The most urgent problem for Vampire Vape is that tags are firing after users select "Reject All" on the consent banner, which represents a serious compliance risk under UK GDPR and PECR and is almost certainly the primary driver of the site's score of zero. Across the 25 URLs audited, this single issue accounts for the overwhelming majority of the 54 high-severity findings, meaning that tracking is systematically ignoring users' consent choices at scale. This exposes the business to potential regulatory scrutiny from the ICO and could undermine user trust if it came to light publicly. Separately, a duplicate GA4 installation was also identified, which, once the consent issue is resolved, will need to be addressed to prevent inflated session counts and skewed analytics data. Fixing the consent signal integration with the tag management setup should be treated as an immediate priority before any further data collection takes place.
Vampire Vape's GA4 property (354471494) is broadly healthy with a trust score of 86, recording 22,444 purchases and £710,750 in revenue during the audit window — but two issues threaten the reliability of that data. Seventeen product and category URLs are returning zero page_view events, creating blind spots across key SKUs and brand pages that will distort attribution and merchandising decisions. A 61% spike in session_start events also signals a likely tagging regression that could be inflating session counts and skewing all downstream channel and conversion metrics.
Vampire Vape's mobile performance is sitting in the danger zone — scores as low as 50 on key pages — putting organic rankings and paid landing page Quality Scores at measurable risk; the single biggest revenue-adjacent issue is a third-party stylesheet (srverror.com/styles.css) blocking render on 86% of pages and wasting over 65 seconds of aggregate load time across the site, meaning shoppers on mobile are staring at blank screens before they can browse or convert. Two root causes — unoptimised Google Tag Manager tag firing and render-blocking CSS and font resources — are suppressing scores that could realistically reach the low-to-mid 90s with targeted fixes, directly improving ad efficiency and SEO visibility.
Rank #1 by blocking time on this page. Google Tag Manager transfers 299 KB and keeps the main thread busy for 621ms, delaying INP and TBT. It fires BEFORE consent according to the tracking audit — so it's degrading experience for users who reject cookies too.
Fix: GTM's own weight usually means a lot of tags. Run GTM Preview and look for tags firing on every page that could be scoped to specific events or URLs.
Rank #1 by blocking time on this page. Google Tag Manager transfers 299 KB and keeps the main thread busy for 414ms, delaying INP and TBT. It fires BEFORE consent according to the tracking audit — so it's degrading experience for users who reject cookies too.
Fix: GTM's own weight usually means a lot of tags. Run GTM Preview and look for tags firing on every page that could be scoped to specific events or URLs.
Rank #2 by blocking time on this page. Cookiebot transfers 141 KB and keeps the main thread busy for 189ms, delaying INP and TBT. It fires BEFORE consent according to the tracking audit — so it's degrading experience for users who reject cookies too.
Fix: Load Cookiebot with `async defer`, push it as late as safely possible, and if it's tag-manager-loaded, add a consent trigger. If it's not strictly needed for functionality, lazy-load on first interaction.
Vendors firing despite Reject All: GA4. This breaches GDPR/PECR and is incompatible with Consent Mode v2 'denied' signals.
Fix: Add consent-aware GTM triggers (Consent Mode v2 'ad_storage' / 'analytics_storage' = denied) and verify tags wait for an Update signal before firing.
Detected phone in params ['_p', 'cid', 'gtm', 'sid', 'uafvl'] of https://region1.google-analytics.com/g/collect?…
Fix: Hash, redact, or remove PII before sending. Use Enhanced Conversions / CAPI with hashed values where required.
Detected phone in params ['nocache'] of https://consent.Cookiebot.com/logconsent.ashx?…
Fix: Hash, redact, or remove PII before sending. Use Enhanced Conversions / CAPI with hashed values where required.
Found 3 instances of GA4 on the same page; may double-count events.
Fix: Audit GTM containers + hard-coded snippets and keep a single GA4 install.
Found 3 instances of gtm on the same page; may double-count events.
Fix: Audit GTM containers + hard-coded snippets and keep a single gtm install.
These URLs are in the crawl / tracking-audit config but GA4 shows no page_view events for them in the audit window. Either the pages aren't getting traffic, or the GA4 tag isn't firing on them.
Fix: Verify the GA4 / GTM tag fires on these templates (view the page in GTM Preview). If traffic is genuinely zero, remove from the audit list.
Seen on 86/100 audited mobile pages.
Fix: This single file blocks render across most of the site. Defer it (add `defer`), preload it, or inline its critical portion. Biggest sitewide win per line-of-change you'll find.
Seen on 86/100 audited mobile pages.
Fix: This single file blocks render across most of the site. Defer it (add `defer`), preload it, or inline its critical portion. Biggest sitewide win per line-of-change you'll find.
Seen on 85/100 audited desktop pages.
Fix: This single file blocks render across most of the site. Defer it (add `defer`), preload it, or inline its critical portion. Biggest sitewide win per line-of-change you'll find.
+ 129 more findings — see the detailed dashboards.