Features
Utilize advanced features and integrate CookiePal with other tools.
Default command inline implementation
This guide explains how to implement a custom inline script for the GCM default command.
Table of contents
back
to the top
Custom inline scripts can help tailor the GCM default command to better fit your workflow and specific requirements. In this guide, you’ll learn the steps needed to create and implement your own inline script, along with the key considerations to keep in mind for a smooth setup.
Install the custom default command
Use this approach when you maintain your own inline Google Consent Mode implementation and need to set the default consent state directly on the page. Google documents that the default consent command should be added on every page and updated when a visitor interacts with your consent banner.
CookiePal already implements this command by default when you use its standard Google Consent Mode setup. Manual installation is usually only necessary for custom implementations, for example when you manage your own inline gtag setup, load tags outside CookiePal or Google Tag Manager, or need the default consent command to run in a custom script order before other tags execute.
Install the custom script in the head of every page, before the Google tag or Google Tag Manager bootstrap and before any later gtag commands that may send measurement data, such as gtag('js', ...), gtag('config', ...), or gtag('event', ...).
This order matters. Google’s troubleshooting guidance notes that loading the default command too late can trigger the Tag Assistant error "A tag read consent state before a default was set".
If your banner or CMP updates consent asynchronously, the wait_for_update value gives it a short window to send the matching consent update before measurement is sent.
Custom script example
Example custom inline script:
1<script>
2window.dataLayer = window.dataLayer || [];
3function gtag() {
4 dataLayer.push(arguments);
5}
6gtag('consent', 'default', {
7 'ad_personalization': 'denied',
8 'ad_storage': 'denied',
9 'ad_user_data': 'denied',
10 'analytics_storage': 'denied',
11 'functionality_storage': 'denied',
12 'personalization_storage': 'denied',
13 'security_storage': 'granted',
14 'wait_for_update': 500,
15});
16gtag('set', 'ads_data_redaction', true);
17gtag('set', 'url_passthrough', true);
18</script>Note If you use WordPress, see the WordPress section. If you use Shopify, see the Shopify section. If you use Next.js, see the Next.js section.
Region settings example
Google recommends scoping denied defaults to the regions where you actually display a consent banner. This helps preserve measurement elsewhere and avoids leaving visitors with denied defaults but no banner to update consent.
You can do that with the region parameter. Google documents these values as ISO 3166-2 region codes, so country codes like GB and subdivision codes like US-AK can be used where appropriate.
Example region-specific command:
1<script>
2window.dataLayer = window.dataLayer || [];
3
4function gtag() {
5 dataLayer.push(arguments);
6}
7// EU-specific settings
8gtag('consent', 'default', {
9 'ad_personalization': 'denied',
10 'ad_storage': 'denied',
11 'ad_user_data': 'denied',
12 'analytics_storage': 'denied',
13 'functionality_storage': 'denied',
14 'personalization_storage': 'denied',
15 'region': [
16 'GB', 'AT', 'BE', 'BG', 'CH', 'CY', 'DE', 'DK', 'EE', 'ES', 'FI',
17 'FR', 'GG', 'GR', 'HR', 'HU', 'IE', 'IM', 'IT', 'JE', 'LT', 'LU',
18 'LV', 'MT', 'NL', 'PL', 'PT', 'RO', 'SE', 'SI', 'SK',
19 ],
20 'wait_for_update': 500,
21});
22// Default settings
23gtag('consent', 'default', {
24 'ad_personalization': 'granted',
25 'ad_storage': 'granted',
26 'ad_user_data': 'granted',
27 'analytics_storage': 'granted',
28 'functionality_storage': 'granted',
29 'personalization_storage': 'granted',
30 'security_storage': 'granted',
31 'wait_for_update': 500,
32});
33gtag('set', 'ads_data_redaction', true);
34gtag('set', 'url_passthrough', true);
35</script>If you use a region-scoped command like this, make sure your banner targets the same regions and add any non-region fallback default command your policy requires for visitors outside that list.
What ads_data_redaction does
When ad_storage is denied, Google says advertising cookies are not set, but request URLs can still contain ad click information. Setting gtag('set', 'ads_data_redaction', true) further redacts ad click identifiers in Google Ads and Floodlight network requests and sends those requests through a cookieless domain.
This setting only has an effect when consent mode is being used and ad_storage is denied. If ad_storage is granted, Google documents that ads_data_redaction has no effect.
See Google’s official ads data redaction documentation for the detailed behavior of ads data redaction.
What url_passthrough does
When ad_storage or analytics_storage is denied, url_passthrough lets Google pass ad click, client, and session information through same-domain URL parameters so measurement can continue across pages without relying on cookies.
Google notes that this works only in specific cases, such as when consent mode is implemented and navigation stays on the same domain. Because it may append parameters like gclid, dclid, gclsrc, _gl, or wbraid to URLs, make sure your redirects preserve them and your site can safely ignore them where needed.
See Google’s official URL passthrough documentation for the setup requirements and limitations of URL passthrough.
Install it in WordPress with WPCode
If your site runs on WordPress, you can add the default command without editing theme files by using the WPCode plugin to insert a PHP snippet.
In the WordPress admin area, go to Plugins > Add New, search for WPCode, then install and activate the plugin.
![In the WordPress admin area, go to [Plugins > Add New:bold], search for [WPCode:bold], then install and activate the plugin.](/_next/static/media/0.bd13cb8f.png)
Open Code Snippets and create a new snippet. Choose PHP Snippet as the code type, paste the following code, and save it as a new snippet.
![Open [Code Snippets:bold] and create a new snippet. Choose [PHP Snippet:bold] as the code type, paste the following code, and save it as a new snippet.](/_next/static/media/3.8bc90a3f.png)
1add_action('wp_head', function () {
2 ?>
3 <script>
4 window.dataLayer = window.dataLayer || [];
5 function gtag(){ dataLayer.push(arguments); }
6
7 gtag('consent', 'default', {
8 "ad_personalization": "denied",
9 "ad_storage": "denied",
10 "ad_user_data": "denied",
11 "analytics_storage": "denied",
12 "functionality_storage": "denied",
13 "security_storage": "granted",
14 "personalization_storage": "denied",
15 "wait_for_update": 500
16 });
17
18 gtag("set", "ads_data_redaction", true);
19 gtag("set", "url_passthrough", true);
20 </script>
21 <?php
22}, 0);In the snippet settings, set the Priority value to 0 so the default consent command runs as early as possible in the page head.
![In the snippet settings, set the [Priority:bold] value to [0:bold] so the default consent command runs as early as possible in the page head.](/_next/static/media/2.8d633539.png)
Make sure the snippet is marked as Active, then click Update to save it.
After saving, confirm the snippet appears in the WPCode list with Code Type set to PHP, Priority set to 0, and the status toggle enabled.
![After saving, confirm the snippet appears in the WPCode list with [Code Type:bold] set to PHP, [Priority:bold] set to 0, and the status toggle enabled.](/_next/static/media/1.584a3156.png)
Install it in Shopify
If your store runs on Shopify, you can add the default command directly in your theme code using the same script shown in the Custom script example section above.
In Shopify admin, go to Online Store > Themes. Open the menu for your current theme and click Edit code.
![In Shopify admin, go to [Online Store > Themes:bold]. Open the menu for your current theme and click [Edit code:bold].](/_next/static/media/0.6f2e981e.png)
In the code editor, open Layout > theme.liquid. Find the opening <head> tag and paste the default command from the earlier example immediately after it, before the CookiePal banner script, Google tag, or Google Tag Manager bootstrap.
![In the code editor, open [Layout > theme.liquid:bold]. Find the opening [<head>:bold] tag and paste the default command from the earlier example immediately after it, before the CookiePal banner script, Google tag, or Google Tag Manager bootstrap.](/_next/static/media/1.f232d95a.png)
Click Save in the top-right corner to publish the change.
Install it in Next.js
If your site runs on Next.js, add the default command in your root layout, such as app/layout.tsx, before the CookiePal banner script, Google tag, or Google Tag Manager bootstrap.
Keep the script content as a string inside the <script> element. Do not paste the object directly as JSX, or Next.js will try to interpret it instead of rendering it as inline script content.
![Keep the script content as a [string:bold] inside the [<script>:bold] element. Do not paste the object directly as JSX, or Next.js will try to interpret it instead of rendering it as inline script content.](/_next/static/media/default-command-implementation.75b5bb00.png)
Use the same default command shown in the Custom script example, but adapt it so the JavaScript body stays inside a string, like this:
1<script>
2 {`window.dataLayer = window.dataLayer || [];
3 function gtag() {
4 dataLayer.push(arguments);
5 }
6 gtag('consent', 'default', {
7 'ad_personalization': 'denied',
8 'ad_storage': 'denied',
9 'ad_user_data': 'denied',
10 'analytics_storage': 'denied',
11 'functionality_storage': 'denied',
12 'personalization_storage': 'denied',
13 'security_storage': 'granted',
14 'wait_for_update': 500,
15 });
16 gtag('set', 'ads_data_redaction', true);
17 gtag('set', 'url_passthrough', true);`}
18</script>Save your changes and deploy the updated version of your Next.js site.
Important ordering note
The custom default command must run before any later gtag command and before any event that may be triggered on page load. Google also recommends recording the consent update on the same page where the visitor interacts with the banner, before any page transition.