In this guide, we will show you how to:
- Implement the cookie consent banner
- Control cookie-setting tags
- Display the cookie declaration on a subpage
1. Implementing the cookie consent banner in GTM
In the "Cookiebot ID" field, copy in the ID from the 'Your Scripts' tab under your account on cookiebot.com.
Choose "Consent initialization - All pages" as trigger and apply a name to your tag at the top of the configuration page, e.g. "Cookiebot". Click "Save" to create the tag.
This is what your tag configuration should look like (except for the value of the Cookiebot ID):
1.1 Defining the Google Consent Mode default consent state
The Cookiebot CMP tag registers default consent states for Consent Mode (detailed information can be reviewed here).
Under the collapsible configuration group ‘Default Consent State’ you can adjust which categories of cookies should be granted or denied before the end user submits consent.
Since most data protection legislations such as GDPR require so-called ‘prior consent’, the default setting is ‘Denied’ for all categories. The category ‘necessary’ (mapped to consent type security_storage) is by default set to ‘Allow’ and is not configurable, as it does not require consent.
GTM by default supports 5 different consent types that are automatically mapped by Cookiebot to the 4 categories used in Cookiebot CMP:
|GTM Consent Type||Mapped Cookiebot Type||Description|
|ad_storage||marketing||Enables storage (such as cookies) related to advertising|
|analytics_storage||statistics||Enables storage (such as cookies) related to analytics e.g. visit duration|
|functionality_storage||preferences||Enables storage that supports the functionality of the website or app e.g. language settings|
|personalization_storage||preferences||Enables storage related to personalization e.g. video recommendations|
|security_storage||necessary||Enables storage related to security such as authentication functionality, fraud prevention, and other user protection. Users will be informed about the specific storage purposes in the cookie declaration, but this type does not require consent from the end user.|
2. Controlling cookies
Google Tag Manager includes several features that work together with Cookiebot to help you manage how tags behave in response to the end user's consent choices.
Tags with built-in consent checks (such as Google Ads, Analytics, Floodlight and Conversion Linker) include logic that automatically changes the tag's execution behavior based on the user's consent state. No consent configuration is needed for this type of tags.
If a tag doesn't support built-in consent checks, you can add Additional Consent Checks for the tag as described below. If a user does not give consent to the specific consent types you’ve selected for the tag, the tag will not run.
2.1. Setting up Additional Consent Checks
1. In your GTM container, create the following trigger, to be used in your GTM configuration:
Event Name: cookie_consent_update,
Event Type: Custom Event,
Fires On: All Custom Events
You trigger should look similar to this:
2. Tags that do not support built-in consent checks and set cookies should specify the types of cookies using the Additional Consent setting under Tag Editor > Advanced Settings with the categories that the tag requires (see the scan report from Cookiebot if you are in doubt).
In this example the tag requires consent for ad_storage:
3. To achieve this, update any cookie-setting tags to replace the existing trigger (e.g. “All Pages”) with the new consent update trigger, e.g. for your Facebook Pixel Code tag. This will fire your tag when the user has opted in on the required consent type.
4. For a complete view of the consent settings across all the tags in your container, you can enable the Consent Overview from your container settings:
3. Alternative method for conditionally loading tags
If you for any reason prefer not making use of Consent Mode, you have to option to prevent Cookiebot from sending Consent Mode signals to Google Tag Manager.
Cookiebot will continue to send consent data to ensure that you still can conditionally load tags that require consent, in the form of the following three custom HTML events:
- Event name:
- Event name:
- Event name:
The process of setting up a consent trigger requiring consent for statistical/analytics cookies is identical as setting up the
cookie_consent_update trigger as described in step 2.1 and the result will look similar to this:
Please note that the
cookie_consent_update event will no longer be available when consent mode is disabled.
To disable Consent Mode you can add
consentmode=disabled as a query parameter.
This is particularly useful if you implement Cookiebot using a custom HTML tag instead of the Cookiebot CMP tag.
Here's an example of how this could look:
4. Implementing the cookie declarationTo make available an option for the user to change or withdraw consent, implement Cookiebot's 'Cookie Declaration' on a page of your own choice by embedding the following script tag directly into the source of the page and position within the page where you want the cookie declaration to be displayed (replace 00000000-0000-0000-0000-000000000000 with your own Cookiebot ID):