02. Integrations - Google Tag Manager
Track analytics and e-commerce events across the shop and admin using Google Tag Manager containers.
Overview
Google Tag Manager (GTM) integration allows you to add GTM containers to both the customer-facing shop and the admin area. The shop container tracks a comprehensive set of e-commerce events - page views, add-to-cart actions, purchases, and more - while the admin container can be used for internal usage tracking.
The shop GTM container is integrated with the platform's cookie consent system. Tracking scripts only load after customers accept analytics cookies, and consent mode signals are sent to GTM for GDPR compliance.
Shop Container
The shop GTM container loads on all customer-facing pages and provides e-commerce event tracking through the data layer.
Configuring the Shop Container
Navigate to Marketing Settings in the admin area
Enter your Google Tag Manager code (e.g.
GTM-XXXXXXX, max 20 characters)Save
Tag triggers must be set to initialisation during setup in Google Tag Manager for the container to work correctly with the platform's consent management.
E-commerce Events
The platform pushes events to the data layer for the full customer journey - from browsing and login through to purchase, refund, and basket expiry. Customer data (email and phone) is SHA-256 hashed before being pushed, so no personally identifiable information is sent to GTM in plain text.
Event | When it fires |
|---|---|
| Each page navigation |
| Customer logs in |
| Customer creates an account |
| Customer logs out or session expires |
| Event listings are displayed |
| Customer clicks on an event |
| Customer views an event detail page |
| Items modal is opened |
| Item added to basket |
| Item removed from basket |
| Basket panel is opened |
| Customer starts checkout |
| Shipping or delivery information submitted |
| Discount code applied |
| Order completed successfully |
| Checkout error occurred |
| Self-serve refund processed |
| Event shared via social media |
| Basket expires due to inactivity |
Iframe Considerations
If your shop is embedded in an iframe on an external site, GTM and tracking pixels may not fire all events or may fail to initialise. This is due to browser cross-site tracking restrictions. For full tracking reliability, host your shop on its own domain rather than embedding it in an iframe.
Cookie Consent
The shop container respects the platform's cookie consent settings:
Region | Behaviour |
|---|---|
GDPR countries | GTM loads only after the customer explicitly opts in to analytics cookies |
Other regions | GTM loads unless the customer explicitly opts out |
On page load, GTM consent mode defaults to denied for all consent types. When a customer accepts analytics cookies, consent is updated to granted. Tracking events that occur before consent are stored locally and replayed once consent is granted.
Advanced Consent Mode
If your company has GTM Advanced Consent Mode enabled, GTM is loaded on your site regardless of the customer's cookie consent status. This allows Google's consent mode to handle consent signals directly within GTM rather than blocking the script entirely.
When Advanced Consent Mode is active, the platform sends consent signals to GTM:
Granted - when the customer has opted in to analytics cookies
Denied - when the customer has not opted in
This allows GTM to operate in a limited, cookieless mode when consent is denied, while enabling full tracking when consent is granted.
Advanced Consent Mode is a feature that must be enabled for your company. When enabled, a note appears in your settings: Your company has Advanced Consent Mode enabled.
Admin Container
A separate GTM container can be configured for the admin area, used for internal tracking of admin user activity.
Configuration Hierarchy
Admin GTM codes follow a two-level inheritance model:
Level | Where to configure | Purpose |
|---|---|---|
Reseller | Reseller settings | Sets the default GTM code for all companies under this reseller |
Company | Company settings | Override or disable GTM for a specific company |
Company-Level Options
Each company has three choices for admin GTM:
Option | Behaviour |
|---|---|
Inherit from reseller | Uses the GTM code set at the reseller level. This is the default. |
Set custom code | Uses a company-specific GTM code, overriding the reseller's. |
Disable | Google Tag Manager is not loaded in the admin area for this company. |
This inheritance model means resellers can set a single GTM code that applies to all their companies, while individual companies can override it or opt out entirely.
Admin GTM tracking does not require cookie consent - it loads automatically for all authenticated admin users when configured.
Content Security Policy
When using GTM to load third-party scripts (tracking pixels, analytics services, advertising tags, etc.), you may need to whitelist their domains in the Content Security Policy (CSP) settings so browsers allow the scripts to execute.
To configure CSP URLs:
Navigate to the cookies and tracking settings in the admin area
Add the domains that your GTM tags need to load scripts from
Save
CSP URLs support:
Standard HTTPS domains (e.g.
https://cdn.example.com)Wildcard subdomains (e.g.
https://*.analytics.com)WebSocket protocols for real-time tracking (e.g.
wss://tracking.example.com)
If a parent company configures CSP URLs, child companies inherit them by default. However, if a child company defines its own CSP URLs, they replace the parent's list entirely - the lists are not merged.
Restrictions
Shop GTM codes have a maximum length of 20 characters
Admin GTM codes have a maximum length of 16 characters and must contain only alphanumeric characters, hyphens, and underscores
Shop GTM tracking requires customer cookie consent - scripts do not load until analytics cookies are accepted
GTM consent mode defaults to denied on page load and only updates to granted after explicit customer consent
Child company CSP URL lists replace (not extend) parent company lists when defined