The global site tag (gtag.js) is now the Google tag. Learn more

Manage user privacy

Websites and apps use Google measurement services to gather and store information about user behavior. Google takes seriously the responsibility to protect the data and the privacy of our customers and their users. As a developer, you can manage privacy and user consent using the following:

Consent Mode includes APIs to control tag cookie storage based on user consent choices. Consent management involves:

  1. Allowing your users to deny or grant consent for storing information about their behavior.

  2. Communicating those consent choices to the measurement system.

  3. Ensuring that Google and third-party tags comply with users’ consent choices.

For requirements 1 and 2, you might use a third-party Consent Management Platform (CMP) or implement a custom solution. Consent Mode meets the third requirement. It allows you to set a default consent state for each type of storage used on your site or app. When a website visitor or app user indicates their consent choices, tags with consent checks adjust their behavior, and user consent choices are preserved across their interaction with the website or app.

If a user denies consent, tags no longer store cookies but instead send signals to the Google Server as described in the next section. This prevents the loss of all information about visitors who deny consent and it enables Google Analytics 4 properties to model conversions as described in About modeled conversions.

This article introduces Consent Mode basics. Consent Mode has additional capabilities such as region-specific behavior, the ability to redact information that was previously stored, and the ability to pass information in URLs when consent is denied. For information on how to use Consent Mode and these additional features, see:

The following terms have a special meaning in the context of Consent Mode:

  • Consent checks: Cause tags to modify behavior based on consent state and consent type. Tags created from Google and third-part templates have built-in consent checks and you can add custom checks. From Tag Manager, view Consent Settings under a tag's Advanced Settings.
  • Consent state: Represents user choices and can be granted or denied, for each consent type. Tags with consent checks modify their behavior as described in How consent affects tag behavior.
  • Consent type: Indicates the type of storage. Consent can be granted or denied for each type. Consent types include:
    Consent Type Description
    ad_storage Enables storage (such as cookies) related to advertising
    analytics_storage Enables storage (such as cookies) related to analytics e.g. visit duration
    functionality_storage Enables storage that supports the functionality of the website or app e.g. language settings
    personalization_storage Enables storage related to personalization e.g. video recommendations
    security_storage Enables storage related to security such as authentication functionality, fraud prevention, and other user protection

Tags for the following Google products contain built-in consent checks and adjust their behavior based on consent state:

  • Google Analytics
  • Google Ads (Includes Google Ads Conversion Tracking and Remarketing; support for Phone Call Conversions is pending.)
  • Floodlight
  • Conversion Linker

In general, when users grant consent, tags function normally. When users deny consent, the associated Google tags deployed using the Google tag or Google Tag Manager do not store cookies. Even when cookies are not stored, user activity can still cause signals to be sent to the Google server.

The following signals communicate consent state and user behavior:

  • Consent state pings: Consent state pings are sent from each page the user visits where consent mode is implemented. These pings communicate a consent state of granted or denied for each consent type, such as ad storage or analytics storage.

  • Conversion pings: Conversion pings are sent to indicate that a conversion has occurred.

  • Google Analytics pings: Google Analytics pings are sent on each page of a website using Google Analytics when events are logged.

Pings can include:

  • Functional information (such as headers added passively by the browser):
    • Timestamp
    • User Agent
    • Referrer
  • Aggregate / non-identifying information:
    • An indication for whether or not the current page or a prior page in the user's navigation on the site included ad-click information in the URL (e.g., GCLID / DCLID)
    • Boolean information about the consent state
    • Random number generated on each page load

Besides allowing the consent state to modify tag behavior, you can also redact stored data when a user denies consent. For example, a user might have granted consent to store data for ads and then change their mind and deny consent. If you enable ads_data_redaction, when the user denies consent, Google Ads will delete the stored information.

Google tags with built-in consent checks might check for ad_storage or analytics_storage or both. The following table shows tag behavior by consent types when consent is granted or denied and when ads_data_redaction is set to true:

Tag consent type(s) Denied or granted Behavior
ad_storage and analytics_storage granted
  • Cookies pertaining to advertising may be read and written.
  • IP addresses are collected.
  • The full page URL, including ad-click information in URL parameters (e.g., GCLID / DCLID) is collected.
  • Third-party cookies previously set on google.com and doubleclick.net, and first-party conversion cookies (e.g., _gcl_*) are accessible.
ad_storage denied
  • No new cookies pertaining to advertising may be written.
  • No existing first-party advertising cookies may be read.
  • Third-party cookies previously set on google.com and doubleclick.net may be sent in request headers (but limited to use for spam and fraud purposes).
  • Google Analytics will not read or write Google Ads cookies, and Google signals features will not accumulate data for this traffic.
  • Ads products truncate IP addresses at collection.
  • Full page URLs are collected, including ad-click information in URL parameters (e.g., GCLID / DCLID)
analytics_storage denied
  • Will not read or write first-party [analytics cookies].
  • Cookieless pings will be sent to Google Analytics for basic measurement and modeling purposes.
ad_storage and ads_data_redaction denied and true
  • No new cookies pertaining to advertising may be written.
  • No existing advertising cookies may be read.
  • Requests are sent through a different domain to avoid previously set third-party cookies from being sent in request headers.
  • Google Analytics will not read or write Google Ads cookies, and Google signals features will not accumulate data for this traffic.
  • Ad-click identifiers (e.g., GCLID / DCLID) in consent and conversion pings are redacted.
  • Ads products truncate IP addresses at collection.
  • Page URLs with ad-click identifiers are redacted.

Other privacy parameters

The following parameters enable or disable privacy features such as personalization and signals.

gtag.js

Privacy control Compatible products Description How to validate on the client side
allow_google_signals Universal Analytics, Google Analytics 4 No effect when not set or set to true. When set to false, events sent from the tag will not be used for ads personalization and demographics and interests reports. No effect when not set or set to true. When set to false, all join beacons are suppressed.
allow_ad_personalization_signals Universal Analytics, Google Analytics 4, Floodlight No effect when not set or set to true. When set to false, events sent from the tag will not be used for ads personalization, but they can still be used for demographics and interests reporting No effect when not set or set to true. When set to false, include an &npa=1 parameter on all beacons.
restricted_data_processing Google Ads No effect when not set. When set to true, Google will limit how it uses the events sent from the tag. Certain features will be unavailable, including adding users to remarketing lists, adding users to similar audience remarketing seed lists, and related functionality. No effect when not set. When set to true, an &rdp=1 parameter is included in beacons. When set to false, an &rdp=0 parameter is included in beacons.
consent Universal Analytics, Google Analytics 4, Google Ads, Floodlight

Tag Manager

Privacy control Compatible tag templates Description How to validate on the client side
allowAdFeatures Universal Analytics Set in "Fields to set". No effect when not set or set to true. When set to false, events sent from the tag will not be used for ads personalization and demographics and interests reporting No effect when not set or set to true. When set to false, all join beacons are suppressed.
allow_google_signals Google Analytics 4 Configuration Set in "Fields to Set" No effect when not set or set to true. When set to false, events sent from the tag will not be used for ads personalization and demographics and interests reporting No effect when not set or set to true. When set to false, all join beacons are suppressed.
allowAdPersonalizationSignals Universal Analytics Set in "Fields to Set" No effect when not set or set to true. When set to false, events sent from the tag will not be used for ads personalization, but they can still be used for demographics and interests reporting. No effect when not set or set to true. When set to false, include an &npa=1 parameter on all beacons.
allow_ad_personalization_signals Google Analytics 4 Configuration Set in "Fields to Set" No effect when not set or set to true. When set to false, events sent from the tag will not be used for ads personalization, but they can still be used for demographics and interests reporting No effect when not set or set to true. When set to false, include an &npa=1 parameter on all beacons.
restricted_data_processing Google Ads Conversion Tracking Set it in the control "Enable Restricted Data Processing" in Tag Manager's Google Ads Conversion Tracking tag. No effect when not set or set to false. When set to true, Google will limit how it uses the events sent from the tag. Certain features will be unavailable, including adding users to remarketing lists, adding users to similar audience remarketing seed lists, and related functionality. No effect when not set or set to false. When set to true, an &rdp=1 parameter is included in beacons. When set to false, an &rdp=0 parameter is included in beacons.

Disable analytics and advertising features

Because advertising features can be enabled through your Google Analytics admin settings, there may be cases where you need to turn them off programmatically. If you’ve configured Connected Site Tags, you’ll need to follow these instructions if you wish this signal to propagate to your Connected Site Tags.

Turn off all advertising features

These configurations give you the ability to turn off advertising, reporting, and remarketing features, and overrides any property settings established in the Google Analytics user interface.

To turn off all advertising features with the Google tag for Universal Analytics and Google Analytics 4, set allow_google_signals to false:

gtag.js

gtag('set', {'allow_google_signals', false});

Tag Manager

To turn off all advertising features across all properties, use the global site tag method.

To turn off advertising features with the Google tag on a specific Google Analytics 4 property, edit the config command for the given TAG_ID and set allow_google_signals to false:

gtag.js

gtag('config', 'TAG_ID', { 'allow_google_signals': false });

Tag Manager

In Tag Manager:

  1. Open your Google Analytics 4 configuration tag for editing.
  2. Click Fields to Set.
  3. Click Add Row.
  4. For Field Name, enter allow_google_signals, and for Value enter false.

Turn off advertising personalization

You can completely disable advertising personalization features. Setting the allow_ad_personalization_signals parameter applies the setting to all products configured through the Google tag, and an npa=1 parameter is added to the tag URL to indicate that only non-personalized ads are allowed.

To turn off all advertising personalization with the Google tag, set allow_ad_personalization_signals to false:

gtag.js

gtag('set', {'allow_ad_personalization_signals', false});

Tag Manager

To turn off all advertising features across all properties, use the Google tag method.

To turn off advertising personalization with the Google tag on a specific Google Ads, Google Analytics, or Floodlight configuration, edit the config command for the given TAG_ID and set allow_ad_personalization_signals to false:

gtag.js

gtag('config',  {'allow_ad_personalization_signals': false });

Tag Manager

In Tag Manager:

  1. Open your Google Analytics tag for editing.
  2. Click Fields to Set.
  3. Click Add Row.
  4. For Field Name, enter allow_ad_personalization_signals, and for Value enter false.

Turn off Google Analytics

In some cases, it may be necessary to turn off Google Analytics. For example, you might do this if your site's privacy policy provides an option for the user to opt-out of Google Analytics.

The Google tag (gtag.js) library includes a window['ga-disable-MEASUREMENT_ID'] property that, when set to true, turns off the Google tag from sending data. When a product attempts to set a cookie or send data back to the Google Analytics servers, it will first check if this property is set, and will take no action if the value is set to true.

gtag.js

To turn off Google Analytics programmatically, set window['ga-disable-GA_MEASUREMENT_ID'] to true. Replace TAG_ID with a valid tag ID:

<script>
window['ga-disable-GA_MEASUREMENT_ID'] = true;
</script>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=TAG_ID"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'TAG_ID');
</script>

Tag Manager

To prevent the Google Analytics 4 tag from firing, use a trigger condition to check if a user has opted out, and fire the tag based on the value of the trigger condition. For example, here is a configuration that uses a first-party cookie to determine if it can fire a Google Analytics 4 tag. These instructions assume that you have already created a Google Analytics 4 tag.

Note: This method does not use window['ga-disable-MEASUREMENT_ID'], but instead provides a straightforward solution tailored for Tag Manager implementations.

  1. In your page's JavaScript source, set a cookie called "google-analytics-opt-out", give it a value of true, and set it to expire at some date far into the future. For example:
    document.cookie = 'google-analytics-opt-out=true; expires=Mon, 1 Jan 2170 23:59:59 UTC; path=/';
  2. In Tag Manager, create a new variable that checks for the google-analytics-opt-out cookie:
    1. Click Variables > New.
    2. Set Variable Type to 1st-Party Cookie.
    3. Name the variable "google-analytics-opt-out cookie" and click Save.
  3. Create a new trigger for a Google Analytics tag:
    1. Set Trigger Type to Page View.
    2. Set This trigger fires on to Some Page Views.
    3. Set Fire this trigger when an Event occurs and all of these conditions are true to read "google-analytics-opt-out cookie does not equal true"
  4. Click Save.
  5. Publish your container.

Turn off default page view measurement in Google Analytics

The default behavior of the Google Analytics tag is to send a page_view event to Google Analytics. This is the desired behavior in most cases; page_view events are automatically recorded once you add the code to each page on your site. However, if you don’t want the tag to send a page_view event to Google Analytics, set the send_page_view parameter to false:

gtag.js

gtag('set', { 'send_page_view': false });

Tag Manager

  1. Open any relevant Google Analytics 4 Configuration tag.
  2. Uncheck the option labeled Send a pageview event when this configuration loads.

Restricted data processing

When you enable restricted data processing, Google will limit how it uses data. Certain features will be unavailable, including adding users to remarketing lists, adding users to similar audience remarketing seed lists, and related functionality. For App campaigns, enabling restricted data processing may mean that the users who install your app will continue to see ads for that app following installation. Learn more.

To enable restricted data processing:

gtag.js

Add a restricted_data_processing parameter with a value of true to your tag:

< ! -- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=TAG_ID"></script>
<script>
  window.dataLayer = window.dataLayer | | [ ] ;
  function gtag ( ) { dataLayer.push ( arguments ) } ;

  gtag ( 'js', new Date ( ) ) ;
  gtag ( 'set', { 'restricted_data_processing': true });
</script>

Tag Manager

  1. Sign in to Google Tag Manager.
  2. Click Tags in the left column to access your tags.
  3. Create or edit a tag that supports restricted data processing (Google Ads Remarketing, Google Ads Conversion, etc.)
  4. In the tag configuration section, select True for the field "Enable Restricted Data Processing."
  5. Alternatively, this field can be set dynamically via a data layer variable.
  6. Click Save.

IAB CCPA data processing

Advertisers who choose to use the IAB signal should follow the technical specification provided by the IAB Tech Lab to implement the us_privacy string on their pages. Our Google Ads tags will interact with the advertisers page to retrieve the us_privacy string and apply restricted data processing when the string indicates a user has opted out.

  • When the IAB string indicates a user has not opted out, there will be no changes to behavior.
  • When the IAB string indicates a user has opted out, Google will enable restricted data processing.