Depending on the products and features configured, Google measurement products use mechanisms such as reading and writing cookies or sending HTTP requests to support analytics, conversion measurement, and remarketing.
These mechanisms can be configured to only be used in a consent-aware way. For example, you can configure your Google tags to not read or write cookies until consent is provided from the user. When consent-aware, tags will work in a limited capacity until user consent is provided. After consent, functionality is restored based on how you choose to update behavior.
Adjusting tag behavior to based on user consent status is supported by the following:
- Google Ads
- Floodlight
- Google Analytics
- Conversion Linker
Adjusting tag behavior
Consent-aware tag behavior must be configured on every page of your website. On each page, there are usually two points where this is configured:
On page load
When the page loads, you should only use measurement capabilities that align with your users expectations. This is configured through the
gtag('consent', 'default', ...)command.After visitor provides a consent status, or if consent status is known
After the visitor provides their consent status (or if it was persisisted from a previous page load), enable the measurement features they have consented to (such as reading/writing cookies) through the
gtag('consent', 'update', ...)command.
Configure default behavior
To adjust the default measurement capabilities, call the gtag('consent',
'default', ...) command on every page of your site before any commands
that send measurement data (such as config or event). For example, to deny
ad_storage and analytics_storage by default:
gtag('consent', 'default', {
'ad_storage': 'denied',
'analytics_storage': 'denied'
});
This will set the default values for 'ad_storage' and 'analytics_storage' to
'denied'. For full details on supported keys, see consent in
the API reference.
This command must be called on every page on your site.
Update behavior
When your users provide consent, commonly through interacting with a consent
banner, or their consent status is known from a previous page load, update your
tags behavior with the gtag('consent', 'update', ...) command. For example,
for a user that has granted consent to use advertising cookies:
gtag('consent', 'update', {
'ad_storage': 'granted'
});
Only fields that are provided to the update call will be changed. Above, only
the 'ad_storage' value was changed. If 'analytics_storage' was set to
'denied' (like in configure default behavior), it would still be denied after
this call. It is up to you to ensure the correct values are set for all consent
keys. For full details on supported keys, see consent in the API
reference.
This command should be called as soon as possible on every page. After the user indicates their consent, you should persist their choice and call the update command accordingly on subsequent pages.
Implementation Example
The following example sets 'ad_storage' to 'denied' by default. After the
user indicates they consent to the features behind 'ad_storage', it is updated
to 'granted'.
The order of the code here is vital. If your consent code is called out of order your consent defaults will not work. Depending on your business requirements, the specifics may vary, but broadly speaking your code should run in the following order:
- Load the global site tag. This is your default snippet code. The default
snippet should be updated (see below) to include a call to
gtag('consent', 'default', ...). If you don't set any defaults all tagging functionality will be enabled. - Load your consent solution. If your consent solution loads asynchronously, see asynchronous tools for how to make sure this happens in the correct order.
- If not handled by your consent solution, call
gtag('consent', 'update', ...)after the user indicates consent.
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
// Default ad_storage to 'denied'.
gtag('consent', 'default', {
'ad_storage': 'denied'
});
gtag('js', new Date());
gtag('config', 'GA_MEASUREMENT_ID');
</script>
<!-- TODO this section should be updated based on your business requirements. -->
<script>
function consentGranted() {
gtag('consent', 'update', {
'ad_storage': 'granted'
});
}
</script>
<body>
...
<button onclick="consentGranted">Yes</button>
...
</body>
Advanced consent features
Region-specific behavior
To change the default behavior of your tags for users from certain regions,
specify an ISO 3166-2 region in your consent command. By providing this
value, you can fine tune defaults based on your users geographic locations. For
example, to set ad_storage to 'denied' for users from Spain and Alaska, and
to set analytics_storage to 'denied' for all users:
gtag('consent', 'default', {
'ad_storage': 'denied',
'region': ['ES', 'US-AK']
});
gtag('consent', 'default', {
'analytics_storage': 'denied'
});
Most specific takes precedence
If two default consent commands occur on the same page with values for a region
and subregion, the one with a more specific region will take effect. For
example, if you have ad_storage set to 'granted' for the region US and
ad_storage set to 'denied' for the region US-CA, a visitor from California
will have the more specific US-CA setting take effect. For this example, that
would mean a visitor from US-CA would have ad_storage set to 'denied'.
| Region | ad_storage |
Behavior |
|---|---|---|
| US | 'granted' |
Applies to users in the US that are not in CA |
| US-CA | 'denied' |
Applies to users US-CA |
| Unspecified | 'granted' |
Uses the default value of 'granted'. Applies to users that
aren't in US or US-CA
|
URL passthrough
When ad_storage is set to 'denied', Google Ads, Floodlight, and Google
Analytics tags will not create or save cookies for advertising purposes. When
analytics_storage is denied, Google analytics tags will not create or save
cookies. However, you can optionally elect to pass information through URL
parameters across pages in order to improve measurement quality.
To enable this capability, set the url_passthrough parameter to true
through the following command:
gtag('set', 'url_passthrough', true);
To only enable url_passthrough for Google Ads, set the url_passthrough
parameter within one or more Google Ads config commands on your page:
gtag('config', 'AW-XXXXXX', {'url_passthrough': true});
Added Parameters
When using URL passthrough, a few query parameters may be appended to links on your website:
gcliddclidgclsrc_glwbraid
For best results, ensure that:
- Redirects on your site pass all the above query parameters.
- Your analytics tools ignore these parameters in page URLs.
- These parameters do not interfere with your site behavior.
Redact ads data
When 'ad_storage' is 'denied', new cookies will not be set for advertising
purposes. Data sent to Google will still include the full page URL, including
any ad click information in the URL parameters.
To further redact your ads data when 'ad_storage' is 'denied', set
'ads_data_redaction' to true.
gtag('set', 'ads_data_redaction', true);
When 'ads_data_redaction' is true and 'ad_storage' is 'denied', ad click
identifiers sent in network requests by Google Ads and Floodlight tags will be
redacted. Network requests will also be sent through a cookieless domain.
Asynchronous tools
If your consent tool loads asynchronously, it might not always run before your
Google Tags. To account for this, specify 'wait_for_update' along with a
millisecond value to control how long to wait before sending data.
In the following example, 'ad_storage' is defaulted to 'denied' and the
consent tool is given 500 milliseconds to call gtag('consent', 'update', ...)
before tags fire:
gtag('consent', 'default', {
'ad_storage': 'denied',
'wait_for_update': 500
});
Legacy tag controls
If you use legacy Google tags, such as ga.js, analytics.js, or conversion.js, you should update to gtag.js or Google Tag Manager.
To learn more about other legacy tag's privacy controls, see the following documentation: