Restrict tag deployment

Although it's not recommended to restrict the types of tags deployed using Google Tag Manager, for various reasons it might be necessary to restrict the tag types deployed on a site. For instance, some site owners might not want Google Tag Manager users to be able to add certain tags to their site for code stability or data collection reasons. This article describes how to restrict tag deployment in Tag Manager.

To control which tags, triggers, and variables are allowed on a page, use the gtm.allowlist and/or gtm.blocklist keys in your data layer. These keys will override any and all configuration in the container. When properly blocklisted, tags, triggers, and variables will not fire even if they have been configured to fire in Google Tag Manager.

The following example demonstrates how to initialize the data layer with both an allowlist and a blocklist. Both lists are optional, and you can use them separately or together (as shown). Both lists must be of type Array, and the values in the list must be of type String. These values should be pushed to the data layer before any tags fire:

window.dataLayer = window.dataLayer || [];
  'gtm.allowlist': ['<id>', '<id>', ...],
  'gtm.blocklist': ['<id>', '<id>', '<id>', ...]

Each ID in the list corresponds to a specific tag, trigger, or variable type, or to a class of types. Classes represent groups of tags, triggers, and variables that have the same capabilities. For example, all tags that can send pixels to non-Google domains will have the class nonGooglePixels. Classes are useful for blocking capabilities in current and future tags, triggers, and variables.

It's important to understand the rules that govern allowlists and blocklists:

  1. Allowlists When an allowlist has been set, relevant tags, triggers, and variables will only execute if they are in the allowlist, either explicitly (by type ID), or implicitly (by having all of their classes in the list).
  2. Blocklists When a blocklist has been set, tags, triggers, and variables will only execute if they are not in the blocklist, either explicitly (by type ID), or implicitly (by having any of their classes in the list).
  3. Blocklists override allowlists When both have been set, blocklists take precedence. You can use an allowlist for a class of tags and a blocklist for a specific tag in that class, but the reverse is not true. You cannot use a blocklist for a class of tags and an allowlist for a specific tag in that class.
  4. Classes have relationships Some classes have relationships with other classes. For example, tags that can run non-Google scripts can (by definition) send non-Google pixels. For this reason, blocking nonGooglePixels will also automatically block nonGoogleScripts. All tags, triggers, and variables that belong to either group will be blocked.

The following table provides a listing of the available tags, triggers, and variables, their types, and the classes that they belong to:

Tag ID Classes
AB TASTY Generic Tag abtGeneric nonGoogleScripts
AdAdvisor Tag ta nonGoogleScripts
Adometry Tag adm google
AdRoll Smart Pixel Tag asp nonGoogleScripts
Google Ads Conversion Tracking Tag awct google
Google Ads Remarketing Tag sp google
Affiliate Window Conversion Tag awc nonGoogleScripts
Affiliate Window Journey Tag awj nonGoogleScripts
Bing Ads Universal Event Tracking baut nonGoogleScripts
Bizrate Insights Buyer Survey Solution bb nonGoogleScripts
Bizrate Insights Site Abandonment Survey Solution bsa nonGoogleScripts
ClickTale Standard Tracking Tag (OBSOLETE) cts nonGoogleScripts
comScore Unified Digital Measurement Tag csm nonGoogleScripts
Conversant Mediaplex - IFRAME MCT Tag mpm nonGoogleIframes
Conversant Mediaplex - Standard IMG ROI Tag mpr nonGooglePixels
Conversion Linker gclidw google
Crazy Egg Tag cegg nonGoogleScripts
Criteo OneTag crto nonGoogleScripts
Custom HTML Tag html customScripts
Custom Image Tag img customPixels
DistroScale Tag dstag nonGoogleScripts
Floodlight Counter Tag flc
Floodlight Sales Tag fls
Dstillery Universal Pixel Tag m6d nonGooglePixels
Eulerian Analytics Tag ela customScripts
Google tag (formerly Google Analytics 4 Configuration) gaawc google
Google Analytics 4 Event gaawe google
Google Analytics Tag (legacy) ga google
Google Consumer Surveys Website Satisfaction gcs google
Google Trusted Stores Tag ts
Hotjar Tracking Code hjtc nonGoogleScripts
Infinity Call Tracking Tag infinity nonGoogleScripts
Intent Media - Search Compare Ads sca nonGoogleScripts
K50 tracking tag k50Init nonGoogleScripts
LeadLab ll nonGoogleScripts
LinkedIn Tag bzi nonGoogleScripts
Lytics JS Tag ljs nonGoogleScripts
Marin Software Tag ms nonGoogleScripts
Mediaplex - IFRAME MCT Tag mpm nonGoogleIframes
Mediaplex - Standard IMG ROI Tag mpr nonGooglePixels
Message Mate messagemate nonGoogleScripts
Mouseflow Tag mf nonGoogleScripts
Neustar Pixel ta nonGoogleScripts
Nielsen DCR Static Lite Tag ndcr nonGoogleScripts
Nudge Content Analytics Tag nudge nonGoogleScripts
Oktopost Tracking Code okt nonGoogleScripts
Optimise Conversion Tag omc nonGoogleScripts
OwnerListens Message Mate messagemate nonGoogleScripts
Perfect Audience Pixel pa nonGoogleScripts
Personali Canvas pc nonGoogleScripts
Pinterest pntr nonGoogleScripts
Placed placedPixel nonGoogleScripts
Pulse Insights Voice of Customer Platform pijs nonGoogleScripts
Quantcast Audience Measurement qcm nonGoogleScripts
Quora Pixel qpx nonGoogleScripts
Rawsoft FoxMetrics fxm nonGoogleScripts
SaleCycle JavaScript Tag scjs customScripts
SaleCycle Pixel Tag scp customPixels
SearchForce JavaScript Tracking for Conversion Page sfc nonGoogleScripts
SearchForce JavaScript Tracking for Landing Page sfl nonGoogleScripts
SearchForce Redirection Tracking Tag sfr nonGooglePixels
Shareaholic shareaholic nonGoogleScripts
Survicate Widget svw nonGoogleScripts
Tradedoubler Lead Conversion Tag tdlc nonGooglePixels
Tradedoubler Sale Conversion Tag tdsc nonGooglePixels
Turn Conversion Tracking Tag tc nonGoogleScripts
Turn Data Collection Tag tdc nonGoogleScripts
Twitter Universal Website Tag twitter_website_tag nonGoogleScripts
Universal Analytics Tag ua google
Upsellit Global Footer Tag uslt customScripts
Upsellit Confirmation Tag uspt customScripts
Ve Interactive JavaScript Tag vei nonGoogleScripts
Ve Interactive Pixel veip nonGooglePixels
VisualDNA Conversion Tag vdc nonGoogleScripts
Xtremepush xpsh nonGoogleScripts
Yieldify yieldify nonGoogleScripts
Zones zone
Trigger ID Classes
Element Visibility Listener/Trigger evl google
Click Listener/Trigger cl google
Form Submit Listener/Trigger fsl
History Listener/Trigger hl google
JavaScript Error Listener/Trigger jel google
Link Click Listener/Trigger lcl
Scroll Depth Listener/Trigger sdl google
Timer Listener/Trigger tl google
YouTube Video Listener/Trigger ytl google
Variable ID Classes
First Party Cookie k google
Auto-Event Variable v google
Constant c google
Container Version Number ctv google
Custom Event e google
Custom JavaScript Variable jsm customScripts
Data Layer Variable v google
Debug Mode dbg google
DOM Element d google
Element Visibility vis google
Google Analytics Settings (legacy) gas google
HTTP Referrer f google
JavaScript Variable j google
Lookup Table smm google
Random Number r google
RegEx Table remm google
URL u google

The following table provides a listing of the available classes and their relationships to other classes. The Allowlisted Automatically column represents the list of classes that will be implicitly allowlisted when the class from that row is also allowlisted. Likewise, the Blocklisted Automatically column represents the list of classes that will be implicitly blocklisted when the class from that row is blocklisted.

Class Description Allowlisted Automatically Blocklisted Automatically
customPixels Capable of sending pixels to URLs defined by the user. nonGooglePixels customScripts
customScripts Capable of running JavaScript code provided by the user. html
google Only capable of running Google hosted scripts and sending pixels to Google.
html Alias for customScripts. Note that this is also the ID for the Custom HTML tag. This ensures that legacy users also get the benefits of the customScripts class. customScripts
nonGooglePixels Capable of sending pixels to non-Google domains. customPixels
nonGoogleScripts Capable of running scripts not provided by Google. nonGooglePixels
nonGoogleIframes Capable of injecting iframes from non-Google domains. nonGooglePixels
sandboxedScripts Sandboxed JavaScript used as part of custom templates. None None