How to Audit Your Website Analytics: Complete Checklist

Your analytics data is only as good as your implementation. Bad tracking leads to bad decisions. I’ve audited hundreds of analytics setups, and I can tell you: most are broken in ways their owners don’t realize. Here’s how to find and fix the problems in yours.

Why Analytics Audits Matter

Think about it: you’re making business decisions based on your analytics data. Marketing budgets, product changes, content strategy — all driven by numbers. But what if those numbers are wrong?

Common scenarios I’ve seen:

• A company thought their blog traffic was 50% higher than reality (duplicate tracking)
• An e-commerce site missed 30% of conversions (broken event tracking)
• A SaaS company’s bounce rate was 90% — actually 45% (misconfigured SPA tracking)
• Marketing team optimizing for a channel that wasn’t actually converting (UTM mess)

The cost of bad data isn’t the data itself — it’s the decisions you make based on it.

When to Audit Your Analytics

Schedule a full audit when:

• Quarterly — Quick health check (30 minutes)
• After major site changes — New design, platform migration, feature launches
• When numbers look “off” — Sudden spikes, drops, or impossible metrics
• Before big decisions — Budget planning, strategy shifts
• Annually — Comprehensive deep dive

The Complete Analytics Audit Checklist

I’ve broken this into seven areas. Work through each systematically.

1. Tracking Code Implementation

The foundation. If your tracking code is broken, nothing else matters.

Check for:

• ☐ Tracking code present on ALL pages
• ☐ Code fires only ONCE per page (no duplicates)
• ☐ Code loads in correct position (usually <head>)
• ☐ No JavaScript errors blocking tracking
• ☐ Tracking works on mobile and desktop
• ☐ Tracking survives ad blockers (if using privacy-first tools)

How to check:

Use browser developer tools (F12 → Network tab) to see tracking requests. Look for your analytics domain in the requests list.

For Google Analytics, use the Tag Assistant extension. For other tools, check their documentation for debugging methods.

Common problems:

• Tracking code missing from dynamically loaded pages
• Multiple analytics snippets (GA3 and GA4, or duplicate GA4)
• Code blocked by consent management platform
• Code in wrong container (fires before consent given)

2. Data Accuracy

Is the data you’re seeing actually correct?

Check for:

• ☐ Page view counts match server logs (roughly)
• ☐ User counts are realistic for your traffic
• ☐ Session duration makes sense
• ☐ Bounce rate is believable (not 0% or 100%)
• ☐ Traffic sources match your marketing activities
• ☐ Geographic data aligns with your audience

Red flags:

• Bounce rate under 20% — Usually indicates duplicate tracking
• Bounce rate over 90% — Could be SPA issues or exit tracking problems
• Average session duration of 0:00 — Tracking not capturing engagement
• Massive traffic from unexpected countries — Bot traffic or spam
• Conversion rate suddenly doubled — Duplicate conversion tracking

Validation technique:

Compare analytics data with other sources:

• Server logs for page views
• CRM for conversion counts
• Email platform for campaign clicks
• Ad platforms for ad-driven traffic

Expect 10-30% variance due to ad blockers and tracking limitations. More than that indicates a problem.

3. Event Tracking

Events tell you what users actually do. Broken event tracking is invisible until you look.

Check for:

• ☐ All important actions have events (clicks, forms, video plays)
• ☐ Events fire at the right time (not on page load)
• ☐ Event parameters are populated correctly
• ☐ Event names follow consistent naming convention
• ☐ No duplicate events per action
• ☐ Conversion events match actual conversions

How to test:

1. Open browser dev tools → Network tab
2. Filter for your analytics domain
3. Perform the action (click button, submit form)
4. Verify event request appears with correct data

For GA4, use DebugView (Admin → DebugView) to see events in real-time.

Common problems:

• Events only tracked for logged-in users
• Button click events fire but form submission events don’t
• Video tracking breaks on certain browsers
• Dynamic content events not binding correctly

4. Goals and Conversions

Your most important metrics. Get these wrong, and your entire analysis is flawed.

Check for:

• ☐ All business-critical actions tracked as conversions
• ☐ Conversion values set correctly (if applicable)
• ☐ Thank you page / confirmation tracking works
• ☐ No duplicate conversions per user action
• ☐ Conversion paths make logical sense
• ☐ Micro-conversions tracked (newsletter signup, add to cart)

Validation:

Cross-reference analytics conversions with your actual business data:

• Orders in your e-commerce platform
• Leads in your CRM
• Sign-ups in your database

If analytics shows 100 conversions but you only have 70 real customers, something’s wrong.

5. Traffic Source Attribution

Where is your traffic really coming from?

Check for:

• ☐ UTM parameters used consistently across campaigns
• ☐ No UTM fragmentation (facebook vs Facebook vs fb)
• ☐ Referral traffic categorized correctly
• ☐ Direct traffic isn’t suspiciously high
• ☐ Organic search data available (Search Console linked)
• ☐ Paid traffic matches ad platform data (roughly)

Red flags:

• High “direct” traffic — Often miscategorized referral/organic traffic
• UTM chaos — Multiple variations of the same source
• Missing referrers — Cross-domain tracking issues
• “(not set)” everywhere — Data collection problems

Quick UTM audit:

Export all traffic sources for the last 90 days. Look for:

• Duplicate sources with different capitalization
• Misspelled campaign names
• Missing utm_medium or utm_campaign
• Internal traffic tagged with UTMs (inflates campaign numbers)

6. Filter and Data Quality

Are you filtering out the noise?

Check for:

• ☐ Internal traffic excluded (your team’s visits)
• ☐ Bot traffic filtered
• ☐ Spam referrals blocked
• ☐ Development/staging traffic excluded
• ☐ Test transactions filtered from e-commerce data
• ☐ Cross-domain tracking working (if multiple domains)

How to set up filters:

For GA4: Use data filters in Admin → Data Settings → Data Filters. Create filters for:

• Internal traffic (by IP or parameter)
• Developer traffic (debug_mode parameter)

For privacy-first tools like Plausible: Most automatically filter bots. Check for IP exclusion options for internal traffic.

7. Privacy and Compliance

Legal requirements aren’t optional.

Check for:

• ☐ Cookie consent collected before tracking (if required)
• ☐ Consent choices actually respected (tracking blocked when declined)
• ☐ Privacy policy accurately describes your tracking
• ☐ Data Processing Agreement in place with analytics vendor
• ☐ Data retention settings configured
• ☐ No PII (personally identifiable information) in tracking data

Privacy audit tools:

• Blacklight — Scans for trackers on your site
• Cookiebot Scanner — Identifies all cookies
• Browser dev tools — See what loads before/after consent

Common compliance issues:

• Analytics loading before consent banner appears
• Consent banner doesn’t actually block tracking
• IP addresses stored without anonymization
• Third-party scripts loading additional trackers

Tools for Analytics Auditing

Here are the tools I use for every audit:

Browser Extensions

• Google Tag Assistant — Validates GA/GTM implementation
• Omnibug — Shows all marketing tags firing
• Ghostery — Reveals all trackers on a page
• WASP — Web Analytics Solution Profiler

Online Tools

• Blacklight — Privacy-focused tracker scanner
• BuiltWith — Identifies technologies on any site
• Screaming Frog — Crawls site for tracking code presence
• Mozilla Observatory — Security and privacy check

Built-in Tools

• GA4 DebugView — Real-time event debugging
• GTM Preview Mode — Test tag configurations
• Browser DevTools — Network tab for tracking requests
• Plausible/Fathom dashboards — Built-in data validation

For a comprehensive overview of analytics platforms and their debugging capabilities, check out our web analytics tools guide.

Step-by-Step Audit Process

Here’s my exact workflow for a comprehensive audit:

Phase 1: Discovery (30 minutes)

1. Document all analytics tools currently in use
2. List all tracked events and conversions
3. Note any known issues or concerns
4. Identify key pages and user journeys

Phase 2: Technical Audit (1-2 hours)

1. Check tracking code on 10-20 key pages
2. Test all tracked events manually
3. Verify conversion tracking accuracy
4. Review filter and view configurations
5. Check cross-domain tracking (if applicable)

Phase 3: Data Validation (1 hour)

1. Compare analytics vs. server logs
2. Cross-reference conversions with CRM/database
3. Verify traffic source accuracy with ad platforms
4. Check for data anomalies in reports

Phase 4: Compliance Review (30 minutes)

1. Test consent flow with tracking blocked
2. Scan for unauthorized trackers
3. Review privacy policy accuracy
4. Check data retention settings

Phase 5: Documentation (30 minutes)

1. Document all issues found
2. Prioritize by impact and effort
3. Create action plan with owners
4. Schedule follow-up audit

Common Issues and Fixes

Issue: Duplicate Page Views

Symptoms: Bounce rate under 20%, inflated page views

Causes:

• Multiple tracking codes on page
• GTM and hardcoded snippet both active
• Tag firing multiple times per page load

Fix: Use browser dev tools to count tracking requests per page load. Remove duplicates.

Issue: High Direct Traffic

Symptoms: 40%+ of traffic shows as “direct”

Causes:

• Missing UTM parameters on campaigns
• HTTP to HTTPS referrer stripping
• Mobile app traffic without tracking
• Email client preview stripping referrers
• Cross-domain tracking not configured

Fix: Implement consistent UTM tagging. Check cross-domain setup. Use referral exclusion lists appropriately.

Issue: Missing Conversions

Symptoms: Analytics shows fewer conversions than actually occurred

Causes:

• Thank you page not tracked
• Redirect before tracking fires
• Ad blockers blocking conversion pixel
• Consent blocking conversion tracking

Fix: Implement server-side conversion tracking. Ensure tracking fires before redirect. Test conversion flow with ad blocker enabled. Learn more about server-side tracking with GTM.

Issue: SPA Tracking Problems

Symptoms: Only homepage tracked, 100% bounce rate, one page per session

Causes:

• Single Page App doesn’t trigger page views on navigation
• History change events not captured
• Virtual page views not implemented

Fix: Implement history change tracking. Use your framework’s router hooks to send page views. Many privacy-first tools handle this automatically.

Issue: Bot Traffic Inflation

Symptoms: Traffic spikes from unusual locations, 100% bounce rate from certain sources, impossible user behavior

Causes:

• Bot filtering not enabled
• Spam referral traffic
• Competitor click fraud

Fix: Enable bot filtering in GA. Use hostname filters. Consider Cloudflare or similar for bot protection at the edge.

Audit Report Template

Use this structure for your audit documentation:

Executive Summary

• Overall health score (1-10)
• Critical issues count
• Data reliability assessment
• Top 3 priority fixes

Detailed Findings

For each issue:

• Description of the problem
• Impact on data quality
• Evidence/screenshots
• Recommended fix
• Priority (Critical/High/Medium/Low)
• Estimated effort

Action Plan

• Prioritized list of fixes
• Owner for each item
• Timeline
• Success criteria

Quick Health Check (15 Minutes)

Don’t have time for a full audit? Run through this quick check:

1. Bounce rate sanity check — Should be 30-70% for most sites
2. Traffic source review — Direct shouldn’t exceed 30%
3. Conversion test — Complete a conversion, verify it appears in analytics
4. Page view spot check — Visit 3 different pages, verify all tracked
5. Mobile test — Check tracking works on mobile device

If any of these fail, schedule a full audit.

Maintaining Data Quality

An audit is a point-in-time check. Here’s how to maintain quality ongoing:

Set Up Alerts

Configure alerts for:

• Traffic drops > 30%
• Conversion rate changes > 50%
• Bounce rate anomalies
• New referral sources

Document Changes

Keep a changelog of:

• Tracking code changes
• New events added
• Filter modifications
• Site structure changes

Regular Testing

Include analytics testing in your:

• QA process for new features
• Deployment checklists
• Monthly review routines

Frequently Asked Questions

How often should I audit my website analytics?

Run a quick 15-30 minute health check quarterly to catch obvious issues. Perform a comprehensive audit annually, or immediately after major site changes like redesigns, platform migrations, or tracking system updates. Also audit when you notice unexpected data patterns like sudden traffic spikes or drops.

What’s the most common analytics problem you find in audits?

Duplicate tracking is by far the most common issue. Sites often have both GTM and hardcoded tracking snippets, or old GA3 code alongside new GA4. This inflates page views and deflates bounce rates, making your traffic look better than it is. Check your browser’s network tab — you should see exactly one analytics request per page load.

How do I know if my conversion tracking is accurate?

Cross-reference your analytics conversions with actual business records. Compare analytics conversion counts to orders in your e-commerce platform, leads in your CRM, or sign-ups in your database. A 10-30% variance is normal due to ad blockers, but if analytics shows significantly more conversions than reality, you likely have duplicate tracking.

Is it worth auditing analytics if I’m using Google Analytics 4?

Absolutely. GA4 is more complex than Universal Analytics, with more ways for implementation to go wrong. Event tracking, consent management, and cross-domain tracking all require careful setup. Even if you followed our GA4 setup guide perfectly at launch, things can break over time as your site changes.

What tools do I need to audit my analytics?

You can complete a basic audit with just browser developer tools (F12 → Network tab). For a thorough audit, add Tag Assistant or Omnibug browser extensions for tag debugging, GA4’s built-in DebugView for real-time event monitoring, and Blacklight or similar tools for privacy compliance scanning. All of these are free.

My analytics shows 50% direct traffic. Is that normal?

No, 50% direct traffic usually indicates a tracking problem, not actual direct visits. Common causes include missing UTM parameters on campaigns, broken cross-domain tracking, or mobile app traffic without proper attribution. For most sites, direct traffic should be 20-30% or less. Anything higher warrants investigation.

Conclusion: Trust Your Data

Analytics audits aren’t glamorous work, but they’re essential. Bad data leads to bad decisions, and bad decisions cost money. The good news: most issues are fixable once you find them.

Start with the 15-minute quick health check above. If you find problems, work through the complete seven-area checklist systematically. Then put processes in place to maintain quality over time with quarterly reviews and automated alerts.

Your analytics implementation is only as good as the data it produces. Regular audits ensure you’re making decisions based on reality, not artifacts of broken tracking.

Next steps:

• New to analytics? Start with our complete GA4 setup guide
• Need privacy-compliant tracking? Read our GDPR compliance guide
• Want to reduce ad blocker impact? Learn about server-side tracking
• Exploring analytics platforms? Browse our analytics tools comparison

Need help with a complex analytics audit? Get in touch — I’ve audited setups ranging from simple blogs to enterprise e-commerce platforms.