GA4 audit checklist: all checks the GA4 Auditor runs
A GA4 audit checks whether your Google Analytics 4 setup measures completely, cleanly and in a privacy-compliant way. The GA4 Auditor combines four methods for this in a single tool. This page is the complete checklist: all the checks the auditor runs - as a reference for technicians and as an entry point into the matching help pages.
What a GA4 audit checks
A robust audit covers four layers: the configuration (via the Admin API), the data quality at event level (from the BigQuery export), the server-side tagging potential and the on-page implementation before and after consent. The following tables list every single check.
Data sources and limits
| Source | What for | Limits |
|---|---|---|
| GA4 Admin API | streams, Enhanced Measurement, key events, BigQuery linking | configuration only, no data |
| GA4 Data API | aggregated reporting and realtime metrics | sampling possible, no event detail |
| BigQuery export | event-level raw data | setup required, some lag |
| Playwright (on-page) | headless browser, phase before/after consent | one URL per run |
Status logic
Three classes per check:
- Pass - no issue, thresholds met
- Warning - recognisable risk or incomplete setup
- Fail - high likelihood of a real tracking problem
GA4 live check (Admin & Data API)
| Check | Data source | Signal | Typical causes |
|---|---|---|---|
| Streams present | Admin API | at least one stream exists | property incomplete |
| Enhanced Measurement active | Admin API | auto events enabled | deliberately disabled |
| Key events present | Admin API | at least one key event defined | goals not maintained |
| Google Ads linking | Admin API | at least one Ads link | missing permissions |
| BigQuery export linked | Admin API | BigQuery linking present | dataset location error |
| Annotations present | Admin API | data annotations exist | governance missing |
| Custom definitions present | Admin API | dimensions/metrics exist | parameters not registered |
| Privacy signals | Admin API | data retention, Google Signals | retention too short |
| Base events present | Data API | session_start and page_view |
tag does not fire |
| Direct share plausible | Data API | Direct share elevated | UTMs missing |
| Unassigned share plausible | Data API | Unassigned share elevated | channel rules missing |
| PageTitle "(not set)" share | Data API | share of unset titles | SPA sets too late |
| PageTitle with 404 patterns | Data API | share with 404 patterns | broken links |
| Traffic source "(not set)" | Data API | sessionSource not set |
UTMs missing |
| E-commerce plausibility | Data API | add_to_cart and purchase match |
checkout events missing |
| Site search usage | Data API | search terms present | Enhanced Measurement off |
| Audiences present | Admin API | audiences with conditions | no remarketing setup |
More detail: Live check - fast GA4 API diagnostics.
Traffic-light checks (BigQuery)
| Check | Signal | Typical causes |
|---|---|---|
| Event Errors | missing items, IDs, values, PII | schema error |
| Duplicate Events | duplicate events with same timestamp | trigger duplicated |
| Event Values | events without value | value not set |
| Page Quality | pages with "(not set)" or 404 | SPA timing |
| URL Parameters | PII-suspicious parameters | PII in URL |
| PII hints | email, phone, name in URLs | forms, redirects |
| Content Grouping | content groups not filled | taxonomy missing |
| Site Search | search events present | search not tracked |
| Session Consistency | sessions without start/page_view | bot traffic |
| Session Gap | time gaps between sessions | session timeout |
| User-ID Coverage | share of user_id events |
login missing |
| Acquisition Channels | no source/medium, invalid UTMs | UTMs missing |
| Self-Referrals | own domain as referrer | cross-domain broken |
| Channel Distribution | Unassigned/Direct high | UTMs missing |
| Ecommerce Funnel | funnel jumps | events missing |
| Ecommerce Transactions | revenue null | value/currency not set |
| Duplicate Transactions | duplicate purchases | reload of thank-you page |
| Payment Referrals | payment domains as referrer | checkout domain switch |
More detail: Traffic-light checks - data quality from BigQuery and topic-specific: E-commerce checks, Attribution & acquisition, Session quality, Event quality & PII hints.
SST analysis (weighted score 0-100)
| Check | Weight | Signal |
|---|---|---|
| Cookie Lifetime Impact | 35 % | Safari vs. Chrome returning rate |
| Attribution Gap | 35 % | unattributed sessions/key events |
| Funnel Duration | 20 % | days to conversion |
| Cross-Domain | 10 % | multiple domains detected |
| SST Detection | - | user_pseudo_id pattern |
More detail: SST analysis - the server-side score.
On-page checks (Playwright before/after consent)
| Check | Signal |
|---|---|
| Server-Side Tagging | custom GA4 endpoints, FPID cookie |
| GTM implementation | container IDs, duplicates |
| CMP detection | 14 CMPs detected (Cookiebot, OneTrust, Usercentrics …) |
| Consent Mode v2 | default/updated consent state |
| Privacy / GDPR | tracking before consent acceptance |
| Third-party tools | 9 tools detected (Meta, TikTok, LinkedIn, Clarity …) |
| DataLayer | events, e-commerce validation |
More detail: On-page checks - browser-based audit.
Recommended workflow
- Live check overview - quickly see whether the setup and data basis are fundamentally sound.
- Traffic-light tab - for warnings/fails, pull in the BigQuery raw data.
- SST area - assess the impact for attribution and browser gaps.
- On-page analysis - for specific URLs and consent verification.
Audit manually or automated?
Manual is thorough, but slow and hard to reproduce - and that is exactly why tracking usually breaks unnoticed between two audits. The GA4 Auditor automates the recurring check via the official Google APIs and the BigQuery export and delivers a traffic-light rating in minutes. Strategy and interpretation stay human - the tool delivers the robust factual basis.
Related posts
- GA4 Auditor: check your property in minutes - the tool behind the checklist.
- Checking Consent Mode v2 in GA4
- Data security in the GA4 Auditor
- E-commerce attribution: live API vs. BigQuery
- Video guides for the GA4 Auditor
Frequently asked questions
- What belongs in a GA4 audit?
- A complete GA4 audit covers four areas: (1) configuration via the Admin API (streams, Enhanced Measurement, key events, BigQuery linking, custom definitions, data retention), (2) data quality at event level from the BigQuery export (duplicates, PII, channel distribution, e-commerce funnel), (3) server-side tagging potential and (4) the on-page implementation including Consent Mode v2.
- How often should you audit GA4?
- At least quarterly, plus after every major release, relaunch or CMP change. Tracking usually breaks unnoticed - through template changes, new subdomains or changed consent banners. An automated audit catches these regressions early.
- GA4 audit manually or with a tool?
- Manual audits are thorough, but slow and hard to reproduce. The GA4 Auditor automates the recurring check via the official Google APIs and the BigQuery export and delivers a traffic-light rating in minutes. Human expertise is still needed for strategy and interpretation - the tool delivers the factual basis.