GA4 Audit Checklist 2026: 24 Checks + Free Template
A GA4 audit checks whether your Google Analytics 4 setup measures completely, cleanly and in a privacy-compliant way. The GA4 Auditor combines four audit methods - live check, BigQuery data quality, server-side tagging and on-page - in a single tool, with 24 essential checks across the board and 14 consent platforms (CMPs) detected automatically, in line with Google's official Consent Mode v2 guidance. This page is the complete checklist: all the checks the auditor runs - as a reference for technicians and as an entry point into the matching help pages.
What a GA4 audit checks
A robust audit covers four layers: the configuration (via the Admin API), the data quality at event level (from the BigQuery export), the server-side tagging potential and the on-page implementation before and after consent. The following tables list every single check.
The GA4 audit checklist (copy & check off)
Work through these 24 essential checks in order. Each maps to a section below and to a help page with the fix.
1. Configuration (Admin API)
- At least one data stream exists
- Enhanced Measurement is active
- Key events are defined and current
- Google Ads linking present (if you run Ads)
- BigQuery export linked, dataset location correct
- Custom definitions registered for your event parameters
- Data retention set to the maximum your plan allows
- Audiences defined for remarketing
- Annotations and data governance maintained
2. Data quality (BigQuery export)
- No duplicate events on identical timestamps
- No PII in URLs or event parameters
- Channel distribution: Unassigned/Direct not inflated
- E-commerce funnel intact (add_to_cart to purchase)
- No duplicate transactions (thank-you-page reloads)
- User-ID coverage matches your login rate
- No self-referrals (your own domain as a referrer)
- Acquisition: valid UTMs, no (not set) sources
3. Server-side tagging
- Cookie lifetime impact assessed (Safari vs. Chrome)
- Attribution gap measured
- Cross-domain setup detected and correct
4. On-page (before and after consent)
- No tracking fires before consent acceptance
- Consent Mode v2 default and update states correct
- GTM container IDs present, no duplicates
- CMP detected and configured
Is there a GA4 audit template?
Yes. This checklist works as a reusable GA4 audit template: copy the 24 checks above, run each against your property, and mark Pass, Warning or Fail. The GA4 Auditor fills the same template automatically via the official Google APIs and the BigQuery export, so you get the filled-in version in minutes instead of working through it by hand.
Data sources and limits
| Source | What for | Limits |
|---|---|---|
| GA4 Admin API | streams, Enhanced Measurement, key events, BigQuery linking | configuration only, no data |
| GA4 Data API | aggregated reporting and realtime metrics | sampling possible, no event detail |
| BigQuery export | event-level raw data | setup required, some lag |
| Playwright (on-page) | headless browser, phase before/after consent | one URL per run |
Status logic
Three classes per check:
- Pass - no issue, thresholds met
- Warning - recognisable risk or incomplete setup
- Fail - high likelihood of a real tracking problem
GA4 live check (Admin & Data API)
| Check | Data source | Signal | Typical causes |
|---|---|---|---|
| Streams present | Admin API | at least one stream exists | property incomplete |
| Enhanced Measurement active | Admin API | auto events enabled | deliberately disabled |
| Key events present | Admin API | at least one key event defined | goals not maintained |
| Google Ads linking | Admin API | at least one Ads link | missing permissions |
| BigQuery export linked | Admin API | BigQuery linking present | dataset location error |
| Annotations present | Admin API | data annotations exist | governance missing |
| Custom definitions present | Admin API | dimensions/metrics exist | parameters not registered |
| Privacy signals | Admin API | data retention, Google Signals | retention too short |
| Base events present | Data API | session_start and page_view |
tag does not fire |
| Direct share plausible | Data API | Direct share elevated | UTMs missing |
| Unassigned share plausible | Data API | Unassigned share elevated | channel rules missing |
| PageTitle "(not set)" share | Data API | share of unset titles | SPA sets too late |
| PageTitle with 404 patterns | Data API | share with 404 patterns | broken links |
| Traffic source "(not set)" | Data API | sessionSource not set |
UTMs missing |
| E-commerce plausibility | Data API | add_to_cart and purchase match |
checkout events missing |
| Site search usage | Data API | search terms present | Enhanced Measurement off |
| Audiences present | Admin API | audiences with conditions | no remarketing setup |
More detail: Live check - fast GA4 API diagnostics.
Traffic-light checks (BigQuery)
| Check | Signal | Typical causes |
|---|---|---|
| Event Errors | missing items, IDs, values, PII | schema error |
| Duplicate Events | duplicate events with same timestamp | trigger duplicated |
| Event Values | events without value | value not set |
| Page Quality | pages with "(not set)" or 404 | SPA timing |
| URL Parameters | PII-suspicious parameters | PII in URL |
| PII hints | email, phone, name in URLs | forms, redirects |
| Content Grouping | content groups not filled | taxonomy missing |
| Site Search | search events present | search not tracked |
| Session Consistency | sessions without start/page_view | bot traffic |
| Session Gap | time gaps between sessions | session timeout |
| User-ID Coverage | share of user_id events |
login missing |
| Acquisition Channels | no source/medium, invalid UTMs | UTMs missing |
| Self-Referrals | own domain as referrer | cross-domain broken |
| Channel Distribution | Unassigned/Direct high | UTMs missing |
| Ecommerce Funnel | funnel jumps | events missing |
| Ecommerce Transactions | revenue null | value/currency not set |
| Duplicate Transactions | duplicate purchases | reload of thank-you page |
| Payment Referrals | payment domains as referrer | checkout domain switch |
More detail: Traffic-light checks - data quality from BigQuery and topic-specific: E-commerce checks, Attribution & acquisition, Session quality, Event quality & PII hints.
SST analysis (weighted score 0-100)
| Check | Weight | Signal |
|---|---|---|
| Cookie Lifetime Impact | 35 % | Safari vs. Chrome returning rate |
| Attribution Gap | 35 % | unattributed sessions/key events |
| Funnel Duration | 20 % | days to conversion |
| Cross-Domain | 10 % | multiple domains detected |
| SST Detection | - | user_pseudo_id pattern |
More detail: SST analysis - the server-side score.
On-page checks (Playwright before/after consent)
| Check | Signal |
|---|---|
| Server-Side Tagging | custom GA4 endpoints, FPID cookie |
| GTM implementation | container IDs, duplicates |
| CMP detection | 14 CMPs detected (Cookiebot, OneTrust, Usercentrics …) |
| Consent Mode v2 | default/updated consent state |
| Privacy / GDPR | tracking before consent acceptance |
| Third-party tools | 9 tools detected (Meta, TikTok, LinkedIn, Clarity …) |
| DataLayer | events, e-commerce validation |
More detail: On-page checks - browser-based audit.
Recommended workflow
- Live check overview - quickly see whether the setup and data basis are fundamentally sound.
- Traffic-light tab - for warnings/fails, pull in the BigQuery raw data.
- SST area - assess the impact for attribution and browser gaps.
- On-page analysis - for specific URLs and consent verification.
Audit manually or automated?
Manual is thorough, but slow and hard to reproduce - and that is exactly why tracking usually breaks unnoticed between two audits. The GA4 Auditor automates the recurring check via the official Google APIs and the BigQuery export and delivers a traffic-light rating in minutes. Strategy and interpretation stay human - the tool delivers the robust factual basis.
Related posts
- GA4 Auditor: check your property in minutes - the tool behind the checklist.
- Checking Consent Mode v2 in GA4
- Data security in the GA4 Auditor
- E-commerce attribution: live API vs. BigQuery
- Video guides for the GA4 Auditor <!-- umlaut-ok -->
Frequently asked questions
- What belongs in a GA4 audit?
- A complete GA4 audit covers four areas: (1) configuration via the Admin API (streams, Enhanced Measurement, key events, BigQuery linking, custom definitions, data retention), (2) data quality at event level from the BigQuery export (duplicates, PII, channel distribution, e-commerce funnel), (3) server-side tagging potential and (4) the on-page implementation including Consent Mode v2.
- How often should you audit GA4?
- At least quarterly, plus after every major release, relaunch or CMP change. Tracking usually breaks unnoticed - through template changes, new subdomains or changed consent banners. An automated audit catches these regressions early.
- GA4 audit manually or with a tool?
- Manual audits are thorough, but slow and hard to reproduce. The GA4 Auditor automates the recurring check via the official Google APIs and the BigQuery export and delivers a traffic-light rating in minutes. Human expertise is still needed for strategy and interpretation - the tool delivers the factual basis.
- What is a GA4 audit checklist?
- A GA4 audit checklist is a structured list of checks that verify your Google Analytics 4 setup is complete, clean and privacy-compliant. It covers four areas: configuration (Admin API), event-level data quality (BigQuery export), server-side tagging potential and the on-page implementation including Consent Mode v2 - 24 checks in total.
- Can I use this as a GA4 audit template?
- Yes. Copy the 24-check list, run each check against your property and mark Pass, Warning or Fail. The GA4 Auditor fills the same template automatically via the Google APIs and the BigQuery export, delivering a traffic-light rating in minutes.