What Audera checks

Looks for the adverse event reporting statement on the page — the standard wording that tells readers how to report side effects, for example via the MHRA Yellow Card scheme or the drug safety contact of the marketing authorisation holder. Pharmaceutical promotional material is generally required to carry this statement wherever a product is promoted, and regulators treat its absence seriously. A finding is raised when no adverse event reporting wording is detected in the page content.

Compares the analytics and tag-management scripts detected on the page — such as Google Analytics, Google Tag Manager or Adobe Analytics — against the approved baseline version of the page. A finding is raised in two situations: no analytics tags are detected at all, or the set of analytics vendors differs from the baseline. Missing tags mean campaign and traffic data silently stops being collected, while unexpected new tags can indicate an unapproved deployment or a privacy concern.

Verifies that the black triangle — the symbol marking a medicine under additional regulatory monitoring — is used consistently. A finding is raised for review in either direction: the site is configured as promoting an additionally monitored product but no black triangle signal is detected at all, or a black triangle is detected when the site is not flagged for additional monitoring. A soft consistency finding is also raised when a text-rendered triangle is applied inconsistently across many mentions of the medicine name. Because the symbol can be rendered as text, inside a logo image, or alongside an "additional monitoring" statement, this check is best effort and always asks for human confirmation rather than asserting a definite failure.

Requests every external link found on the page and confirms that each one responds successfully. Broken links to references, prescribing information hosts or corporate sites undermine credibility and can leave mandatory information unreachable. A separate finding is raised for each external URL that returns an error status or does not respond at all.

Surfaces when the visible copy of a live page has materially changed since the approved baseline while the job code and the date of preparation have both stayed exactly the same. In most approval workflows a material copy change requires re-approval, which produces a new job code or an updated date of preparation, so unchanged compliance artefacts alongside changed copy suggest the page was edited outside the approval process. The change is measured as a word-level diff (so carousels, tokens and timestamps do not trigger it), and the result is raised for review; the check runs on live environments only and passes whenever the change is trivial or either compliance artefact also changed.

Scans the page for signs of a cookie consent banner or consent management platform. Sites serving UK and EU visitors are expected to obtain consent before setting non-essential cookies, so a page carrying analytics or marketing tags with no visible consent mechanism is a compliance risk. Because consent banners vary widely across vendors and bespoke builds, this check is best effort: when no consent signals are found it raises a finding for review rather than a definite failure.

Checks that a date of preparation, or date of revision, is present on the page. Industry codes such as the ABPI Code require promotional material to state when it was created or last revised, so reviewers and inspectors can tell whether the material is current. A finding is raised when no date of preparation can be detected on the page; the age of the date is not judged, only its presence.

Watches the Google Search Console verification meta tag and compares it with the approved baseline version of the page. A finding is raised when the tag that was present at baseline disappears, or when its value changes. Losing the verification tag can silently revoke access to Search Console data for the domain, and a changed tag often indicates an unexpected deployment or template change.

Checks the site homepage for signs of a healthcare professional gate — the self-certification step that keeps promotional content intended for HCPs away from the general public. The check runs on the homepage only, and is skipped when the scan traversed an automated gate this run or when the homepage itself is set up as the HCP gateway page type. A configured gate that failed to traverse is flagged, since the captured content and screenshot would then show the gate instead of the page behind it. Otherwise, if no gating signals are detected in the captured HTML a finding is raised for review, since gates rendered purely by JavaScript may not appear in the static snapshot.

Inspects the canonical URL and the hreflang alternate entries of the page and flags any that point to a different registrable domain than the page itself. Comparison is on the registrable domain so www/non-www and same-site subdomains are not flagged, and a sister-domain allowlist built from the client's other monitored markets permits legitimate cross-border hreflang. A canonical that points to a different path on the same host is surfaced separately, and remaining cross-domain hreflang entries are raised for review rather than as a hard failure.

Runs when an Important Safety Information section is present and measures how much safety text it actually contains. If the ISI text is shorter than 400 characters the section may have been truncated, collapsed, or only partially rendered in the captured page — a real failure mode where the heading survives but the content does not. Because legitimately short ISIs exist, the finding is raised for review rather than as a definite failure.

Confirms that an Important Safety Information section is present on the page. The ISI carries the safety warnings, contraindications and other risk information that must accompany product promotion, and its absence from a product page is one of the most serious findings Audera raises. A finding is created whenever no ISI section is detected in the page content.

Validates candidate job codes found on the page against the expected format configured for the site, or inherited from the client. Each company uses a defined job code structure, and a code that does not match it usually means a typo, a code from the wrong market, or placeholder text that survived to production. The check only runs when a format is configured and code-like strings are detected on the page; the finding lists every candidate that fails to match.

Checks that a job code — the unique approval reference, sometimes called a Veeva code, Zinc code or item code — is present on the page. The job code ties the live page back to its certified version in the approval system; without one there is no evidence the content was approved. A finding is raised when no job code can be detected on the page.

Applies only to legal pages — terms and conditions, privacy policy and cookie policy — and checks that they display a last-updated date. Privacy regulations and good practice expect these documents to show when they were last revised, so visitors can tell whether the terms they are reading are current. A finding is raised when a legal page has no detectable last-updated date.

Compares the logo area of the page — the top-left region of the screenshot — against the same region in the approved baseline screenshot. Brand marks on pharma sites are part of the approved material, so an unexpected change in the logo region can indicate an unapproved rebrand, a broken image, or template damage. The comparison only runs when the page content has changed and both screenshots exist; a differing logo region raises a finding for review.

Tracks brand logos located on the page by the vision review. For each logo that comes from a real image file, the source file is re-fetched on every scan and its bytes compared to the last-seen version. Brand marks on pharma sites are approved material, so a changed logo image can indicate an unapproved rebrand, a swapped asset, or a broken/replaced file — a changed logo raises a finding for review. Logos that are not backed by a stable image file (CSS backgrounds, inline SVG, marks baked into artwork) are re-assessed by the AI review rather than this cheap per-scan check.

Detects a robots noindex directive in the meta tags of a live production page. Noindex is routinely used to keep staging and preview sites out of search engines, and when it leaks into a production deployment the page disappears from search results — often unnoticed until traffic collapses. A finding is raised whenever a live environment page carries the noindex directive; staging and development environments are ignored.

Cross-checks the superscript citation markers in the page body against the numbered entries in the references section. A finding is raised for review when superscript numbers point to no reference entry, meaning a claim has no supporting citation, or when reference entries exist that no superscript points to, which is often a sign that copy was deleted without updating the bibliography. Clinical claims on pharma sites must be traceable to their cited sources, so both directions are flagged.

Watches every live page for any change in content compared with the snapshot accepted as the baseline. The page content is hashed on each scan, and when the hash no longer matches the baseline a finding is raised, noting whether the main heading also changed. This is the core drift alarm: it signals that something on an approved page is different, and it stays active until the change is reviewed and the new state is accepted as the baseline.

The most fundamental check: requests the page and confirms it responds. A page that returns an error or does not respond at all is invisible to patients and healthcare professionals, and every other check is moot for it. A 2xx success or a 3xx redirect (which the browser follows to a real page) passes; a finding is raised only when the status is a client/server error or the page returns no response.

Confirms that the page links to prescribing information (PI or SmPC) and that each of those links actually resolves. Promotional pages for prescription medicines must provide direct access to prescribing information, so both a missing link and a broken one are critical failures. A finding is raised when no PI or SmPC link is detected on the page, and a separate finding is raised for each PI link that returns an error or cannot be reached.

Checked once per scan of a live site rather than per page: fetches the robots.txt file at the root of the site and inspects it. A finding is raised when the file is missing or unreachable, or when it contains a global Disallow rule for all crawlers — a common leftover from staging that removes the entire site from search engines. The finding is attached to the homepage of the site.

Checked once per scan of a live site: connects to the host and inspects its SSL/TLS certificate. An invalid or expired certificate triggers browser security warnings that stop visitors at the door, so it is raised as a critical finding, and a certificate expiring within the next 14 days is raised at high severity as an early warning. A host whose certificate cannot be inspected at all is also flagged.

Finds registered trademark and trademark symbols in the page text and checks that each one is rendered as a superscript. Brand guidelines, and most approved artwork, specify superscripted marks, so a full-size symbol usually means the page markup has drifted from the approved layout. A single finding for review lists every occurrence on the page that is not superscripted.