Integrations
Google Tag ManagerGoogle Tag Manager
field-testedPlatforms and stores

CookiePilot and Google Tag Manager

Install CookiePilot as a Consent Initialization tag, with the Consent Mode stub placed before the GTM container.

Overview

Install CookiePilot as a Consent Initialization tag, with the Consent Mode stub placed before the GTM container.

Consent Mode defaults are set synchronously to denied.
The main CookiePilot script is loaded through GTM in the configured tag.
cookiepilot_consent_update is available for triggers and tags.

What the CookiePilot app generates for GTM

Domain → Installation → Google Tag Manager generates a real GTM snippet, not only generic documentation. The backend returns directSnippet, stubSnippet and gtmSnippet; the GTM version combines an inline Consent Mode stub with cookiepilot.js loaded from the CDN for the domain key.

The stub runs synchronously, creates dataLayer/gtag, sets default consent and reads stored cookiepilot_consent for returning visitors before later tags read the state.

Source: domains.service.ts and install-method-tabs.tsx
GTM event: cookiepilot_consent_update
Native event: cookiepilot:consent

Google tags and non-Google tags

Google tags should use Consent Mode v2. GA4 relies on analytics_storage, while Google Ads also needs ad_storage, ad_user_data and ad_personalization.

Meta, TikTok, Hotjar and Klaviyo should usually use the cookiepilot_consent_update dataLayer event or the native cookiepilot:consent event if they are outside GTM.

Google: Consent Mode v2
Non-Google: dataLayer Custom Event
Hardcoded scripts must be moved or gated

Setup steps

  1. 1Paste the CookiePilot stub in head before the standard GTM snippet.
  2. 2Add cookiepilot.js as Custom HTML on Consent Initialization - All Pages.
  3. 3Make marketing tags consent-aware or trigger them after cookiepilot_consent_update.
  4. 4Use Preview to confirm no ad requests or tracking cookies appear before consent.

Example snippet

<script src="https://cdn.cookiepilot.io/stub.js"></script>
<!-- GTM container follows -->
<script src="https://cdn.cookiepilot.io/cookiepilot.js" data-cpkey="YOUR_API_KEY"></script>

Test checklist

  • gcd shows denied before the visitor clicks.
  • After Reject, marketing tags do not start.
  • After Accept, dataLayer contains consent update granted.
  • Hardcoded scripts outside GTM are removed or moved behind the CMP.

FAQ

Is this legal advice?

No. It is an implementation guide. For unusual data flows, confirm the setup with your legal or privacy team.

Does CookiePilot block every script automatically?

CookiePilot supports autoblocking and Consent Mode. Trackers hardcoded before the CMP still need to be moved behind the stub or into GTM Consent Initialization.