# Google Tag Gateway
## What is Google Tag Gateway?
Google Tag Gateway (GTG) is a Google infrastructure that routes Google tag requests through Google's own servers, acting as a proxy. When a website is enrolled in GTG, requests to Google domains (such as `googletagmanager.com` or `google-analytics.com`) are intercepted and redirected through Google's infrastructure.
GTG is designed to improve tag reliability and performance, but it introduces specific considerations for Consent Management Platforms, as it can cause Google tags to load **before the CMP has set consent defaults**.
{% hint style="info" %}
For more information, visit the official [Google Tag Gateway documentation](https://developers.google.com/tag-platform/tag-manager/gateway).
{% endhint %}
## Impact of GTG on consent
When GTG is enabled on a website, Google tags may fire **before the CMP consent default command is set**. This means that tags can execute without proper consent signals being in place, which is detected as a **"late consent"** issue by the Sirdata CMP.
This situation occurs because GTG can load Google tags at the infrastructure level — independently of the page's script execution order — effectively bypassing the CMP's consent initialization sequence.
{% hint style="warning" %}
Late consent caused by GTG can result in Google tags firing without proper consent signals. This may compromise compliance with privacy regulations and the effectiveness of Google Consent Mode on your site.
{% endhint %}
## How GTG works
GTG operates by intercepting requests to Google domains and routing them through Google's servers:
1. **Request interception** — GTG intercepts HTTP requests sent to Google tag domains (e.g., `googletagmanager.com`, `google-analytics.com`, `googlesyndication.com`).
2. **Proxy routing** — These requests are routed through Google's infrastructure, which can serve tag scripts directly from Google's edge network.
3. **Early tag loading** — Because GTG operates at the DNS/infrastructure level, Google tags may be loaded and executed before the page's JavaScript has a chance to initialize the CMP and set consent defaults.
## Implementation methods
GTG can be enabled through different methods:
### Google Ads account (not recommended)
GTG is frequently enabled through the **Google Ads account** — often without the website owner's explicit knowledge. When a Google Ads campaign is linked to a website, Google may automatically enroll the site in GTG at the infrastructure level. This is the **most common cause of late consent signals** reported by the Sirdata CMP, because:
* The enrollment happens at the Google Ads level, not on the website itself
* Website owners may not be aware that GTG has been activated
* GTG loads Google tags before the CMP can set consent defaults
* The CMP has no control over the tag loading order imposed by GTG
{% hint style="warning" %}
If GTG was enabled via your Google Ads account, it is strongly recommended to **disable it there** and **re-enable it via Google Tag Manager** instead, using the ABConsent CMP template. This gives you full control over tag loading order and prevents late consent issues.
{% endhint %}
### DNS-level enrollment (CNAME)
Another method is to configure DNS CNAME records that point Google tag domains to GTG endpoints. For example:
* A CNAME record for `gtm.example.com` pointing to a GTG endpoint
* A CNAME record for `analytics.example.com` pointing to a GTG endpoint
This method operates at the DNS level and is entirely transparent to the website's code.
### Google Tag Manager (recommended)
GTG can be enabled via **Google Tag Manager** configuration. This is the **recommended method** because it provides full control over tag loading order and ensures the CMP consent defaults are set before any Google tags fire.
When using GTM with the **ABConsent CMP template** from the GTM Community Template Gallery:
1. The CMP tag is loaded on the **"Consent Initialization"** trigger (`gtm.init`) — the earliest possible trigger in GTM
2. Consent defaults are set **before** any other tags can execute
3. GTG enrollment is managed within GTM, giving you visibility and control
4. No additional code is required beyond the CMP template configuration
{% hint style="success" %}
**Recommended setup:** Enable GTG through Google Tag Manager and use the **ABConsent CMP template** from the GTM Community Template Gallery. This ensures consent defaults are set before GTG-loaded tags fire, eliminating late consent issues.
{% endhint %}
## How to verify GTG enrollment
To determine whether a website is enrolled in Google Tag Gateway, you can use the following methods:
### Check DNS records
Look for CNAME records pointing to GTG endpoints for the domain:
```bash
dig CNAME gtm.example.com
dig CNAME analytics.example.com
```
If the CNAME resolves to a Google-owned endpoint (e.g., `*.googletagmanager.com` or a GTG-specific domain), GTG is likely active.
### Check in Google Tag Manager
In Google Tag Manager, navigate to **Admin > Google Tag Gateway** to check the enrollment status and configuration.
### Use browser DevTools
Open your browser's Developer Tools (F12) and inspect the network requests:
1. Load the page and open the **Network** tab.
2. Filter requests by Google domains (e.g., `googletagmanager.com`).
3. Check if requests are being routed through GTG endpoints — look for requests that go through your subdomain (e.g., `gtm.example.com`) rather than directly to `googletagmanager.com`.
{% hint style="info" %}
For detailed instructions, refer to the [Google Tag Gateway documentation](https://developers.google.com/tag-platform/tag-manager/gateway).
{% endhint %}
## Options available in case of late consent
If GTG is causing late consent issues on your site, the following solutions are available:
### Ensure the CMP stub loads before any Google tag
The CMP script must be the **first script** loaded in the `` section of your page, before any Google tag scripts. This ensures that the consent default command is set before GTG-triggered tags can execute.
### Use the `data-cmp-src` attribute on gtag scripts
If you are using gtag directly (without Google Tag Manager), you must condition the gtag script loading using the `data-cmp-src` attribute:
```html
```
This ensures the gtag script only loads after the CMP has obtained the user's consent.
### In Google Tag Manager, ensure proper trigger configuration
If you are using Google Tag Manager:
* Make sure that **only your CMP tag** uses the **"Consent Initialization"** trigger (`gtm.init`)
* Do **not reuse** this trigger in other tags, as this can create conflicts and delay Consent Mode initialization
### Check the Sirdata CMP diagnostic for late consent detection
The Sirdata CMP includes built-in late consent detection. If GTG is causing late consent on your site, the CMP diagnostic will report a **late consent error** with a link to the troubleshooting documentation.
{% hint style="info" %}
The Sirdata CMP provides proactive late consent detection, with detailed diagnostic information visible both in the standard interface and in debug mode.
{% endhint %}
For detailed troubleshooting steps, refer to the [Late `default` signal](/en/consent-transmission-standards/google-consent-mode/fix-implementation-errors/late-default-signal.md) page.
## Not using Google Tag Gateway?
If you are seeing a late consent warning but are **not enrolled in Google Tag Gateway**, the issue may be caused by a different problem:
1. **Late loading of the CMP** — The CMP script is not loaded early enough in the page, allowing Google tags to fire before consent defaults are set.
2. **Early loading of Google tags** — Google tags (gtag.js or GTM) are loaded before or independently of the CMP consent initialization.
In this case, refer to the dedicated troubleshooting page for late default signals:
👉 [Late `default` signal — Fix implementation errors](/en/consent-transmission-standards/google-consent-mode/fix-implementation-errors/late-default-signal.md)
{% hint style="info" %}
For the English documentation, visit: [Late `default` signal](https://cmp.docs.sirdata.net/en/consent-transmission-standards/google-consent-mode/fix-implementation-errors/late-default-signal)
{% endhint %}
## A better alternative: GTM Server-Side by Sirdata
While GTG operates at the client side and can interfere with consent initialization, **GTM Server-Side** provides a more robust and privacy-compliant approach to tag management.
### Why choose GTM Server-Side over GTG?
| | Google Tag Gateway (GTG) | GTM Server-Side by Sirdata |
| --------------------- | ------------------------------------------- | ------------------------------------------------------------------------------------- |
| **Architecture** | Client-side proxy (DNS-level) | Server-side container |
| **Consent control** | Limited — tags may fire before consent | Full control — tags only fire after consent validation |
| **Late consent risk** | High — GTG can load tags before CMP | None — consent is enforced server-side |
| **Partner coverage** | Google tags only | **All partners**: Google, Meta (CAPI), TikTok (Events API), LinkedIn, Pinterest, etc. |
| **Data ownership** | Data routed through Google's infrastructure | Data routed through **your own domain** |
| **Adblock bypass** | No | Yes — server-side requests bypass ad blockers |
| **Data residency** | Google-controlled | **You control the hosting location** (EU available) |
### Key benefits of GTM Server-Side by Sirdata
1. **Greater control over your data** — Unlike GTG, where data transits through Google's infrastructure, GTM Server-Side routes data through your own domain, giving you full ownership and control.
2. **Consent-first architecture** — Tags only fire after the CMP has validated consent. No more late consent issues caused by client-side tag loading.
3. **Multi-partner support** — Not limited to Google. Server-side integrations are available for **Meta Conversions API**, **TikTok Events API**, **LinkedIn**, **Pinterest**, and more.
4. **Bypass ad blockers** — Server-side requests are sent from your own domain, making them invisible to ad blockers that target known tracking domains.
5. **EU data residency** — Sirdata offers hosting in the European Union, ensuring compliance with GDPR data transfer requirements.
6. **Seamless CMP integration** — Sirdata's GTM Server-Side is fully integrated with the Sirdata CMP, providing a unified consent and tag management experience.
{% hint style="success" %}
**GTM Server-Side by Sirdata** eliminates the late consent risk introduced by GTG while providing benefits for all your advertising partners — not just Google.
👉 Discover [GTM Server-Side by Sirdata](https://sgtm.sirdata.io) and take full control of your data.
{% endhint %}
{% hint style="info" %}
For detailed documentation on GTM Server-Side setup and configuration, refer to the [Sirdata Server-Side documentation](https://sgtm.sirdata.io).
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://cmp.docs.sirdata.net/en/consent-transmission-standards/google-consent-mode/google-tag-gateway.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.