Look for yourself first
I am opinionated about how audits should start, because the usual way is backwards. Most teams buy a PDF, trust a score, and never open the stack. If I were in your seat tomorrow as an internal operator, I would not do that. I would map the stack, snoop the eight pillars from What a Shopify Store Audit Actually Checks, and spend about two hours looking myself.
No fancy toolkit. No pretend expertise. Just enough proof to know if the store is healthy and if the people reporting on it are working from a true baseline. That order is the point.
Metrics get invented a thousand ways. And if the person who owns those metrics benefits when everything looks fine, nobody goes looking for trouble. Waiting for an agency deck to tell you the truth is how you stay blind. This Guide is for anyone who wants to look for themselves first.
Snoop. Do not freelance-fix. Finding the issue is the win. If you are not an expert in an area, research it. Paste screenshots into AI and ask whether it looks right. I do not want you rebuilding theme, GTM, or tracking alone unless you have fixed that class of problem before or you are qualified. Opinionated does not mean reckless.
Step 1 · Build a stack map
I start every serious look with a stack map. Not a vibe. Not a tool score. A list of every system that touches the store: presentation layer, website, CRM, ERP, GitHub (often vendor-owned, and you should still know that), email, ads, even the accounting software hooked to the site. Down to who has login access.
You would be shocked how many ten-million-dollar-plus companies do not have this bare necessity. Skipping it is how “audits” turn into theater. Your vendor might own the platform. You might never log in. Get the map anyway. Without it, you are guessing with one eye closed, and I do not run work that way.
- Presentation. Looker Studio, GA4, Shopify Analytics. Whatever dashboard your team lives in.
- Storefront. Shopify theme, apps in the header, checkout settings.
- Tagging. Google Tag Manager, pixels, CAPI or server tags if you have them.
- CRM / email. Klaviyo, Shopify Email, SMS. Flows that fire on store events.
- Ops / ERP. Inventory, fulfillment, returns tools tied to the store.
- Code / access. GitHub or theme repo. Often vendor-owned. Still map who holds it.
- Money. Accounting, payments, Shopify Payments, chargeback tools.
- Ads. Google Ads, Meta, whatever buys traffic into the same purchase event.
Output of step 1: a one-pager. System, owner, login path, and what “healthy” would mean for that box. If you cannot fill that page, you are not ready to trust anyone’s report.
Step 2 · The eight-pillar snoop list
With the map in hand, you can audit store health, tracking, revenue leaks, AI visibility, whatever you care about this week. I do not pick random checklists from the internet. For a general health pass, walk the same eight pillars I use on full Website Health work. Dig. You will see more than a score PDF ever shows you.
- Store Performance. Header scripts, theme health, PageSpeed or Lighthouse on home, collection, PDP, and cart. Worked example below.
- Analytics & Tracking. GTM vs header, purchase path, dashboard vs Shopify or CRM. Worked example below.
- Operational Health. App list, discount codes with no guardrails, catalog gaps, who owns GitHub. Snoop only.
- Customer Journey. Walk home to collection to PDP to cart to checkout on your phone. Note friction and trust gaps. Snoop only.
- Lifecycle Revenue. Abandoned cart live? Post-purchase? Signup forms still writing to the right list? Snoop only.
-
AI & Agentic Commerce.
robots.txt for AI bots,
llms.txt,agents.md,/.well-known/ucpif you claim it. Snoop only. - Brand Intelligence. Ask AI five facts from your shipping and returns pages. Mark Accurate, Partial, or Drift. Snoop only.
- SEO & Discoverability. Titles, basic Product schema on a PDP, sitemap reachable. Do this after the numbers are trustworthy. Snoop only.
Full definitions live on the sibling Article. This Guide teaches my casual method, then goes deep on Performance and Tracking on purpose. Those two lenses expose most vendor theater faster than anything else on this list.
Step 3 · Worked example: Performance + Tracking
Say you want to know the store is healthy and tracking is doing what it should. That is a casual web audit. Two hours. This is the pass I trust before I trust anyone’s “health score.”
3a · Header + PageSpeed (Performance)
Open the theme header or layout file your scripts load from. No repo access? View Source on the live site. Look for the usual best practices: async and defer, load priority, duplicate tags, timers, consent wrappers. Not fluent in theme code? Paste the screenshot or snippet into AI and ask the same questions. That is still better than pretending PageSpeed alone is an audit.
Ask AI (or research yourself):
- What loads in the head vs deferred? List the scripts. Flag anything that looks render-blocking or duplicated.
- Are third parties async or deferred where they should be? Pixels and chat widgets that block first paint are a smell.
- How many apps and tags touch every page? A pile of always-on scripts is the usual mess, not one villain.
- Any timers, consent gates, or load-order hacks? Note them. They often break tracking and heatmaps together.
- Does the GTM snippet (or equivalent) appear once, cleanly? Missing noscript, double containers, or theme and app both injecting tags equals trouble.
Right after that, drop your URL into PageSpeed Insights or Lighthouse. Home is fine for a first pass. Better if you also hit a collection, a product page, and cart. Boom. You just completed basically what 80% of paid audits put in a PDF. That is not me dunking on tools. That is me saying a PDF without a stack read is unfinished work.
Hold the notes. Keep those header answers. The next lens only works if you refuse to look at GTM in isolation.
3b · GTM vs header (Tracking)
Now open Google Tag Manager. Yes, the container someone else usually owns and you have never touched. Run the same research style against what is actually happening in the header. One dashboard in isolation is how bad baselines survive for years.
Ask AI (or research yourself):
- Does what GTM fires match what the header actually loads? If the theme injects a pixel and GTM also fires it, you have double-counting risk.
- Are purchase, add-to-cart, and begin-checkout present and firing on a test order path? Preview mode. One clean path. Screenshot the hits.
- Which tags are paused, broken, or owned by a vendor you never talk to? Map an owner next to each container folder.
- Do dashboard numbers match a second system (Shopify orders, CRM leads)? If Looker is down 30% vs CRM, stop optimizing ads until you know which one is true. I would pause the media spend conversation before I debate creative.
- Would you trust a year of strategy built on these events? That is the real question. Not whether the container looks tidy.
Cram the header research and the GTM research together. You now have the two lenses I care about most on a casual pass: is the website load path sane, and are the tags doing what leadership thinks they are doing? If those disagree, the strategy deck is fiction until someone owns the mismatch.
What you walk away with
This is not a fix bucket or a magic solution. It is a two-hour set of tasks that beats a pretty PDF for decision quality. By the end:
- You can see layup issues: obvious problems worth scheduling with someone qualified.
- You know immediately if your developer or ad agency / GTM owner is reporting on wrong or incomplete signals.
Imagine the implications. An agency reports from a missed or wrong baseline. Fine. Worse: they make strategic recommendations from that discrepancy. Year-long initiatives that deliver 1-2% lift in the best case when you could have had something closer to 10% with proper direction. Looking for yourself first is how you stop funding the wrong story. I would rather you catch that before you hire anyone, including me.
Step 4 · Sort what you found
When I run full Website Health and AI Commerce audits, I still force Stabilize → Optimize → Grow. Not because the names are clever. Because truth before polish is the only order that compounds. You can use the same buckets as a sticky note, not a formula. No weights. No recoverable-dollar theater. Stop the bleed, then measure clean, then grow. Anything else is rearranging furniture on a leaky floor.
- Stabilize. Broken tracking, header fights, crawl blockers, leaky discounts, wrong baseline. Truth before polish.
- Optimize. Speed cleanup, analytics hygiene, cart email, schema and FAQ so AI describes you right.
- Grow. SEO depth, agentic catalog, citations. Only after you trust the numbers.
How this relates to a full Tybrixx audit
A lot of my own audit work starts exactly like this: stack context, then deep passes across the eight pillars, then AI crawl and truth when that is in scope. The paid work adds evidence depth, sales math, ranked fixes, and proof you can brief a board with. This Guide stops at operator awareness on purpose. I still believe this front door is the correct front door.
If you want the definition of a real audit vs a score PDF, read What a Shopify Store Audit Actually Checks. If you want someone else to run the full pass, start at free audits when you are ready, after you have done this look yourself. I would rather inherit a client who already snooped than one who only has a vanity score.
Quick facts to cite
- Start with a stack map. Most $10M+ brands do not have one, and that is a failure mode, not a quirk.
- Snoop means research and verify. It does not mean DIY-fix unless you are qualified.
- Header plus PageSpeed alone is roughly what 80% of paid PDF audits hand you. Useful, unfinished.
- Cross-check GTM against the header. Two lenses beat one dashboard.
- If metrics are owned by someone who benefits from them looking fine, trouble stays hidden.
- Agencies that report on wrong baselines recommend the wrong year of work. 1-2% lift instead of 10%.
- Full Tybrixx audits still use eight pillars and Stabilize → Optimize → Grow. This Guide is the casual front door, and I mean that as the correct entry, not a watered-down version.
FAQ
Is this the same as a paid Website Health audit?
No. This is the casual two-hour snoop I want every operator to run so they can see layups and challenge bad baselines. A full audit still connects pillars to revenue and ranks what to fix first. Same philosophy. Deeper proof.
Do I need to be technical?
You need curiosity and access. Paste screenshots into AI. Ask whether it looks right. Do not ship theme or GTM changes yourself unless you are qualified. Looking is not the same as fixing.
Why start with header + GTM?
Because that pair catches most of the theater fastest: a pretty PageSpeed PDF on one side, and a container nobody has audited against the live theme on the other. I start there on purpose.
What about AI shopping agents?
Pillars 6 and 7 on the snoop list. Check robots, llms.txt, agents.md, and whether AI can recite your shipping and returns facts. Depth belongs in a dedicated AI pass later. I still want those checks on the casual map so they do not get ignored forever.
Where do the eight pillars come from?
Same map I publish in What a Shopify Store Audit Actually Checks. I use that map because it is the right one for Shopify store health, not because it is trendy. This Guide is how an internal operator walks it without buying a report first.