How to use: Check off each item as you verify it.
✅ Pass ❌ Fail ⚠️ Needs Review ➖ N/A
🔴 Critical = Fix before traffic |
🟡 Warning = Review/confirm |
🟢 Pass = Good to go
📡 PIXEL ARCHITECTURE — Read Before Auditing:
• useEffect (React-injected): Pushnami, Anura — search inside React component files
• Template-level (HTML, not React): GTM, TrustedForm, Facebook Pixel, all other third-party tags Do NOT expect to find GTM or FB Pixel inside React component code — they live in the HTML template.
Section 1 · Branding & Visual Identity
Verify brand presentation before moving to functional checks.
Color Match
Primary and accent colors match the brand logo or complement it tastefully. Check buttons, headers, progress bars, and CTA elements.
Logo Rendering
Logo displays correctly at all breakpoints — mobile, tablet, desktop. No stretching, cropping, blurring, or pixelation.
Brand Consistency
Fonts, button border-radius, icon style, and accent colors align with brand design guidelines throughout all form steps.
Typography
Correct font family is loaded and rendering. Check headings, body text, and legal copy for correct weight and size.
Section 2 · Navigation
Back Button v2 — Present
Back Button v2 component is visible and present on all applicable steps. Confirm it is not hidden, overlapping, or rendered off-screen.
Back Button v2 — Behavior
Clicking Back returns the user to the previous step. Previously entered data is preserved — fields should not be cleared on back navigation.
Step Progression
Moving forward through steps works correctly. Form state is maintained. No steps are skipped or repeated unexpectedly.
Processing Screen Transitions
Processing/loading screens shown between steps appear correctly and transition to the next step on completion.
Section 3 · Pixels & Tracking
All tracking must be verified before the build goes live. Missing pixels mean lost attribution and revenue.
3a. GTM — Google Tag Manager [Template-level, NOT in React]
Where to check: GTM is injected directly in the HTML <head> template, NOT inside React component files. If you cannot find it in the HTML source, it is missing.
CRITICAL GTM container <script> tag present in <head>
Must be the first or near-first script in <head>. Confirm the GTM ID (GTM-XXXXXXX) matches the correct container for this brand.
GTM <noscript> fallback present in <body>
The noscript iframe fallback should appear immediately after the opening <body> tag.
GTM fires on page load
Open DevTools → Network tab and confirm GTM container request completes with 200.
GTM dataLayer events fire at correct steps
Check that dataLayer.push() calls fire at the expected form steps (e.g., step_complete, form_submit).
3b. Facebook Pixel [Template-level, NOT in React]
Where to check: FB Pixel is in the HTML template. If you cannot find fbq() in the HTML source, the pixel is missing.
CRITICAL FB Pixel base code present in HTML template
FB PageView event fires on page load
Confirm fbq('track', 'PageView') fires. Use Facebook Pixel Helper Chrome extension to verify.
FB custom events fire at correct steps
Lead, CompleteRegistration, or other custom events fire at the appropriate form steps.
FB Pixel ID matches the correct ad account
3c. TrustedForm [Template-level]
TrustedForm script loads correctly
Confirm the TrustedForm script is present (hardcoded or dynamically injected inside __waitForSCSClient). Script URL: api.trustedform.com/trustedform.js
xxTrustedFormCertUrl field captured
xxTrustedFormPingUrl field captured
Certificate URL submitted with lead data
Check the Network tab on form submission — the extApplyv2 POST should include the TrustedForm cert URL.
3d. Purchase / Conversion Events on Result Step
CRITICAL Conversion event fires on r.tpl / result step
The purchase or lead conversion event must fire when the user reaches the final result/thank-you step. This is the most important pixel event — missing it means lost attribution.
Purchase event parameters are correct
Verify value, currency, and any required parameters are passed with the conversion event.
No duplicate conversion firing
3e. iFrame Pixels
iFrame pixel(s) present where expected
iFrame loads correct source URL
iFrame does not cause layout shift or visible rendering artifacts
3f. Anura [React-injected via useEffect]
Where to check: Anura is injected inside a React component using useEffect. Search for useEffect blocks containing 'anura' or the Anura script URL. Also check the scs-config JSON on the page — Anura config appears there with instance, source, and campaign fields.
CRITICAL Anura script injected via useEffect
Anura instance ID is correct
The instance ID in scs-config must match the assigned Anura account for this brand/site.
CRITICAL Anura source field resolves correctly — NOT 'NaN_NaN'
If it reads 'NaN_NaN', the template variable substitution failed. This breaks all fraud attribution for the adchain.
CRITICAL Anura campaign field resolves correctly — NOT 'NaN'
Anura additional fields correct
additional.1 = site name, additional.2 = adchain ID, additional.3 = GCLID or 'NO GCLID' if non-Google traffic.
TAV 95 implemented on Type-In traffic only
Verify TAV 95 is present on Type-In funnels. Check any new white label or PPC sites specifically.
Anura fires at the correct step in the flow
3g. Subdomain Pixel Updates
If deployed to subdomain (secure. or apply.): all pixel URLs use the correct prefix
No hardcoded domain references that break on subdomain deployment
Render pixels updated for subdomain deployment
Section 4 · Pushnami
Where to check: Pushnami is injected inside a React component via useEffect. Search for useEffect blocks containing 'pushnami' or the Pushnami SDK URL. The Pushnami config (scriptUrl, sendOnlyOnFinalStep) will also appear in the scs-config JSON.
Pushnami script loads correctly
Pushnami script URL is correct
Format: api.pushnami.com/scripts/v1/push/[ID]
CRITICAL Prompt fires AFTER the email step
Pushnami must not fire before the user has submitted their email. Confirm the trigger is tied to the post-email-step processing screen.
CRITICAL Prompt fires on ALL processing screens
Pushnami must fire on each processing screen, not just once.
Verify lookup fires and subsequent steps are pre-filled
Lookup handles 'not found' gracefully
5e. All Lookup Types — Verify Each Applies
Email / Last 4 SSN lookup — returns correct user data
Session lookup — resolves correctly from an existing browser session
resid (Resident ID) lookup — returns expected data
ForceFetches — force-fetch flag triggers a fresh BE call, bypasses cache
All lookup types handle error states gracefully
Section 6 · UI Interactions
6a. Anchor Links
All anchor links trigger the correct action
No dead or broken anchor links
Anchor links work on mobile and tablet
6b. Tooltips
All tooltips display on hover (desktop) and tap (mobile)
Tooltip content is correct and readable
Tooltips dismiss correctly
Tooltips do not overflow the viewport on mobile
CRITICAL EVERY percentage value on the page has an associated tooltip
Scan all rendered text on every form step for the % character. Each occurrence must have a tooltip icon adjacent to it.
6c. Modals
All modals open when their trigger is activated
Modal content is correct and fully rendered
Modals close via: X button, overlay click, and Escape key
Modal scroll works for long content
Modals accessible on mobile (no overflow, close button reachable)
6d. Footer Links
Privacy policy link works and opens correctly
Terms and conditions link works and opens correctly
Non-ops links work correctly
Unsubscribe link works correctly
Legal text is current and accurate (check TCPA consent language version)
All footer links open in the correct target (_blank for external)
Section 7 · Form Validation
🔴 RULE: Every <input> and <select> in the form MUST have custom validation. No field may be left unvalidated. An unvalidated field is a Critical finding.
7a. Date of Birth (DOB)
CRITICAL User must be 18 years of age or older
Age must be calculated from today's date, not a hardcoded year. Test today minus 17 years (reject) and today minus 18 years (accept).
Rejects users under 18 with a clear, visible error message
Accepts users exactly 18 years old (boundary/edge case)
Handles edge cases without crashing (leap year Feb 29, future date, invalid date)
7b. Name Fields (fname / lname)
CRITICAL fname requires MORE than 2 characters — minimum 3
1 char = error, 2 chars = error, 3 chars = pass.
CRITICAL lname requires MORE than 2 characters — minimum 3
Validation error displays clearly adjacent to the field
Fields accept valid special characters (hyphenated, apostrophe, accented)
Fields reject numbers and special symbols (!, @, #, etc.)
7c. Phone Number
CRITICAL Must be a valid US phone number
Rejects non-US formats and country code prefixes (+44, +1, 1-555...)