Check explainers
What the Measurement Health Check tests
Every finding from the scan has an explainer: what gets tested, why it matters and how to fix it. The complete list, grouped by category.
Tracking core
- Server-side event APIs
Server-to-server conversion APIs (Meta CAPI, TikTok Events API) deliver attribution even without cookies.
- dataLayer
Without a dataLayer, tracking tools scrape values from the DOM, fragile and inconsistent.
- Server-side tracking
Server-side tagging bypasses ad blockers, stabilises attribution, and decouples tracking from the frontend.
- Analytics tag
Without an analytics tag, nothing flows into Google Ads, Looker, or your reporting.
- Tag manager
A central tag manager decouples tracking changes from your release cycle.
Consent & privacy
- 3rd-party cookies
Chrome abandoned its 3rd-party cookie phase-out in 2025 in favour of user choice; Safari and Firefox have long blocked them, tracking built on this stays structurally unreliable.
- Cookie banner / CMP
A cookie banner is the visible half of the consent flow, no CMP means no documented opt-in.
- Consent activates measurement
If nothing fires after "Accept", the consent wiring is likely broken, you lose data despite opt-in.
- Consent Mode V2
Since March 2024 Google requires all four consent parameters for Ads, otherwise no conversion modelling.
- Consent Mode signal after update
Consent Mode V2 needs a gtag consent update after opt-in, otherwise Google conversion modelling stays off.
- Consent simulation
The deep scan drives the cookie banner automatically and compares the accept state with the reject state.
- Pre-consent cookies
Cookies set before the consent decision are a typical compliance finding.
- Consent frameworks (TCF v2.2 / GPP)
IAB TCF v2.2 and GPP are the standards for cross-vendor consent in EU ad-tech.
- Pre-consent scripts
Tracking scripts referenced in the HTML before consent are critical under GDPR/ePrivacy.
- Reject is respected
If marketing or analytics still fire after "Reject", that is the single most common GDPR finding at supervisory authorities.
Performance & UX
- Privacy Sandbox
Google largely wound down the Privacy Sandbox in 2025, several ad APIs are being retired. This check is an inventory signal, not a recommendation.
- Third-party scripts
More external scripts = slower load times and a larger compliance surface.
- Tracking payload
More than 200 KB of tracking payload measurably slows the page and enlarges the compliance surface.
Security & bots
- AI bot policy
GPTBot, ClaudeBot, PerplexityBot decide whether your content shows up in AI answers, make a deliberate call.
- Security headers
HSTS, X-Frame-Options, and CSP are the security baseline every audit checks.
- HTTPS
Unencrypted tracking is a data-leak risk and breaks modern browser defaults.
- Structured data (JSON-LD)
Structured data (schema.org) is a ranking signal for Google AND AI search.
- llms.txt
llms.txt is the emerging standard for telling LLMs in a structured way what they may read.
- Meta tags
Title, description, and Open Graph are the SEO baseline, missing them hurts visibility and social shares.
- robots.txt
A misconfigured robots.txt makes the site invisible to Google.