TagEasy

Health monitoring

Once events are published to GTM, TagEasy keeps watching to make sure they actually fire. The Health tab in your dashboard rolls everything up into a single status per event.

The three states

StateMeaningWhen
OKEvent fired recently and consistentlyLast verified within < 14 days
WARNEvent hasn't fired lately — could be normal (seasonal) or could be broken14-29 days since last fire
BROKENEvent hasn't fired in a long time — almost certainly something is wrong30+ days since last fire

Thresholds are configurable per environment via HEALTH_WARN_DAYS and HEALTH_BROKEN_DAYS.

How TagEasy knows an event fired

TagEasy ships a tiny verification script that you can paste into your site (independent of GTM). The script:

  1. Hooks into window.dataLayer.push()
  2. On every push that matches one of your tracked events, sends a small beacon to TagEasy's /api/verify/ingest endpoint
  3. TagEasy records the timestamp + event name as evidence the dataLayer push happened

The script is gated by an HMAC-signed token tied to your website. It sends only event metadata (event name, timestamp) — no PII, no payload contents, no URL parameters.

Installing the verification script

  1. Dashboard → your website → Health tab
  2. Click Get verification script
  3. Copy the snippet — it includes your signed 48-hour token
  4. Paste it in the same place you put the GTM snippet (head of every page)

Tokens are valid 48 hours. After that, request a fresh one — older tokens become unsigned beacons and are rejected silently. You can request a new token any time without affecting installed scripts that haven't expired.

Drift detection

A nightly cron job scans every published event in your account:

  • If last-fire < HEALTH_WARN_DAYS → marks OK
  • If last-fire between WARN and BROKEN → marks WARN
  • If last-fire > HEALTH_BROKEN_DAYS → marks BROKEN

Weekly summary emails

Once a week, TagEasy emails owners + admins on each org a Health Summary:

  • How many events are OK / WARN / BROKEN
  • The top 5 events that recently regressed
  • Direct links to the Health dashboard for each one

Configure your email by setting RESEND_API_KEY on the server. Without it, the summary still runs but logs to console only.

Live feed

The website's Live Feed tab shows every dataLayer event the verification script captures, in near real time — the event name, the full payload, the page URL, and which VisualEvent it matched. It's the fastest way to confirm a tag fires correctly while you're testing. (Starter plan and up.)

Anomaly alerts

Drift detection catches an event that stopped. Anomaly detection catches one that's degraded — still firing, but volume has crashed or spiked. A nightly scan compares each event to its 14-day baseline and emails owners + admins when it finds a drop, spike, or silent event.

Toggle it per-website on the Live Feed tab. (Pro plan and up.)

GA4 reconciliation

The verification beacon proves a tag fired in the browser. GA4 reconciliation goes further — it reads GA4's own data and cross-checks the events you configured against what GA4 actually received: which are landing, which received zero hits, and which events GA4 sees that you never set up (rogue or duplicate tracking). It's the authoritative answer to "is my data in Google Analytics?" (Pro plan and up.)

Revenue reconciliation

For e-commerce, the deepest question is whether GA4 matches your real sales. Connect your Shopify, WooCommerce, Stripe, or BigCommerce account and TagEasy puts GA4's purchase count + revenue side-by-side with the actual orders from your store — surfacing exactly how much GA4 is under-reporting. (Business plan and up.)

Container hygiene score

For GTM containers connected via the Tag Manager API, TagEasy audits the live container and grades it 0–100. It flags the structural problems that quietly distort your data or pile up as clutter:

  • Duplicate configuration tags — two Google/GA4 config tags pointing at the same destination ID, which double-counts every page view
  • Tags with no firing trigger — they never run
  • Custom HTML tags — an XSS vector that also bypasses GTM's built-in consent gating
  • Clutter — paused tags, unused triggers, and unused variables

Find it on the website's Events & Tags tab. (Starter plan and up.)

Consent Mode v2 audit

Google requires Consent Mode v2 for EEA traffic. TagEasy audits your live container for two gaps it can detect reliably:

  • Custom tags that fire ungated — Custom HTML / Image tags don't respect Consent Mode automatically; without "Additional consent checks" they fire regardless of the visitor's choice
  • Ad tags still on v1 signals — gated on ad_storage but missing the ad_user_data and ad_personalization signals v2 now requires
  • Tags gated on no valid signal — set to require consent but listing no recognised Consent Mode signal, so they effectively gate on nothing

The audit sits next to the hygiene score on the Events & Tags tab. (Starter plan and up.)

PII-leak scan

Sending personal data — emails, phone numbers, payment-card numbers — to GA4 or ad pixels violates Google's and Meta's terms and can get your property suspended. TagEasy scans the dataLayer events it has captured (the live observer buffer plus your verified events) and flags anything that looks like a leak: email addresses, phone numbers, Luhn-valid card numbers, and PII-typed field names like first_name or customer_email.

Samples are always redacted in the report. The scan is point-in-time — it covers the events captured so far — and sits next to the Consent Mode audit on the Events & Tags tab. (Starter plan and up.)

Investigating a WARN / BROKEN event

  1. Click the event in the Health tab
  2. Inspect:
    • Last-fire timestamp + count over the past 30 days
    • Selector + dataLayer event name
    • GTM tag fire history (from container)
  3. Click Debug with AI — runs the AI co-pilot against the event and returns a likely cause + concrete fix

Common causes of broken events

  • Selector changed. A redesign or A/B test renamed the element. Pull up the page → re-grab the selector → update the VisualEvent → publish.
  • Page moved or deleted. The product / landing page no longer exists. Either repoint the selector or archive the event.
  • GTM container detached. Site got a redesign and the GTM snippet got removed. Reinstall per your platform guide.
  • Cookie banner blocks GTM. A new consent banner gates GTM until consent is granted, and most users dismiss without accepting. Run the Consent Mode v2 audit to check your consent setup.
  • Verify script removed. If TagEasy is firing but the beacon is gone, we'll think the event is broken when it's not. Reinstall the verify script.

Health API access

For agencies pulling health into their own dashboards, see the Agency features doc — the /api/agency/bulk-health-scan endpoint returns rolled-up health across all client orgs.