Purpose
This document helps you determine how many ObservePoint audit page scans you need to meet your organization’s requirements for web governance. If you follow this guide, you’ll be on your way to world class web governance for privacy compliance, tag governance, accessibility compliance, page performance monitoring, and much more.
Tip: Choosing the right number of page scans is more than just counting your pages.
Introduction
ObservePoint audit pricing is simple: you pay for the page scans you need in a given year. In other words, you only pay when ObservePoint scans a page. There’s no cost per user, and no cost per domain. You only pay for page scans.
How many page scans do you need to buy? To answer that question:
Step 1: Count your web pages
Step 2: Apply multipliers
Release Frequency: how often to scan each page
Visitor Geography: from what locations do you need to scan each page
Personas: in what user states do you need to scan each page
Let’s jump in!
Step 1: Count Your Web Pages
You start by counting all your web pages across all your domains. You will use the total number of web pages in the next steps to calculate how many page scans you need.
If you aren’t sure how many pages you have, here are some options:
Reference your web analytics reporting
Google Search Console or Google’s site: search (tip: these methods are less reliable)
Step 2: Apply Multipliers
Next, determine how many times each page needs to be scanned, a “multiplier”. You will apply the multipliers to your total page count to get a final scan number. The multipliers you need vary by organization. This section walks you through how to choose them.
Multiplier #1: Release Frequency
Some web pages are updated daily. Some are updated yearly. You’ll want to schedule ObservePoint audits to re-scan each page after important changes. You can save money by scheduling audits to avoid re-scans on pages that don’t change frequently.
What does a “change” mean for a web page? The first type of change people think of is content: text changes, color changes, new buttons, new images, etc.
For web governance, you need to think about other changes too:
New marketing tags
Changes to your cookie consent banner
Data layer updates
New analytics events
A/B test deployments
An important question to ask is how long you can tolerate an issue existing on a page before finding out about it. We recommend daily or twice-per-week scans for your highest traffic, highest risk, or highest release frequency pages. Also, consider which groups of pages tend to behave uniformly. For example, a community forum might have thousands of pages that all deploy the same tags and cookies, because they are all powered by the same template. It might make sense to scan only a sample of these pages. But don’t be tricked by seemingly similar pages that, for whatever reason, use vastly different technologies even though they appear to be powered by the same template.
Your first ObservePoint audits will be useful to determine which pages use similar groups of technologies (e.g., cookies and tags). We always recommend a full-site discovery audit to start.
Armed with this info, you can decide to audit a sample of pages from each group regularly (daily or weekly), and a full audit less frequently (monthly or quarterly).
Tip: the 90/10 Rule. Don't scan every page at the same frequency. Scan your high-frequency pages (top 10%) daily or weekly, and move templated pages, or pages that don't change frequently (bottom 90%) monthly or quarterly.
After you consider the list above, take your web pages from step 1, and decide what frequency they each need to be re-scanned. Some groups of pages may need to be re-scanned more frequently than others. This info is your frequency multiplier.
Multiplier #2: Visitor Geography
The visitor geography multiplier is mainly for privacy compliance scanning. Different regions of the world require websites to treat pre-consent visitors differently. So you’ll want to scan your web pages from each of those geographies. ObservePoint supports scanning from 34 locations around the world, with the option to add hundreds of other locations through proxy hosts.
Example geographies to consider:
The EU’s GDPR requires websites to treat pre-consent visitors as opted out of tracking
India’s DPDA and Brazil’s LGPD require websites to behave similarly to GDPR for pre-consent visitors
California CIPA laws require websites to avoid certain kinds of tracking for pre-consent visitors
California CCPA laws require websites to honor the GPC signal (see the “persona” multiplier below)
Certain US states allow websites to treat visitors as opted in to tracking
Consider which geographies your website visitors are coming from, and which web pages serve those visitors. Check with your privacy team about which web privacy legislation is the most important to comply with.
Tip: Check your cookie banner vendor to see which geographies have special configurations. This is a great way to determine which geographies you need.
Tip: Different domains may serve visitors from different geographies.
The number of geographies for each group of pages is your visitor geography multiplier. Combine this with the “persona” multiplier below.
Multiplier #3: Personas
A persona describes the state of a website visitor. Each persona is a potential multiplier as well. Some personas only apply to certain geographies.
Here are some example personas to consider:
A visitor who has opted out of tracking with your cookie banner. For this persona, you want to ensure that your website does not load prohibited third-party cookies and trackers.
A visitor who has opted in to tracking with your cookie banner. For this persona, you want to ensure that your website loads the correct marketing and advertising tracking, to maximize your attribution and advertising effectiveness.
Extra Considerations
It can be helpful to consider other factors that aren’t necessarily multipliers, but might help you plan your page scans:
Login: some pages require a visitor to log in to view. ObservePoint supports pre-audit actions to log a user in and visit each page as an authenticated user.
Environment: you may want to scan pages in your pre-production environment before they go live (sometimes called “lower environments”, “staging”, or “dev”). ObservePoint supports several mechanisms to enable this, including VPN connectivity and custom headers for authentication if needed.
No extra cost for accessibility scanning: ObservePoint automatically reports all accessibility information for every page it scans, at no extra cost. In other words, once you’ve scanned a page, you get full accessibility reporting for that page. If you’ve already scanned a page for privacy compliance purposes, you don’t have to scan it again to get accessibility information for that page.
No extra cost for web vitals scanning: Web vitals numbers are included in every ObservePoint scan at no extra cost.
Example
This section walks you through an example with 3 domains: example1.com, example2.com, and example3.com.
ObservePoint is capable of scanning hundreds of thousands of domains, but to keep this example simple, we’ve chosen only 3.
Step 1: Count your web pages
We have 3 domains:
example1.com with 10,000 unique pages
example2.com with 1,000 unique pages
example3.com with 100 unique pages
Total: 11,100 unique pages
Step 2: Apply multipliers
Release Frequency:
example1.com
1000 of these pages release weekly
The other 9,000 release monthly or less frequent
example2.com
100 of these pages release weekly
The other 900 release monthly or less frequent
example3.com
10 of these pages release weekly
The other 90 release monthly or less frequent
Visitor Geography:
example1.com visitors come from:
🇺🇸 All US states, including California
🇪🇺 EU
🇨🇦 Canada
example2.com visitors come from:
🇮🇳 India
🇧🇷 Brazil
🌐 Other countries with no web privacy laws (we’ll choose to scan from Australia 🇦🇺 to represent these countries)
example3.com visitors come from:
🇺🇲 USA, including California
Personas:
For this example, let’s assume our privacy compliance team has said each website needs to comply with certain privacy law in the table below.
We will combine the geography multipliers with personas to comply with our organization’s privacy policy.
Domain | Geography | Persona | Why? |
example1.com | 🇺🇲 California, US | Visitor with GPC turned on | To ensure we comply with CCPA’s GPC law |
" | 🇺🇲 California, US | Visitor who has opted out of tracking | To ensure our opt-out mechanisms work and don’t allow unauthorized trackers for opted-out visitors |
" | 🇪🇺 EU | Pre-consent visitor
(no opt-in or opt-out yet)
| To ensure we comply with GDPR by considering pre-consent visitors as opted out of tracking. |
" | 🇨🇦 Montreal, Canada | Pre-consent visitor | Same as above |
" | 🇺🇲 Virginia, US | Pre-consent visitor | Virginia is a sample state to ensure our tracking works at full capability in states that allow pre-consent tracking. |
example2.com | 🇮🇳 India | Pre-consent visitor | To ensure we comply with DPDA by considering pre-consent visitors as opted out of tracking. |
" | 🇧🇷 Brazil | Pre-consent visitor | Same as above |
" | 🇦🇺 Australia | Pre-consent visitor | To ensure that tracking loads correctly in countries that allow pre-consent tracking |
" | 🇦🇺 Australia | Opted-out visitor | To ensure that our opt-out is working. |
example3.com
| 🇺🇲 California, US | Visitor with GPC turned on | To ensure GPC visitors don’t get trackers and cookies that aren’t allowed by CCPA law. |
" | 🇺🇲 California, US | Visitor with opt-out | To ensure opted-out visitors don’t get trackers and cookies that aren’t allowed by CCPA law. |
" | 🇺🇲 Virginia, US | Visitor with opt-out | To ensure the opt-out works for visitors outside California too. |
" | 🇺🇲 California, US | Visitor with opt-in | To ensure our tracking works at full capability when visitors opt in to tracking. |
Put it all together:
This table puts together the multipliers to form a total page scan number:
Domain | Page Group | Page Count | Release Frequency | Geography & Persona Multiplier | Page Scans Needed |
example1.com
| Weekly release | 1,000 pages | x52 | x5 | =260,000 page scans |
| Quarterly release | 9,000 pages | x4 | x5 | =180,000 page scans |
example2.com | Weekly release | 100 pages | x52 | x4 | =20,800 page scans |
| Quarterly release | 900 pages | x4 | x4 | =14,400 page scans |
example3.com | Weekly release | 10 pages | x52 | x4 | =2,080 page scans |
| Quarterly release | 90 pages | x4 | x4 | =1,440 page scans |
|
|
|
| Total | 478,720 page scans |
You can enter that total page scan number in the ObservePoint self-service pricing page and see the cost.
Conclusion
This article gives you all the info you need to estimate your ObservePoint audit costs.