Tag & Consent Validation module (47 checks)

How the headless browser crawl works

Tag & Analytics Audit launches a Playwright-driven Chromium and navigates to the website URL on your data stream. The browser executes JavaScript, renders the DOM, and waits for network requests to complete, then inspects traffic and browser state to verify tag behaviour.

The crawler visits the homepage, a typical content page, and (if detectable) a product or checkout page. Each visit is logged separately, which is why results can differ across URL patterns.

What the module verifies

The 47 checks cover three areas:

• Tag firing. Is the GA4 tag present? Does it fire on page load? Is the measurement ID correct and matching the property? Are there duplicate GA4 tags?
• Consent Mode. Is Consent Mode v2 implemented? Are the four consent parameters present (analytics_storage, ad_storage, ad_personalization, ad_user_data)? Is the default consent state set before the GA4 tag loads?
• CMP signals. Is a consent management platform detected? Does it communicate consent state correctly to the dataLayer? Is there a timing issue where GA4 fires before consent is granted?

Why some pages produce different results

GA4 tags often behave differently across page types. A common pattern: the homepage loads the CMP correctly but internal pages don't, usually because the CMP script is conditionally loaded or a different container runs on certain sections.

Bot detection and CAPTCHA can block the crawler. Pages returning 403 or hitting a challenge are marked skipped (not failed), with an explanatory note in the finding.

Improving crawler accuracy

Set the data stream's website URL to a publicly accessible page (not a password-protected staging environment). If your site uses Cloudflare or similar bot protection, allowlist the Tag & Analytics Audit user agent — contact support for the exact string.