Audit Rules

Overview

Rules are the atomic unit of an audit. Each rule describes one specific thing Auditor checks during a run, such as "the Meta Pixel fires a PageView request on the homepage with the correct Pixel ID in the URL." The audit itself is a container for rules, and the result you see is simply the pass/fail aggregate across every rule inside.

Rules come from two places. You can write them by hand for bespoke validations, or you can sync them automatically from your GTM container so every tag in GTM gets a matching rule without manual work. Synced rules are locked by default, meaning Auditor keeps them in step with GTM on every re-sync.

Navigate to Rules

Open the audit you want to edit and click the Rules tab. You'll see a list of every validation rule attached to this audit with columns for pixel type, page URL, and locked status. Rules can be filtered by pixel or by status so you can focus on just the pieces you're working on.

If the list is empty, either run a Container Sync from the audit's main page to import rules from GTM automatically, or add rules manually using the button in the top right.

Add a rule manually

Click Add Rule. Select the pixel type from the dropdown, enter the expected network request URL pattern (for example *facebook.com/tr* for Meta), and define the pass criteria such as required query string parameters or POST body fields. Auditor matches any request during the run against this pattern and confirms the parameters line up with your expectations.

Manual rules are useful for edge-case validations that aren't represented in GTM, like third-party scripts installed directly in the site's HTML, or for asserting very specific parameter values you want to lock down (such as a fixed currency code). They're also the only option for pixels that don't live inside your GTM container.

Edit rule details

Each rule carries a name, description, pixel type, URL pattern, and a list of expected parameters. You can also add step types such as set_headers to modify request headers before the rule runs, set_cookies to simulate an existing cookie state, and mark_pass to complete multi-step consent testing flows that require interaction before the pixel fires.

Step types are the mechanism that lets Auditor simulate real user flows rather than just a naked page load. Use them for consent banners that require a click, multi-page funnels like checkout, or gated content that expects a cookie to be set before the content loads.

Test the rule

Run the audit (or use Run Now on a schedule pointing at this audit) and look at the results. Passing rules appear green, failures red. For failures, click into the rule detail to see the captured network requests, variable values, and screenshots collected during the run, which usually reveal the reason immediately.

Often a failure is informational, for example the pixel fired on a different page than expected or the request included an extra parameter. Update the rule to match reality, or fix the site/GTM to match the rule, then re-run.

Troubleshooting

Rule fails even though the pixel clearly fires on the site

The URL pattern is probably stricter than the actual request URL. Pixels often add query parameters that vary per request, and your pattern needs to accommodate them with wildcards. Open the rule's captured requests panel and compare the exact URL that was seen against the pattern, then loosen the pattern as needed.

Synced rule won't save my edits

Rules synced from GTM are locked so re-syncs don't clobber your customizations. To edit a locked rule, either edit the source tag in GTM and re-sync, or clone the rule to create an unlocked copy you can modify freely.

Multi-step consent rule never reaches the pixel check

The consent banner selector probably changed. Inspect the banner on the live site to confirm the button selector still matches what the rule's step types expect. If the CMP publishes a new version of its consent UI, the selector needs updating.