS: Remove unused CSS, use PurgeCSS if applicable
• Enable gzip/brotli compression on the server (nginx)
• Cache static assets: Set Cache-Control headers (e.g., max-age=31536000 for images/CSS/JS)
• Preload critical resources: Fonts, above-the-fold images
• Defer non-critical JS: Add defer or async to non-essential scripts

SSL / HTTPS

• All pages must load over HTTPS (no mixed content warnings)
• HTTP should 301 redirect to HTTPS automatically
• Test: http://shops.beargrips.com should redirect to https://shops.beargrips.com

Mobile Responsiveness

• Test all public pages on mobile (Chrome DevTools → Toggle Device Toolbar)
• Key breakpoints: 375px (iPhone SE), 390px (iPhone 14), 768px (iPad)
• No horizontal scrolling, text readable, buttons tappable (44px+ touch targets)

Google Search Console — Verification Tag

The meta tag is already on the shops.beargrips.com homepage. Reference copy below:

Vendor Shop SEO

Priority: HIGH — Every vendor shop and product page is a free SEO page for Bear Grips. Right now Google can see the meta tags but the page body is empty.

What's Working (Good job!)

• Pre-rendered meta tags for bots — title, description, OG tags, Twitter cards
• Vendor name in title and description
• Product mockup image in OG tags (shows when sharing links)
• Product price in OG tags (product:price:amount)
• Vendor logo as favicon per shop

Issue 0: Hide Printify Image URLs (Security)

Current (exposed):

What it should look like:

Fix: Nginx reverse proxy (quickest approach)

Add this to the nginx config for shops.beargrips.com:

Then update the app code to rewrite all Printify mockup URLs:

• Replace https://images-api.printify.com/mockup/ with https://shops.beargrips.com/product-images/
• This applies to: og:image, twitter:image, any <img> tags, and the Product schema image field
• The nginx proxy fetches from Printify behind the scenes — users and Google only see our domain
• 7-day cache means the same image isn't re-fetched constantly

Also check for leaks in:

• Product page JavaScript (network tab may show Printify API calls — consider proxying those too)
• Any references to "Printify" in page content, alt tags, or file names

Issue 1: Empty Body Content

Current product page body (what Google sees):

What it should look like (use the same data already in the meta tags):

Same approach for shop pages:

Key points:

• All this data is already available server-side (it's in the meta tags) — just also render it in the body
• The <img> tag with the product mockup lets Google Images index the product photo
• The product list on shop pages creates internal links Google can follow to discover all products
• Normal users will still get the JS redirect immediately — they won't see this HTML

Issue 2: Product Schema Markup

Add JSON-LD Product schema to every product page. This enables rich results in Google (price, availability, image, reviews right in search results).

Add this to the <head> of product pages (alongside existing meta tags):

Dynamic fields to populate from existing data:

Issue 3: Dynamic Sitemap

Google needs a sitemap that includes all live vendor shops and published products. Without it, Google has to discover pages by crawling links — which is slow and incomplete.

Create a dynamic sitemap at: https://shops.beargrips.com/sitemap-shops.xml

This should auto-generate from the database, including:

Implementation notes:

• Generate dynamically from the database — query all vendors with active shops + all published products
• Only include shops/products that are live and published (not drafts)
• Update the main robots.txt to reference this sitemap too:
  Sitemap: https://shops.beargrips.com/sitemap-shops.xml
• Submit to Google Search Console after creating it
• As vendors add/remove products, the sitemap auto-updates on next request
• Consider caching the sitemap for 1 hour to avoid regenerating on every request

Issue 4: Richer Default Descriptions

Most vendors keep the default shop description: "Shop at [Name]. Browse our store." — this is thin content that doesn't help SEO. Improve the auto-generated defaults so vendors get better rankings without doing extra work.

Default Shop Description (auto-generated)

Replace the current default with a richer template that pulls from the vendor's store name. Vendor can still override this if they want.

Current default:

Better default:

Default Shop Title

Current:

Better:

Default Product Page Title

Current format is good: [Product Name] - [Store Name]

Consider appending a tail keyword:

Default Product Description Enrichment

When a product uses the default system description, append a vendor-specific line at the end to make each page more unique to Google:

Why this helps vendors:

• "[Store Name] custom apparel" becomes a rankable keyword automatically
• "[Store Name] tee/hoodie/tank" product pages rank for long-tail searches
• "Free shipping" and "Printed in the USA" are trust signals Google likes to surface
• Vendors get SEO traction without writing anything themselves
• Every new product published = new indexed page with unique content

Price Display

Minor fix: Round prices to 2 decimal places in all meta tags. Currently showing raw values like 43.5552 and 26.9152.

Issue 5: Missing Favicon on Product Pages

Shop pages have the vendor's favicon but product pages are missing it. The <link rel="icon"> tag should be on all pages — shop and product.

Issue 6: Image Alt Tags

Product mockup images have no alt attribute. Google Images is a major traffic source — without alt text, our product images won't rank.

Current:

Fix — add descriptive alt text:

Pattern: alt="[Product Name] - [Store Name]"

Apply to:

• All product mockup <img> tags in the page body
• The pre-rendered <img> in the body content (from Issue 1)
• OG image tags should also get proper filenames where possible

Issue 7: Canonical URLs on Product Pages

Every public page (shop page and product page) needs a canonical tag to prevent duplicate content issues.

Add to the <head> of every shop and product page:

Build the URL dynamically from the current page path. This tells Google "this is the one true URL for this page" — prevents indexing of URL variations with query params, trailing slashes, etc.

Issue 8: Noindex Draft/Unpublished Pages

If any product or shop pages are accessible but not yet live (drafts, unpublished, deactivated), they should not be indexed by Google.

Add this to the <head> of any non-live page:

Only live, published shops and products should have index, follow. If a vendor deactivates their shop or unpublishes a product, flip to noindex.

Issue 9: OG Image Dimensions

Add width and height to OG image tags so social platforms (Facebook, LinkedIn, Twitter, iMessage) render previews instantly without fetching the image first.

Add alongside existing og:image tag:

If the actual mockup dimensions differ, use those values instead. Square (1200x1200) or landscape (1200x630) are both fine.

Issue 10: Custom 404 Page

To implement:

• Place 404.html in the public/root directory
• Configure your app or nginx to serve this file for all 404 responses
• If using Express: app.use((req, res) => res.status(404).sendFile('404.html'))
• If using nginx fallback: error_page 404 /404.html;

Preview the 404 page →

Impact

Once these fixes are in place, every vendor shop becomes a free SEO asset:

• "Gallery Barre apparel" → their shop page ranks
• "Gallery Barre tee" → their product page ranks
• Google Images → product mockups appear in image search
• Rich results → price and availability show in Google search results
• More vendors = more pages = more domain authority for shops.beargrips.com

Favicon & Web Manifest

Favicon files are ready — just add them to shops.beargrips.com. Google shows favicons in search results now, so this matters.

Files to Add

KJ will provide these files (already generated). Place them in the root/public directory of the shops app:

HTML Tags

Add these to the <head> of every page:

Web Manifest File

Create site.webmanifest in the public/root directory:

Free Tools Pages

Deploy the 7 free design tools + hub page to shops.beargrips.com/free-design-tools/. These are static HTML files — no build step needed.

Files to Deploy

Steps

Niche Landing Pages (117 Pages)

Deploy 117 niche-specific landing pages to shops.beargrips.com/free-design-tools/[niche-slug]. Same 7 tools, niche-specific copy/SEO targeting long-tail keywords like "custom gym apparel" and "church t-shirt design tools."

Directory Structure

All niche pages live inside a niche/ subfolder within the free-design-tools directory:

All 117 Niche Pages to Upload

Steps

Product Catalog — 85 SEO Pages

85 static HTML pages competing with Apliiq, Printify, and Printful for "custom [product] print on demand" keywords. All pages are pre-built with full SEO — just upload to the server.

What's Included

SEO Features (Every Page)

• Unique title tags + meta descriptions targeting "custom [product] print on demand no minimum"
• BreadcrumbList schema (JSON-LD) on all pages
• Product schema (JSON-LD) on all 63 individual product pages
• FAQPage schema (JSON-LD) on hub page — 10 Q&As with crosslinks
• Open Graph + Twitter Card meta tags for social sharing
• Canonical URLs on every page
• Internal crosslinks between category, brand, audience, product, and free tools pages
• Print method section: DTG, DTF, Embroidery with product counts
• All-inclusive pricing messaging: "FREE Shipping + Printing Included + Unlimited Colors"

Deployment Steps

File Structure on Server

Programmatic SEO Pages (2,100+)

All pSEO pages are already live on Cloudflare Pages. No dev action needed for these — they're static HTML hosted separately.

Page Types & Counts

What These Pages Do

• Target long-tail keywords — "custom yoga studio apparel ideas", "bear grips vs printful", "how to start a gym merch business"
• Drive organic traffic — each page targets a unique keyword with real content, not thin/duplicate
• Convert visitors — every page has CTAs to sign up at shops.beargrips.com
• Build authority — glossary, comparisons, and how-to guides establish Bear Grips as the category expert

Hosting Details

• Host: Cloudflare Pages (free tier, unlimited bandwidth)
• Project: bear-grips-pseo
• Source: built-pages/ directory in the repo
• Architecture: Static HTML generated from JSON data files + Node.js generator scripts
• Sitemaps: Each phase has its own XML sitemap in its directory

Deploy pSEO Pages to shops.beargrips.com Subfolders

2,100+ static HTML pages need to be served as subfolders on shops.beargrips.com (e.g., /resources/, /comparisons/, /tools/). This is better for SEO than a subdomain — all link equity and authority stays on the main domain.

Step-by-Step Deploy

Important Notes

• DO NOT create a separate nginx config file — add the location blocks to the existing shops.beargrips.com config
• Order matters: pSEO location blocks MUST be above the React catch-all location / block
• These are static HTML files — no Node.js, no database, no build step needed
• No new SSL cert needed — pages are served under the existing shops.beargrips.com SSL cert
• Total size: ~47MB (2,100+ HTML files + product images)
• Each folder has its own XML sitemap — KJ will submit these to Google Search Console after deploy
• If you need to update pages later, just replace the files in /var/www/content/

Security Hardening

Pre-launch security checklist for shops.beargrips.com. Stripe handles real money, vendor accounts hold business data — this is not optional.

1. Stripe Payment Security

Stripe handles PCI compliance for card data, but your server-side integration must be airtight.

2. Authentication & Session Security

3. Server Security Headers (Nginx)

Add these headers to your Nginx server block for shops.beargrips.com. They prevent clickjacking, XSS, MIME sniffing, and enforce HTTPS.

4. DDoS & Bot Protection

Cloudflare is already live on shops.beargrips.com. No setup needed — just be aware that shops, content, and directory subdomains are proxied through Cloudflare.

5. Rate Limiting on API Routes

Rate limit all API endpoints to prevent brute force and abuse. The directory app already has this pattern — apply it to shops.

6. Input Validation & Injection Prevention

7. Data Protection

8. Monitoring & Alerts

Quick Verification Checklist

After implementing, run these checks:

Blog & URL Architecture

URL structure for all content pages on shops.beargrips.com. This defines where every page lives so internal links work correctly across the entire site.

Complete URL Map

Resources (Curated — keep clean)

/blog/ — All SEO & Niche Content (3,800+ pages)

The blog holds all programmatic niche content. This keeps /resources/ clean while giving Google thousands of indexable pages. Structure:

Other Existing Content (Separate Deploy)

Server Setup

Nginx Configuration

Add these location blocks to the existing shops nginx config. These serve static HTML files from the blog and tools directories while keeping the React app running for everything else.

Internal Linking Rules

• Tool×niche pages link to: the actual free tool, design services ($99 + $29), pro shop signup, other free tools
• Service×niche pages link to: the service order page, free tools (DIY alternative), the other paid service, pro shop signup
• Free tool pages link to: design services upsell, pro shop CTA
• Blog articles link to: relevant niche pages, /how-it-works, /pricing, /catalog

The Funnel

All content funnels traffic toward these conversion points:

1. Google → Blog niche page (SEO entry point)
2. Blog page → Free tool (user engages with tool)
3. Free tool → Design services (if tool didn't work: $29 formatting or $99 logo)
4. Any page → Pro Shop signup (the real conversion: free or paid plan)

Sitemap

Once deployed, add all blog URLs to the sitemap. With 3,800+ pages, split into multiple sitemap files:

• sitemap-blog-tools.xml — 3,264 tool×niche URLs
• sitemap-blog-services.xml — 544 service×niche URLs
• sitemap-blog-articles.xml — written blog posts
• sitemap-index.xml — references all sub-sitemaps

Content Already Built (File Locations)

LLM Integration API Requirements

Staff-level API endpoints for Claude to perform high-volume backend work — product uploads, vendor onboarding, SEO, blog content — without touching the codebase or server.

1. Core Principles

2. Authentication

Claude is a headless API client — it does not run in a browser and cannot access localStorage, cookies, or session storage. Authentication must work for a non-browser client making direct HTTP calls.

Recommended: Scoped API Key

Generate a long-lived API key tied to a staff-level account. Passed in every request header:

• Key inherits the staff account's permissions — no additional role logic needed
• Revocable instantly by the owner if needed
• No token refresh, no expiry management, no re-authentication mid-session
• One key per access tier (staff key, admin key)

Requirements

• Never use credentials: 'include' (cookie-based auth) — Bearer token only
• All endpoints operate under staff-level permissions unless noted as admin-tier
• A GET /api/health endpoint should return status, tier, and version — used to verify connectivity before starting batch work

3. Standard Response Format

All endpoints must return a consistent JSON envelope. Inconsistent response shapes cause parsing failures across hundreds of sequential calls.

Success Response

Error Response

Standard Error Codes

4. Catalog Endpoints

The catalog is the source of truth for all product templates. Claude needs read access to list and inspect catalog products, and targeted write access for variant filtering only.

The catalog's availableSizes and availableColors fields must return plain string arrays. Both fields are used directly in product creation payloads.

5. Product Endpoints

Claude needs to do everything a staff member does on the product side — read the catalog, create products from catalog items, publish them, edit them, and delete them. The catalog is made up of products from three POD providers (Printify, Printful, Apliiq). A single batch can mix products from all three.

What Claude Needs to Do

• Read the full product catalog — browse all available products across all three providers, see pricing, variants, colors, sizes
• Create products on a vendor's shop from catalog items — single or batch (up to 15–50 at a time for DFY VIP). Auto-publish by default, with option to hold as draft.
• Check for duplicates before creating — does this product name already exist for this vendor?
• Poll job status — product creation is async, Claude needs to check if it completed or failed
• Read a vendor's existing products — list all, view details, get edit data
• Edit existing products — PATCH specific fields only, never full replacement
• Delete products — with a confirmation step for live published items
• Publish draft products when ready

Mixed-Provider Batches

A batch of 15 products may include items from Printify, Printful, and Apliiq mixed together. The API should abstract the provider differences — same way the frontend already works. Claude picks a catalog item, the API handles routing to the right provider. If an item in a batch fails (e.g., Printful mockup timeout), that shouldn't block the other items from completing.

6. Media Library

Two actions map to what a staff member does in the UI: upload an image to the media library, then click it to attach it to the product editor. Both need API equivalents.

The assetId maps to sourceAssetId in Printify/Printful payloads. The url maps to designImage and previewUrl. The select endpoint must return all fields needed to complete a product creation payload in a single call.

7. Vendor Endpoints

Vendor Onboarding

The platform has an existing backend onboarding submission page. Claude needs to read what the vendor submitted, download any files they uploaded (logos, designs), do the work on their shop, and mark the onboarding as complete.

8. SEO & Metadata Endpoints

Claude needs to read and write SEO fields on products, pages, and blog posts — either as part of creating new content or as a standalone SEO cleanup task.

What Claude Needs to Do

• Read current SEO fields on any product, page, or blog post — meta title, meta description, slug, alt text, canonical URL, structured data
• Write/update SEO fields — PATCH only, only the fields being updated

Scope: SEO fields on content only. Not: sitemap config, robots.txt, domain settings, or server-level SEO infrastructure.

9. Blog & Content Endpoints

Claude needs full create/edit/delete access to blog posts, categories, and site pages. Same content management a staff member does, just through the API.

What Claude Needs to Do

• Blog posts — list, read, create, edit (PATCH), delete individual posts
• Blog categories — list, create, edit, delete (only if empty)
• Site pages — list, create, edit (PATCH), delete
• Bulk operations — bulk edit or bulk delete posts by explicit ID array (no wildcards, no "delete all")

Safety rule: Deleting an entire blog, wiping all categories, or removing all pages in a single call must not be possible. Bulk operations require explicit ID arrays.

10. Snapshot & Revert System

Safety net for bulk operations. Any API call that modifies or deletes more than one existing record must auto-snapshot before executing. This is at the infrastructure level — Claude does not trigger it.

Retention: minimum 30 days, then auto-purge. Each snapshot records: timestamp, operation label, affected record IDs, and full previous state. Even a bulk operation touching 10,000 records is fully recoverable.

11. SEO Infrastructure Endpoints

These endpoints give Claude visibility into the site's SEO health and the ability to generate sitemaps. Unlike Section 8 (SEO metadata on content), these are infrastructure-level — they report on the platform's indexing status and expose data needed for sitemap generation.

Sitemap Data Endpoints

Response Format — /api/sitemap/shops

Response Format — /api/sitemap/products

SEO Health Endpoint

Response Format — /api/seo/health

Why this endpoint matters: Instead of crawling the site externally (which can miss JS-rendered content), Claude calls one endpoint and gets a complete picture of what's working. This replaces the manual audit we did on Mar 27 — catches problems before Google does.

Vendor List Endpoint (needed for sitemap + audits)

Note: Section 7 currently only has /api/vendors/:vendorId (single vendor lookup). This adds the list-all endpoint needed for sitemap generation and cross-vendor SEO audits.

12. Rate Limits

These can be adjusted later — the important thing is they exist from day one.

Rate limit responses should return HTTP 429 with a Retry-After header (seconds).

13. Access Summary

14. Two-Tier Access Model

Build with two distinct access modes from the start to avoid retrofitting role logic later.

Staff Tier — Team Access

• Full catalog read — all products, no cap
• Create and auto-publish new products (single + batch)
• Read vendor stores, products, settings, layout
• Upload files to vendor media library
• PATCH edits on products, settings, layout
• Delete products — with confirm param for live items
• SEO fields on any product, page, or post — PATCH only
• Create, edit, delete individual blog posts and pages
• Create and manage vendor product categories
• Read onboarding submissions, download files, mark complete
• Read collection templates
• Cannot edit existing vendor products unless instructed
• Cannot touch server or codebase

Admin Tier — Owner Access Only

• Everything in staff tier
• Bulk edits across multiple vendors
• Bulk delete with explicit ID arrays
• Cross-vendor batch operations
• Snapshot and revert access
• Still cannot delete a store or full blog
• Still PATCH only — no full object replacement
• Every bulk operation auto-snapshots before executing

Tier is determined by the key's associated account role — no separate credentials needed. Admin-tier endpoints return 403 when called by a staff-tier key.

15. Open Question

Blog Post Scoping

Clarify: Are blog posts global (platform-level) or per-vendor? If per-vendor, blog endpoints need to accept a vendorId filter.

16. Implementation Priority

Not everything needs to ship at once. Recommended build order based on what unblocks the most staff work first: