Spying on Tag manager tags, variables and triggers

Most people who are serious about website measurement use a web analytics package with Google Analytics Universal (UA) version being the most popular. The easiest way to implement UA is to use Google Tag Manager (GTM).

GTM holds your tags, variables and triggers. You can view the contents of a tag manager container by just entering the URL, eg, https://www.googletagmanager.com/gtm.js?id=GTM-NL8NCRZ It's not really in a human-friendly format. You can get some information easily enough, like the tag manager version and the Analytics Ids. If you know what you are looking for you can see my UA Id is UA-40548417-2 and my GA4 measurement Id is G-MDVLGB3444.

Luckily there is a site that will parse the container and give you the contents in the container in a human-friendly format. Just paste the container Id or URL into gtmspy.com and it will show you the tags, variables and triggers along the top.

Why is this useful?

On your own site, this is of limited use, I know what all my tags, variables and triggers are. I can access them via tag manager. I suppose if a person who has left the company only has access to your container, you can try rebuilding it from the export. Apart from that though, the main use is espionage.

You can spy on the tags of other sites. It's quite interesting to see what variables people have defined and what they track. It doesn't appear to track GA4 tags or events which is a shame but you can still get a lot of useful information by looking at the UA tags.

Finding Easter Eggs

You can have a lot of fun with Tag manager. The custom tags can contain arbitrary JavaScript. If you look at the GTM container on Riseatseven.com (GTM-5LP2DMK), you can see a lot of custom code in their tags.

They have two Easters eggs on their site (that I've found anyway). The first one is doing the Harlem Shake. If you add fun=shake as a parameter, the contact menu changes to shake it baby, click that link and the site does a little song and dance, eg, https://riseatseven.com/?fun=shake Its quite amusing.

Basically, they have some code that runs the Harlem Shake script if you click on a link that equals ‘Shake it Baby' To get the text to appear, the code looks for a variable called fun and if it's equal to ‘shake', it swaps out the contact link with ‘Shake it Baby'

 <script type="text/javascript">
  document.body.innerHTML = document.body.innerHTML.replace('<a href="https://riseatseven.com/contact/">Contact</a>', "<a>Shake it Baby</a>");

The second Easter egg is a bit easier to find in the code but harder to activate. Here's the code for it.

      <script type="text/javascript">
  var els, i, len, title, konamiCode = "38,38,40,40,37,39,37,39,66,65",
    keyPresses = [],
    checkKonami = function(a) {
      keyPresses.slice(keyPresses.length - 10).join() === konamiCode && runKonami()
    runKonami = function() {
      var a = document.createElement("script");
      a.type = "text/javascript";
      a.src = "//hi.kickassapp.com/kickass.js";
      void 0
  document.addEventListener("keyup", checkKonami);

I had to do a bit of Googling but basically, it's based on the old Konami video game cheat code. You can press, using the arrow keys, up, up, down, down, left, right, left, right, b, a and enter. A little ship appears and you can use move it around with the arrow keys and space bar to shoot. It should actually work on here as I copied the code in my GTM container.

It ended up on the riseatseven site due to Gerry White who originally wrote the code. Simo Ahava wrote about it on his blog. He has the Easter Egg on his site too but it merely reverses the text in H1 tags.

Seeing what people track

Most people don't appear to track anything other than what Google does out of the box. I can imagine most Tag manager installs just insert the Analytics tag and that's it. That's the majority of installs I've seen. Maybe there is some bias there as people only come to me when they don't know what to do with analytics but I've spied on enough other sites to see most people don't do anything.

The best people to copy are dedicated analytics companies such as Data Rocks They track a lot of events via custom events.

Out of the box, UA doesn't track outbound links so you can code it

They track outbound links as events and label them with the click URL. Basically, looking for an http link, which is a link click, does not contain data.rocks and isn't an image. (GA4 tracks outbound links out of the box so no need to do this anymore but it's still recommended running both UA and GA4 together).

You can go through their evens and see other things they track. They even have a listener to check if you copy any text that contains “@” as many people will just copy and paste emails rather than click the link. Most people, including me, would just check if the click target is an email and record an email click link.

GTM Spy Limitations

It doesn't give you all the GA4 stuff which would be handy. Most people moving forward will be implementing things in GA4 so would be handy to be able to spy on those installs. It's still a great tool to use and hopefully, they will update it, visit gtmspy.com

Video Demonstration

Sometimes it's better to do a video rather than text.

Similar Posts

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *