How Do You Know Your Tracking Is Actually Working?
GTM's preview panel says the tag fired. That's not the same thing as Google Analytics receiving the hit, and it's definitely not the same thing as Google Ads getting a clean conversion signal. Here's what actually proves your tracking is working, and why checking it properly is a bigger job than most people assume.
The Question Everyone Skips
Most sites get their tracking set up once, at launch, and never checked again. GTM Preview shows green ticks, GA4 shows some numbers in the dashboard, and everyone moves on. The problem is that "some numbers in the dashboard" isn't proof of anything. It just proves something is arriving. It doesn't prove all your conversions are, or that they were counted correctly, or that they're still arriving three CMP updates and two GTM publishes later.
A tracking setup can look completely healthy in every tool you'd normally check and still be quietly losing a third of your conversions. That's not a hypothetical. It's the single most common thing we find when we actually go and check.
Why GTM's Own Preview Mode Isn't Proof
GTM Preview tells you a tag rule matched and the tag fired. It does not tell you what happened after that. A tag can fire and:
- Send a request that gets blocked by an ad blocker or browser privacy feature before it leaves the page
- Send a request to the wrong endpoint because a variable resolved to an unexpected value
- Fire the analytics library's bootstrap script (
gtag.jsloading) without ever sending an actual hit — the script loading and a hit being sent are two different network requests, and Preview mode doesn't distinguish them for you - Fire correctly in Chrome on desktop and silently fail in Safari, where Intelligent Tracking Prevention treats first-party cookies differently
That third one catches out even experienced setups. A page load event firing the GTM container tag looks identical in Preview whether or not GA4 actually received anything. To know the difference, you have to go one level deeper than GTM shows you by default: the browser's Network tab, filtered to the actual collection endpoint (google-analytics.com/g/collect for GA4, not the script load), checking each request actually completed and wasn't cancelled.
It's Not One Check. It's Three.
Consent changes what's allowed to fire, which means "does tracking work" isn't a single yes/no. It's at least three separate questions, and most audits only ever check one of them:
- Pre-consent: before the visitor has made any choice, is anything firing that shouldn't be? This is the one most people think to check, because it's the obvious compliance angle.
- Post-accept: once consent is granted, does everything that's supposed to fire actually fire? This is the one that costs money when it's broken, and it's the one almost nobody checks properly, because it requires clicking accept and then going and looking again.
- Post-reject: once consent is declined, has everything that should stop, actually stopped? A tag that keeps firing after rejection is a real problem, but so is a tag that should keep firing (aggregated, non-personalised measurement is often still allowed) and doesn't, because someone configured the CMP a little too aggressively and killed tracking they didn't need to.
Doing this properly means testing all three states, not just the one you happen to load the page in. Most manual checks test whatever state the tester's browser happens to already be in from a previous visit, which is exactly the state that was least recently verified.
One Tool Doesn't Cover This
Tag Assistant checks GTM and GA4. Meta has its own Pixel Helper. Google Ads conversion diagnostics live in a different part of Google Ads entirely. If you're running Microsoft Ads, TikTok, LinkedIn, or Pinterest pixels alongside GA4, that's a separate verification tool per platform, each with its own quirks, each needing to be re-checked in each of the three consent states above. A site running five ad platforms needs up to fifteen separate checks to actually confirm tracking is clean, and that's before you've tested a second browser.
A Pass Today Doesn't Mean a Pass Tomorrow
This is the part that turns "checkable" into "needs monitoring." Tracking that's verified clean today can break silently from any of the following, none of which show up as an obvious error anywhere:
- A CMP vendor update changes how consent categories map to Google's Consent Mode signals
- Someone on the team (or the client's own dev) publishes a GTM change that touches an unrelated tag and breaks a trigger condition
- A site migration or plugin update changes the DOM in a way that a click-based trigger no longer matches
- A browser vendor tightens third-party cookie or storage rules in a routine update, with no announcement tied to your site specifically
None of these send an email. Nothing turns red in your dashboard, because your dashboard is downstream of the thing that broke — if GA4 never received the hit, GA4 has nothing to show you that anything's wrong. The absence of data looks exactly like a quiet day, right up until someone asks why last month's campaign underperformed and the answer turns out to be that a third of the conversions were never recorded.
What a Genuine Check Actually Involves
If you want to do this properly yourself, here's the real process, not the five-minute version:
- Clear cookies and load the site fresh, so you're genuinely in the pre-consent state, not whatever state your browser happened to be in already.
- Open the Network tab (not GTM Preview) and filter for the actual collection endpoints of every platform you run: GA4, Google Ads, Meta, and anything else.
- Confirm nothing fires pre-consent that shouldn't.
- Accept consent, and confirm every platform that's supposed to fire, does, as a genuine network request that completes, not just a matched GTM trigger.
- Reload fresh, reject consent this time, and confirm the same thing in reverse — what should stop, stops, and what's allowed to continue in an aggregated/non-personalised form, does.
- Repeat the whole thing in at least one non-Chromium browser, ideally Safari, where storage behaviour differs meaningfully.
- Write down what you found, because you'll need to do this again after the next GTM publish, the next CMP update, or roughly every few weeks if you want to actually catch problems before a client asks about them.
That last step is the one that turns this from a one-off task into a standing job. Most agencies don't have someone whose role is "re-run this checklist on every client site, every few weeks, forever." The ones that try usually stop after the second or third round, because it's genuinely tedious and there's always something more urgent to do instead.
Why We Built CookieChest Around This
CookieChest runs exactly this process, automatically, on a schedule, from outside your tracking pipeline the same way a real visitor's browser sees it. Not by reading GA4's own reported numbers and looking for anomalies in them, which can only ever tell you about the data that arrived. We check the network requests directly, in all three consent states, across every platform you've got wired up, and tell you the moment something stops matching what it did yesterday.
You don't need to grant us access to your GTM container or your GA4 property to get started. We watch the same thing your visitors' browsers do, and let you know before your client notices the campaign numbers look off.
Need help with cookie compliance?
CookieChest monitors your CMP and GTM daily — so compliance doesn't silently break.
View pricing