datascale

Check explainers

What the Measurement Health Check tests

Every finding from the scan has an explainer: what gets tested, why it matters and how to fix it. The complete list, grouped by category.

Tracking core

  • Server-side event APIs

    Server-to-server conversion APIs (Meta CAPI, TikTok Events API) deliver attribution even without cookies.

  • dataLayer

    Without a dataLayer, tracking tools scrape values from the DOM, fragile and inconsistent.

  • Server-side tracking

    Server-side tagging bypasses ad blockers, stabilises attribution, and decouples tracking from the frontend.

  • Analytics tag

    Without an analytics tag, nothing flows into Google Ads, Looker, or your reporting.

  • Tag manager

    A central tag manager decouples tracking changes from your release cycle.

  • 3rd-party cookies

    Chrome abandoned its 3rd-party cookie phase-out in 2025 in favour of user choice; Safari and Firefox have long blocked them, tracking built on this stays structurally unreliable.

  • Cookie banner / CMP

    A cookie banner is the visible half of the consent flow, no CMP means no documented opt-in.

  • Consent activates measurement

    If nothing fires after "Accept", the consent wiring is likely broken, you lose data despite opt-in.

  • Consent Mode V2

    Since March 2024 Google requires all four consent parameters for Ads, otherwise no conversion modelling.

  • Consent Mode signal after update

    Consent Mode V2 needs a gtag consent update after opt-in, otherwise Google conversion modelling stays off.

  • Consent simulation

    The deep scan drives the cookie banner automatically and compares the accept state with the reject state.

  • Pre-consent cookies

    Cookies set before the consent decision are a typical compliance finding.

  • Consent frameworks (TCF v2.2 / GPP)

    IAB TCF v2.2 and GPP are the standards for cross-vendor consent in EU ad-tech.

  • Pre-consent scripts

    Tracking scripts referenced in the HTML before consent are critical under GDPR/ePrivacy.

  • Reject is respected

    If marketing or analytics still fire after "Reject", that is the single most common GDPR finding at supervisory authorities.

Performance & UX

  • Privacy Sandbox

    Google largely wound down the Privacy Sandbox in 2025, several ad APIs are being retired. This check is an inventory signal, not a recommendation.

  • Third-party scripts

    More external scripts = slower load times and a larger compliance surface.

  • Tracking payload

    More than 200 KB of tracking payload measurably slows the page and enlarges the compliance surface.

Security & bots

  • AI bot policy

    GPTBot, ClaudeBot, PerplexityBot decide whether your content shows up in AI answers, make a deliberate call.

  • Security headers

    HSTS, X-Frame-Options, and CSP are the security baseline every audit checks.

  • HTTPS

    Unencrypted tracking is a data-leak risk and breaks modern browser defaults.

  • Structured data (JSON-LD)

    Structured data (schema.org) is a ranking signal for Google AND AI search.

  • llms.txt

    llms.txt is the emerging standard for telling LLMs in a structured way what they may read.

  • Meta tags

    Title, description, and Open Graph are the SEO baseline, missing them hurts visibility and social shares.

  • robots.txt

    A misconfigured robots.txt makes the site invisible to Google.