Thanks for previewing Google's new tag documentation! This site is in public beta. (Feedback)

Manage consent settings (web)

Depending on the products and features configured, Google measurement products use mechanisms such as reading and writing cookies or sending HTTP requests to support analytics, conversion measurement, and remarketing.

These mechanisms can be configured to only be used in a consent-aware way. For example, you can configure your Google tags to not read or write cookies until consent is provided from the user. When consent-aware, tags will work in a limited capacity until user consent is provided. After consent, functionality is restored based on how you choose to update behavior.

Adjusting tag behavior to be based on user consent status is supported by the following:

  • Google Ads
  • Floodlight
  • Google Analytics
  • Conversion Linker

Before you begin

You should take the following into consideration before implementing Consent Mode:

  • It is best practice to configure the default consent settings to be region specific rather than for all visitors. This helps avoid losing measurement of users from regions where consent banners are not required and the default is set to denied. See Region-specific behavior.
  • It's common for user consent to be managed through a consent management platform (CMP). If you are using a CMP, check with them to see if they support Consent Mode.
  • If using a CMP, the consent update commands must be configured to target visitors from the same regions specified in the default consent command. This will give users the opportunity to update their consent state if it is set to denied by default.
  • When writing your own templates or Custom HTML tags, any commands executed in callbacks or commands that use gtag() are not guaranteed to be available before the next trigger fires. To ensure that consent information is available as quickly as possible, use (or create) a tag template that uses the Tag Manager Consent APIs to set consent states.

Adjust tag behavior

Consent-aware tag behavior must be configured on every page of your website. On each page, there are usually two points where this is configured:

  • On page load: When the page loads, you should only use measurement capabilities that align with your users expectations. This is configured through the gtag('consent', 'default', ...) command.

  • After visitor provides a consent status, or if consent status is known After the visitor provides their consent status (or if it was persisisted from a previous page load), enable the measurement features they have consented to (such as reading/writing cookies) through the gtag('consent', 'update', ...) command.

Configure default behavior

gtag.js

To adjust the default measurement capabilities, call the gtag('consent', 'default', ...) command on every page of your site before any commands that send measurement data (such as config or event). For example, to deny ad_storage and analytics_storage by default, specify the settings in consent parameters:

gtag('consent', 'default', {
  'ad_storage': 'denied',
  'analytics_storage': 'denied'
});

Tag Manager

To adjust the default measurement capabilities:

  1. Use a template tag from the Community Template Gallery that utilizes the Tag Manager Consent APIs to set the default state.
  2. Set the tag to fire with the Consent Initialization trigger. See Consent configuration.

Alternatively, you will need to do the following on every page of your site before any tags fire:

  • Ensure the dataLayer object is defined.
  • Ensure the gtag() function is defined.
  • Use the gtag('consent', ...) command to set the measurement capabilities.
  • Sent a default_consent event using dataLayer.push().

For example, to deny ad_storage and analytics_storage by default:

window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}

gtag('consent', 'default', {
  'ad_storage': 'denied',
  'analytics_storage': 'denied'
});

dataLayer.push({
  'event': 'default_consent'
});

This will set the default values for ad_storage and analytics_storage to denied. For full details on supported keys see consent in the gtag.js API reference.

Update behavior

When your users provide consent, commonly through interacting with a consent banner, or their consent status is known from a previous page load, update your tags behavior with the gtag('consent', 'update', ...) command. For example, for a user that has granted consent to use advertising cookies:

gtag('consent', 'update', {
  'ad_storage': 'granted'
});

Only fields that are provided to the update call will be changed. Above, only the ad_storage value was changed. If analytics_storage was set to denied, then analytics_storage would still be denied after this call to grant consent for ad_storage. It is up to you to ensure the correct values are set for all consent keys. For full details on supported keys, see consent in the API reference.

This command should be called as soon as possible on every page. After the user indicates their consent, you should persist their choice and call the update command accordingly on subsequent pages.

Implementation example

The following example sets ad_storage to denied by default. After the user indicates they consent to the features behind ad_storage, it is updated to granted.

The order of the code here is vital. If your consent code is called out of order, your consent defaults will not work. Depending on your business requirements, the specifics may vary, but in general your code should run in the following order:

  1. Load the global site tag. This is your default snippet code. The default snippet should be updated (see below) to include a call to gtag('consent', 'default', ...). If you don't set any defaults, all tagging functionality will be enabled.
  2. Load your consent solution. If your consent solution loads asynchronously, see asynchronous tools for how to make sure this happens in the correct order.
  3. If not handled by your consent solution, call gtag('consent', 'update', ...) after the user indicates consent.

gtag.js

<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXX"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}

  // Default ad_storage to 'denied'.
  gtag('consent', 'default', {
    'ad_storage': 'denied'
  });

  gtag('js', new Date());
  gtag('config', 'G-XXXXXX');
</script>

<!-- Update this section based on your business requirements. -->
<script>
  function consentGranted() {
    gtag('consent', 'update', {
      'ad_storage': 'granted'
    });
  }
</script>

<body>
  ...
  <button onclick="consentGranted">Yes</button>
  ...
</body>

Tag Manager

If you are not using a CMP to handle the update commands:

  1. Use a template tag from the Community Template Gallery that utilizes the Tag Manager Consent APIs to set the updated consent state.
  2. Set the tag to fire with the Consent Initialization trigger. See Consent configuration.

Alternatively, you can update the code on your page as follows:

 <script>
   // Define dataLayer and the gtag function.
   window.dataLayer = window.dataLayer || [];
   function gtag(){dataLayer.push(arguments);}

   // Default ad_storage to 'denied'.
   gtag('consent', 'default', {
     'ad_storage': 'denied'
   });
 </script>

 <!-- Google Tag Manager -->
 <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
 new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
 j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
 })(window,document,'script','dataLayer','GTM-XXXXXX');</script>
 <!-- End Google Tag Manager -->

 <!-- Update this section based on your business requirements -->
 <script>
   function consentGranted() {
     gtag('consent', 'update', {
       'ad_storage': 'granted'
     });
   }
 </script>

 <body>
   ...
   <button onclick="consentGranted">Yes</button>
   ...
 </body>
 ```

Region-specific behavior

To change the default behavior of your tags for users from certain regions, specify a region in your consent command. By providing a region value, you can fine tune defaults based on your users' geographic locations. For example, to set ad_storage to denied for users from Spain and Alaska, and to set analytics_storage to denied for all users:

gtag('consent', 'default', {
  'analytics_storage': 'denied',
  'region': ['ES', 'US-AK']
});
gtag('consent', 'default', {
  'ad_storage': 'denied'
});

Most specific takes precedence

If two default consent commands occur on the same page with values for a region and subregion, the one with a more specific region will take effect. For example, if you have ad_storage set to granted for the region US and ad_storage set to denied for the region US-CA, a visitor from California will have the more specific US-CA setting take effect. For this example, that would mean a visitor from US-CA would have ad_storage set to denied.

Region ad_storage Behavior
US 'granted' Applies to users in the US that are not in CA
US-CA 'denied' Applies to users US-CA
Unspecified 'granted' Uses the default value of 'granted'. Aplies to users that aren't in US or US-CA

Ad click information

When a user lands on your website after following an ad, information about the ad may be appended to your landing page URLs as a query parameter. In order to improve conversion accuracy, Google tags usually store this information in first-party cookies on your domain.

However, if ad_storage is set to denied, Google tags will not save this information locally. To improve ad click measurement quality when ad_storage is denied, you can optionally elect to pass ad click information through URL parameters across pages.

gtag.js

To enable this capability, set the url_passthrough parameter to true:

gtag('set', 'url_passthrough', true);

Tag Manager

To enable this capability, create (or use an existing) conversion linker tag and ensure Enable linking on all page URLs is checked. See basic setup for instructions on how to create a conversion linker tag.

When using URL passthrough, a few query parameters will be appended to links on your website:

  • gclid
  • dclid
  • gclsrc
  • _gl

For best results, ensure that:

  1. Redirects on your site pass all the above query parameters.
  2. Your analytics tools ignore these parameters in page URLs.
  3. These parameters do not interfere with your site behavior.

Redact ads data

When ad_storage is denied, new cookies will not be set for advertising purposes. Additionally, third-party cookies previously set on google.com and doubleclick.net will not be used except for spam and fraud purposes. Data sent to Google will still include the full page URL, including any ad click information in the URL parameters.

To further redact your ads data when ad_storage is denied, set ads_data_redaction to true.

gtag('set', 'ads_data_redaction', true);

When ads_data_redaction is true and ad_storage is denied, ad click identifiers sent in network requests by Google Ads and Floodlight tags will be redacted. Network requests will also be sent through a cookieless domain.

Asynchronous tools

If your consent tool loads asynchronously, it might not always run before your Google Tags. To handle such situations, specify wait_for_update along with a millisecond value to control how long to wait before data is sent.

In the following example, ad_storage defaults to denied, and the consent tool is given 500 milliseconds to call gtag('consent', 'update', ...) before tags fire:

gtag('consent', 'default', {
  'ad_storage': 'denied',
  'wait_for_update': 500
})

Tag Manager includes several features that work together to help you manage how tags behave in response to consent settings. Tag Manager features a consent initialization trigger, tag settings for consent management, and a Consent Overview page. Several third-party consent management providers have built integrations with Consent Mode into their products. Learn more about Tag Manager consent features.

Legacy tag controls

If you use legacy Google tags, such as ga.js, analytics.js, or conversion.js, you should update to gtag.js or Google Tag Manager.

To learn more about other legacy tag's privacy controls, see the following documentation: