Server-Side Google Tag Manager

Google Tag Manager (GTM) server-side containers move tag execution from the visitor's browser to a server you control. This improves page performance, reduces ad-blocker interference, and gives you tighter control over outbound data. Because the consent banner runs client-side, a hybrid setup is required—your web container handles consent collection, while the server-side container enforces it before forwarding data to vendors.

How It Works

The DataGrail consent banner runs in the browser and communicates consent choices through Google Consent Mode. When you also run a server-side container, the flow looks like this:

1. The consent banner loads in the browser and collects the visitor's preferences.
2. DataGrail updates the Google Consent Mode signals (ad_storage, analytics_storage, ad_user_data, ad_personalization) based on those preferences and your category mappings.
3. Your web container sends events (e.g., GA4 measurement protocol requests) to the server-side container endpoint—typically a first-party subdomain like sgtm.example.com.
4. The consent state travels with the event data in the request payload.
5. Server-side tags read the consent signals and conditionally fire based on the visitor's choices.

Web Container Still Required

A server-side container does not replace your web container. The web container is where the DataGrail consent banner runs and where consent signals originate. The server-side container sits downstream and acts as a privacy-aware proxy.

GTM Deployment

If you deploy DataGrail Consent through Google Tag Manager, consent signals are automatically included in outbound events from your web container. You need to make sure that your server-side GTM configuration properly handles the Google Consent Mode flags so that server-side tags respect visitor choices.

To configure your server-side container for consent:

1. Verify that Google Consent Mode is enabled in DataGrail and your category mappings are configured.
2. In your server-side GTM container, confirm that each tag has the appropriate consent settings configured. Google's consent-aware tags (GA4, Google Ads, Conversion Linker) automatically read consent signals. For third-party tags, configure the Additional Consent Checks in the tag settings to require the relevant consent types before firing.
3. Publish your DataGrail changes to the web container.
4. Test using the GTM server-side Preview mode to verify that consent signals arrive with each event and that tags respect them.

Advanced vs Basic Consent Mode

Both Advanced and Basic Consent Mode work with server-side containers. In Advanced mode, Google's consent-aware tags send cookieless pings even when consent is denied, enabling modeled conversions. In Basic mode, tags are fully blocked until consent is granted. Your choice here applies to both web and server-side tags.

Embedded Deployment

If you use an embedded deployment or need to send events directly to your server-side container outside of GTM's built-in data flow, you can use DataGrail callbacks to read consent state and include it in your server-side requests.

The example below listens for consent changes and sends an event to a server-side GTM endpoint, including the consent state in the payload:

<script>
  window.dgEvent = window.dgEvent || [];

  function sendToServerGTM(preferences) {
    var consentState = {
      ad_storage: window.DG_BANNER_API.categoryEnabled("marketing") ? "granted" : "denied",
      analytics_storage: window.DG_BANNER_API.categoryEnabled("performance") ? "granted" : "denied",
      ad_user_data: window.DG_BANNER_API.categoryEnabled("marketing") ? "granted" : "denied",
      ad_personalization: window.DG_BANNER_API.categoryEnabled("marketing") ? "granted" : "denied",
      functionality_storage: window.DG_BANNER_API.categoryEnabled("functional") ? "granted" : "denied"
    };

    // Send event to your server-side GTM endpoint
    fetch("https://sgtm.example.com/your-endpoint", {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify({
        event_name: "consent_update",
        consent: consentState
        // Include any other event data as needed
      })
    });
  }

  // Fire on initial page load with existing preferences
  window.dgEvent.push({
    event: "initial_preference_callback",
    params: sendToServerGTM
  });

  // Fire when visitor updates their preferences
  window.dgEvent.push({
    event: "preference_callback",
    params: sendToServerGTM
  });
</script>

Your server-side container must be configured to parse the consent fields from incoming requests and apply them before firing any tags. How you implement this depends on your server-side client template—consult your GTM server-side client documentation for details on reading custom consent fields from inbound requests.

Verifying Consent Propagation

After configuring your server-side container, verify that consent signals are arriving correctly.

1. Open your server-side GTM container in Preview mode.
2. On your website, interact with the consent banner to set specific preferences (e.g., deny marketing).
3. Trigger a page view or event that sends data to the server-side container.
4. In the server-side Preview panel, inspect the incoming event. Confirm that the consent parameters (ad_storage, analytics_storage, etc.) reflect the choices made in step 2.
5. Verify that tags configured to require consent are not firing when the relevant category is denied.

Server-Side Tags Without a Web Container

If you send data to a server-side container directly from your backend (e.g., via HTTP calls without a browser involved), there is no consent banner in play. In this scenario, you are responsible for determining and attaching the correct consent state to each request before sending it to the server-side container.