Website Tracking Audit Checklist: 50+ Points (2024)

Before you launch a campaign, redesign your site, or wonder why your data looks wrong—run through this checklist. We use this internally for every tracking audit we perform.

Quick Health Check (5 Minutes)

Start here for a fast sanity check.

1. Basic Connectivity

GTM container snippet is in the <head> section
GTM noscript fallback is immediately after <body>
No JavaScript errors in browser console blocking GTM
Network requests to www.googletagmanager.com succeed
GA4 requests to www.google-analytics.com/g/collect fire

2. Real-Time Verification

Visit your site in a new incognito window
Check GA4 Realtime report—do you appear?
Check GTM Preview Mode—do tags fire?
Verify at least one pageview event captured

If any of these fail, stop and fix before continuing.

GTM Container Audit

3. Container Configuration

Container ID matches your property (GTM-XXXXXX)
Only ONE GTM container on the page (check for duplicates)
Container loads before other scripts that depend on it
No hardcoded gtag.js if using GTM (pick one method)

4. Tags

All tags have meaningful names (not “Tag 1”, “Untitled”)
Tags use variables instead of hardcoded values
No duplicate tags firing the same pixel/event
Consent-required tags have consent checks
Tags have appropriate firing priority if sequencing matters

5. Triggers

Page View triggers fire on intended pages only
Click triggers are specific (not firing on every click)
Form triggers work with your form type (AJAX vs traditional)
Custom events match exactly what’s pushed to data layer
No triggers with overly broad conditions

6. Variables

Data Layer Variables match actual data layer key names
Variables return expected values in Preview Mode
Constant Variables store values that won’t change
Lookup Tables are used instead of complex tag configs
No unused variables cluttering the container

7. Container Health

Container size under 200KB (larger = slower page load)
No deprecated tag types still in use
Folder organization makes logical sense
Version notes document changes
Workspace is published (not stuck in draft)

GA4 Property Audit

8. Property Configuration

Correct Measurement ID (G-XXXXXXXXXX)
Property timezone matches your business
Currency matches your revenue reporting
Data retention set to 14 months (max for free)
Google Signals enabled (if acceptable for privacy)

9. Data Streams

Web stream exists and is active
“Receiving traffic in past 48 hours” shows Yes
Enhanced Measurement enabled
Enhanced Measurement configured appropriately:
- Scrolls (if you want 90% scroll tracking)
- Outbound clicks (if relevant)
- Site search (if you have search)
- Video engagement (if embedding YouTube)
- File downloads (if offering downloads)

10. Events

Core events firing: page_view, session_start, first_visit
Custom events have descriptive names (not event1)
Event parameters include useful context
Events aren’t duplicated (check Realtime for double-fires)
Ecommerce events follow GA4 schema (if applicable)

11. Conversions

Key actions marked as conversions
purchase event exists (ecommerce sites)
Form submissions tracked as conversions
Conversion events actually fire (test them!)
No duplicate conversion counting

12. Custom Definitions

Custom dimensions registered for parameters you use
User properties defined if tracking user attributes
Names are clear and documented
Scope (event vs user) is correct

Data Layer Audit

13. Data Layer Implementation

window.dataLayer = window.dataLayer || []; exists before GTM
Data layer pushes happen AFTER GTM loads
No typos in data layer variable names
Objects are properly formatted JSON
Arrays of items follow platform schemas

14. Ecommerce Data Layer (if applicable)

view_item fires on product pages with product data
add_to_cart fires with correct product + quantity
begin_checkout fires at checkout start
purchase fires with transaction_id, value, currency, items
Items array includes id, name, price for each product
Revenue values are numbers, not strings
Currency code is valid (USD, EUR, GBP)

15. Data Quality

No PII in data layer (emails, names, phone numbers unhashed)
Values are consistent (same product ID everywhere)
No HTML/script tags in data layer values
Prices don’t include currency symbols ($)
IDs are strings, quantities are numbers

Ad Platform Pixels Audit

16. Meta Pixel

Pixel ID is correct
Base PageView event fires on all pages
Standard events match your funnel (ViewContent, AddToCart, Purchase)
Purchase event includes value and currency
Content IDs match your catalog (if using)
Meta Pixel Helper shows no errors
Events appear in Events Manager

17. Conversions API (CAPI)

CAPI is implemented (not just browser pixel)
Events are deduplicated (event_id matches)
User data is properly hashed (SHA256)
Events appear in Events Manager from server source
Event Match Quality score is reasonable

18. Google Ads

Conversion Tracking tag fires on conversions
Conversion value and currency passed (if applicable)
Enhanced Conversions enabled with user data
Remarketing tag fires for audience building
Conversions appear in Google Ads dashboard

19. Other Platforms

TikTok Pixel implemented + Events API (if advertising)
LinkedIn Insight Tag (if running LinkedIn ads)
Pinterest Tag (if relevant)
Each platform’s test tool confirms data receipt

Consent Mode initialized before Google tags
Default consent state is appropriate for your region
Consent updates fire when user grants consent
analytics_storage and ad_storage values correct
Conversion modeling enabled (Consent Mode v2)

Banner appears on first visit
Rejecting consent actually blocks non-essential tracking
Consent choice is remembered across sessions
Banner meets regional requirements (GDPR, CCPA)

22. Privacy Compliance

Privacy policy mentions analytics tools used
No tracking before consent (if required in your region)
Data processing agreements in place with vendors
User data requests process exists

Technical Quality Audit

23. Page Speed Impact

GTM loads asynchronously (doesn’t block render)
Tags don’t delay page interactivity significantly
No unnecessary tags loading on every page
Third-party scripts aren’t duplicated

24. Cross-Domain Tracking

Linker parameter passes between your domains
Referral exclusions include your domains
Sessions don’t break at domain transitions
Only your domains are linked (not external sites)

25. Single Page Applications

Virtual pageviews fire on route changes
Page path/title update on navigation
History changes are tracked
Events don’t double-fire on navigation

26. Error Handling

Tracking doesn’t break if an element doesn’t exist
Failed tag doesn’t cascade to other tags
JavaScript errors don’t prevent critical tracking
Timeout handling for slow loading elements

Data Validation Audit

27. Cross-Reference Checks

GA4 sessions within 10-20% of server logs
Transaction count matches order management system
Revenue matches accounting (within tolerance)
Form submissions match CRM entries

28. Common Data Issues

No “(not set)” in key dimensions
No self-referrals from your own domains
No massive spikes from bot traffic
Currency conversions are correct
Timezone doesn’t cause day-boundary issues

29. Sampling Check

Reports don’t show sampling warning for key data
Date ranges aren’t so large they trigger sampling
Explorations use appropriate sample sizes
BigQuery export used for unsampled analysis

Documentation Audit

30. Implementation Docs

Tracking plan exists documenting all events
Data layer specification is written
GTM container has version notes
Someone besides the implementer understands the setup

31. Access & Ownership

Multiple people have admin access (bus factor > 1)
Analytics accounts owned by company, not individual
Vendor access is appropriate and audited
Password/access recovery is possible

Monthly Maintenance Checks

32. Ongoing Monitoring

Check Realtime weekly for data flowing
Review conversion counts for anomalies
Check Events report for new “(not set)” issues
Verify critical events still fire after deployments
Review DebugView when changes are made

33. Periodic Deep Dive

Full audit quarterly
Test all conversion paths
Validate against source systems
Review and clean up unused tags/variables

Priority Fix List

After running this audit, prioritize fixes:

P0 - Fix Immediately:

GTM not loading
GA4 not receiving data
Purchase/conversion events broken
Duplicate tracking causing bad data

P1 - Fix This Week:

Consent Mode not configured
Missing key funnel events
Cross-domain tracking broken
CAPI not implemented

P2 - Fix This Month:

Enhanced Conversions not enabled
Custom dimensions not registered
Documentation outdated
Unnecessary tags slowing site

P3 - Fix When Possible:

Container organization cleanup
Variable optimization
Enhanced Measurement review
Naming convention standardization

Don’t Have Time for This?

We run comprehensive tracking audits for businesses that need expert verification.

Get a free scan — We’ll identify the critical issues in minutes and show you exactly what to fix.