The global site tag (gtag.js) is now the Google tag. Learn more

Manage consent settings (web)

How you enable and use consent mode depends on your implementation for obtaining consent and which tagging platform (Google Tag Manager (GTM) or the Google tag) you use:

  • Content Management Platforms (CMPs) that support Google consent mode provide:
    • Tag Manager templates in the Community Template Gallery that you should use to create tags for managing consent.
    • JavaScript code for sites using gtag.js to manage consent.
  • For custom implementations and CMPs that do not support consent mode:
    • If you use GTM, we recommend creating your own template using Tag Manager consent APIs. The following example is available to reference as a starting point.
    • If you use gtag.js, you will have to manually add consent code to each page of your site as direct commands or in a custom HTML snippet.

This article outlines best practices and provides API examples. For related information, see:

Before you begin

Take the following into consideration before implementing consent mode:

  • It is best practice to configure the default consent settings to be region specific rather than for all visitors. This helps avoid losing measurement of users from regions where consent banners are not required if your default consent mode is set to denied. See Region-specific behavior.

  • If you use a CMP, consent update commands must be configured to target visitors from the same regions specified in the default consent command. This will give users the opportunity to update their consent state if it is set to denied by default.

  • When writing your own templates or Custom HTML tags, any commands executed in callbacks or commands that use gtag() are not guaranteed to be available before the next trigger fires. To ensure that consent information is available as quickly as possible, use (or create) a tag template that uses the Tag Manager Consent APIs to set consent states.

The default consent state should immediately be set on page load according to the defaults your organization requires. The CMP or custom consent management solution should then prompt the visitor to grant or deny consent for the applicable consent types. Because consent mode does not store consent choices, it is also imperative that the consent management solution issue a consent mode update command based on the user's consent choices as early as possible on every page after consent is given.

gtag.js

The following sections provide examples of using gtag.js to:

The default value for consent state is granted if it is not explicitly set. We recommend setting a default value for each storage type you are using. The consent state values in this article are only examples. You are responsible for making sure that default consent mode is set for each of your measurement products to match your organization's policy.

To adjust the default measurement capabilities, call the gtag('consent', 'default', ...) command on every page of your site before any commands that send measurement data (such as config or event). For example, to deny ad_storage and analytics_storage by default, specify the settings in consent parameters:

gtag('consent', 'default', {
  'ad_storage': 'denied',
  'analytics_storage': 'denied'
});

When users specify consent, or change their consent choice, update measurement behavior. Consent status will only be changed for fields that are provided to the update call. In the example below, only the ad_storage value was changed. If analytics_storage was set to denied, it would still be denied after this call. It is up to you to ensure the correct values are set for all consent types. For full details on supported types, see consent in the API reference.

Pass in updates as soon as possible on every page. After a user grants consent, persist their choice and call the update command accordingly on subsequent pages. Because consent mode does not store consent choices, it is also imperative that the consent management solution issue a consent mode update command based on the user's consent choices as early as possible on every page after consent is given.

The example uses hardcoded ‘granted’/’denied’ values, but in practice, these should be determined at runtime using the user’s actual consent collected by the consent management solution. The following code grants consent when user agrees to allow advertising cookies:

gtag('consent', 'update', {
  'ad_storage': 'granted'
});

If your CMP loads asynchronously, it might not always run before your Google Tags. To handle such situations, specify wait_for_update along with a millisecond value to control how long to wait before data is sent.

For example, to deny ad_storage on a particular page by default, but to allow your CMP to update consent status, use wait_for_update. In the following code, ad_storage defaults to denied, and the consent tool is given 500 milliseconds to call gtag('consent', 'update', ...) before tags fire:

gtag('consent', 'default', {
'ad_storage': 'denied',
'wait_for_update': 500
})

Tag Manager

For Tag Manager implementations, we recommend using a consent mode template from the Community Template Gallery to manage consent. See Create a consent mode template for information on creating your own template using Tag Manager consent APIs.

Notes:

  • Consent mode implementations on sites that leverage GTM for tagging should use the GTM-specific APIs for managing consent states, setDefaultConsentState and updateConsentState. The gtagSet API can be used to optionally set the ads_data_redaction and URL passthrough settings as appropriate.

  • The gtag('consent','update',...) method should not be used instead of updateConsentState because it would be queued after all other pending messages and may not be processed before the next event begins. For more information, see How data layer information is processed.

Implementation example

The following example sets ad_storage to denied by default. After the user indicates they consent to the features behind ad_storage, it is updated to granted.

gtag.js

The order of the code here is vital. If your consent code is called out of order, consent defaults will not work. Depending on business requirements, specifics may vary, but in general, code should run in the following order:

  1. Load the Google tag. This is your default snippet code. The default snippet should be updated (see below) to include a call to gtag('consent', 'default', ...). If you don't set any defaults, all tagging functionality will be enabled.

  2. Load your consent solution. If your consent solution loads asynchronously, see Integrate with asynchronous consent management platforms for how to make sure this happens in the correct order.

  3. If not handled by your consent solution, call gtag('consent', 'update', ...) after the user indicates consent.

<script>
// Define dataLayer and the gtag function.
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}

// Default ad_storage to 'denied' as a placeholder
// Determine actual values based on your own requirements
gtag('consent', 'default', {
  'ad_storage': 'denied'
});
</script>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=TAG_ID">
</script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}

  gtag('js', new Date());
  gtag('config', 'TAG_ID');
</script>

<!-- Update this section based on your business requirements. -->
<script>
  function consentGranted() {
    gtag('consent', 'update', {
      'ad_storage': 'granted'
    });
  }
</script>

<body>
  ...
  <button onclick="consentGranted">Yes</button>
  ...
</body>

Tag Manager

For sites using Tag Manager, we recommend using a CMP to handle updates of visitor consent choices. CMPs provide templates in the Community Template Gallery to create a tag for managing consent mode.

If using a template is not possible, you can instead update the code on your page as follows. The order of the code here is vital. If your consent code is called out of order, consent defaults will not work.

<script>
  // Define dataLayer and the gtag function.
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}

  // Default ad_storage to 'denied'.
  gtag('consent', 'default', {
    'ad_storage': 'denied'
  });
</script>

<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-XXXXXX');</script>
<!-- End Google Tag Manager -->

<!-- Update this section based on your business requirements -->
<script>
  function consentGranted() {
    gtag('consent', 'update', {
      'ad_storage': 'granted'
    });
  }
</script>

<body>
  ...
  <button onclick="consentGranted">Yes</button>
  ...
</body>

Advanced consent features include the ability to:

  • Set behavior for a geographic region.
  • Pass ad click, client id, and session id information in URLs when users have not granted consent for cookies.
  • Fully redact (remove) ad information when users deny consent for ad cookies.

Region-specific behavior

To change the default behavior of your tags for users from certain regions, specify a region in your consent command. By providing a region value, you can fine tune defaults based on your users' geographic locations. See Geographical IDs for more information on identifying regions.

gtag.js

The following example sets analytics_storage to denied for users from Spain and Alaska, and sets ad_storage to denied for all users.

gtag('consent', 'default', {
  'analytics_storage': 'denied',
  'region': ['ES', 'US-AK']
});

gtag('consent', 'default', {
  'ad_storage': 'denied'
});

Most specific takes precedence

If two default consent commands occur on the same page with values for a region and subregion, the one with a more specific region will take effect. For example, if you have ad_storage set to granted for the region US and ad_storage set to denied for the region US-CA, a visitor from California will have the more specific US-CA setting take effect. For this example, that would mean a visitor from US-CA would have ad_storage set to denied.

Region ad_storage Behavior
US 'granted' Applies to users in the US that are not in CA
US-CA 'denied' Applies to users US-CA
Unspecified 'granted' Uses the default value of 'granted'. In the example, applies to visitors that aren't in the US or in US-CA

Tag Manager

If you are using a template to create your tag, it may have the controls to set region-specific behaviour. If you are building a template tag on your own, see Create a consent mode template for more information on setting region-specific behavior.

Passing ad click, client ID, and session ID information in URLs

When a user lands on your website after clicking an ad, information about the ad may be appended to your landing page URLs as a query parameter. In order to improve conversion accuracy, this information is usually stored in first-party cookies on your domain.

However, if ad_storage is set to denied, this information will not be stored locally. To improve ad click measurement quality when ad_storage is denied, you can optionally elect to pass information about ad clicks through URL parameters across pages using URL passthrough.

Similarly, if analytics_storage is set to denied, URL passthrough can be used to send event and session-based analytics (including conversions) without cookies across pages.

The following conditions must be met in order to use URL passthrough:

  • Your Google tag is consent-aware and present on the page.
  • The advertiser has opted in to using the URL passthrough feature.
  • Consent mode is implemented on the page.
  • The outgoing link refers to the same domain as the current page's domain.
  • A gclid/dclid is present in the URL (Google Ads and Floodlight tags only)

gtag.js

To enable this capability, set the url_passthrough parameter to true:

gtag('set', 'url_passthrough', true);

Tag Manager

If you are using a template to create your tag, it may have the controls to set URL passthrough. If you are building a template tag on your own, see Create a consent mode template for more information on setting URL passthrough using the gtagSet custom template API.

Or, you can use the following options to set it in Conversion Linker and/or analytics tags

For Google Ads and Floodlight tags:

To enable this capability, create (or use an existing) conversion linker tag and ensure Enable linking on all page URLs is checked. See basic setup for instructions on how to create a conversion linker tag.

For Google Analytics tags:

  1. In Tag Manager, navigate to Fields to Set:
  2. When the Fields to Set section is expanded, click Add Row.
  3. For Field Name, enter the correct value:
    • For Google Analytics: GA4 Configuration tags, enter url_passthrough.
    • For Google Analytics: Universal Analytics tags using the Google Analytics settings variables, enter urlPassthrough.
  4. For Value, enter 'true'.
  5. Save the tag and publish.

Alternatively, you can set the url_passthrough parameter to true on every page of your site before the GTM install snippet.

window.dataLayer = window.dataLayer || [];
function gtag(){window.dataLayer.push(arguments);}
gtag('set', 'url_passthrough', true);

When using URL passthrough, a few query parameters may be appended to links as users navigate through pages on your website:

  • gclid
  • dclid
  • gclsrc
  • _gl
  • wbraid

For best results, ensure that:

  1. Redirects on your site pass all the above query parameters.
  2. Your analytics tools ignore these parameters in page URLs.
  3. These parameters do not interfere with your site behavior.

Redact ads data

When ad_storage is denied, new cookies will not be set for advertising purposes. Additionally, third-party cookies previously set on google.com and doubleclick.net will not be used except for spam and fraud purposes. Data sent to Google will still include the full page URL, including any ad click information in the URL parameters.

gtag.js

To further redact your ads data when ad_storage is denied, set ads_data_redaction to true.

gtag('set', 'ads_data_redaction', true);

When ads_data_redaction is true and ad_storage is denied, ad click identifiers sent in network requests by Google Ads and Floodlight tags will be redacted. Network requests will also be sent through a cookieless domain.

Tag Manager

If you are using a template to create your tag, it may have the controls to further redact ads data. If you are building a template tag on your own, see Create a consent mode template for more information on redacting ads data.

Tag Manager includes several features that work together to help you manage how tags behave in response to consent settings. Tag Manager features a consent initialization trigger, tag settings for consent management, and a Consent Overview page. Several third-party consent management providers have built integrations with consent mode into their products. Learn more about Tag Manager consent features.

For more information on verifying and debugging your consent mode configuration, see Tag Assistant consent mode debugging.

Legacy tag controls

If you use legacy tags, such as ga.js, analytics.js, or conversion.js, you should update to gtag.js or Google Tag Manager.

To learn more about other legacy tag's privacy controls, see the following documentation: