Websites using Google Tag Manager (GTM) can deploy Cookiebot by following these step-by-step instructions.
In this guide, you will find how to:
To follow these steps, you will need an existing GTM account, a website container in GTM, and added the GTM container snippet to your website.
If this isn't the case, you can find instructions here.
We recommend enabling the Consent Overview. This allows you to get an overview of your tags and their respective consent configurations.
You can find the Consent Overview by clicking on the 
icon on the Tags section.
If you don't see this icon, you can enable this function on the Admin tab, under Container Settings.
Check the "Enable consent overview" box under Additional Settings and save your changes:
1. Implementing the cookie consent banner in GTM
First, obtain the Cookiebot CMP tag template from the Template Gallery.
You can find it by selecting Templates from the main menu, and clicking the Search Gallery button in the Tag Templates section.
Click the magnification icon and enter "Cookiebot" in the search box.
Select the "Cookiebot CMP" item and click the "Add to workspace" button.
Confirm by clicking "Add"
Next, create a new tag by clicking "New" ❯ "Tag Configuration" and select Cookiebot CMP from the list of standard tag types.
In the "Cookiebot ID" field, copy in the Domain Group ID from your account on cookiebot.com. This will look similar to this: 00000000-0000-0000-0000-000000000000, the zeros will instead be hexadecimals *numbers 0-9 and letters a-f
Choose "Consent initialization - All pages" as trigger and apply a name to your tag at the top of the configuration page, e.g. "Cookiebot". Click "Save" to create the tag.
This is what your tag configuration should look like (except for the value of the Cookiebot ID):
Make sure that you have registered and saved the domain name(s) of your website(s) in Cookiebot.
1.1 Defining the Google Consent Mode default consent state
A default consent state of 'denied' will apply until the user has submitted a consent. You can change this default behavior and add different default consent states for users in different geographical regions by clicking "Add region" under the "Default Consent State" section. We recommend always having at least one Global region configured
In the example above, a global (blank region value) default consent state of 'denied' is defined for all users along with a specific 'granted'-state for users from California (US-06).
If a specific default consent state applies to multiple regions, you can add a comma-separated string of regions to the Region field. Use ISO-3166-1 alpha-2 country codes for region values. You can find a list of supported regions and respective codes here: List of region codes for regions specific banner implementations
GTM by default supports 7 different consent types that are automatically mapped by Cookiebot to the 4 categories used in Cookiebot CMP:
| GTM Consent type | Cookiebot type | Description |
| ad_personalization | marketing | Enables the use of personal data for advertising purposes such as remarketing or interest-based targeting. |
| ad_storage | marketing | Enables browser storage (such as cookies) related to advertising. |
| ad_user_data | marketing | Allows the collection of personal data for advertising purposes. |
| analytics_storage | statistics | Enables browser storage (such as cookies) related to analytics e.g. visit duration. |
| functionality_storage | preferences | Enables browser storage that supports the functionality of the website or app e.g. language settings. |
| personalization_storage | preferences | Enables browser storage related to personalization e.g. video recommendations. |
| security_storage | necessary | Enables browser storage related to security such as authentication functionality, fraud prevention, and other user protection. Users will be informed about the specific storage purposes in the cookie declaration, but this type does not require consent from the end user. |
The category ‘necessary’ (mapped to consent type security_storage) is by default set to ‘Allow’ and is not configurable, as it does not require consent.
2. Controlling cookies
Google Tag Manager includes several features that work together with Cookiebot to help you manage how tags behave in response to the end user's consent choices.
Specific tags (such as Google Ads, Analytics, Floodlight and Conversion Linker) have built-in consent checks. This means that these tags include logic that automatically changes the tag's behavior based on the user's consent state. No consent configuration is needed for this type of tags*.
Google refers to this as Advanced Consent Mode.
Tags which do not have built-in consent checks, which do utilize tracking, must be configured with additional consent checks. Unlike tags with built-in consent checks, which load regardless of consent, tags configured with additional consent checks will not fire unless consent has been given for the corresponding storage category.
Google refers to this as Basic Consent Mode.
For a complete overview of the consent settings applied to all tags in your container, you can enable the Consent Overview from your container settings:
In the next section we will provide instructions to configure additional consent checks.
*It is important to note that because tags with built-in load regardless of consent, data will be transmitted to Google without explicit permission from the visitor. If this is of concern to you, it is recommended to configure tags with built-in consent with additional consent as well. That way the tag will not load prior consent.
2.1. Setting up Additional Consent Checks
- In your GTM container, create the following Custom Event trigger, to be used in your GTM configuration:
Event Name: cookie_consent_update
Event Type: Custom Event
Fires On: All Custom Events
Your trigger should look similar to this:
- Edit the consent settings for all tags that need to be configured with additional consent.
You can find these settings in the Tag Editor ❯ Advanced Settings ❯ Consent Settings.
Add all storage categories which the tag requires (see the scan report from Cookiebot if you are in doubt).
In this example the tag requires consent for ad_storage / marketing cookies: -
To ensure the tag fires as soon as consent choices have been determined, either from a previous visit or from interaction with the banner the normal "All Pages" trigger will need to be replaced with the trigger which we created in the first step*.
Here is an example with a Facebook Pixel tag, which with this setup only fires if the visitor has opted in on the required consent type:The updating of Consent Mode settings does not trigger a reevaluation of tags with the "All Pages" trigger. This means that if you don't use the "cookie_consent_update" trigger, and keep the "All Pages" instead, the tag will not fire on the first page if you didn't submit consent during a previous visit.
There are additional methods besides using Consent Mode, to ensure tags cannot load prior consent. Please see Alternative methods for conditionally loading tags for instructions.
3. Implementing the cookie declaration
<script
id="CookieDeclaration"
src="https://consent.cookiebot.com/00000000-0000-0000-0000-000000000000/cd.js"
type="text/javascript"
></script>Make sure to link to the page that embeds the declaration from all pages on your website, e.g. in the website template footer.
4. Marking up your non-GTM website elements
When you implement Cookiebot using Google Tag Manager, Cookiebot can be used to control tags which require consent and do not originate from Google Tag Manager, i.e. scripts, images and iframes inserted directly into your website template.
Such tags need to be marked up for 'prior consent' as described in our manual mark up guide.
Additional resources
For instructions on how to make the cookie banner change language depending on which (language) part of your website a visitor navigates, please see Multilingual support when using GTM.
If you wish to display different banner configurations and consent settings based on the visitor's location, you can check our guide Supporting multiple legislations using Google Tag Manager.
Consent Mode is enabled by default. If you for any reason want to disable Consent Mode, please untick the checkbox "Enable Google Consent Mode".
See also our blog post: Google tag manager and GDPR
Comments
10 comments
How does section "1.1,Defining the Google Consent Mode default consent state" relate to the GeoTargeting setting (inside CookieBot's Banner setup admin page -https://manage.cookiebot.com/en/manage) where I have selected "Visitors from the EU only".
Do we need to define the EU region inside Google Tag Manager manually in addition? i.e. by setting up many granted rules for all "none-EU" country codes inside Cookiebot's admin plug-in for Google Tag Manage? Or can we just ignore this part, knowing that Cookiebot will set it automatically to Granted for all non-EU visitors?
Hey quick question, what if the Enable Consent Overview is not available in the GTM Container?
Should cookie_consent_update trigger also be used to trigger Google Tag to track pageviews in Google Analytics?
Are you ok for 2000ms (defaut)? or ?
Just wanted to pop in with a quick thought: when you're setting up those default consent states in GTM, especially with that nifty GeoTargeting feature in Cookiebot's settings, it can feel a bit like juggling flaming torches, right?
Hi there
When I set up Cookiebot like described above, I notice on the site where it's active that if a user denies cookies, there's something added to the URL. Like e.g. domain.com/page/?_gl=1*hyhtfo*_up*MQ..*_ga*MTY4Mzc2OTEwMi4xNzE4MzU0Mjkz*_ga_DPYNXPE4YZ*MTcxODM1NDI5M...
Is there a way to prevent this from happening?
Thanks!
@Tycho
The stuff that's added to the URL is caused by the URL passthrough feature. Disabling it will stop this from happening.
Super helpful guide! I’ve been trying to set up Cookiebot on my Stardew Valley fan site, and GTM was giving me a bit of a headache. The breakdown of consent triggers and how to control tags makes things way clearer. Especially useful since the site has a mix of embedded images, scripts, and mod-related content. This should make my cookie banner setup a lot smoother thanks for the detailed steps.
Add Cookiebot through Google Tag Manager by using the Cookiebot CMP tag template, add your Domain Group ID, and set the trigger to “Consent initialization – All pages.” Then make sure all other tags in GTM respect consent settings. That’s the whole setup.
To implement Cookiebot with Google Tag Manager (GTM), first, obtain the Cookiebot CMP tag template from the GTM Template Gallery. Then, create a new tag and configure it with your Cookiebot Domain Group ID. Use the "Consent Initialization - All Pages" trigger and save the tag. For controlling cookies, enable consent overview in GTM and apply additional consent checks for tags without built-in consent logic. Finally, implement the cookie declaration script on your website's chosen page.
Please sign in to leave a comment.