Depending on the products and features you have configured, your Google tags will use various mechanisms for analytics, conversion measurement, and remarketing. These mechanisms include copying information from URLs, reading and writing cookies, and transmitting data in pixels.
In some cases, you may want to configure the behavior of your tags based on the consent granted by your end users. For example, if you ask your users whether they consent to your usage of cookies for certain purposes, you can tell your Google tags to run without using cookies until the user consents. This enables your tags to help you get the best quality data without using mechanisms that don't align with your users' consent.
The mechanisms described in this article work with the following Google tags deployed via gtag.js and 'Web' containers in Google Tag Manager:
- Google Ads*
- Floodlight
- Google Analytics
- Conversion Linker
* includes Google Ads Conversion Tracking and Remarketing; support for Phone Call Conversions is coming soon.
To adjust your tag behavior relative to consent, use the gtag('consent')
API:
gtag('consent', '<consent_command>', {<consent_type_settings>});
where <consent_command>
is one of:
'default'
- Used to set the default consent settings that apply to a page.'update'
- Used to update existing consent settings. This command is typically used after a user grants consent via a consent tool.
and <consent_type_settings>
is an object that defines which consent types are
'denied'
or 'granted'
. For example:
gtag('consent', 'default', {
// Deny consent for ad_storage
'ad_storage': 'denied',
// Grant consent for analytics_storage
'analytics_storage': 'granted'
});
Adjust default tag behavior
The gtag('consent')
API supports the configuration of
<consent_type_settings>
to adjust the behavior of Google tags on your site:
gtag('consent', 'default', <consent_type_settings>);
Key | Value | Default | Description |
---|---|---|---|
ad_storage |
'denied' | 'granted' |
'granted' |
Controls whether your tags will use cookies related to advertising. |
analytics_storage |
'denied' | 'granted' |
'granted' |
Controls whether your tags will use cookies related to analytics. |
For example, to tell your Google tags not to use cookies for advertising or
analytics, set the consent type to 'denied'
in a 'default'
command above
your gtag.js or Tag Manager container snippet:
// Require consent for ad storage and analytics storage.
gtag('consent', 'default', {
'ad_storage': 'denied',
'analytics_storage': 'denied'
});
The gtag('consent')
API requires that dataLayer
and gtag
are defined.
Ensure that dataLayer
and gtag()
are defined in your code before
gtag('consent')
is called:
If you call gtag('consent')
prior to loading your gtag.js snippet, add this
above your first gtag('consent')
call.
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
Alternatively, you can include all of your default consent settings within your
gtag.js snippet directly above gtag('js', new Date());
.
Settings configured with the gtag('consent')
API will apply to the current
page, but will not automatically persist on subsequent pages. To ensure your
tags behave as you expect, call the gtag('consent', 'default')
command above
your gtag.js or Tag Manager container snippet on every page of your site.
Adjust tag behavior in certain regions
If you only want to adjust the default behavior of your tags for site visitors
from certain regions, you can also optionally specify one or more regions for
which the default command should apply. Countries and sub-divisions are
specified using ISO 3166-2 codes. For example, to specify that the default
setting for ad_storage
should be 'denied'
for visitors from Spain and Alaska
and analytics_storage
should be 'denied'
for visitors from the United
Kingdom:
gtag('consent', 'default', {
'ad_storage': 'denied',
'region': ['ES', 'US-AK']
});
gtag('consent', 'default', {
'analytics_storage': 'denied',
'region': ['GB']
});
If two 'default'
commands occur on the same page with different
consent_type_settings
for a region and one of its subregions, the command with
the region that more specifically matches the visitor's location will take
effect.
For example, if you have one 'default'
command setting ad_storage
granted
for region 'US'
and one setting ad_storage
denied for 'US-CA'
, a visitor
from California will have the more specific 'US-CA'
setting take effect
instead of the 'US'
setting (i.e. ad_storage
will be set as 'denied'
).
Update tag behavior
In the event that your user's consent changes (e.g. after they interact with a
consent message), you can tell your tags to update their behavior. For example,
if the user grants permission to use advertising cookies after you had
previously called gtag('consent', 'default', {'ad_storage': 'denied'})
, you
can update the value of the associated consent type to 'granted'
:
gtag('consent', 'update', {'ad_storage': 'granted'});
When your tags receive a gtag('consent', 'update')
command that grants a
previously denied consent type, they will adjust their subsequent behavior on
the current page and may send additional requests with information about the
consent state to help improve your data.
Work with asynchronous tools
If your consent tool loads asynchronously such that it is not guaranteed to load
before your Google tags, you can use the gtag('consent', 'default')
command to
load a static set of default consent type settings on each page load to fall
back on. When your consent tool initializes, you can then use the
gtag('consent', 'update')
command to set the initial consent settings from
your consent tool.
To support this use case, the <consent_type_settings>
object in default
commands supports an optional 'wait_for_update'
field. When this field is set,
your Google tags will wait a specified number of milliseconds before sending any
data. This gives your consent tool time to initialize before falling back on
your default settings:
// Set ad_storage to denied, but wait 500 ms in case an update occurs
gtag('consent', 'default', {
'ad_storage': 'denied',
'wait_for_update': 500 // milliseconds
});
Additional data controls
Pass ad click information through URLs
When a user lands on your website after clicking on an ad, information about the ad may be appended to your landing page URLs in query parameters (e.g. ?gclid=123456). To help attribute subsequent conversions back to the ad that brought the user to your site, your Google tags normally store this information in first-party cookies on your domain.
When ad_storage
is 'denied'
, the associated Google tags will not store the
ad click information in cookies. If ad_storage
is later updated to 'granted'
(e.g. based on user interaction with your consent messages), the Google tags
will proceed to store the ad click information. However, in cases where the end
user does not grant consent on the landing page but does so on a subsequent
page, the ad click information from the landing page URL will no longer be
present.
To help improve data associated with ad clicks when ad_storage
is denied, you
can optionally tell your tags to pass the ad click information from the landing
page through to subsequent pages in the user's navigation on your site.
gtag.js
To enable this capability for tags deployed via gtag.js, set the value of the url_passthrough parameter to true:
gtag('set', 'url_passthrough', true);
Google Tag Manager
To enable this capability via your Conversion Linker tag in Google Tag Manager, under the Linker Options, select the option to enable linking on all page URLs.
When using URL passthrough, if ad click information is present in the landing
page URL and ad_storage is 'denied'
, some combination of the following query
parameters will be appended to your site links and form actions as users
navigate past the landing page:
gclid
dclid
gclsrc
_gl
For example, if a user lands on example.com/page1.html?gclid=12345
and then
clicks a link to example.com/page2.html
, this link will be decorated with
query parameters like the following:
example.com/page2.html?gclid=12345&_gl=1*_up...
For the best functionality, you should ensure that:
- Any redirects on your site pass across the above parameters
- Your analytics tools are configured to ignore these parameters in reporting unique page URLs
- The presence of these parameters will not interfere with your site behavior
Redact ads data
When ad_storage is 'denied'
, associated Google tags will not set new cookies
for advertising purposes. Additionally, any third-party cookies previously set
on google.com and doubleclick.net that are added passively in network request
headers by the browser will not be read and used except potentially for spam and
fraud purposes. Data sent to Google will still include the full page URL,
including ad click information in URL parameters.
To further redact your ads data when ad_storage
is 'denied'
, you can
optionally choose to set the value of the ads_data_redaction
parameter to
true
:
gtag('set', 'ads_data_redaction', true);
When set to true
, ad click identifiers sent in network requests by associated
Google Ads and Floodlight tags will be redacted when ad_storage
is 'denied'
.
Network requests will also be sent through a cookieless domain.
Implementation Examples
Basic example
<script>
// Include the following lines to define the gtag() function when
// calling this code prior to your gtag.js or Tag Manager snippet
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
// Call the default command before gtag.js or Tag Manager runs to
// adjust how the tags operate when they run. Modify the defaults
// per your business requirements and prior consent granted/denied, e.g.:
gtag('consent', 'default', {'ad_storage': 'denied'});
// Optionally turn on URL passthrough to pass ad click
// information in query parameters from page to page on your site
gtag('set', 'url_passthrough', true);
</script>
<!-- Load gtag.js or Tag Manager as normal, e.g.: -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID">
</script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'GA_MEASUREMENT_ID');
gtag('config', 'AW-CONVERSION_ID');
</script>
<script>
// Call the update command when your consent status changes
// (e.g. after a visitor grants consent). Modify the updates per
// your business requirements and what consent is granted, e.g.:
gtag('consent', 'update', {'ad_storage': 'granted'});
</script>
Asynchronous example
<script>
// Define the gtag() API
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments)};
// Call default commands with static settings to fall back on.
// Consent commands must appear before gtag.js or Google Tag Manager is loaded
gtag('consent', 'default', {
'ad_storage': 'denied',
'analytics_storage': 'granted',
'wait_for_update': 500
});
// Update the consent type settings when your consent tool initializes
// This should be modified to work with your consent tool's API.
ConsentTool.on('consent-tool-initialized', function(consentObject) {
gtag('consent', 'update', {
'ad_storage': consentObject.ADVERTISING == 'ACCEPT'
? 'granted' : 'denied',
'analytics_storage': consentObject.ANALYTICS == 'ACCEPT'
? 'granted' : 'denied',
});
});
// Update the consent type settings when visitors update their consent
// This should be modified to work with your consent tool's API.
ConsentTool.on('consent-saved', function(consentObject) {
gtag('consent', 'update', {
'ad_storage': consentObject.ADVERTISING == 'ACCEPT'
? 'granted' : 'denied',
'analytics_storage': consentObject.ANALYTICS == 'ACCEPT'
? 'granted' : 'denied'
});
});
</script>
<!-- Load gtag.js as normal -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID">
</script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'GA_MEASUREMENT_ID');
gtag('config', 'AW-CONVERSION_ID');
</script>
Legacy tag controls
If you use older versions of our Google tags like ga.js, analytics.js or conversion.js, we recommend updating to gtag.js or Google Tag Manager.
To learn more about other privacy controls, including for our legacy tags, read the relevant documentation: