Methodology

AuditTags runs real-browser diagnostics on Shopify storefronts to verify analytics and tag behavior as it actually executes.

What we measure

GA4 request presence and shape
GTM container behavior
Consent Mode v2 state signals (when detectable)
Duplicate identifiers, collisions, blocked requests, malformed payloads

How the scan runs

Browser-based navigation

We launch a real browser to visit your storefront, simulating actual user behavior.

Observes network requests + runtime conditions

We capture all network requests, tracking scripts, and runtime state as they execute.

Read-only operation

We do not purchase. The scan performs non-destructive steps (e.g., view product, add to cart) where already part of engine behavior.

Conditional execution

Not all diagnostics run on every scan. Some checks require specific preconditions:

Consent state delta checks require a detectable consent management platform (CMP)
Checkout reachability checks require the cart page to be accessible
Thank You page diagnostics cannot run (no real purchase is made)

When a diagnostic's preconditions are not met, it reports that explicitly rather than inferring a result.

Evidence and reporting

Findings tie to observable evidence (requests, IDs, states)
Severity reflects impact risk
Raw JSON is authoritative; UI and PDF are derived presentations

Diagnostic states

Every check produces one of these explicit states:

PASSCheck passed

The diagnostic ran and found no issues.

FAILCheck failed

The diagnostic ran and found an issue requiring attention.

NOT_RUNDid not run

The preconditions for this diagnostic were not met. This is not a failure—it means the check could not be executed safely or deterministically.

BLOCKEDBlocked by platform

A platform restriction prevented execution (e.g., checkout redirected, page gated).

NON_DETERMINABLECannot determine

The check ran but the result is ambiguous. Requires manual verification.

Absence of a finding does not imply pass. We distinguish between “checked and passed” and “could not check.” Read more about why diagnostic states matter →

Limitations

Certain conditions cannot be fully determined without backend access or due to platform restrictions:

•Server-side events (not visible in browser network layer)
•Private consent management configurations
•Thank You page behavior (no real purchase can be made)
•Login-gated pages (no credentials are entered)

Versioning

Our methodology evolves as we improve detection capabilities and adapt to platform changes. We maintain versioned test baselines to ensure consistent results.