TagGovernor
Guide
Full feature reference for TagGovernor — a Chrome side panel extension for monitoring, validating, and replaying marketing and analytics vendor tags.
What it is
TagGovernor inspects network requests in real time, matches them against vendor rule sets, and reports PASS FAIL WARN EXCLUDED status for each event.
It runs entirely inside Chrome as a persistent side panel. No account is required, no data leaves your browser, and nothing is installed on a server.
It's built for QA analysts, tag managers, and analytics engineers who need to verify that vendors like Google Analytics, Meta Pixel, or any custom tag are firing correctly — with the right parameters, on the right events.
Core concepts
TagGovernor ships with 52 built-in vendor definitions (all disabled by default). You can enable any of them, override their rules, or create your own from scratch.
A vendor is a definition that tells TagGovernor what to look for. Each vendor has:
· URL patterns — substrings or regular expressions that identify the vendor's requests
· Required parameters — must pass for the tag to be considered passing
· Optional parameters — checked but failures produce a warning rather than a fail
· Exclusion rules — conditions that cause a request to be skipped entirely
· Variants — named sub-configurations for vendors that fire differently per event type
· Event name source — where to read the event name from for display in the request row
| Status | Meaning |
|---|---|
| PASS | All required rules passed |
| FAIL | One or more required rules failed |
| WARN | All required rules passed, but one or more optional rules failed |
| EXCL | The request matched an exclusion rule and was not evaluated |
TagGovernor normalizes every request into one of these types, which you can use in vendor rules and exclusion filters:
XHR-GET · XHR-POST · FETCH-GET · FETCH-POST · BEACON · PING · PREFLIGHT · SCRIPT · IMAGE · STYLESHEET · IFRAME · NAVIGATION · OTHER
Quick start
1. Open the extension side panel by clicking the toolbar icon.
2. Go to the Vendors tab and enable the vendors you want to monitor (built-ins are disabled by default).
3. Switch to the Live tab — requests appear as you browse.
4. Click any row to expand it and inspect rule-level results.
5. To record a flow: go to Flows, click Record, interact with the page, click Stop, then save.
6. To replay: open a saved flow and click Replay — the extension steps through each recorded action and captures the resulting network events.
7. To audit a HAR file: enable the Audit tab in Settings, then load a HAR file exported from Chrome DevTools.
Live Tab
The Live tab is a real-time network event feed for the active browser tab. Each row shows the PASS / FAIL / WARN / EXCL badge, the event name (if the vendor has an event name source configured), the URL, vendor name and variant, and the timestamp.
Click any row to expand it and see:
· The full request URL
· HTTP method and request type (e.g. XHR-POST)
· Matched rule results with actual vs. expected values
· Query parameters, POST body fields, request headers, and cookies
The filter bar lets you show only requests with a specific status (PASS / FAIL / WARN / EXCL) or by vendor. The search box filters by URL, vendor name, or any parameter key or value visible in the request. Enable Known Vendors Only in Settings to hide unmatched requests entirely.
Click the export button to save the current request list as:
· CSV — spreadsheet-friendly, includes method, request type, vendor, status, and parameters
· JSON — full detail, machine-readable
· HTML — a self-contained report you can share or archive
Before the file downloads, you'll be prompted to confirm or edit the filename. The default naming pattern is configurable in Settings.
Only the active tab is monitored. Switching tabs pauses storage for the previous tab, keeping memory usage bounded. Each tab maintains its own independent event history.
Flows Tab
Flows let you record a sequence of user interactions and replay them on demand. During replay, TagGovernor captures all network requests and runs them through your vendor rules — giving you a repeatable validation run.
Recording: Click Record, interact with a page (clicks, inputs, scrolls, navigation), then click Stop. Give the flow a name and save it.
| Step type | What it captures |
|---|---|
| navigate | The URL loaded |
| click | Element tag, text, and selector |
| input | Field selector, name, and the value typed |
| change | Field selector, name, and selected value |
| submit | Form action and selector |
| scroll | Vertical scroll position |
In the flow detail view you can edit URLs on navigate steps (useful when promoting a flow from staging to production), values on input and change steps, per-step delays, and dynamic token references.
Use tokens in any input or change step value. They're replaced with fresh values each time the flow is replayed:
| Token | What it produces |
|---|---|
| {{email}} | A randomized email address (uses your Email Generator config) |
| {{tokenName}} | Any custom token defined in the Token Generator |
When replaying, you can configure:
· Step delay — how long to pause between steps (default set in Settings)
· Delay timing — whether the delay fires before or after each step
· Wait strategy — wait for network activity to settle (network-idle) or proceed immediately (none)
A progress bar shows which step is running. You can abort at any time.
After a replay finishes, a summary report shows how many requests were captured, PASS / FAIL / WARN / EXCL counts, and the full request list from the replay session. Export the report as JSON or HTML for archiving or sharing.
· Export as JSON — the full flow definition, re-importable into TagGovernor
· Export as CSV — a human-readable step-by-step breakdown, useful for documentation
· Import — load a JSON flow file from disk
Vendors Tab
The vendor library contains the rule sets used to match and evaluate network requests. 52 built-in vendors are included but disabled by default — enable only what you need. If you need to adjust a built-in vendor's rules, you can override it; your changes are saved separately so the original definition is preserved.
Click + New Vendor and fill in the vendor editor:
· Name and category — used for display and grouping
· URL patterns — one per line; plain substrings or /regex/flags
· Required parameters — rules that must pass
· Optional parameters — rules that produce a warning if they fail
· Event name source — configure where to read the event name from
· Variants — optional sub-configurations for different event types
· Exclusion rules — conditions that skip the request entirely
· Include Request Types — restrict matching to specific request types
Each rule has a source (where to look), a key (parameter name), a check type, and an optional expected value. See the Rule Sources and Check Types reference sections for the full list of options.
Example: Require that a GA4 en parameter equals page_view:
Source: query · Key: en · Check: value · Expected: page_view
Exclusion rules let you ignore requests that should never be validated. Common uses:
· Exclude preflight requests — add PREFLIGHT to the exclusion request types
· Exclude 204 responses — add status code 204 to the exclusion status codes
· Exclude by parameter — exclude any request where a specific parameter equals a specific value
Configure an event name source to pull a human-readable label from the request and display it in the Live tab row. You can pull from a query parameter, a POST body field, the URL path, or the hostname.
Multi-part names: Click + Add Part to combine values from different sources with a separator. For example, combining body.category + / + body.action produces ecommerce/purchase. If any part returns no value, the entire event name is suppressed.
Regex extraction: For each part, you can add a regex like /([^/]+)$/ to extract a portion of the value rather than using the whole thing. If the pattern includes a capture group, the first capture group is used. If the regex doesn't match, the event name is suppressed for that request.
Assign color-coded Labels to vendors for grouping and filtering. Labels are configurable from the Vendors tab. The vendor list can be grouped by Category or Label — set the default in Settings.
Export vendor definitions as JSON to share with teammates or back them up. You can export all vendors or only selected ones. At export time you'll be prompted to confirm the filename. When importing, conflict resolution lets you choose to overwrite, add as copy, or skip any conflicting vendor.
Audit Tab
The Audit tab lets you run your vendor rules against a HAR file — a recording of network traffic exported from Chrome DevTools — without needing to browse the live site.
The Audit tab is hidden by default. Enable it in Settings → Show Audit Tab.
1. In Chrome DevTools, open the Network tab and reproduce the user journey.
2. Right-click the request list and choose Save all as HAR with content.
3. Open the Audit tab in TagGovernor and click Load HAR File.
4. TagGovernor parses the HAR and runs every request through your enabled vendor rules.
5. Results appear in the same format as the Live tab.
The audit reads request data exactly as Chrome recorded it, including query parameters, POST body, request headers, cookies, and response status codes. It normalizes request types using the same logic as the live monitor (so XHR-POST, FETCH-GET, etc. match your vendor rules consistently).
The audit cannot capture data that wasn't recorded in the HAR, such as cookies set by JavaScript after page load or dynamically injected parameters.
TagGovernor reads the standard HAR 1.2 format and uses the _resourceType field for request type classification. HAR files from Firefox or Safari may not include this field — those requests fall back to type OTHER. All other fields (URL, method, headers, body, status) are standard and will parse correctly.
Export as CSV, JSON, or HTML. The filename defaults to audit-{date}-{har} where {har} is the name of the HAR file you loaded — configurable in Settings.
Advanced Tab
The Advanced tab contains tools for setting up controlled test environments: URL Rewriter, Cookie Manager, Email Generator, and Token Generator. Enable it in Settings → Show Advanced Tab.
Define rules that intercept and redirect outbound network requests before they leave the browser. Useful for pointing a tag to a staging endpoint or blocking specific requests. Rules can use plain string matching or RE2 regex patterns.
Toggle rules on and off individually without a page reload. When any rewrite rule is active, a warning bar appears at the bottom of the extension to signal that captured traffic may differ from production. Click the bar to jump to the Advanced tab.
Create, edit, and delete cookies that are automatically applied to pages when you navigate. Useful for maintaining a logged-in session during test replays, injecting consent flags, or testing behavior for specific user segments.
Cookie fields: Name / Value, Domain (click Fill from page to auto-populate), Path (defaults to /), SameSite (Lax / Strict / None / Unspecified), Expiration in days (0 = session cookie), and Secure / HttpOnly flags.
Export and import cookie configs to share test environments with teammates.
Generate a unique randomized email address for each test replay so form submissions don't collide with previous runs. Set an optional prefix (e.g. qa-test) and a domain, then use {{email}} anywhere a value is expected in a flow step. Each replay generates a fresh address like [email protected].
Define reusable tokens for dynamic values in flows beyond email addresses. Each token has a label, a format (e.g. UUID, random alphanumeric), and an enable/disable toggle. Use them in flow step values as {{tokenName}}.
Example: Define a token called orderId with UUID format. Set a hidden order ID field in a flow to {{orderId}}. Every replay generates a unique order ID.
Settings Tab
network-idle or none.Rule Sources
Each vendor rule targets a source — where in the request the key is looked up — and a key name to match against.
| Source | What it matches |
|---|---|
| query | URL query parameters |
| body | POST body fields |
| header | Request headers |
| cookie | Browser cookies |
| hostname | The request hostname (no key needed) |
| path | The request URL path (no key needed) |
| any | Query + body + header + cookie combined |
| query+body | Any combination using + |
Check Types
The check type defines how the rule evaluates the matched key's value.
| Operator | Meaning |
|---|---|
| present | Key exists with any non-empty value |
| = value | Key exists and value matches exactly |
| ≠ value | Key exists and value does not match |
| absent | Key is not present (used in detectWhen only) |
Values support exact match (case-insensitive), wildcard suffix (add_to*), wildcard prefix (*_complete), and regex (/^purchase$/i).
Rule Weight & Evaluation Order
Rules are evaluated in a defined order for each matched request:
1. Exclusion rules are checked first. A matching exclusion short-circuits all further evaluation and marks the event EXCLUDED. Exclusions support status codes and parameter / cookie / header rules.
2. Inclusion rules are checked next, classified by weight:
| Weight | Behavior on failure |
|---|---|
| Required | Must pass — failure results in FAIL |
| Optional | Should pass — failure results in WARN |
If all required and optional rules pass, the event is marked PASS.
Variants
Variants allow a single vendor endpoint to define multiple call types — for example, a Page View and a Link Click that share the same base URL pattern but carry different parameters.
Each variant has a name, a detectWhen condition set, its own required and optional rules, and an optional event name source override. When a request is matched:
1. Variants are checked in order.
2. The first variant whose detectWhen conditions all match is selected.
3. That variant's inclusion and exclusion rules are used for evaluation.
4. If no variant matches, the vendor's base rules are applied instead.
Example: A GA4 vendor with a "purchase" variant detected when en=purchase. When that variant matches, TagGovernor checks for tr (transaction ID) and tt (total) as required parameters. Other events fall through to the base rules.
Use absent checks in detectWhen to distinguish variants where one call type deliberately omits a parameter that another includes.
Export Filename Patterns
Every export type has a configurable filename pattern using tokens:
| Token | Replaced with |
|---|---|
| {date} | Today's date as YYYYMMDD |
| {ts} | Unix timestamp in milliseconds |
| {flow} | The name of the flow or recording |
| {har} | The stem of the HAR filename (Audit tab only) |
Defaults by export type:
| Export | Default pattern |
|---|---|
| Live CSV / JSON / HTML | requests-{date} |
| Audit CSV / JSON / HTML | audit-{date}-{har} |
| Replay JSON | replay-{flow}-{date} |
| Replay HTML report | replay-report-{flow}-{date} |
| Flow JSON | {flow}-{date} |
| Flow CSV | {flow}-{date} |
| Recording | recording-{date} |
| Vendors | vendors-{date} |
| Advanced | advanced-{date} |
| Full backup | tagsentry-backup-{date} |
FAQ
xhr requests would appear as xmlhttprequest instead of XHR-POST or XHR-GET, causing type-based rules to behave differently. This was fixed in version 1.12.0./pattern/(flags). If the pattern includes a capture group, the first capture group is used. If there's no match, the event name is suppressed for that request. For example, /([^?]+)/ on a path value extracts everything before a query string._resourceType field for request type classification. That field is a Chrome DevTools extension to the HAR spec. HAR files from Firefox or Safari may not include it — those requests fall back to type OTHER. All other fields (URL, method, headers, body, status) are standard and will parse correctly.