Shopify Technical Audit Checklist: 25 Points I Run on Every Store (2026)

11 min read

I audited 47 Shopify stores in the first quarter of 2026. 41 of them had the same three problems: a 1,200-product collection with no limit:, a checkout missing express payment buttons above the fold, and an app stack where 14 paid apps did the work 6 could. The audit pattern below catches all three in the first 90 minutes.

TL;DR: A Shopify technical audit walks six layers (theme code, Core Web Vitals, mobile UX, checkout, app stack, SEO infrastructure) and produces a fix list ranked by revenue impact. The 25 checks below are what I run on every paid engagement. The total cost-and-time to audit one store at this depth is 8-12 hours for one auditor with admin access.

Why this matters for your store:

  • Most Shopify stores have ten to twenty fixable issues, but only three to five of those actually move revenue. The audit’s job is to find the right three to five, not to list everything broken.
  • Generic best-practice audits (“you should add lazy loading”) cost the same as targeted audits and produce nothing actionable.
  • The 25 checks below take about 8 hours when run by someone who knows what to look for. A merchant can run them in 16-20 hours by following each step in order.

Layer 1: theme code health (5 checks)

Check 1: Liquid loop bounds

Open every section that loops over collection.products, product.variants, or shop.products. Confirm a limit: is set. A 1,200-product collection without limit: adds 200-400ms to Time to First Byte on every cache miss.

{# AUDIT: is there a limit? #}
{% for product in collection.products limit: 24 %}

If a section’s design only renders 24 cards but the loop has no limit, fix is two characters. For the full set of patterns including break and continue, see my Shopify Liquid for loop break and continue guide.

Check 2: deprecated {% include %} calls

Run grep -rn '{% include' sections/ snippets/ templates/. Every hit is a deprecated tag. Migrate to {% render %} with named parameters. Theme Check flags this on most CLI versions but contractors silence the warning regularly.

Check 3: hardcoded prices

Search for literal currency strings: grep -rn '\$[0-9]' sections/ snippets/ templates/. Every hit is a candidate for the | money filter. On a multi-currency store using Shopify Markets, hardcoded prices break the moment the merchant enables a new currency.

For the full hardcoded-price audit pattern, my free Hardcoded Price Detector tool crawls a live URL and flags every literal $XX.XX bypass.

Check 4: operator precedence traps

Search for if .* and .* or : grep -rn '{% if .* and .* or ' sections/ snippets/. Liquid evaluates and and or strictly right to left. A mixed condition reads in the wrong order silently. The fix is named booleans assigned above the if. See my Liquid operator precedence reference for the working pattern.

Check 5: schema validity

Open the Shopify CLI and run shopify theme check. Note every error and warning. The schema check catches malformed {% schema %} blocks, missing translation keys, and dead settings. On 100 stores I audited, 23 had at least one section with a malformed schema that the merchant could not edit from the theme editor.

For broader Liquid quality patterns, my Shopify Liquid best practices guide covers the 8 mistakes I find in 8 of 10 audits.

Layer 2: Core Web Vitals (4 checks)

Check 6: real-user LCP from CrUX

The Chrome User Experience dataset publishes 28-day rolling field data on every URL Chrome has visited. Pull LCP for the homepage, top collection, and top PDP. Anything above 2.5s mobile fails the threshold.

The CrUX data lives in https://chromeuxreport.googleapis.com/v1/records:queryRecord and lands in my free Shopify CrUX Grader. Run the tool, screenshot the result, paste it in the audit doc.

Check 7: INP on real interactions

Interaction to Next Paint became a Core Web Vital in May 2024. The audit check: click the PDP variant picker, click Add to Cart, click the cart drawer open. Each interaction should respond visibly within 200ms. Anything over 500ms fails.

Check 8: layout shift on PDP

Open the PDP in Chrome DevTools Performance panel. Reload. Look for shifts in the score. A CLS above 0.1 fails. The most common cause is the product image area resizing as the high-res variant loads.

Check 9: third-party script impact

Run the PDP through PageSpeed Insights and read the “Third-party code” diagnostic. Apps that block the main thread for 500ms+ on render are audit-flag candidates. Common offenders: Klaviyo (sign-up flows), Yotpo (reviews), Rebuy (upsell widgets), GemPages (page builder).

My free Shopify App Bloat Index cross-references the installed app set against typical TBT cost per app, ranks the worst offenders, and projects the CVR drag.

Layer 3: mobile UX (4 checks)

Check 10: viewport meta and safe-area

Open theme.liquid (or the layout file) and confirm the viewport meta includes viewport-fit=cover. Without it, iOS Safari does not respect env(safe-area-inset-bottom), and sticky CTA bars sit behind the notch on iPhones.

Check 11: input font-size on forms

Search for input fields in checkout, sign-up, and search. Confirm font-size is >= 16px on mobile media queries. iOS Safari force-zooms the page on focus when an input is below 16px. This is the single most-felt mobile UX bug I find on audits.

Check 12: tap target size

Audit every interactive element (buttons, links, icons) for a >= 44x44px tap target. Social icons in the header and footer are the most-violated. The WCAG 2.5.5 spec mandates 44x44px. Below 32x32px is unusable on a phone.

Check 13: hero CTA above the fold

Open the PDP and homepage on an iPhone 13 viewport (390x844). Confirm the primary CTA (Add to Cart, Book a Call, Sign Up) is visible without scrolling. On the home hero specifically, every 100px of padding above the CTA cuts mobile CVR measurably.

For the full mobile CRO playbook including all 9 fixes I apply, see my mobile Shopify fixes that close the 60% gap post.

Layer 4: checkout (3 checks)

Check 14: express payment route visibility

Open the cart and the begin-checkout step on mobile. Confirm Shop Pay, Apple Pay, and Google Pay are visible above the standard checkout button. Shop Pay converts 1.72x higher than standard checkout (Shopify, 2024). Buried express buttons leave 30-40% of that lift on the table.

For the deeper checkout playbook including trust signals, form fields, and Plus extensibility, see my Shopify checkout optimization guide.

Check 15: shipping threshold visibility

Audit whether the free-shipping threshold is communicated on the cart and in checkout. If the merchant offers free shipping at $75 and a buyer’s cart is at $63, the AOV-lift opportunity is visible without an app. A Liquid-only free shipping progress bar ships in under 90 lines of code.

Check 16: form field count

Count the form fields on each checkout step. Baymard’s 2024 study found the median checkout has 11.8 fields but the optimum is closer to 7 for guest checkout. Every extra field costs 0.5-2% of completion rate.

Layer 5: app stack (4 checks)

Check 17: monthly app cost

Open Settings > Apps and total the monthly subscription cost across every installed app. Across 100 stores I audited, the median monthly app spend was $580. The top 25% spent $1,200+. The audit asks whether every dollar earns its keep.

Check 18: app overlap

List the function each app provides. Flag overlaps. A store running both Klaviyo and Privy for email capture is paying twice for the same job. A store running both Yotpo and Loox for reviews is paying twice for the same job. Audit-flag every duplicate.

Check 19: deprecated app dependencies

Identify apps that depend on Script Editor (deprecating June 2026) or checkout.liquid (deprecating August 26, 2026). The deprecation deadlines are non-negotiable. For the full migration framework, my 5 real Shopify Scripts I migrated to Functions covers the production patterns.

Check 20: app replaceability with Liquid

For each app, ask: does Liquid render the same UI faster, server-side, with zero JS bloat? Trust badges, countdown timers, size charts, free shipping bars, FAQ accordions, and stock indicators are all candidates. My 15 Liquid snippets to replace Shopify apps post covers the replacement set.

Layer 6: SEO infrastructure (5 checks)

Check 21: schema markup validity

Run the homepage, top PDP, and top blog post through the Google Rich Results Test. Note every error and warning. Common gaps: missing BreadcrumbList, malformed Product, missing Review/AggregateRating, no Article on blog posts.

For the Liquid pattern that adds valid BlogPosting schema in 30 lines, see my Shopify Article schema in Liquid post.

Check 22: canonical and hreflang

For multi-market stores, audit hreflang tags on PDPs and collections. The pattern is <link rel="alternate" hreflang="en-us" href="..." /> for each locale plus a <link rel="alternate" hreflang="x-default" href="..." />. Missing hreflang lets Google serve the wrong locale to the wrong country.

Check 23: sitemap and robots.txt

Pull /sitemap.xml and confirm every blog, product, and collection is listed. Pull /robots.txt and confirm no critical pages are blocked. Shopify’s default robots.txt blocks /cart and /checkout, which is correct. Custom robots.txt rules from Shopify Plus accounts deserve a closer read.

Check 24: indexation gap

Open Google Search Console > Coverage. Note pages excluded for “Crawled, not indexed,” “Discovered, not indexed,” “Duplicate without user-selected canonical,” or “Soft 404.” Each exclusion is a fixable issue.

Check 25: query gap analysis

Pull the GSC Performance > Queries report. Sort by impressions descending. For each top query, confirm the ranking URL is the right URL. A query like “shopify cro audit” ranking the contact page instead of the CRO audit guide is a mis-targeted indexation issue.

How to verify your audit produced the right output

Three questions, three minutes.

  1. Does every finding have a fix? If a finding lists a problem without a one-line fix or a link to one, it is not actionable. Strike it from the deliverable.

  2. Are the findings ranked by revenue impact? A list of 47 issues ranked by alphabetical order or section order is worthless. Rank by projected dollar impact. The merchant fixes the top 3 and you both look like you knew what you were doing.

  3. Does the merchant know what to do on Monday? Open the audit doc and read it as a non-technical merchant. If they can identify the first three actions they should ship next week, the audit is doing its job. If they cannot, rewrite the top of the doc.

The takeaway:

  • Audit six layers, not one. Theme code, CWV, mobile, checkout, apps, SEO.
  • Use tools for what tools do well (loop counts, font sizes, tap target audits) and manual review for what they cannot (business logic, app overlap, checkout UX).
  • Rank findings by projected revenue impact, not by section order or alphabetical order.
  • Give the merchant the top three actions for next week in the first 200 words of the deliverable.
  • The audit pays for itself only if the merchant ships the fixes. Make the next step obvious.

Frequently Asked Questions

What does a Shopify technical audit cover?

A Shopify technical audit covers six layers: theme code health (Liquid quality, deprecated tags, schema validity), Core Web Vitals (LCP, INP, CLS on real-user CrUX data), mobile UX (sticky CTA, tap targets, viewport meta), checkout configuration (Shop Pay, Apple Pay, accelerated payment routes), app stack (subscription cost, runtime cost, replaceability), and SEO infrastructure (schema markup, canonical, hreflang, sitemap). A complete audit produces a prioritized fix list ranked by revenue impact, not a generic best-practices list.

How much does a Shopify technical audit cost?

Independent Shopify CRO and technical audits run $500-$5,000 depending on store complexity. A focused audit on one funnel area (checkout, mobile, performance) is typically $500-$1,500. A full-store audit covering all six layers above is typically $2,000-$5,000. Agency audits start at $5,000 and can reach $20,000 for Shopify Plus accounts. The deliverable matters more than the price: a $5,000 audit that lists 47 issues without revenue impact estimates is worth less than a $1,500 audit with 12 prioritized fixes and projected lifts.

How long does a Shopify technical audit take?

A focused audit on one funnel area takes 4-8 hours for a single auditor with admin access. A full-store technical audit takes 15-30 hours across two weeks: 6-8 hours of automated tool runs, 8-12 hours of manual code review, 4-6 hours of mobile and checkout walkthroughs across real devices, and 2-4 hours writing up the prioritized fix list. The audit timeline expands on Shopify Plus accounts because checkout extensibility, B2B configuration, and custom Functions add review surface area.

What tools does a Shopify technical audit use?

Core tooling: PageSpeed Insights and the CrUX dataset for Core Web Vitals, Lighthouse CI for repeatable scoring, Shopify Theme Inspector for Liquid render profiling, Google Search Console for indexation and query data, and Screaming Frog or Sitebulb for crawl-level structural data. Custom-built audit tools cover Shopify-specific gaps: app bloat detection, hardcoded price detection, schema validation against the 2026 spec. Manual review covers the parts no tool catches: business logic in Liquid, app overlap, and checkout UX.

What is the most common finding in a Shopify technical audit?

Liquid loop inefficiency on collection templates. Across 100 stores I have audited, 87 had at least one unbounded `{% for %}` or nested loop adding 200-800ms to server-side render time. The fix is mechanical: add `limit:`, eliminate nested variant loops, and break early once the rendered count is reached. The second most common finding is app stack bloat: 12-18 paid apps where 4-6 cover unique functionality and the rest duplicate features or fire deprecated JavaScript on every page.

Related Articles

Inside a Shopify CRO Audit: 6 Days, 7 Areas, 100+ Stores

Read Article →

Lighthouse vs CrUX: Why Shopify Scores 23 But Passes CWV

Read Article →

Hydrogen vs Liquid in 2026: When Headless Actually Wins

Read Article →
Book Strategy Call