GA4 AUDIT PLATFORM

Find what's broken in your GA4 before it distorts another report.

229 expert checks. Read-only. Minutes, not weeks.

See sample report

Read-only OAuth·No card required

audit.runtime - sampleretailbrand.com

00:00:42

Sample Retail Brand

G-XXXXXXXXXX · production · DataLayer v3.1

100%

Health · live

PassWarningFail

PASSPC-002 · Data retention set to 14 months

0/229

●229-point integrity analysis●API-level configuration analysis●Live dataLayer & tag inspection●8-week statistical anomaly detection●Consent signal verification●Secure, read-only connection●Export to PDF, PPTX, and Excel●No user analytics data stored●Scheduled & on-demand integrity runs●System-wide report in minutes●229-point integrity analysis●API-level configuration analysis●Live dataLayer & tag inspection●8-week statistical anomaly detection●Consent signal verification●Secure, read-only connection●Export to PDF, PPTX, and Excel●No user analytics data stored●Scheduled & on-demand integrity runs●System-wide report in minutes

How the audit works

Three layers, run in parallel. Configuration, behaviour, history.

L1 - API

Configuration

Reads attribution model, data retention, key event setup, and Smart Bidding readiness through the GA4 Admin and Data APIs , flagging the property-level misconfigurations that quietly delete data weeks before anyone notices.

Reporting Identity risk scoring

DDA data sufficiency check

Smart Bidding key event health

L2 - Crawl

Live behaviour

A headless browser loads your site, captures the dataLayer, and watches every tag fire , surfacing the gap between what the configuration claims and what real users actually see.

Consent Mode V2 signal timing

CMP vs tag race detection

DataLayer pollution analysis

L3 - Intelligence

Historical patterns

Looks at the last 8 weeks of data to find bot traffic, channel decay, and measurement drift that standard GA4 reports never flag.

Automated bot traffic detection

Cross-domain tracking gaps

7-day trend analysis

Coverage

The five things most teams miss, in 229 expert checks.

Module 01

Property Configuration

Free

Property-level settings that quietly delete data, break attribution, or starve Smart Bidding of signal.

Short data retention window deleting historical dataInsufficient conversions for DDA falling back to last-clickKey events with zero conversions in last 30 days

checks

17% of suite

Module 02

Tag & Consent Validation

Free

Browser-verified tag firing order, consent signals, and PII handling , the layer where compliance and analytics actually meet.

GA4 cookies set before user consentConsent Mode v2 ad_user_data parameter missingPII patterns detected in GA4 requests

checks

24% of suite

Module 03

UTM & Campaign Integrity

Pro+

The cracks in attribution that misclassify paid sessions as Direct and break the report ad teams act on.

Sessions wrongly attributed to DirectPaid click tracking lossPayment gateway self-referrals stripping UTMs

checks

15% of suite

Module 04

Data Quality Analysis

Pro+

The structural anomalies that distort engagement, channel volume, and segment definitions across every report downstream.

Sessions per user abnormally highNo mobile traffic detectedUnexpected hostnames sending data

checks

29% of suite

Module 05

E-commerce Integrity

Pro+

Where revenue, refunds, and item-level fidelity drift from the storefront , the gap finance and marketing argue about.

Purchase revenue showing as zeroDuplicate purchase eventsRefunds not tracked causing revenue to be overstated

checks

14% of suite

Beyond the property — two more lenses on the same audit

GTM container audit

Read-only audit of your Google Tag Manager container: tags, triggers, variables, and the dependency graph that ties them together — so you can see what the container is configured to do before checking whether it does it.

Container config & versionsTag → trigger → variable graphRead-only, no container edits

Runtime tag-firing verification

A headless browser crawls real pages and records what actually fires. We match observed hits against the GTM config — flagging pre-consent and duplicate firing. Coverage is only what the crawl exercised, so configured-but-not-observed is not the same as broken.

Configured vs observed firingPre-consent & duplicate detectionEvidence = real network requests

Sample findings · 1–3 of 6 auto-advancing

EC-018 · E-commerceCritical

Duplicate transaction fingerprints on 12.4% of purchase events.

Server-side and client-side purchase events firing for the same transaction_id. Estimated revenue inflation £47.2k/mo.

Revenue inflation£47,200/mo

TC-044 · Tag & consentCritical

CMP banner overlays before tag suppression - Consent V2 lost.

The first GA4 hit fires 412ms before consent signals propagate. 18% of EU sessions affected.

EU sessions affected18.2%

UC-027 · UTM & campaignsHigh

gclid lost on SPA navigations - 1,247 paid sessions misattributed.

Google Ads click identifier dropped on client-side route change. Sessions land in Direct rather than Paid Search.

Misattributed sessions1,247

DQ-041 · Data qualityHigh

Unusual bot traffic spike detected on /checkout - 3× above normal volume.

Automated statistical check detected a sudden traffic surge on the checkout page over 7 days. Pattern matches known bot behaviour, not real customers.

Above normal traffic3× spike

PC-014 · Property configMedium

Attribution model at risk - not enough conversions for data-driven attribution.

Google's data-driven attribution needs at least 400 conversions per month. You currently have 387. If it drops further, GA4 silently falls back to last-click.

Monthly conversions387 / 400

UC-013 · UTM & campaignsMedium

ChatGPT & Perplexity referrals classified as Direct.

AI-assistant traffic is collapsing into the Direct channel. 2.3% of total sessions, growing 38% MoM.

MoM growth+38%

EC-018 · E-commerceCritical

Duplicate transaction fingerprints on 12.4% of purchase events.

Server-side and client-side purchase events firing for the same transaction_id. Estimated revenue inflation £47.2k/mo.

Revenue inflation£47,200/mo

TC-044 · Tag & consentCritical

CMP banner overlays before tag suppression - Consent V2 lost.

The first GA4 hit fires 412ms before consent signals propagate. 18% of EU sessions affected.

EU sessions affected18.2%

UC-027 · UTM & campaignsHigh

gclid lost on SPA navigations - 1,247 paid sessions misattributed.

Google Ads click identifier dropped on client-side route change. Sessions land in Direct rather than Paid Search.

Misattributed sessions1,247

DQ-041 · Data qualityHigh

Unusual bot traffic spike detected on /checkout - 3× above normal volume.

Automated statistical check detected a sudden traffic surge on the checkout page over 7 days. Pattern matches known bot behaviour, not real customers.

Above normal traffic3× spike

PC-014 · Property configMedium

Attribution model at risk - not enough conversions for data-driven attribution.

Google's data-driven attribution needs at least 400 conversions per month. You currently have 387. If it drops further, GA4 silently falls back to last-click.

Monthly conversions387 / 400

UC-013 · UTM & campaignsMedium

ChatGPT & Perplexity referrals classified as Direct.

AI-assistant traffic is collapsing into the Direct channel. 2.3% of total sessions, growing 38% MoM.

MoM growth+38%

What we find

The patterns showing up
in real audits.

60%

Typical gap between GA4 and Google Ads conversions across audited properties (Google, 2024).

74%

Of audited properties have at least one critical Consent Mode V2 misconfiguration.

Saved per property versus a manual audit - recovered as billable time for agency teams.

Who it's for

Built for the people who
defend the data.

Agencies

Agency teams

Stop rebuilding the same audit for every new client. Run a standardised diagnostic, hand over a defensible report, and free senior time for the work clients actually pay for.

In-house teams

In-house analytics & marketing

Find the issues distorting the dashboards your CMO already opened this morning. Catch broken tracking before product launches, ad campaigns, or board reports, not after.

Consultants

Independent consultants

Turn what was a two-day diagnostic into an hour. Produce a client-ready report that points at the specific risk, the affected metric, and the fix sequence.

Process

Connect read-only.
Get your first report in under ten minutes.

≈ 30 seconds

Authentication

Connect read-only.

Connect your GA4 property through Google OAuth. We only request analytics.readonly scope, so write access is impossible at the protocol level.

scopeanalytics.readonly✓

scopebigquery.readonly✓

writesdisabled at protocol⌐

≈ 4 to 7 minutes

Execution

Parallel analysis.

All three layers run concurrently, cross-referencing API settings, live tag behaviour, and historical data to identify integrity failures with the exact data point that triggered each one.

L1 · API

L2 · Crawl

133

L3 · Stats

iii

≈ 30 seconds

Scoring

Severity scoring.

Issues are scored and prioritized by business impact, revenue risk, attribution failure, compliance gaps , so your team gets a logical work order, not an unsorted list of warnings.

Crit

High

Med

Instant

Delivery

Export & deliver.

Generate reports in PDF, PPTX, or Excel for stakeholder reviews, client deliverables, or technical handoff to the team making the fixes.

PDF2.4 MB

PPTX3.1 MB

XLSX412 KB

Boundaries

Read-only by design.
Enforced at the OAuth scope.

No writes

We never modify your GA4 property.

Read-only OAuth scopes only. We cannot create, edit or delete events, audiences or settings - even if we wanted to.

analytics.readonly✓ enforced

No reach

We never touch unrelated data.

Scoped to Google Analytics. No Gmail, Drive, Ads or any other Google service. The handshake does not allow it.

scope · GA only✓ enforced

No retention

We never store raw analytics.

Raw query payloads are discarded after processing. We keep audit outputs such as scores, findings, and generated reports rather than raw analytics exports.

findings only · 90d✓ enforced

Find out what's wrong with your GA4.
Free audit, results in under 10 minutes.

Book a 15-min walkthrough

Sample findings · 1–3 of 6 auto-advancing

EC-018 · E-commerceCritical

Duplicate transaction fingerprints on 12.4% of purchase events.

Server-side and client-side purchase events firing for the same transaction_id. Estimated revenue inflation £47.2k/mo.

Revenue inflation£47,200/mo

TC-044 · Tag & consentCritical

CMP banner overlays before tag suppression - Consent V2 lost.

The first GA4 hit fires 412ms before consent signals propagate. 18% of EU sessions affected.

EU sessions affected18.2%

UC-027 · UTM & campaignsHigh

gclid lost on SPA navigations - 1,247 paid sessions misattributed.

Google Ads click identifier dropped on client-side route change. Sessions land in Direct rather than Paid Search.

Misattributed sessions1,247

DQ-041 · Data qualityHigh

Unusual bot traffic spike detected on /checkout - 3× above normal volume.

Automated statistical check detected a sudden traffic surge on the checkout page over 7 days. Pattern matches known bot behaviour, not real customers.

Above normal traffic3× spike

PC-014 · Property configMedium

Attribution model at risk - not enough conversions for data-driven attribution.

Google's data-driven attribution needs at least 400 conversions per month. You currently have 387. If it drops further, GA4 silently falls back to last-click.

Monthly conversions387 / 400

UC-013 · UTM & campaignsMedium

ChatGPT & Perplexity referrals classified as Direct.

AI-assistant traffic is collapsing into the Direct channel. 2.3% of total sessions, growing 38% MoM.

MoM growth+38%

EC-018 · E-commerceCritical

Duplicate transaction fingerprints on 12.4% of purchase events.

Server-side and client-side purchase events firing for the same transaction_id. Estimated revenue inflation £47.2k/mo.

Revenue inflation£47,200/mo

TC-044 · Tag & consentCritical

CMP banner overlays before tag suppression - Consent V2 lost.

The first GA4 hit fires 412ms before consent signals propagate. 18% of EU sessions affected.

EU sessions affected18.2%

UC-027 · UTM & campaignsHigh

gclid lost on SPA navigations - 1,247 paid sessions misattributed.

Google Ads click identifier dropped on client-side route change. Sessions land in Direct rather than Paid Search.

Misattributed sessions1,247

DQ-041 · Data qualityHigh

Unusual bot traffic spike detected on /checkout - 3× above normal volume.

Automated statistical check detected a sudden traffic surge on the checkout page over 7 days. Pattern matches known bot behaviour, not real customers.

Above normal traffic3× spike

PC-014 · Property configMedium

Attribution model at risk - not enough conversions for data-driven attribution.

Google's data-driven attribution needs at least 400 conversions per month. You currently have 387. If it drops further, GA4 silently falls back to last-click.

Monthly conversions387 / 400

UC-013 · UTM & campaignsMedium

ChatGPT & Perplexity referrals classified as Direct.

AI-assistant traffic is collapsing into the Direct channel. 2.3% of total sessions, growing 38% MoM.

MoM growth+38%

Find what's broken in your GA4 before it distorts another report.

Three layers, run in parallel. Configuration, behaviour, history.

Configuration

Live behaviour

Historical patterns

The five things most teams miss, in 229 expert checks.

Property Configuration

Tag & Consent Validation

UTM & Campaign Integrity

Data Quality Analysis

E-commerce Integrity

GTM container audit

Runtime tag-firing verification

Duplicate transaction fingerprints on 12.4% of purchase events.

CMP banner overlays before tag suppression - Consent V2 lost.

gclid lost on SPA navigations - 1,247 paid sessions misattributed.

Unusual bot traffic spike detected on /checkout - 3× above normal volume.

Attribution model at risk - not enough conversions for data-driven attribution.

ChatGPT & Perplexity referrals classified as Direct.

Duplicate transaction fingerprints on 12.4% of purchase events.

CMP banner overlays before tag suppression - Consent V2 lost.

gclid lost on SPA navigations - 1,247 paid sessions misattributed.

Unusual bot traffic spike detected on /checkout - 3× above normal volume.

Attribution model at risk - not enough conversions for data-driven attribution.

ChatGPT & Perplexity referrals classified as Direct.

The patterns showing upin real audits.

Built for the people whodefend the data.

Agency teams

In-house analytics & marketing

Independent consultants

Connect read-only.Get your first report in under ten minutes.

Connect read-only.

Parallel analysis.

Severity scoring.

Export & deliver.

Read-only by design.Enforced at the OAuth scope.

We never modify your GA4 property.

We never touch unrelated data.

We never store raw analytics.

Find out what's wrong with your GA4.Free audit, results in under 10 minutes.

Duplicate transaction fingerprints on 12.4% of purchase events.

CMP banner overlays before tag suppression - Consent V2 lost.

gclid lost on SPA navigations - 1,247 paid sessions misattributed.

Unusual bot traffic spike detected on /checkout - 3× above normal volume.

Attribution model at risk - not enough conversions for data-driven attribution.

ChatGPT & Perplexity referrals classified as Direct.

Duplicate transaction fingerprints on 12.4% of purchase events.

CMP banner overlays before tag suppression - Consent V2 lost.

gclid lost on SPA navigations - 1,247 paid sessions misattributed.

Unusual bot traffic spike detected on /checkout - 3× above normal volume.

Attribution model at risk - not enough conversions for data-driven attribution.

ChatGPT & Perplexity referrals classified as Direct.

The patterns showing up
in real audits.

Built for the people who
defend the data.

Connect read-only.
Get your first report in under ten minutes.

Read-only by design.
Enforced at the OAuth scope.

Find out what's wrong with your GA4.
Free audit, results in under 10 minutes.