Guide · part of the Google Analytics audit

How to audit a Google Tag Manager container

The GTM container is where tracking problems live: duplicate tags, dead Universal Analytics remnants, paused consent tags, staging pixels shipping real data. A GTM audit reviews every tag, trigger and variable, plus the governance around them. Nine checks, done by hand or automatically in two minutes.

Tracking Auditor audits your container’s governance as one of five scored dimensions. Your first audit is free.

Run a free audit →

The nine container checks

  1. Inventory every tag and justify its existence

    Go through the container tag by tag: what does it do, who owns it, is it still needed? Mature containers accumulate tags nobody remembers adding. Anything that can't be justified is a candidate for removal. Every live tag is page weight, a data recipient, and a debugging surface.

  2. Search for duplicate Google tags

    Two GA4 configuration tags with the same measurement ID double-count every session and event. Search the container for repeated measurement IDs, including one hard-coded in the site template plus one in GTM, the variant that container-only reviews miss.

  3. Hunt down legacy Universal Analytics tags

    UA stopped processing data in 2023-24, but UA tags still fire in thousands of containers, burning page performance and confusing debugging. Search for tag types 'Universal Analytics' and UA- prefixed IDs, and remove them.

  4. Find test and staging artefacts in production

    Test pixels pointing at dev ad accounts, staging domains in Conversion Linker settings, tags fired by 'debug mode equals true' triggers that someone inverted. These pollute live data and can send real customer data to the wrong place.

  5. Check every tag's consent settings

    Tag → Advanced → Consent Settings. Google tags integrate with Consent Mode natively; third-party tags need explicit consent checks or blocking triggers. Tags with 'No additional consent required' set without thought are the container-side cause of most consent failures. The full check lives in the consent audit.

  6. Review triggers for overlap and dead references

    Triggers referencing pages that no longer exist, overlapping triggers double-firing one tag, and 'All Pages' used where a specific trigger was intended. Trigger sprawl is where double-counting and phantom events are usually born.

  7. Audit variables and the dataLayer contract

    Variables reading dataLayer keys the site no longer pushes return undefined into every tag that uses them, with no error anywhere. Cross-check the container's dataLayer variables against what the site actually pushes on key pages.

  8. Review user access and version history

    People who left the company two years ago with Publish rights; agencies from three engagements ago still holding Admin. And version history: frequent unexplained publishes with no version names or notes means changes can't be traced, which is a governance finding in itself.

  9. Check the container snippet itself

    The container must be present on every page, once, and published. A missing or malformed snippet takes every tag inside it offline, including the consent controls, while everything in the GTM interface looks healthy.

What GTM audits find

Where the container audit fits

GTM governance is one of five dimensions in a complete tracking audit. The full process is in the Google Analytics audit guide. The consent side gets its own deep dive in the consent mode audit guide, and the revenue side in the conversion tracking audit guide. Lost access to the container entirely? The free GTM Inspector reads the live public container so you can recover your setup.

GTM audit FAQs

What is a GTM audit?

A GTM audit is a structured review of a Google Tag Manager container: every tag, trigger and variable, plus consent configuration, user access and version history. It finds duplicates, legacy and test tags, consent gaps and broken dataLayer references that corrupt analytics data.

How do I audit my Google Tag Manager container?

Work through the container systematically: inventory all tags and remove anything unjustifiable, search for duplicate measurement IDs and legacy UA tags, check each tag's consent settings, review triggers for overlap and dead references, verify variables against the site's actual dataLayer, and review who has access. Then verify the container snippet is live on every page.

How often should a GTM container be audited?

After any agency handover, site rebuild or consent-platform change, and at least annually otherwise. Containers decay by accumulation: every quick fix and campaign pixel stays forever unless an audit removes it.

What if I've lost access to the GTM container?

You can still see what's in it: the free GTM Inspector reads the live public gtm.js file and lists every tag, trigger and variable. That is enough to recover your setup and rebuild in a container you control.

Can a GTM audit be automated?

Yes. Tracking Auditor connects to your GTM container read-only and audits governance (duplicates, legacy tags, consent settings, trigger hygiene) as one of five scored dimensions, alongside consent, GA4 event quality, cookies and conversion integrity.

Audit your container in two minutes

Connect GTM read-only and Tracking Auditor reviews every tag, trigger and variable for duplicates, legacy tags, consent gaps and governance issues, scored A–F with a prioritised fix plan. Your first audit is free.

Run your free audit