Websites using Google Tag Manager (GTM) can deploy Cookiebot by following these step-by-step instructions.
In this guide, we will show you how to:
In this guide, we will show you how to:
- Implement the cookie consent banner
- Control cookie-setting tags
- Display the cookie declaration on a subpage
We assume that you've already created a GTM account, created a website container in GTM, and added the GTM container snippet to your website as required: https://support.google.com/tagmanager/answer/6103696
1. Implementing the cookie consent banner in GTM
In your GTM container, click "Templates" > "Tag Templates" > "Search Gallery" and select "Cookiebot CMP" from the list of community tag templates. Click "Add to workspace" and confirm by clicking "Add".
Create a new tag by clicking "New" > "Tag Configuration" and select "Cookiebot CMP" from the list of standard tag types.
In the "Cookiebot ID" field, copy in the ID from the 'Your Scripts' tab under your account on cookiebot.com.
In the "Cookiebot ID" field, copy in the ID from the 'Your Scripts' tab under your account on cookiebot.com.
Choose "All pages" as trigger and apply a name to your tag at the top of the configuration page, e.g. "Cookiebot". Click "Save" to create the tag.
This is what your tag configuration should look like (except for the value of the Cookiebot ID):
Make sure that you have registered and saved the domain name(s) of your website(s) in Cookiebot.
2. Controlling cookies
To honor the visitor's consent, you need to define the logic that controls the behavior of cookie-setting tags on your website.
Please note: This section does not apply to the following Google tags, if you enable Google Consent Mode:
- Google Ads (including Google Ads Conversion Tracking and Remarketing)
- Floodlight
- Google Analytics
- Conversion Linker
With Consent Mode, these tags will automatically change behavior in accordance with the end user's consent and should therefore be assigned the "All pages" trigger.
All other cookie-setting tags must be handled as described below.
In your GTM container, click "Templates" > "Variable Templates" > "Search Gallery" and select "Cookiebot Consent State" from the list of community variable templates. Click "Add to workspace" and confirm by clicking "Add".
Now, add a variable and name it "Cookie Consent" by creating a new Variable and selecting "Cookie Consent State" from the list of standard variables. No configuration is available or needed.
Then, create the following triggers, to be used in your GTM configuration:
- Event Name: cookie_consent_preferences,
Event Type: Custom Event,
Fires On: Some Custom Events,
Filter: Cookie Consent contains preferences - Event Name: cookie_consent_statistics,
Event Type: Custom Event,
Fires On: Some Custom Events,
Filter: Cookie Consent contains statistics - Event Name: cookie_consent_marketing,
Event Type: Custom Event,
Fires On: Some Custom Events,
Filter: Cookie Consent contains marketing
You triggers should look similar to this:
Tags that set cookies within one of these three categories (see the scan report from Cookiebot if you are in doubt) must only be triggered when the user has consented to the relevant category/categories.
To achieve this, replace the existing Firing Trigger on each cookie-setting tag with the relevant cookie-trigger, e.g. "Cookie Consent Marketing" for your Facebook Pixel Code tag.
To achieve this, replace the existing Firing Trigger on each cookie-setting tag with the relevant cookie-trigger, e.g. "Cookie Consent Marketing" for your Facebook Pixel Code tag.
If a tag requires consent for multiple cookie-categories, you can create a Trigger Group and add the relevant triggers. You should set "This trigger fires on" to "All conditions". Replace the tag's existing trigger with this Trigger Group.
Here is an example of a trigger group that requires consent for cookies in both the statistics and marketing categories:
Here is an example of a trigger group that requires consent for cookies in both the statistics and marketing categories:
Replacing triggers for tags can seem like a daunting task if your workspace contains many tags that require consent. Keep in mind though, that you can apply triggers to multiple tabs at once.
To do this, check the boxes in front of all tags that require consent in the same category and press the Edit trigger button: 
A pane will slide in from the right that allows you to collectively add and remove triggers, and add exceptions to all selected tags.
A pane will slide in from the right that allows you to collectively add and remove triggers, and add exceptions to all selected tags.
3. Implementing the cookie declaration
To make available an option for the user to change or withdraw consent, implement Cookiebot's 'Cookie Declaration' on a page of your own choice by embedding the following script tag directly into the source of the page and position within the page where you want the cookie declaration to be displayed (replace 00000000-0000-0000-0000-000000000000 with your own Cookiebot ID):<script id="CookieDeclaration" src="https://consent.cookiebot.com/00000000-0000-0000-0000-000000000000/cd.js" type="text/javascript"></script> Make sure to link to the page that embeds the declaration from all pages on your website, e.g. in the website template footer.
Other ressources
For instructions on how to make the cookie banner change language depending on which (language) part of your website a visitor navigates, please see Multilingual support when using GTM.
When you implement Cookiebot using GTM, Cookiebot will also be able to control tags not set from GTM, i.e. script tags that are inserted directly in your website template. Just mark up such tags for 'prior consent' as described in our general implementation tutorial. If you wish to use GTM and automatic blocking, please see Google Tag Manager and Automatic cookie blocking.
See also our blog post: Google tag manager and GDPR
Comments
18 comments
Hello,
I maintains many wix website but this I followed the procedure but it does not work.
The cookies content banner does not appear. Why ?
Hello,
I have the same problem with drupal. I'm using manual blocking, is it correct?
Thank you
Hi Speralta
How did you implemented GTM in drupal? I have followed same steps described in this page.
And i could see JS variable "Cookiebot.consent" is set according user accept values and "dataLayer" event also triggering perfectly in all pages.
Does this means its working fine? How can i confirm that GTM works perfectly after user accepts statistics consent and GTM doesnt when user doesn't provide consent?
Hi,
I have been able to solve the problem, thank you very much.
I have followed these instructions, but when I open the website the Cookiebot banner displays and Google Analytics cookies are switched on by default rather than being switched off. What could be wrong?
Hello Peter.
I would advice you to submit a ticket with us with the specific issue, so we can perform some troubleshooting for your situation.
https://support.cookiebot.com/hc/en-us/
Hi,
following this approach and not the one described here https://support.cookiebot.com/hc/en-us/articles/360009192739-Google-Tag-Manager-and-Automatic-cookie-blocking , would you regain access to the Debug & Preview function of GTM?
We implemented Cookiebot by following the Google Tag Manager and Automatic cookie blocking guide, but since then our 3rd party marketing agency isn't able to properly create new tags, since the Debug & Preview function is nonfunctional.
We're hoping that implementing Cookiebot via GTM would resolve this problem, but before we go into the effort, we'd need a confirmation that this would actually solve our problem.
Thanks
I have implemented the Cookiebot Tag Manager strategy and all works fine. Here are some things I have learned:
1. De script declaration is not necessary anymore, you can leave that step out of this manual
2. Check all blocking mechanisms when you test; Firefox automatic blocking, VPN's etc.
I have one big question though:
I have tried to use the Consent triggers on stuff like Google Analytics and Hotjar bu the triggers do not fire at all. What could be the possible cause of this? Normally triggers are set to All Pages and that works just fine.
Smaller question: is naming strict? Like Cookie Consent for example. I also noticed that the names of the triggers in text are different than on image.
Wouldn't it be more effective to use the Consent trigger as an exception? So define Cookie Consent Marketing as NOT containing marketing. Then use it as an exception on a trigger so you have options to specify which pages it applies to.
I also noticed this issue that Jaap is talking about:
"I have tried to use the Consent triggers on stuff like Google Analytics and Hotjar but the triggers do not fire at all. What could be the possible cause of this? Normally triggers are set to All Pages and that works just fine."
I think this is a quite recent issue, because I only noticed around the same time that Jaap posted his comment here and I use an import of my GTM settings so the settings are the same as on previous projects (where this still seems to work like it should).
Is there a solution for this issue?
Thanks!
What Jaap and Tycho said is exactly the same question I have. The documentation on this site regarding how to implement Cookiebot with GTM is less than desirable. (There are multiple pages which say different things.)
Most of the documentation assumes a user is trying to comply with GDPR, thus the examples given are for how Cookiebot works when the default behavior is that site visitors are opted out until they opt-in. But many people are now using Cookiebot to handle CCPA, where visitors are opted in until they opt-out.
How about spending some additional time going through past documentation and removing or updating verbiage that no longer applies or is no longer correct?
Did anyone get a response from Cookiebot concerning this matter?
Or did anyone maybe find a solution?
Thanks!
Negative to both questions.
Bumping up this thread. Same problem here - different documentation on different pages with no clarifcation from Cookiebot which one is recommended for specific cases. I also suggest to sort our or refactor the GTM documentation.
Having also the same problem with the tag manager preview function after I implemented a new trigger which checks for links with a specific Click text. . It still shows, but without any content, so completely empty.
Also sent an Email to Support 2 weeks ago without a response. Is there a solution available already?
Having the preview function in the tag manager is quite crucial for us .
This guide is only covering GTM tags that were firing unconditionally on all pages. However, most of our tags already have specific triggers. Since it is not possible to add a second additional trigger, the concept described here does not work for all those tags. What would you recommend in this case (and no, creating trigger groups for every specific trigger we have -200- is not an option)?
One feasible way would be to add exceptions to every trigger, which is possible in GTM. So if I have a specific trigger and want it to fire only if consent is given, I would like add a "Consent not given" exception.
This would require the "Cookie Consent" variable template to not only contain the strings "preferences|statistics|marketing" but also a string that can be used to safely determine if consent is not given.
Among the many things not clear - if you using auto-scan and classifying cookies within the cookiebot control panel, are GTM triggers necessary?
Hello Dave.
Yes, the triggers are indeed still necessary, as GTM is a different platform and will not be blocked by the automatic script. This is because we also have a manual implementation method that uses GTM and therefore GTM as a platform is not directly blocked.
Therefore it is required that you add the triggers and ensure GTM blocks cookies before consent is provided by the visitor.
Hi,
Could someone help me clarify the following:
If I implement Cookiebot through GTM, all cookies set by a specific tag/script will be blocked if the user has deselected the category that the script is placed in (the trigger used) in GTM, I assume?
So if a particular tag in GTM sets, say, three cookies, and two of them are auto-categorized as "Statistics" by Cookiebot, and one is auto-categorized as "Marketing" (for instance, this is approximately the case for LinkedIn Insights) - all three will be blocked if GTM is used?
In other words, when implementing Cookiebot through GTM, there's no way to achieve the fine-grained blocking that is possible with auto-blocking and no GTM, because the GTM-implementation does not assess each cookie individually.
I could make a trigger group in GTM - but this would mean that even if the user had opted in to "statistics" cookies, these would only be set (for the particular tag) if the user had also opted in to the other categories in the trigger group that fires the tag?
Thanks in advance.
Kind regards, Chris
Please sign in to leave a comment.