Google Tag Gateway (GTG) and Google Consent Mode with CookieScript
Google Tag Gateway is compatible with CookieScript, but it can change how quickly Google tags load.
If Google Consent Mode is not initialized early enough by CookieScript, Google tags may process requests before the default consent state is available. CookieScript may detect this as a Late Consent issue.
This article explains how to check whether GTG is active, how to verify Advanced Consent Mode (U+C), and which setup options can help fix Late Consent.
What is Google Tag Gateway?
Google Tag Gateway, or GTG, allows Google tags such as gtag.js or gtm.js to be served from your own first-party domain, in addition to Google Analytics and GTM.
Normally, Google tags load from Google domains such as:
www.googletagmanager.com
www.google-analytics.com
With GTG, those same tags may load from your own domain or subdomain instead.
For example:
Standard Google tag | GTG-enabled tag |
www.googletagmanager.com/gtm.js | yourdomain.com/metrics/ |
This can improve measurement durability and performance because Google tags are served through a first-party path.
GTG changes how Google tags are delivered. It does not replace CookieScript, consent management, or Google Consent Mode. CookieScript still needs to send the correct consent signals, and Google tags still need to respect the visitor’s consent state.
GTG can be set up in several ways, including:
one-click CDN injection through providers such as Cloudflare, Akamai, or Fastly;
a GTM-based setup;
a manual setup through your server, CDN, or load balancer.
How GTG affects consent and tag loading
GTG serves Google scripts from a first-party domain. Because these scripts are served from your own domain or subdomain, they may load faster than traditional third-party Google scripts.
In some setups, this can change the order in which scripts run on the page. This is especially common with one-click CDN injection, where the Google tag may be inserted very high in the HTML before other scripts have loaded.
That load order matters for Google Consent Mode.
CookieScript needs to initialize the default Google Consent Mode state before Google tags process measurement requests. If Google tags load first, the initial Google requests may happen before the correct default consent state is available.
This timing issue is what can lead to a Late Consent warning.
GTG itself does not create consent. It also does not bypass consent or override the visitor’s choice. The issue is timing: Google tags may load before CookieScript has had a chance to send the default consent state.
What is Late Consent?
Late Consent means that a Google tag processes a request before the default Google Consent Mode state is available.
In a correct setup, CookieScript sends the default consent state before Google tags process measurement requests. Before the visitor interacts with the CookieScript banner, this default state is usually set to denied. After the visitor accepts, rejects, or customizes their choice, CookieScript sends an updated consent state based on that choice.
Late Consent can happen when Google tags load or run too early on the page. Common causes include:
GTG loads Google tags earlier than before;
Google tags are hardcoded above the CookieScript header script;
GTM loads before CookieScript has initialized consent;
the CookieScript GTM template is not configured to fire early enough;
a CMS, CDN, cache plugin, or script optimizer changes the intended script order;
the TCF stub loads too late in IAB TCF setups.
In short, Late Consent is usually a matter of timing. The Google tag is available before the default consent state is ready.
Note: A Late Consent warning does not always mean that Google Tag Gateway is the only cause. GTG is a common trigger because it can make Google tags load earlier, but the same issue can also happen when Google tags are hardcoded before CookieScript, GTM fires too early, the CookieScript GTM template is not initialized early enough, the TCF stub loads too late, or a CMS, CDN, cache plugin, or script optimizer changes the script order.
Is Google Tag Gateway compatible with CookieScript?
Yes. Google Tag Gateway can be used with CookieScript when Google Consent Mode is configured correctly.
The main thing to avoid is Google tags loading before the default consent state is available.
CookieScript can send both default and updated Google Consent Mode signals, but those signals need to be available early enough for Google tags to process them correctly.
If your website uses IAB TCF v2.2, the TCF stub must also be available before any Google tags that depend on it.
If GTG causes Google tags to load too early, use one of the recommended solutions below to prevent Late Consent.
How to verify if GTG is active on your website
You can check whether Google Tag Gateway is active by looking at where your Google tag and measurement requests are loaded from.
Check GTG in Browser DevTools
Open your website.
Open Browser DevTools.
Go to the Network tab.
Refresh the page.
Search for gtm.js, gtag, or collect
Check the Domain column for the matching request, if you find appropriate network calls and they are coming from your domain (yourdomain.com/) this means that GTG is configured correctly
If no appropriate calls were found in the Networks tab, you need to check the measurement path configured in GTG
If the request loads from googletagmanager.com, google-analytics.com, or another Google domain, GTG is probably not active for that request.
Examples:
Result | Example request |
GTG active | yourdomain.com/metrics/ |
GTG active | yourdomain.com/metrics/collect |
GTG not active | www.googletagmanager.com/gtm.js |
GTG not active | www.google-analytics.com/g/collect |
Check GTG in Google Tag Assistant
You can also verify GTG in Google Tag Assistant.
Open Google Tag Assistant.
Connect it to your website.
Trigger a pageview or test event.
Check whether Google hits are routed through your first-party endpoint.
IMPORTANT!:
For users in the European Economic Area, Google Analytics measurement data goes directly to regional Google endpoints. This routing bypasses your Content Delivery Network path, ensuring GDPR compliance & representing expected behavior. This exception doesn't affect Google Ads conversion hits; they still route through your Google tag gateway for advertisers path.
GTG-enabled hits may be shown as first-party.
Check GTG in Google tag or GTM settings
You can also check GTG in your Google tag or Google Tag Manager settings.
Open the relevant Google tag or GTM container settings.
Navigate to the Admin section
Look for the Google Tag Gateway section.
Check whether your domain or subdomain is listed as active.
If no first-party endpoint is configured, GTG may not be active.
How to verify Advanced Consent Mode (U+C) for GTG
You can verify Advanced Consent Mode (U+C) by checking the first Google measurement request before interacting with the CookieScript banner.
Open your website.
Open Browser DevTools.
Go to the Network tab.
Filter requests by collect?v=2.
Refresh the page.
Do not click the CookieScript banner.
Look for a request to your GTG endpoint.
Example GTG endpoint:
mydomain.com/metrics/collect
Open the request and check the request URL, Payload, or Query String Parameters.
Look for this parameter:
gcs=G100
If you see a request to your GTG endpoint with gcs=G100, Advanced Consent Mode (U+C) is active.
This matters because Google tags are receiving the denied consent state before the visitor interacts with the banner. This setup is compatible with GTG and helps prevent Late Consent because Google tags can process the denied state immediately when they load.
In other words, the Google tag does not need to wait for the visitor to click the banner before it understands the current consent state.
After the visitor grants consent, later Google requests should reflect the updated consent state.
Recommended solutions for Late Consent
If CookieScript detects Late Consent after GTG is enabled, the issue is usually caused by timing. Google tags are loading before the default Google Consent Mode state is available.
Use one of the options below to fix or reduce the risk.
Option A: Use Advanced Consent Mode (U+C) — recommended
Advanced Consent Mode (U+C) is the recommended option for most GTG setups, especially when GTG is enabled through CDN injection and script order cannot be fully controlled.
With Advanced Consent Mode, Google tags can load immediately. CookieScript sends the default Google Consent Mode state before the visitor interacts with the banner, and Google tags adapt their behavior based on the current consent state.
Before consent is granted, Google tags process the denied state. After the visitor accepts, rejects, or customizes their choice, CookieScript sends an updated consent state.
This setup is compatible with GTG and solves the Late Consent issue because Google tags are able to process the denied state immediately upon loading.
Check the Analytics tag in GTM
In your GTM container, check that the Analytics or Google tag is configured correctly.
Open your GTM container.
Find the Analytics or Google tag used for your website.
Check the tag trigger.
Make sure the tag uses Initialization - All Pages.
Scroll down to Advanced Settings.
Open Consent Settings (BETA).
Select No additional consent required.
Save the tag.
Publish the GTM container changes.
This setting does not mean that user consent is not required. It means the tag should rely on Google Consent Mode and the consent signals sent by CookieScript, instead of adding extra GTM consent requirements on top of that tag.
Enable Global Consent Defaults in Google Analytics
In Google Analytics, check the consent default settings for the relevant Google tag.
Open Google Analytics.
Go to Admin.
Open Data streams.
Select your website data stream.
Click Configure tag settings.
Click Show more.
Open Override consent mode defaults.
Enable the override for Ads settings.
Enable the override for Analytics settings.
Save the changes.
This helps Google tags assume the correct default consent state before the visitor grants consent. CookieScript still needs to collect the visitor’s choice and send updated consent signals after the visitor interacts with the banner.
Verify the setup
After making the changes, verify the setup in Browser DevTools.
Open your website.
Open Browser DevTools.
Go to the Network tab.
Filter requests by collect?v=2.
Refresh the page.
Do not click the CookieScript banner.
Open the request to your GTG endpoint.
Check the request URL, Payload, or Query String Parameters.
Look for the parameter gcs=G100.
If you see gcs=G100, Advanced Consent Mode (U+C) is active and Google tags are processing the denied consent state before banner interaction.
Advanced Consent Mode may still send cookieless pings when consent is denied. Make sure this setup matches your legal and internal compliance requirements.
Option B: Move all tags into one GTM container
If Google tags are scattered across the website, move them into one Google Tag Manager container where possible.
This can include:
Google Analytics;
Google Ads;
Floodlight;
other marketing and measurement tags.
Then deploy that GTM container through GTG and keep consent logic centralized inside GTM.
This helps because GTM makes tag firing easier to control, consent settings easier to audit, and reduces the chance that one tag fires outside the intended setup.
Make sure CookieScript initializes consent before other tags fire. Avoid hardcoded Google tags outside GTM unless there is a specific reason to keep them separate.
Moving tags into GTM does not automatically fix consent. The CookieScript GTM template and Google Consent Mode settings must still be configured correctly.
Option C: Use manual GTG setup with controlled script order
This option is best for technical teams that can control the server, CDN, load balancer, or measurement path.
With a manual GTG setup, make sure the CookieScript header script loads physically before Google tags. CookieScript must send the default consent state before gtag.js, gtm.js, or Google measurement requests execute.
If the website uses IAB TCF, make sure the TCF stub is also available before Google tags that depend on it.
This option gives you direct control over script order. It can work for stricter setups where tags should not process anything before the CMP initializes, and it avoids relying only on CDN-level injection.
However, this setup requires technical control. CMS plugins, caching tools, script deferral, and CDN settings can change the intended order and reintroduce Late Consent. Always test after deployment or configuration changes.
Option D: Use Global Consent Defaults as an additional safeguard
You can also configure Global Consent Defaults in Google tag settings.
Global Consent Defaults can help ensure that a denied state is assumed before the visitor grants consent. This can reduce the risk of Google tags processing requests without a default consent state.
Use this together with CookieScript’s Google Consent Mode integration. Do not treat it as a replacement for CookieScript.
Global Consent Defaults do not collect consent and do not record the visitor’s actual choice. CookieScript still needs to collect the choice and send updated consent signals.
Which solution should you choose?
Situation | Recommended solution |
GTG is active and CookieScript detects Late Consent | Option A: Advanced Consent Mode (U+C) |
GTG is enabled through one-click CDN injection | Option A: Advanced Consent Mode (U+C) |
You cannot fully control script order | Option A: Advanced Consent Mode (U+C) |
Google tags are scattered across the website | Option B: Move tags into GTM |
You already manage most tags in GTM | Option B, then verify Advanced Consent Mode (U+C) |
You have technical control over CDN or server setup | Option C: Manual GTG setup |
You want an extra denied-by-default safeguard | Option D: Global Consent Defaults |
You are unsure where to start | Option A, then verify gcs=G100 |
Common configuration issues
Late Consent is usually caused by script timing. Use the checks below to find what is making Google tags load before the default consent state is available.
CookieScript loads after Google tags
If CookieScript loads after Google tags, Google may process the first requests before the default Google Consent Mode state is available.
To fix this:
move the CookieScript header script higher in the page;
check whether Google tags are hardcoded before CookieScript;
in GTM setups, check that CookieScript initializes consent before other tags fire.
GTG CDN injection changes script order
One-click CDN injection can place the Google tag at the top of the HTML. This may happen outside the normal page template, so the order you see in your CMS or theme files may not match the final page output.
If you cannot fully control this order, Advanced Consent Mode (U+C) is usually the safest fix.
Google tags are outside GTM
Hardcoded Google tags may fire before CookieScript, especially if they are placed directly in the page header, theme files, plugins, or custom code.
To fix this:
move Google tags into GTM where possible;
or manually place the CookieScript header script before those tags;
check all templates, plugins, and custom code for additional Google tags.
TCF stub loads too late
This matters if the website uses IAB TCF v2.2.
The TCF API/stub must be available before Google tags that rely on TCF. If the TCF stub loads too late, Google tags may start without the expected TCF signal.
Check that the TCF stub is initialized early enough and is not delayed by script optimization, tag sequencing, or plugin settings.
Script optimization tools interfere
Caching, minification, script delay, and defer tools can change the intended load order. A setup that works before optimization may break after performance settings are enabled.
To reduce the risk:
exclude CookieScript and consent-related scripts from delay, defer, or optimization if needed;
check whether your CDN or cache plugin rewrites script order;
re-test after changing performance settings.
Custom GTG paths make requests harder to find
Some GTG setups use custom paths, such as:
/metrics/collect
In these cases, searching only for gtm.js may not be enough.
Try searching in DevTools for:
collect;
gtag;
your Google tag ID or Measurement ID;
your GTG endpoint.
You can also use the Initiator column in DevTools to trace what triggered the request.
Consent signals in regions where the banner is not displayed
Some websites show the CookieScript banner only in selected regions. For example, a banner may be shown to visitors in the EU or EEA, but hidden for visitors in other locations.
Even when the banner is hidden, Google tags may still need a valid Google Consent Mode state. Hiding the banner and removing CookieScript entirely are not the same thing.
If CookieScript does not load on the page, it cannot send default or updated Google Consent Mode signals. This can cause Google tags to run without the expected consent state.
Check your setup if you use region-based banner rules. Review:
regional banner settings;
geo-targeting rules;
CDN rules;
GTM rules;
script loading conditions.
If GTG is active, also verify that Google requests in excluded regions still receive the correct default or updated consent state.
Final verification checklist
Use this checklist after making changes to your GTG, GTM, or CookieScript setup.
GTG requests load from your own domain or subdomain.
CookieScript loads before Google tags where script order is manually controlled.
Google Consent Mode is enabled.
The default consent state is available before Google tags process requests.
Google tags are not firing outside the intended setup.
GTM trigger order is correct.
The TCF stub is available early enough if IAB TCF is used.
Before clicking the CookieScript banner, a GTG collect?v=2 request shows gcs=G100.
After accepting or rejecting the banner, later Google requests reflect the updated consent state.
Google Tag Assistant confirms that hits are routed through the expected first-party endpoint.
CookieScript no longer reports Late Consent.