How to Audit Your Website Analytics: Complete Checklist

Your analytics data is only as good as your implementation. Bad tracking leads to bad decisions. I’ve audited hundreds of analytics setups, and I can tell you: most are broken in ways their owners don’t realize. Here’s how to find and fix the problems in yours.

Why Analytics Audits Matter

Think about it: you’re making business decisions based on your analytics data. Marketing budgets, product changes, content strategy — all driven by numbers. But what if those numbers are wrong?

Common scenarios I’ve seen:

• A company thought their blog traffic was 50% higher than reality (duplicate tracking)
• An e-commerce site missed 30% of conversions (broken event tracking)
• A SaaS company’s bounce rate was 90% — actually 45% (misconfigured SPA tracking)
• Marketing team optimizing for a channel that wasn’t actually converting (UTM mess)

The cost of bad data isn’t the data itself — it’s the decisions you make based on it.

When to Audit Your Analytics

Schedule a full audit when:

• Quarterly — Quick health check (30 minutes)
• After major site changes — New design, platform migration, feature launches
• When numbers look “off” — Sudden spikes, drops, or impossible metrics
• Before big decisions — Budget planning, strategy shifts
• Annually — Comprehensive deep dive

The Complete Analytics Audit Checklist

I’ve broken this into seven areas. Work through each systematically.

1. Tracking Code Implementation

The foundation. If your tracking code is broken, nothing else matters.

Check for:

• ☐ Tracking code present on ALL pages
• ☐ Code fires only ONCE per page (no duplicates)
• ☐ Code loads in correct position (usually <head>)
• ☐ No JavaScript errors blocking tracking
• ☐ Tracking works on mobile and desktop
• ☐ Tracking survives ad blockers (if using privacy-first tools)

How to check:

Use browser developer tools (F12 → Network tab) to see tracking requests. Look for your analytics domain in the requests list.

For Google Analytics, use the Tag Assistant extension. For other tools, check their documentation for debugging methods.

Common problems:

• Tracking code missing from dynamically loaded pages
• Multiple analytics snippets (GA3 and GA4, or duplicate GA4)
• Code blocked by consent management platform
• Code in wrong container (fires before consent given)

2. Data Accuracy

Is the data you’re seeing actually correct?

Check for:

• ☐ Page view counts match server logs (roughly)
• ☐ User counts are realistic for your traffic
• ☐ Session duration makes sense
• ☐ Bounce rate is believable (not 0% or 100%)
• ☐ Traffic sources match your marketing activities
• ☐ Geographic data aligns with your audience

Red flags:

• Bounce rate under 20% — Usually indicates duplicate tracking
• Bounce rate over 90% — Could be SPA issues or exit tracking problems
• Average session duration of 0:00 — Tracking not capturing engagement
• Massive traffic from unexpected countries — Bot traffic or spam
• Conversion rate suddenly doubled — Duplicate conversion tracking

Validation technique:

Compare analytics data with other sources:

• Server logs for page views
• CRM for conversion counts
• Email platform for campaign clicks
• Ad platforms for ad-driven traffic

Expect 10-30% variance due to ad blockers and tracking limitations. More than that indicates a problem.

3. Event Tracking

Events tell you what users actually do. Broken event tracking is invisible until you look.

Check for:

• ☐ All important actions have events (clicks, forms, video plays)
• ☐ Events fire at the right time (not on page load)
• ☐ Event parameters are populated correctly
• ☐ Event names follow consistent naming convention
• ☐ No duplicate events per action
• ☐ Conversion events match actual conversions

How to test:

1. Open browser dev tools → Network tab
2. Filter for your analytics domain
3. Perform the action (click button, submit form)
4. Verify event request appears with correct data

For GA4, use DebugView (Admin → DebugView) to see events in real-time.

Common problems:

• Events only tracked for logged-in users
• Button click events fire but form submission events don’t
• Video tracking breaks on certain browsers
• Dynamic content events not binding correctly

4. Goals and Conversions

Your most important metrics. Get these wrong, and your entire analysis is flawed.

Check for:

• ☐ All business-critical actions tracked as conversions
• ☐ Conversion values set correctly (if applicable)
• ☐ Thank you page / confirmation tracking works
• ☐ No duplicate conversions per user action
• ☐ Conversion paths make logical sense
• ☐ Micro-conversions tracked (newsletter signup, add to cart)

Validation:

Cross-reference analytics conversions with your actual business data:

• Orders in your e-commerce platform
• Leads in your CRM
• Sign-ups in your database

If analytics shows 100 conversions but you only have 70 real customers, something’s wrong.

5. Traffic Source Attribution

Where is your traffic really coming from?

Check for:

• ☐ UTM parameters used consistently across campaigns
• ☐ No UTM fragmentation (facebook vs Facebook vs fb)
• ☐ Referral traffic categorized correctly
• ☐ Direct traffic isn’t suspiciously high
• ☐ Organic search data available (Search Console linked)
• ☐ Paid traffic matches ad platform data (roughly)

Red flags:

• High “direct” traffic — Often miscategorized referral/organic traffic
• UTM chaos — Multiple variations of the same source
• Missing referrers — Cross-domain tracking issues
• “(not set)” everywhere — Data collection problems

Quick UTM audit:

Export all traffic sources for the last 90 days. Look for:

• Duplicate sources with different capitalization
• Misspelled campaign names
• Missing utm_medium or utm_campaign
• Internal traffic tagged with UTMs (inflates campaign numbers)

6. Filter and Data Quality

Are you filtering out the noise?

Check for:

• ☐ Internal traffic excluded (your team’s visits)
• ☐ Bot traffic filtered
• ☐ Spam referrals blocked
• ☐ Development/staging traffic excluded
• ☐ Test transactions filtered from e-commerce data
• ☐ Cross-domain tracking working (if multiple domains)

How to set up filters:

For GA4: Use data filters in Admin → Data Settings → Data Filters. Create filters for:

• Internal traffic (by IP or parameter)
• Developer traffic (debug_mode parameter)

For privacy-first tools like Plausible: Most automatically filter bots. Check for IP exclusion options for internal traffic.

7. Privacy and Compliance

Legal requirements aren’t optional.

Check for:

• ☐ Cookie consent collected before tracking (if required)
• ☐ Consent choices actually respected (tracking blocked when declined)
• ☐ Privacy policy accurately describes your tracking
• ☐ Data Processing Agreement in place with analytics vendor
• ☐ Data retention settings configured
• ☐ No PII (personally identifiable information) in tracking data

Privacy audit tools:

• Blacklight — Scans for trackers on your site
• Cookiebot Scanner — Identifies all cookies
• Browser dev tools — See what loads before/after consent

Common compliance issues:

• Analytics loading before consent banner appears
• Consent banner doesn’t actually block tracking
• IP addresses stored without anonymization
• Third-party scripts loading additional trackers

Tools for Analytics Auditing

Here are the tools I use for every audit:

Browser Extensions

• Google Tag Assistant — Validates GA/GTM implementation
• Omnibug — Shows all marketing tags firing
• Ghostery — Reveals all trackers on a page
• WASP — Web Analytics Solution Profiler

Online Tools

• Blacklight — Privacy-focused tracker scanner
• BuiltWith — Identifies technologies on any site
• Screaming Frog — Crawls site for tracking code presence
• Mozilla Observatory — Security and privacy check

Built-in Tools

• GA4 DebugView — Real-time event debugging
• GTM Preview Mode — Test tag configurations
• Browser DevTools — Network tab for tracking requests
• Plausible/Fathom dashboards — Built-in data validation

Step-by-Step Audit Process

Here’s my exact workflow for a comprehensive audit:

Phase 1: Discovery (30 minutes)

1. Document all analytics tools currently in use
2. List all tracked events and conversions
3. Note any known issues or concerns
4. Identify key pages and user journeys

Phase 2: Technical Audit (1-2 hours)

1. Check tracking code on 10-20 key pages
2. Test all tracked events manually
3. Verify conversion tracking accuracy
4. Review filter and view configurations
5. Check cross-domain tracking (if applicable)

Phase 3: Data Validation (1 hour)

1. Compare analytics vs. server logs
2. Cross-reference conversions with CRM/database
3. Verify traffic source accuracy with ad platforms
4. Check for data anomalies in reports

Phase 4: Compliance Review (30 minutes)

1. Test consent flow with tracking blocked
2. Scan for unauthorized trackers
3. Review privacy policy accuracy
4. Check data retention settings

Phase 5: Documentation (30 minutes)

1. Document all issues found
2. Prioritize by impact and effort
3. Create action plan with owners
4. Schedule follow-up audit

Common Issues and Fixes

Issue: Duplicate Page Views

Symptoms: Bounce rate under 20%, inflated page views

Causes:

• Multiple tracking codes on page
• GTM and hardcoded snippet both active
• Tag firing multiple times per page load

Fix: Use browser dev tools to count tracking requests per page load. Remove duplicates.

Issue: High Direct Traffic

Symptoms: 40%+ of traffic shows as “direct”

Causes:

• Missing UTM parameters on campaigns
• HTTP to HTTPS referrer stripping
• Mobile app traffic without tracking
• Email client preview stripping referrers
• Cross-domain tracking not configured

Fix: Implement consistent UTM tagging. Check cross-domain setup. Use referral exclusion lists appropriately.

Issue: Missing Conversions

Symptoms: Analytics shows fewer conversions than actually occurred

Causes:

• Thank you page not tracked
• Redirect before tracking fires
• Ad blockers blocking conversion pixel
• Consent blocking conversion tracking

Fix: Implement server-side conversion tracking. Ensure tracking fires before redirect. Test conversion flow with ad blocker enabled.

Issue: SPA Tracking Problems

Symptoms: Only homepage tracked, 100% bounce rate, one page per session

Causes:

• Single Page App doesn’t trigger page views on navigation
• History change events not captured
• Virtual page views not implemented

Fix: Implement history change tracking. Use your framework’s router hooks to send page views. Many privacy-first tools handle this automatically.

Issue: Bot Traffic Inflation

Symptoms: Traffic spikes from unusual locations, 100% bounce rate from certain sources, impossible user behavior

Causes:

• Bot filtering not enabled
• Spam referral traffic
• Competitor click fraud

Fix: Enable bot filtering in GA. Use hostname filters. Consider Cloudflare or similar for bot protection at the edge.

Audit Report Template

Use this structure for your audit documentation:

Executive Summary

• Overall health score (1-10)
• Critical issues count
• Data reliability assessment
• Top 3 priority fixes

Detailed Findings

For each issue:

• Description of the problem
• Impact on data quality
• Evidence/screenshots
• Recommended fix
• Priority (Critical/High/Medium/Low)
• Estimated effort

Action Plan

• Prioritized list of fixes
• Owner for each item
• Timeline
• Success criteria

Quick Health Check (15 Minutes)

Don’t have time for a full audit? Run through this quick check:

1. Bounce rate sanity check — Should be 30-70% for most sites
2. Traffic source review — Direct shouldn’t exceed 30%
3. Conversion test — Complete a conversion, verify it appears in analytics
4. Page view spot check — Visit 3 different pages, verify all tracked
5. Mobile test — Check tracking works on mobile device

If any of these fail, schedule a full audit.

Maintaining Data Quality

An audit is a point-in-time check. Here’s how to maintain quality ongoing:

Set Up Alerts

Configure alerts for:

• Traffic drops > 30%
• Conversion rate changes > 50%
• Bounce rate anomalies
• New referral sources

Document Changes

Keep a changelog of:

• Tracking code changes
• New events added
• Filter modifications
• Site structure changes

Regular Testing

Include analytics testing in your:

• QA process for new features
• Deployment checklists
• Monthly review routines

Final Thoughts

Analytics audits aren’t glamorous work, but they’re essential. Bad data leads to bad decisions, and bad decisions cost money.

The good news: most issues are fixable once you find them. And finding them just takes a systematic approach and the right tools.

Start with the quick health check. If you find problems, do a full audit. Then put processes in place to maintain quality over time.

Your future self (and your CFO) will thank you.

Need help with an analytics audit? Get in touch — I’ve audited setups ranging from simple blogs to enterprise e-commerce platforms.