Stape
SearchTry for free

How to configure consent management using GTM and Iubenda

Uliana Lesiv

Uliana Lesiv

Author
Updated
Jun 15, 2025
Published
May 26, 2025

Setting up consent management is more important than ever, taking into account regulations like GDPR and CCPA. In this article, we will guide you through configuring consent management using Iubenda and Google Tag Manager (GTM). The setup includes the following steps, which we will describe in detail further in the article:

  1. Activating Privacy Controls & Cookie Solution in Iubenda.
  2. Integrating Iubenda with GTM and setting up consent via GTM.
  3. Setting up the server GTM container, custom domain, and Custom Loader.
  4. Configuring server-side GA4 and consent settings for GA4.
Consent management with Iubenda and GTM
Consent management with Iubenda and GTM

Besides the configuration process we will also highlight the benefits of server-side consent management, how it works and implementation options in Google Consent Mode V2. 

Server-side tracking offers numerous benefits that make consent management easier:

  • Improved data privacy compliance. Managing user consent on the server level makes meeting data regulations (such as GDPR, CCPA, and ePrivacy) easier, as you have high control over the data collected. Also, server-side connection minimizes unauthorized third-party access, improving data protection and user trust.
  • High data security. Data is handled securely on servers, and there is a lower risk of tampering or interception than client-side methods.
  • More reliable data collection. The data collected is not affected by browser restrictions and ad blockers. Besides, server-side tracking provides anonymized data handling, which means that in consent-restricted scenarios, the data is collected through anonymized methods, supporting machine learning and decision-making based on aggregated insights.
  • Cross-platform consent management. To maintain consistent data handling, apply the same consent preferences across web and mobile platforms. With server-side consent management, creating centralized consent configurations by synchronizing settings across various tools and systems is easier.

Despite the common misconception, using server-side tracking doesn't mean you shouldn't ask for consent to collect website visitors' data. Just like with client-side tracking, you need to add a cookie banner asking for consent to gather data.

The consent management within the server Google Tag Manager (GTM) works the following way:

  1. The consent banner captures the user's consent choices and relays them to a tag (e.g., Google Tag) that transmits consent status from the web to the server GTM.
  2. Google tag transmits a parameter reflecting the user’s consent status to the server container.
  3. Within the server GTM, tags behave depending on the value of that consent parameter.
How consent management works
How consent management works

Basic Consent Mode

With this implementation option, user consent determines how data is handled. If users accept cookies, tags are triggered, and data is collected completely. If users decline, no data is collected, and cookieless pings are not sent. This approach is simple to implement but significantly restricts data collection when consent is denied.

Advanced Consent Mode

Advanced Consent Mode is a more flexible solution. The site can send anonymous, cookieless pings to Google even if users do not allow cookies. The anonymous pings allow data modeling, so that the website owners have a more complete picture of users' behavior.

Here is a list of our articles about consent. We have covered this topic extensively in other blog posts:

Before starting

Despite Basic or Advanced implementation, you will need the following to complete the consent mode:

  • Consent Management Platform. In our case, it is Iubenda CMP.
  • Configured web and server GTM containers.
  • Set up server-side Google Analytics 4. This is required to send a user's consent status from the web to the server container.

1.1 Open your project on Iubenda and click "Activate Privacy Controls & Cookie Solution." Go through the configuration process and adjust the settings according to your needs. Iubenda provides a detailed guide on cookie banner configuration.

Activate Privacy Controls & Cookie Solution
Activate Privacy Controls & Cookie Solution

1.2 Once configured, Iubenda cookie banner, add the code to your website, so the banner can display on the website. You can do it manually by inserting the code after the <head> tag or using the plugins for CMS.

Privacy Controls & Cookie Solution Code
Privacy Controls & Cookie Solution Code

Iubenda has an Automatic Blocking feature that can automatically restrict certain services until user consent is obtained. By default, it uses Advanced Consent Mode, where Google services are not entirely blocked upfront; their behavior is controlled through Consent Mode signals.

You can enable Basic Consent Mode by deselecting the option “Do not block Google’s services that adhere to Consent Mode.”

Advanced Consent Mode in Iubenda
Advanced Consent Mode in Iubenda

2.1 Add the Iubenda Privacy Controls and Cookie Solution tag from the template gallery and configure it:

  • Use the tag's default consent options.
  • Select "Extended snippet via GTM template."
  • Paste the code of the Iubenda cookie solution (the one you generated in step 1.2), the part from _iub.csConfiguration
  • Paste the configuration part from _iub.csLangConfiguration
  • Add the trigger - “Consent Initialization – All Pages”.

For more details on tag setup and configuring a tag template for multilingual sites, check the Iubenda guide on Consent Mode setup.

Iubenda tag configured
Iubenda tag configured
Please note: if you set up consent mode for tags other than Google Ads, Analytics, Floodlight, and Conversion Linker, add to the Privacy Controls and Cookie Solution script "emitGtmEvents":true parameter.

2.2 Set up consent for tags without built-in consent checks.

In the tag under Consent Settings section, select “Require additional consent for tag to fire” and choose a purpose, in our case, it is "ad_storage". Check the complete list of consent types in Google’s documentation.

Consent settings in FB tag
Consent settings in FB tag

2.3 Add a trigger group for such tags.

The custom tag, which defines whether the consent was given, should have the following properties:

  • Trigger type - Custom Event.
  • Event name - iubenda_gtm_consent_event
  • Trigger fires on all custom events.
Iubenda custom event trigger
Iubenda custom event trigger

As a result, you should have a few triggers for the tag - one for consent status and another for firing the tag after the event happens.

Trigger group in GTM
Trigger group in GTM

Step 3. Set up the server GTM container, custom domain, and Custom Loader

For each step, we have detailed guides on the configuration process:

3.1 Check our guide on how to set up the server GTM container if you don't have one.

3.2 Configure a custom domain for your server GTM container on Stape. Once the custom domain is added, you need to configure the DNS record you see in the Stape admin in the container. Domain verification can take up to 72 hours.

Domains (Tagging Server URLs) in Stape
Domains (Tagging Server URLs) in Stape

3.3 Go to the server Google Tag Manager container settings and add a custom domain inside the server GTM.

Server container URL in sGTM
Server container URL in sGTM

3.4 Update the web GTM script on your website with the Custom Loader.

Custom Loader on the website
Custom Loader on the website

4.1 There are a few setup scenarios depending on whether you configured Google Analytics 4 inside your web GTM container, follow the steps from the guide below:

4.2 Set up consent settings.

GTM works with consent management platforms like Iubenda to modify tag behavior based on user consent. Google Tags, such as GA4, automatically adjust according to the user consent settings configured in the web GTM.

For advanced consent, GA4 will continue sending anonymized pings even if users do not consent to analytics cookies. To activate this option, update the Consent Settings in web GTM. No additional consent is required, and there’s no need for any additional configuration in the server GTM for advanced consent.

Advanced consent settings in Google Tag
Advanced consent settings in Google Tag

To limit all GA4 data collection without explicit consent, set the consent settings to Require additional consent in web GTM. Server-side GA4 will comply with the consent rules set in web GTM.

Basic consent mode in Google Tag
Basic consent mode in Google Tag

Conclusion

Server-side consent management platforms (such as Iubenda) offer a privacy-conscious approach to collecting and processing user data. Businesses can achieve higher data privacy and security by shifting consent logic to the server.

Whether implementing Basic or Advanced Consent Mode, integrating tools like Google Tag Manager and Iubenda CMP provides a flexible solution that adapts to users’ consent preferences and allows staying compliant.

Want to start using server-side tags?

author

Uliana Lesiv

Author

Uliana is a Content Manager at Stape, specializing in analytics and integration setups. She breaks down complex tracking concepts into clear insights, helping businesses optimize data collection.

Comments

Try Stape for all things server-sideright now!