What is Tag Gateway?
Tag Gateway is a first-party tracking solution that routes your Google tracking requests through your own domain instead of directly to Google's servers. This makes tracking requests appear as first-party traffic, helping them bypass ad blockers and browser privacy restrictions.
In Simple Terms
Instead of your website sending data directly to googletagmanager.com (which ad blockers recognise), Tag Gateway sends it through yourdomain.com/gtag/ first. Your server then forwards it to Google. The result? More conversions tracked, better data accuracy.
Key Benefits
- Bypass ad blockers — Requests from your own domain aren't blocked
- Recover lost conversions — Capture 15–30% more conversion data
- First-party cookies — Longer cookie lifespans (90 days vs 7 days)
- Better attribution — More accurate ROAS and campaign data
- ITP compliance — Works with Safari's Intelligent Tracking Prevention
Why Tag Gateway Matters for E-Commerce
For Google Shopping advertisers, conversion tracking accuracy directly impacts campaign performance. When Google can't see your conversions, Smart Bidding can't optimise effectively.
The Impact on Google Ads
- Smart Bidding signals — Google needs conversion data to optimise bids. Missing conversions = suboptimal bidding.
- ROAS calculation — Understated conversions mean your reported ROAS is lower than reality, leading to conservative budget decisions.
- Audience building — Remarketing lists miss users who weren't tracked, reducing audience size and quality.
- Attribution accuracy — Cross-device and multi-touch attribution suffers without complete conversion data.
The Impact on Profit Optimisation
Accurate tracking isn't just about reporting — it directly affects profit-based bidding. When you use MarginStack to manage per-SKU costs and ProfitClarity to calculate profit-driven ROAS targets, the accuracy of those targets depends entirely on how many conversions you can see. If 30% of conversions are invisible, your ROAS calculations are 30% off.
GROW Your Sales Integration
The GROW Your Sales includes a Tracking Accuracy setting in ProfitClarity™ that compensates for tracking loss in bid calculations. Even with Tag Gateway, we recommend setting this to 85–95% to account for users who block all tracking.
How Tag Gateway Works
Tag Gateway acts as a reverse proxy between your website and Google's tracking servers. Here's the technical flow:
Standard Tracking (Blocked)
Browser → googletagmanager.com → Blocked by ad blocker
Tag Gateway Tracking (Works)
Browser → yourdomain.com/gtag/ → Your Server → Google → Conversion recorded
Technical Requirements
- Proxy endpoint — A server or edge function that forwards requests to Google
- HTTPS — Your proxy must use SSL (standard for all modern sites)
- Same domain — The proxy must be on your main domain or a subdomain
- Header forwarding — Client IP and user-agent must be passed to Google
Implementation Options
| Method | Difficulty | Cost | Best For |
|---|---|---|---|
| Cloudflare Workers | Easy | Free (100k req/day) | Most e-commerce sites |
| Cloudflare Pages Functions | Easy | Free tier available | Static sites on Cloudflare |
| Google Cloud Run | Medium | Pay-per-use (~$5–20/mo) | Google-native stacks |
| Nginx/Apache Proxy | Advanced | Server costs | Self-hosted platforms |
| Platform Apps | Easy | Varies ($10–50/mo) | Shopify, BigCommerce |
Tag Gateway vs Server-Side GTM
Tag Gateway is often confused with Server-Side Google Tag Manager (sGTM). They address the same problem — tracking loss — but at different levels of the stack. Understanding the difference helps you choose the right tool (or combine both).
| Tag Gateway | Server-Side GTM | |
|---|---|---|
| What it does | Proxies gtag.js requests through your domain | Full server-side tag management layer |
| Setup complexity | Low — 30 minutes on Cloudflare | High — requires server, GCP or cloud config |
| Cost | Free (Cloudflare free tier) | $30–200+/month (server hosting) |
| Data control | Proxy only — no enrichment | Full — modify, filter, enrich data server-side |
| CAPI support | No (needs separate CAPI setup) | Yes — built-in via server-side tags |
| Best for | Quickly recovering ad blocker losses | Full server-side data pipeline control |
Use Both Together
Tag Gateway and sGTM are complementary, not competing. Tag Gateway recovers browser-side signals that ad blockers would otherwise drop. Server-Side GTM gives you a full data pipeline with enrichment and CAPI. For serious e-commerce tracking, deploy Tag Gateway first (quick win), then layer in sGTM when you need full control.
Implementation Guide
Choose your implementation method below. We recommend Cloudflare Workers for most e-commerce sites due to its simplicity and generous free tier.
Cloudflare Workers Setup
Cloudflare Workers run at the edge, close to your users. This is the easiest and most performant option for most sites.
Step 1: Create the Worker
- Log in to your Cloudflare Dashboard
- Go to Workers & Pages → Create Worker
- Name your worker (e.g.,
gtag-proxy) - Replace the default code with the following:
// Cloudflare Worker - Tag Gateway Proxy
export default {
async fetch(request) {
const url = new URL(request.url);
if (!url.pathname.startsWith('/gtag/')) {
return new Response('Not found', { status: 404 });
}
const googlePath = url.pathname.replace('/gtag/', '/');
const googleUrl = 'https://www.googletagmanager.com' + googlePath + url.search;
const response = await fetch(googleUrl, {
method: request.method,
headers: request.headers,
body: request.method !== 'GET' ? request.body : undefined
});
const newHeaders = new Headers(response.headers);
newHeaders.set('Access-Control-Allow-Origin', '*');
return new Response(response.body, {
status: response.status,
headers: newHeaders
});
}
};Step 2: Configure the Route
- Go to Workers → Your Worker → Triggers
- Click Add Route
- Enter:
yourdomain.com/gtag/* - Select your zone and save
Step 3: Update Your Tracking Code
Change your gtag.js script from:
<!-- Old: Direct to Google (gets blocked) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GT-XXXXX"></script>To:
<!-- New: Through your domain (not blocked) -->
<script async src="https://yourdomain.com/gtag/js?id=GT-XXXXX"></script>Cloudflare Pages Functions
If your site is hosted on Cloudflare Pages, use Functions to proxy without a separate Worker.
Step 1: Create the Function
Create the file functions/gtag/[[path]].js in your project:
// functions/gtag/[[path]].js
export async function onRequest(context) {
const url = new URL(context.request.url);
const targetUrl = new URL(
url.pathname + url.search,
'https://www.googletagmanager.com'
);
const proxyRequest = new Request(targetUrl.toString(), {
method: context.request.method,
headers: context.request.headers,
body: context.request.method !== 'GET' ? context.request.body : undefined,
redirect: 'follow'
});
const response = await fetch(proxyRequest);
const newHeaders = new Headers(response.headers);
newHeaders.set('Access-Control-Allow-Origin', '*');
newHeaders.set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
return new Response(response.body, {
status: response.status,
headers: newHeaders
});
}Step 2: Deploy
Deploy your site as normal. The function will automatically handle /gtag/* requests.
Nginx Configuration
For self-hosted sites, add this to your Nginx configuration:
# Nginx Tag Gateway Proxy
location /gtag/ {
proxy_pass https://www.googletagmanager.com/;
proxy_set_header Host www.googletagmanager.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_server_name on;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
}Apache Configuration
Enable mod_proxy and mod_proxy_http, then add:
# Apache Tag Gateway Proxy
<Location /gtag/>
ProxyPass https://www.googletagmanager.com/
ProxyPassReverse https://www.googletagmanager.com/
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
</Location>Google Cloud Run Setup
Deploy a containerised proxy service on Google Cloud Run.
Step 1: Create the Service
// server.js
const express = require('express');
const { createProxyMiddleware } = require('http-proxy-middleware');
const app = express();
app.use('/gtag', createProxyMiddleware({
target: 'https://www.googletagmanager.com',
changeOrigin: true,
pathRewrite: { '^/gtag': '' },
onProxyRes: (proxyRes) => {
proxyRes.headers['access-control-allow-origin'] = '*';
}
}));
app.listen(process.env.PORT || 8080);Step 2: Deploy to Cloud Run
gcloud run deploy gtag-proxy \
--source . \
--region europe-west1 \
--allow-unauthenticatedStep 3: Configure Custom Domain
Map your Cloud Run service to tracking.yourdomain.com or use a load balancer to route /gtag/* to the service.
E-Commerce Platform Setup
Once your Tag Gateway proxy is running, update your tracking code on your e-commerce platform.
Shopify Setup
Option 1: Theme Code (Recommended)
- Go to Online Store → Themes → Edit code
- Open
theme.liquid - Find and replace the Google tag script URL:
<!-- Replace this: -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GT-XXXXX"></script>
<!-- With this: -->
<script async src="https://yourdomain.com/gtag/js?id=GT-XXXXX"></script>Option 2: Checkout Scripts
For conversion tracking on checkout (Shopify Plus required), go to Settings → Checkout → Additional scripts and update the gtag.js URL.
Shopify Apps
Several Shopify apps offer Tag Gateway functionality. Search the App Store for "server-side tracking" or "first-party tracking". These typically cost $10–50/month but require no technical setup.
WooCommerce Setup
Manual Setup
Add this to your theme's functions.php or a custom plugin:
// Add Tag Gateway tracking to WooCommerce
add_action('wp_head', function() {
?>
<script async src="https://<?php echo $_SERVER['HTTP_HOST']; ?>/gtag/js?id=GT-XXXXX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'GT-XXXXX');
</script>
<?php
}, 1);Magento / Adobe Commerce Setup
Layout XML
<!-- app/design/frontend/[Theme]/[Theme]/Magento_Theme/layout/default_head_blocks.xml -->
<page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<head>
<script src="https://yourdomain.com/gtag/js?id=GT-XXXXX"
src_type="url" async="true"/>
</head>
</page>Custom / Other Platforms
The principle is the same for any platform: find where the Google tag script is loaded, change the src URL from googletagmanager.com to your proxy endpoint.
<!-- Standard implementation -->
<script async src="https://yourdomain.com/gtag/js?id=GT-XXXXX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'GT-XXXXX');
</script>GTM Users
If using Google Tag Manager, proxy googletagmanager.com rather than google-analytics.com. The GTM container will then load Analytics through your proxy automatically.
GCLID Tracking for Google Ads
A GCLID (Google Click Identifier) is a unique string automatically appended to your landing page URL when a user clicks a Google Ads ad — for example: ?gclid=Cj0KCQjw.... Capturing and storing this identifier links ad clicks to downstream conversions, powering offline conversion tracking and CAPI uploads.
For Google Shopping campaigns, capturing the GCLID is essential. This unique identifier links ad clicks to conversions and powers offline conversion tracking.
Why Capture It?
- Offline conversion tracking — Match sales data back to the original ad click
- Cross-domain tracking — Pass GCLID from marketing site to checkout
- CAPI integration — Required for server-side conversion uploads
- Extended attribution — 90-day attribution window with stored GCLIDs
Implementation
// GCLID Tracker - add to your site's <head>
(function() {
const GCLID_KEY = 'grow_gclid';
const EXPIRY_DAYS = 90;
function getGclidFromUrl() {
const params = new URLSearchParams(window.location.search);
return params.get('gclid');
}
function storeGclid(gclid) {
if (!gclid) return;
localStorage.setItem(GCLID_KEY, gclid);
localStorage.setItem(GCLID_KEY + '_ts', Date.now());
const expires = new Date(Date.now() + EXPIRY_DAYS * 86400000);
document.cookie = GCLID_KEY + '=' + gclid +
';expires=' + expires.toUTCString() +
';path=/;SameSite=Lax;Secure';
}
const gclid = getGclidFromUrl();
if (gclid) storeGclid(gclid);
})();Next: CAPI Tracking
GCLID capture is step one. To upload conversions server-side, you need CAPI (Conversion API) tracking. This sends conversion data directly to Google from your server, bypassing all browser-based blocking. Read the CAPI Tracking guide →
Testing & Validation
After implementing Tag Gateway, verify it's working correctly.
Quick Tests
- Browser Network Tab — Open DevTools, check that gtag requests go to your domain, not
googletagmanager.com - Ad Blocker Test — Enable an ad blocker, verify your site still sends tracking requests
- Real-Time Reports — Check GA4 Real-Time to confirm hits are arriving
- Google Ads — In Tag Assistant or Diagnostics, verify conversions are recording
Checklist
| Test | Expected Result | If Failing |
|---|---|---|
Load /gtag/js?id=GT-XXX | Returns JavaScript, 200 status | Check proxy route configuration |
| Network tab shows your domain | Requests go to yourdomain.com/gtag/ | Script URL not updated |
| Works with ad blocker on | Requests still sent | Confirm first-party domain |
| GA4 Real-Time shows visits | Active users appear | Check proxy forwarding |
| Conversions track in Google Ads | Test conversion appears | Check GCLID + conversion tag |
Best Practices
Do
- Use your main domain (not
tracking.site.com) - Set up monitoring/alerting for your proxy
- Test with multiple browsers and devices
- Combine with CAPI for maximum coverage
- Keep proxy code simple and fast
Don't
- Assume 100% tracking — some users block everything
- Forget to update checkout/thankyou pages
- Use obvious paths like
/google-analytics/ - Skip GDPR consent — Tag Gateway doesn't exempt you
- Cache proxy responses (data must be live)
Privacy Compliance
Tag Gateway improves tracking reliability but doesn't change your privacy obligations. You still need GDPR consent before tracking EU users. The GROW Your Sales integrates with Google Consent Mode v2 to handle this correctly.
Frequently Asked Questions
What is Tag Gateway?
Tag Gateway is a first-party tracking solution that routes Google tracking requests through your own domain instead of directly to Google's servers. This makes tracking appear as first-party traffic, bypassing ad blockers and browser privacy restrictions like Safari's ITP.
Why does Tag Gateway matter for e-commerce?
42% of users have ad blockers that block third-party tracking requests. Without first-party tracking, e-commerce brands lose 15–30% of conversion data. This causes Google's Smart Bidding to underperform, understates ROAS, and shrinks remarketing audiences — directly impacting campaign profitability.
How does Tag Gateway work technically?
Tag Gateway acts as a reverse proxy. Instead of the browser sending data to googletagmanager.com (which ad blockers recognise and block), it sends data to your own domain first — for example yourdomain.com/gtag/. Your server then forwards the request to Google, making it appear as legitimate first-party traffic.
How do I implement Tag Gateway on Cloudflare?
Create a Cloudflare Worker that intercepts requests to /gtag/ on your domain and proxies them to www.googletagmanager.com. Configure a route for yourdomain.com/gtag/* pointing to the Worker, then update your gtag.js script URL to use your domain instead of Google's. Full implementation steps are in the guide above.
Does Tag Gateway replace my GDPR consent requirements?
No. Tag Gateway improves tracking reliability but does not change your privacy obligations. You still need GDPR consent before tracking EU users. GROW Your Sales integrates with Google Consent Mode v2 to handle this correctly — Tag Gateway and consent management work together, not as alternatives.
Next Steps
Tag Gateway is the browser-side foundation of a robust conversion tracking stack — it ensures your Google tracking signals reach their destination despite ad blockers and browser restrictions. But it's only the first layer.
| Layer | What It Does | Coverage |
|---|---|---|
| Tag Gateway (this guide) | First-party tracking, bypasses ad blockers | ~85–95% of users |
| CAPI Tracking | Server-side conversion uploads, offline sales | 100% of completed sales |
| Enhanced Conversions | First-party customer data matching | Improves attribution accuracy |
Once Tag Gateway is live, the most impactful next step is CAPI (Conversion API) Tracking — server-side uploads that capture sales that even first-party tracking misses, including offline purchases, checkout drop-offs, and cross-device journeys. Together, Tag Gateway + CAPI gives you near-complete conversion data accuracy.
GROW Your Sales handles this for you
GROW Your Sales integrates Tag Gateway, CAPI, and Google Consent Mode v2 into a single, managed tracking layer — no manual proxy setup required. Our platform manages 117 million product items across 31 countries, with first-party tracking built into every account. Create an account to get started →
