Ctrlk
Analytics HelperSirdata APISemantic APIA propos de Sirdata
For the complete documentation index, see llms.txt. This page is also available as Markdown.
ChatGPT

Google Tag Gateway

What is Google Tag Gateway?

Google Tag Gateway (GTG) is a Google infrastructure that routes Google tag requests through Google's own servers, acting as a proxy. When a website is enrolled in GTG, requests to Google domains (such as googletagmanager.com or google-analytics.com) are intercepted and redirected through Google's infrastructure.

GTG is designed to improve tag reliability and performance, but it introduces specific considerations for Consent Management Platforms, as it can cause Google tags to load before the CMP has set consent defaults.

For more information, visit the official Google documentation:

Impact of GTG on consent

When GTG is enabled on a website, Google tags may fire before the CMP consent default command is set. This means that tags can execute without proper consent signals being in place, which is detected as a "late consent" issue by the Sirdata CMP.

This situation occurs because GTG can load Google tags at the infrastructure level — independently of the page's script execution order — effectively bypassing the CMP's consent initialization sequence.

In particular, the one-click CDN injection method used by Google to enable GTG via Google Ads accounts often prevents the customer from controlling the load order of scripts. Since GTG is injected at the CDN/infrastructure level without any code change on the website, the customer has no way to ensure that consent defaults are set before Google tags fire.

Late consent caused by GTG can result in Google tags firing without proper consent signals. This may compromise compliance with privacy regulations and the effectiveness of Google Consent Mode on your site.

For more information on how Google Consent Mode works and the difference between basic and advanced (U+C) implementation, refer to:

How GTG works

GTG operates by intercepting requests to Google domains and routing them through Google's servers:

  1. Request interception — GTG intercepts HTTP requests sent to Google tag domains (e.g., googletagmanager.com, google-analytics.com, googlesyndication.com).

  2. Proxy routing — These requests are routed through Google's infrastructure, which can serve tag scripts directly from Google's edge network.

  3. Early tag loading — Because GTG operates at the DNS/infrastructure level, Google tags may be loaded and executed before the page's JavaScript has a chance to initialize the CMP and set consent defaults.

Implementation methods

GTG can be enabled through different methods:

Google Ads account — One-click CDN injection (not recommended)

GTG is frequently enabled through the Google Ads account via a one-click CDN injection — often without the website owner's explicit knowledge. When a Google Ads campaign is linked to a website, Google may automatically enroll the site in GTG at the CDN/infrastructure level with a single click. This one-click CDN injection method is the most common cause of late consent signals reported by the Sirdata CMP, because:

  • The enrollment happens at the Google Ads level via CDN injection, not on the website itself

  • The one-click CDN injection prevents the customer from controlling the load order of scripts

  • Website owners may not be aware that GTG has been activated

  • GTG loads Google tags before the CMP can set consent defaults

  • The CMP has no control over the tag loading order imposed by GTG

If GTG was enabled via your Google Ads account (one-click CDN injection), it is strongly recommended to disable it there and re-enable it via Google Tag Manager instead, using the ABConsent CMP template. This gives you full control over tag loading order and prevents late consent issues.

DNS-level enrollment (CNAME)

Another method is to configure DNS CNAME records that point Google tag domains to GTG endpoints. For example:

  • A CNAME record for gtm.example.com pointing to a GTG endpoint

  • A CNAME record for analytics.example.com pointing to a GTG endpoint

This method operates at the DNS level and is entirely transparent to the website's code.

Google Tag Manager (recommended)

GTG can be enabled via Google Tag Manager configuration. This is the recommended method because it provides full control over tag loading order and ensures the CMP consent defaults are set before any Google tags fire.

When using GTM with the ABConsent CMP template from the GTM Community Template Gallery:

  1. The CMP tag is loaded on the "Consent Initialization" trigger (gtm.init_consent) — the earliest possible trigger in GTM

  2. Consent defaults are set before any other tags can execute

  3. GTG enrollment is managed within GTM, giving you visibility and control

  4. No additional code is required beyond the CMP template configuration

Recommended setup: Enable GTG through Google Tag Manager and use the ABConsent CMP template from the GTM Community Template Gallery. This ensures consent defaults are set before GTG-loaded tags fire, eliminating late consent issues.

Manual GTG setup (customer-controlled)

GTG can also be set up manually by the customer, typically via Google Cloud Load Balancer. When set up manually, the customer retains full control over the script import order, ensuring that the CMP consent defaults are set before any Google tags fire.

This method is recommended for advanced users who want to keep GTG enabled while maintaining strict control over the tag loading sequence.

How to verify GTG enrollment

To determine whether a website is enrolled in Google Tag Gateway, you can use the following methods:

Check DNS records

Look for CNAME records pointing to GTG endpoints for the domain:

If the CNAME resolves to a Google-owned endpoint (e.g., *.googletagmanager.com or a GTG-specific domain), GTG is likely active.

Check in Google Tag Manager

In Google Tag Manager, navigate to Admin > Google Tag Gateway to check the enrollment status and configuration.

Use browser DevTools

Open your browser's Developer Tools (F12) and inspect the network requests:

  1. Load the page and open the Network tab.

  2. Filter requests by Google domains (e.g., googletagmanager.com).

  3. Check if requests are being routed through GTG endpoints — look for requests that go through your subdomain (e.g., gtm.example.com) rather than directly to googletagmanager.com.

Verify via the Sirdata CMP diagnostic

The Sirdata CMP includes built-in GTG enrollment detection. When a late consent signal is detected, the diagnostic tool will report whether GTG is involved and provide a direct link to this documentation.

You can also verify GTG enrollment programmatically:

For detailed instructions on verifying GTG enrollment, refer to the Google Tag Gateway setup guide.

Late consent detection

Late consent occurs when the default consent command and/or TCF stub load after Google tags fire. This is a critical compliance issue because it means Google tags may execute without proper consent signals.

The Sirdata CMP provides proactive late consent detection:

  • Standard mode — Late consent warnings are visible in the CMP diagnostic interface

  • Debug mode — Detailed diagnostic information is available, including the specific tags that fired before consent defaults were set and whether GTG enrollment is detected

Late consent is particularly likely when GTG is enabled via one-click CDN injection (e.g., through a Google Ads account), because the customer cannot control the load order of scripts in that configuration.

For detailed troubleshooting steps, refer to the Late default signal page.

Resolving late consent when GTG is enrolled

If a late consent signal is detected (by debug mode and/or the diagnostic tool) and GTG enrollment is verified, the following solutions are available, listed in order of recommendation:

1. Adopt U+C — Advanced Consent Mode (recommended)

U+C (Advanced Consent Mode) is the recommended mechanism for GTG-enabled tags because it is fully compatible with manual GTG setups where the script import order is controlled by the customer.

With U+C (Advanced Consent Mode):

  • Google tags load immediately with default denied consent signals

  • When the user grants consent, the CMP sends an update command that enables data collection

  • Conversion modeling is activated for users who do not consent, recovering up to 65% of lost behavioral data

  • This approach is compatible with GTG, even when GTG is set up manually, because tags fire with denied defaults and only begin collecting data after the CMP updates consent

U+C (Advanced Consent Mode) is the recommended mechanism for GTG-enabled tags since it is compatible with manual GTG. It ensures that even if Google tags load before the CMP update command, no data is collected until the user grants consent.

To enable U+C (Advanced Consent Mode) with the Sirdata CMP:

  1. In the Sirdata CMP configuration, enable Advanced Consent Mode (U+C)

  2. The CMP will set default denied consent signals before any tags fire

  3. Upon user interaction, the CMP will send the consent update command

For more information, refer to:

2. Enable Data Transmission Controls and Global Consent Defaults

When using U+C (Advanced Consent Mode), you should also configure Data Transmission Controls and Global Consent Defaults according to your needs:

  • Data Transmission Controls — Allow you to control how data is transmitted to Google, providing additional privacy safeguards on top of Consent Mode. Data Transmission Controls function separately from other consent mode settings, but require Consent Mode to be activated first.

  • Global Consent Defaults — Allow you to set default consent states that apply globally across your Google Ads and Analytics configurations, ensuring consistent consent behavior regardless of regional banner display rules.

Data Transmission Controls and Global Consent Defaults are particularly important when:

  • GTG is enabled and your banner does not display in certain regions (e.g., outside the EEA/UK/Switzerland), causing consent to be automatically granted by default

  • You need to ensure that consent defaults are consistently applied across all Google products and regions

For more information, refer to:

3. Migrate to a GTM container and deploy GTM via GTG

If you are not already using Google Tag Manager, migrating all Google tags into a GTM container gives you full control over tag firing order:

  1. Create a GTM container and add the ABConsent CMP template from the Community Template Gallery

  2. Configure the CMP template to use the "Consent Initialization" trigger (gtm.init_consent)

  3. Deploy GTM via GTG, ensuring the CMP initializes before any other tags

  4. This approach eliminates late consent by guaranteeing the consent initialization sequence

For step-by-step instructions, refer to the Google Tag Gateway setup guide.

4. Set up GTG manually with controlled script import order

If you prefer to keep GTG enabled but need control over the script loading sequence, you can set up manual GTG where the script import order is controlled by you:

  1. Disable GTG via your Google Ads account

  2. Set up GTG manually via Google Cloud Load Balancer

  3. Ensure that the CMP consent default command loads before any Google tag scripts in the page's <head> section

  4. This gives you full visibility and control over when Google tags fire relative to the CMP

When GTG is set up manually with a controlled script import order, U+C (Advanced Consent Mode) remains the recommended mechanism, as it is fully compatible with this configuration and provides additional conversion modeling benefits.

Other options available in case of late consent

If GTG is causing late consent issues but you are unable to adopt the solutions above immediately, the following mitigations are available:

Ensure the CMP stub loads before any Google tag

The CMP script must be the first script loaded in the <head> section of your page, before any Google tag scripts. This ensures that the consent default command is set before GTG-triggered tags can execute.

Use the data-cmp-src attribute on gtag scripts

If you are using gtag directly (without Google Tag Manager), you must condition the gtag script loading using the data-cmp-src attribute:

This ensures the gtag script only loads after the CMP has obtained the user's consent.

In Google Tag Manager, ensure proper trigger configuration

If you are using Google Tag Manager:

  • Make sure that only your CMP tag uses the "Consent Initialization" trigger (gtm.init_consent)

  • Do not reuse this trigger in other tags, as this can create conflicts and delay Consent Mode initialization

Check the Sirdata CMP diagnostic for late consent detection

The Sirdata CMP includes built-in late consent detection. If GTG is causing late consent on your site, the CMP diagnostic will report a late consent error with a link to the troubleshooting documentation.

The Sirdata CMP provides proactive late consent detection, with detailed diagnostic information visible both in the standard interface and in debug mode.

For detailed troubleshooting steps, refer to the Late default signal page.

Not using Google Tag Gateway?

If you are seeing a late consent warning but are not enrolled in Google Tag Gateway, the issue may be caused by a different problem:

  1. Late loading of the CMP — The CMP script is not loaded early enough in the page, allowing Google tags to fire before consent defaults are set.

  2. Early loading of Google tags — Google tags (gtag.js or GTM) are loaded before or independently of the CMP consent initialization.

In this case, refer to the dedicated troubleshooting page for late default signals:

👉 Late default signal — Fix implementation errors

For the English documentation, visit: Late default signal

A better alternative: GTM Server-Side by Sirdata

While GTG operates at the client side and can interfere with consent initialization, GTM Server-Side provides a more robust and privacy-compliant approach to tag management.

Why choose GTM Server-Side over GTG?

Google Tag Gateway (GTG)
GTM Server-Side by Sirdata

Architecture

Client-side proxy (DNS-level)

Server-side container

Consent control

Limited — tags may fire before consent

Full control — tags only fire after consent validation

Late consent risk

High — GTG can load tags before CMP

None — consent is enforced server-side

Partner coverage

Google tags only

All partners: Google, Meta (CAPI), TikTok (Events API), LinkedIn, Pinterest, etc.

Data ownership

Data routed through Google's infrastructure

Data routed through your own domain

Adblock bypass

No

Yes — server-side requests bypass ad blockers

Data residency

Google-controlled

You control the hosting location (EU available)

Key benefits of GTM Server-Side by Sirdata

  1. Greater control over your data — Unlike GTG, where data transits through Google's infrastructure, GTM Server-Side routes data through your own domain, giving you full ownership and control.

  2. Consent-first architecture — Tags only fire after the CMP has validated consent. No more late consent issues caused by client-side tag loading.

  3. Multi-partner support — Not limited to Google. Server-side integrations are available for Meta Conversions API, TikTok Events API, LinkedIn, Pinterest, and more.

  4. Bypass ad blockers — Server-side requests are sent from your own domain, making them invisible to ad blockers that target known tracking domains.

  5. EU data residency — Sirdata offers hosting in the European Union, ensuring compliance with GDPR data transfer requirements.

  6. Seamless CMP integration — Sirdata's GTM Server-Side is fully integrated with the Sirdata CMP, providing a unified consent and tag management experience.

GTM Server-Side by Sirdata eliminates the late consent risk introduced by GTG while providing benefits for all your advertising partners — not just Google.

👉 Discover GTM Server-Side by Sirdata and take full control of your data.

For detailed documentation on GTM Server-Side setup and configuration, refer to the Sirdata Server-Side documentation.

PrécédentActivation via Google Tag ManagerSuivantFix Implementation Errors

Mis à jour

Ce contenu vous a-t-il été utile ?