No analytics cookies is set upon a consent was updated

Asked 7/12, 2021 at 19:45 Answered 11/12, 2021 at 17:17

Solved javascript google-analytics google-talk

I am using the Google Tag Manager with a single tag referencing a default Google Analytics script. My solution is based on the information from these resources:

The code is simple (commit):

index.html: define gtag() and set denied as a default for all storages

  <script>
    window.dataLayer = window.dataLayer || [];
    function gtag() { window.dataLayer.push(arguments); }
    gtag('consent', 'default', {
      ad_storage: 'denied',
      analytics_storage: 'denied',
      personalization_storage: 'denied',
      functionality_storage: 'granted',
      security_storage: 'granted',
      wait_for_update: 400,
    });

Then load a user configuration from the localStorage and call update:

handleCookies(preferences) {
  console.log('handleCookies callback');
  gtag('consent', 'update', {
    ad_storage: preferences.ad,
    analytics_storage: preferences.analytics,
    personalization_storage: preferences.personalization,
  });
  console.log(window.dataLayer);
},

So far so good because I see the event queue is updated in dataLayer:

As the consent is set I anticipate the the cookies will be set for the Google Analytics now. But they are missing. What stupid mistake have I done?

Haruspicy answered 7/12, 2021 at 19:45 Comment(3)

silly me, it seems to be related to sending true instead of granted – Haruspicy 10/12, 2021 at 20:26

Yes, you should use granted and denied rather than true and false. – Jovitta 11/12, 2021 at 12:9

True. I haven't noticed I am sending the boolean. Default object was correct. Stupid mistake. – Haruspicy 11/12, 2021 at 15:35

Your update command happens after the GTM container snippet is rendered by the browser, so the update command is processed only after the All Pages trigger has already been processed.

You need to either delay your tags to fire on a later trigger (e.g. DOM Ready) or change how your script works to push the 'update' command sooner.

Alternatively, you can use the Consent Mode tag template found in the template gallery to orchestrate everything through GTM. The template uses GTM's synchronous consent APIs which ensure that the consent state is applied immediately rather than only once the dataLayer queue is processed.

Jovitta answered 11/12, 2021 at 12:7 Comment(1)

Thank you for your advice. I think I have finished my solution. GA will generate client side cookies only once a user provided a consent. So far so good. But GA will never send the cookie value. Am I missing something? More details in my answer. The app is deployed here: beta.mezinamiridici.cz. Thank you! – Haruspicy 11/12, 2021 at 17:20

From your screenshot, gtm.js is executed before the update of the consent mode so the pageview continues to be sent to Google Analytics as denied.

The update must take place before gtm.js

Akee answered 7/12, 2021 at 23:29 Comment(5)

I think it should not work this way. The articles I read state I should set the defaults before gtm.js is loaded and push the update when there are consent changes. A user will confirm the consent cookie dialog seconds or minutes after the page is loaded. There is the Update message for such purpose. GTM must load all scripts before the consent dialog is displayed. – Haruspicy 8/12, 2021 at 6:38

sure, before the consent you will lose the data but after the consent, as I wrote, the update must take place before gtm.js – Akee 8/12, 2021 at 10:11

I still did not get your point. gtm.js is loaded once as soon as possible. Would you be more concrete and provide step by step instructions what shall I do when the page is loaded and user accepts the consent screen? – Haruspicy 8/12, 2021 at 11:48

You can send an update but if you want send the pageviews before cookie accento you have to define a cookie policy, i.e. anonimyzeIp and start with analytics_storage granted, bit it is legal question bot technical issue. – Akee 8/12, 2021 at 14:42

Thank you for your effort but there is some misunderstanding. My english may be too poor. I failed to explained you that gtm.js is loaded before the consent and therefore the update message can occur afterwards. – Haruspicy 8/12, 2021 at 15:2

As a note for my silly future myself I will write some findings and notes there.

follow Simo's advices though it might not be easy to understand without a prior subject orientation
define gtag() function and set the default settings prior gtag initialization
the first visit shall set denied for ad_storage, analytics_storage and personalization_storage
if it is a returning visit it is a good idea to set the defaults according to a user's content
but hey, you can send the update message later, even in a Vue component's mounted method. A value in wait_for_update might be useful there because you want to initialize Google Analytics with cookies rather then without them.
Google Analytics sends https://www.google-analytics.com/g/collect request. Take a look to payload, gcs: G100 is sent when the cookies consent is missing.
Once a user accepts the cookies, send new consent values in the update message. The values are denied / granted, not true / false, you fool!
The GA cookies are created at this moment. But they are not sent to server, sorry, your turn is over. Well, if a user does some tracked action like a scrolling a page, the collect will be sent again with gcs: G111. I am bit surprised that neither the request not the response holds any cookie. Why?
Once I reload the page and all storages are granted by default, gcs: G111 is still present in GA's collect but the page's existing cookies are not present in the request. Why?

Haruspicy answered 11/12, 2021 at 17:17 Comment(10)

Because hit with G100 are not shown in the report and clientid changes. – Akee 11/12, 2021 at 18:0

Really? Chrome dev tool presents all requests. GA shall use cookies when the consent is granted, shall not? See beta.mezinamiridici.cz – Haruspicy 11/12, 2021 at 18:21

Hit is sent to Google Analytics but you can't see it in the report. Google Analytics will use these hits for modeling, so probably in the future something will be seen in the reports but not today. – Akee 11/12, 2021 at 20:1

You mean GA report. I am talking about HTTPS request generated by GA javascript which does not contain any cookie though the cookies consent was recorded by Google tag manager. – Haruspicy 11/12, 2021 at 20:19

When analytics is granted the clientid (cookie value) alias cid in the request is fixed and not changes in the next requests. – Akee 12/12, 2021 at 8:37

Ahh, so GA is sending client id as a request parameter instead of cookies. I was not aware of this. So when cid is present, my setup is correct. Great to know. Thank you – Haruspicy 12/12, 2021 at 10:5

leaving this here in case it helps anyone. i found this which is contrary to gtag examples elsewhere: "For a gtag implementation: Find the code that calls the API gtag('config', 'AW-xxxx') and make sure the gtag('consent', 'default') or gtag('consent', 'update') commands fire before any gtag('config') commands. Once updated, check if the consent states are present in the Config event." also found what seems to be a bug. to fix the bug i have duplicate code before the config and before script src exactly as shown in my next comment. – Lidalidah 29/12, 2022 at 22:22

bug fix: support.cookiehub.com/article/… – Lidalidah 29/12, 2022 at 22:22

gtag placement link: support.google.com/tagassistant/answer/… – Lidalidah 29/12, 2022 at 22:24

so order is: window.datalayer -> func gtag() -> gtag(consent) -> script src -> gtag(js) -> gtag(config). where consent have default values. after consent verified, i call gtag(consent, update) with the new values and seems to work fine. not sure why order is different when google initially gives you the code block to paste. – Lidalidah 29/12, 2022 at 22:40

Recommended topics

Hot tags