Google Tag Gateway: Setup Guide, Pros and Cons

If you’re using Google Analytics 4 (GA4) or Google Ads, you might have encountered cases where data isn't making it into your reports. Ad blockers and third-party tracking limitations can impact the reliability of your digital marketing measurement. To help solve this, Google has introduced a feature called Google Tag Gateway (also called First-Party Tags).

Google Tag Gateway makes it easier to achieve more reliable data collection by allowing you to serve your Google tags through your own domain instead of Google’s. In this post, we’ll walk through what Tag Gateway is, how it works, the benefits and limitations, and how to set it up. I’ll also share my own testing results, where I saw almost a 7% increase in reported users when using Tag Gateway.

You can also follow along by watching this tutorial:

What is Google Tag Gateway?

Google Tag Gateway, also referred to as First-Party Tags, is a new capability introduced by Google that enhances the reliability of your website's digital tracking by serving Google tags – such as those used for Google Analytics 4 (GA4), Google Ads, and Google Tag Manager (GTM) – directly from your own domain instead of Google-managed domains like googletagmanager.com.

This is important because many modern browsers and browser extensions block or restrict third-party scripts for user privacy. That includes scripts loaded from external domains like Google’s. When these scripts are blocked, crucial analytics data and advertising conversion signals are not recorded, which can significantly impact your measurement accuracy and marketing performance.

By adjusting your measurement setup with Google Tag Gateway, your tags are treated as first-party resources, meaning they come from your own website's domain (like yoursite.com/metrics). As a result, they’re far less likely to be blocked by browser rules. In one of my tests, enabling Tag Gateway resulted in almost a 7% uplift in reported users – showing it can improve data accuracy in some environments. However, it’s important to know that Tag Gateway does not reliably bypass ad blockers.

Important: In this example, we’re using /metrics as the path for measurement. However, to help reduce the chance of ad blockers interfering with your data, it’s best to use a less obvious path name. Instead of something like /metrics or /tracking, choose a neutral or random path – for example, /v2ur or /5n8r. These are less likely to be flagged and can help ensure your tracking remains reliable.

Key Benefits and Limitations

1. Improved Tracking Reliability
By serving Google tags as first-party resources, Tag Gateway can reduce data loss caused by third-party blocking. In my own testing, I saw almost a 7% uplift in reported users compared to a standard setup.

2. Simple and Cost-Free Setup (with Cloudflare)
If you already use Cloudflare, enabling Tag Gateway only takes a few steps. There are no additional server or hosting costs, unlike server-side tagging.

3. Higher Conversion Tracking Accuracy
By avoiding blocked tags, you're less likely to lose conversion signals. This leads to improved attribution and more complete data for optimizing campaign performance.

4. Works with Google Tags
Tag Gateway currently only applies to Google Analytics 4, Google Ads, and Google Tag Manager. Third-party vendor tags remain unaffected.

5. Limited Impact on Ad Blockers
Although tags are loaded from your own domain, my testing shows Tag Gateway does not reliably bypass popular ad blockers. It should not be treated as an ad-blocking workaround.

6. Not Needed if You Already Use Server-Side GTM
If you already have server-side GTM in place, you don’t need Tag Gateway. Server-side tagging provides broader benefits, more control, and support for a wider range of tags.

7. More Complex Without Cloudflare
The guided setup relies on Cloudflare. If your site isn’t on Cloudflare, configuration is more complex and the benefits may be harder to achieve.

How Google Tag Gateway Works

When a user visits your website, Google’s tags would normally be requested from external Google domains like:

https://www.googletagmanager.com/gtag/js?id=G-XXXXXXX

With Google Tag Gateway, this changes with your tagging setup. Cloudflare, or your preferred CDN (Content Delivery Network) serves the tag from a path like:

https://www.yoursite.com/metrics/gtag/js?id=G-XXXXXXX

Here’s what happens under the hood:

1. User loads your website
2. Browser requests the tag from your domain (e.g. /metrics)
3. Cloudflare fetches the original script from Google and returns it as though it came from your server
4. The script executes in the browser, capturing analytics or advertising signals as first-party data
5. Collected data is sent back to Google, again via your own domain, before being routed to Analytics or Ads

This method allows the browser to treat all interactions as first-party, improving trust, reliability, and compliance.

How to Set Up Google Tag Gateway

Depending on how tags have been implemented on your website, you can configure Tag Gateway in Google Tag Manager, Google Ads, or Google Analytics.

We're going to walk through two options – configuring Tag Gateway up directly inside Google Tag Manager with Cloudflare, and inside Google Ads. Let’s start with Google Tag Manager since this is the simplest option if you’re already using GTM.

Setup Using Google Tag Manager and Cloudflare

1. In Google Tag Manager, navigate to 'Admin'. Under 'Container', you’ll see 'Google Tag Gateway' at the bottom.
2. Click 'Continue' to begin the setup.
3. View the Measurement Path that will be used to serve your tags from your domain. Make sure it doesn’t conflict with an existing path, and I recommend sticking with something random.
4. Sign into your Cloudflare account when prompted and grant authorization.
5. Select the same domain where your GTM container is installed and complete setup. Cloudflare will automatically add the configuration code to your site.
6. Open a page on your site and view the source code to see the extra Tag Gateway code Cloudflare has inserted.
7. Edit your GTM container snippet on your site. Replace the default googletagmanager.com/gtm.js domain reference with your Tag Gateway measurement path.
8. Use Tag Assistant or your preferred debugging tool to confirm hits are being collected via your measurement path.

Setup Using Google Ads (Data Manager)

If you want to enable Google Tag Gateway for the Google Tag (from your Ads account), you can also use the guided steps inside Google Ads.

1. Navigate to 'Data Manager' in your Google Ads account.
2. Select the three vertical dots to the right of your Google Tag and choose 'Manage'.
3. Open the 'Admin' tab at the top and choose 'Google Tag Gateway'.
4. Click 'Continue' to start the setup, then sign into your Cloudflare account.
5. Select your domain in Cloudflare and complete the setup. Your tag will now be served from your own domain.

Best Practices and Considerations

• Use a unique path: Avoid paths that overlap with other site functions (e.g. don’t use /blog or any other path this is already in use).
• Use a less obvious path: Using a generic or random path – like /v2ur or /5n8r – instead of something obvious like /metrics or /tracking can help your data stay intact.
• Test in a staging environment: Ensure everything works correctly before publishing live.
• Maintain compliance: If you use Consent Mode, ensure it works with your new setup.
• Monitor data: Use Google Analytics and Tag Assistant to confirm no hits are lost.

Comparison: Google Tag Gateway vs Server-Side GTM

Conclusion

Google Tag Gateway gives marketers and site owners a modern way to improve the reliability of their Google Analytics and Google Ads tracking. It’s simple to set up, free if you already use Cloudflare, and in my own test it resulted in nearly a 7% uplift in reported users. And while it can help with tracking prevention, it won’t solve the issue of ad blockers and only applies to Google tags.