How to Set Up Google Tag Gateway (First-Party Tags) with Cloudflare
Loves Data
Today, advertisers are facing growing challenges around privacy, data loss, and browser restrictions. If you’re using Google Analytics or running campaigns in Google Ads, you might have encountered cases where data isn't making it into your reports. Ad blockers and third-party tracking limitations can impact the reliability of your measurement. To help solve this, Google has introduced a new feature called the Google Tag Gateway, also referred to as First-Party Tags.
The Google Tag Gateway makes it easier to collect accurate data by allowing you to serve your Google tags through your own domain instead of Google’s. In this post, we’ll walk through what the Google Tag Gateway is, how it works, the benefits it offers, and how to set it up using Cloudflare. Whether you’re technical or just looking to improve your measurement setup, this guide will help you understand the value of First-Party Tags and how to get started.
Important: The Google Tag Gateway is rolling out soon, so you will need to wait until the feature is added to your Google Tag.
Table of Contents
- What is the Google Tag Gateway?
- Key Benefits for Advertisers
- How It Works
- Setting Up the Google Tag Gateway with Cloudflare
- Best Practices and Considerations
- Google Tag Gateway vs. Server-Side GTM
- Conclusion
What is the Google Tag Gateway?
The Google Tag Gateway is a way to load your Google tags – like the Google Tag for Google Analytics, the Google Tag for Google Ads, or your Google Tag Manager container – using your own domain name instead of pulling them directly from Google’s domain. This process uses your website’s CDN (Content Delivery Network), like Cloudflare, to serve the tag as if it’s a part of your website. Once configured correctly, people will receive the tag from a path on your domain. For example, from lovesdata.com/metrics instead of googletagmanager.com.
This change is important because it allows the tag to behave as a first-party request, rather than a third-party one. Some browsers and browser extensions block third-party tracking scripts, which means the tag won't be loaded and you won't collect data. By using your own domain to deliver the tag, you reduce the likelihood of it being blocked. You also gain more control over how data is handled, which can help with privacy compliance and consent management.
The key advantage is that this setup gives you some of the benefits of server-side tagging, without the need to create or manage a separate server container. You don’t need to run your own tagging server or configure a complex GTM server-side environment. Instead, the Google Tag Gateway provides a simpler way to increase measurement reliability with minimal technical effort.
Key Benefits for Advertisers
One of the biggest benefits of the Google Tag Gateway is improved tracking reliability. When tags are served through your own domain, they’re less likely to be blocked by browsers or plugins that prevent third-party requests. This can lead to more accurate data being sent to Google Analytics and Google Ads, especially for return visits and conversions.
Another benefit is increased control over your data. Because the tag loads as part of your website, you’re able to better manage how information is collected and when it’s sent. This can help you stay compliant with privacy regulations like the GDPR or CCPA, particularly when combined with Consent Mode.
Performance is also improved, as first-party tag delivery can be quicker to load. And for setup, the Google Tag Gateway is easier to implement compared to server-side tagging. There’s no need to provision a server, configure DNS records, or maintain tagging infrastructure. Instead, everything is handled through a few steps inside your Google account and your CDN.
How It Works
Normally, when someone visits your website, the Google tag is loaded from a Google-managed domain like googletagmanager.com. If you enable the Google Tag Gateway, the tag will instead be delivered from your own domain. For example, if your site is example.com, then the tag might be served from example.com/metrics. This /metrics path is configured during setup and becomes the point where Google’s scripts are fetched and served.
The process works by routing requests through your CDN. When the browser tries to load the tag, your CDN forwards the request to Google’s servers to retrieve the script, but from the user’s point of view, it looks like the tag is being served from your website. This helps the tag avoid being flagged or blocked as a third-party script. When the tag fires – for example, on a page view or any other event – the data is also sent through your domain before being passed to Google’s servers.
Here's a diagram from Google showing how it work:
This means that the entire measurement process appears to happen within the first-party context of your website. That makes it more trustworthy, more compliant, and more accurate.
Setting Up the Google Tag Gateway with Cloudflare
Depending on your CDN, you can setup the Google Tag Gateway automatically using Google's guided setup or it can be manually configured. To use the guided steps, you open your Google Tag, then select the 'Tag Quality' option:
Next, select the option to enable first-party tags:
Follow the steps to select your CDN or scan your website:
Sign into your CDN to add the Google Tag Gateway configuration for your selected tag:
You should now be up and running with Google Tag Gateway.
Apart from Google's guided setup, you can also manually configure the Google Tag Gateway. To do this you’ll need access to your domain in Cloudflare, along with your Google Tag ID (like G-XXXXXXXX) or your GTM Container ID (like GTM-XXXXXX).
Next, head into your tag settings in Google Tag Manager or Google Ads. You’ll see an option to enable 'First-Party Tags' or 'Tag Gateway'. Select this option and follow the setup steps. You’ll be prompted to choose a path for the tag – something like /metrics. It’s important to make sure this path isn’t already being used on your website, since it will now be reserved for serving the tag.
Next, you’ll need to sign in to Cloudflare. This step is where you configure Google Tag Gateway with your domain’s tag path so requests are forwarded to Google’s servers. Once you've logged in, navigate to 'Tag Management' and select 'Google Tag Gateway'. You will then be able to select your domain and configure the gateway. It will look something like this:
Once the setup is complete, you’ll see a confirmation in your tag settings showing that your First-Party Tag is active.
From this point on, your tag will be delivered from your own domain. You can test this using browser developer tools or the Google Tag Assistant extension – look for requests to your website’s domain instead of googletagmanager.com.
Best Practices and Considerations
When setting up the Google Tag Gateway, it’s a good idea to test things in a staging environment before deploying to your live site. This gives you a chance to confirm that the tag is loading correctly and that measurement hits are being sent as expected.
You’ll also want to make sure your measurement path doesn’t conflict with existing URLs or scripts on your website. Once the path is assigned, it should be dedicated to tag delivery and not used for any other content or functionality.
If you’re using Consent Mode or other privacy tools, you can continue using them as normal. First-Party Tags works alongside these features, helping you maintain compliance while improving data quality.
Finally, it’s worth checking your reports after setup to compare tracking before and after enabling the Tag Gateway. You may notice an increase in attributed sessions, conversions, or returning users – especially if your audience uses browsers that tend to block third-party requests.
How Does the Google Tag Gateway Compare to Server-Side GTM?
If you’ve looked into improving data privacy and tracking accuracy before, you might have come across server-side tagging using Google Tag Manager. The Google Tag Gateway is similar in terms of it's focus on first-party tracking, but very different in the way it's setup and implemented.
Server-side GTM involves setting up a dedicated tagging server – usually on Google Cloud Platform or another cloud provider – to handle measurement hits before they’re forwarded to Google Analytics, Google Ads, or other destinations. This gives you full control over the incoming data, lets you enrich or filter requests, and allows you to proxy or rewrite data in ways that are completely customizable. It’s a powerful setup, but it also requires technical expertise, server provisioning, and ongoing maintenance.
The Google Tag Gateway, on the other hand, provides a lightweight way to serve your tags from your own domain without needing to manage a server. It doesn’t replace the full capabilities of server-side GTM, but it does give you a more privacy-friendly and future-proof tagging setup with a much easier implementation. You don’t get the ability to modify or transform requests like you would with server-side GTM, but you do get first-party delivery, which helps reduce tracking disruptions caused by browser restrictions and ad blockers.
So which should you use? If you’re just looking to improve tag delivery and reduce data loss – and you don’t need to customize requests – the Google Tag Gateway is a great option. It’s simple to set up, cost-effective, and requires minimal maintenance. But if you need full control, want to add authentication or data enrichment, or need to work with third-party tags in a secure way, then server-side GTM may be a better fit.
You can also think of the Tag Gateway as a step toward server-side tagging. It offers many of the same benefits – like first-party tracking and reduced blocking – but without the complexity. And because it works with the same Google Tag, you can always migrate to a more advanced setup later if your needs change.
Comparison: Google Tag Gateway vs Server-Side GTM
| Feature | Google Tag Gateway | GTM Server-Side |
|---|---|---|
| Setup complexity | Simple setup | Requires server provisioning and configuration |
| Uses your domain (first-party) | Yes | Yes |
| Need to run your own server | No | Yes |
| Custom request handling | No, requests go directly to Google as-is | Yes, modify, enrich, or filter data before sending |
| Works with Consent Mode | Yes | Yes |
| Use cases | Improve reliability and privacy without added complexity | Full control over data flow, advanced implementations |
| Best for | Marketers and site owners wanting a quick privacy upgrade | Technical teams needing full customization and control |
Conclusion
The Google Tag Gateway is a valuable tool for any advertiser looking to improve the quality and reliability of their tracking. By serving your Google tags from your own domain using Cloudflare, you can reduce the risk of data loss, comply with privacy expectations, and get a more complete picture of how people are interacting with your website.
Unlike traditional server-side tagging, the Gateway is lightweight and easy to implement. You don’t need to be a developer or manage your own server – setup can be completed in just a few minutes. If you’re using Google Analytics or Google Ads, enabling First-Party Tags is one of the quickest ways to improve your measurement setup.
If you’d like to learn more about advanced tagging or want to explore server-side tagging in more detail, check out our Google Tag Manager Course.
Comments