How AuditTags Works
A transparent, technical explanation of the scan process. No magic, no exaggeration.
1
Launches a Headless Chromium Session
- Same engine as Chrome
- Real JS execution
- Real network capture
- Consent and CMP banners included in behavior
- Sandboxed and isolated execution environment
2
Navigates 5 Core User Flows
- Home page
- Product page
- Add to Cart action
- Cart page
- Thank-you flow simulation (no real purchase; synthetic order event replay)
3
Captures and Analyzes
- GA4 requests (collect hits)
- GTM container scripts and fired tags
- Consent Mode gcs signals
- Duplicate trackers (Facebook, TikTok, Klaviyo, etc.)
- Shopify platform detection
- All network requests for leak and misfire detection
4
Runs Deterministic Rule-Based Checks
- 47 tracking integrity rules
- Validates Consent Mode behavior
- Flags script conflicts and ignored CMP signals
- Assigns 0–100 health score
- P0/P1/P2 severity deductions
5
Outputs a Canonical Report
- Full GA4/GTM findings
- Severity-ranked issues
- Detection summary
- Raw network evidence
- PDF + JSON access
- No PII, no page indexing, no DOM snapshots stored
Technical Notes
- Multi-attempt logic: The engine runs up to 3 browser attempts if instability is detected
- Lite Mode fallback: Heavy stores get graceful degradation with actionable results
- No real orders: Purchase events are simulated by replaying GA4 signals
- Deterministic: Same input always produces same output
- Contract-verified: Every engine output is validated against a formal contract