Setting Google Tag Manager cookies with SameSite and Secure attributes:

Setting Google Tag Manager cookies with SameSite and Secure attributes

Google Tag Manager (GTM) is a tag management system that allows you to manage and deploy marketing and analytics tags on your website without having to modify the code. GTM cookies are used to store information about your visitors, such as their session ID and cookie preferences.

The SameSite and Secure cookie attributes are important for protecting your users’ privacy. The SameSite attribute controls whether cookies can be sent to third-party websites. The Secure attribute controls whether cookies can only be sent over HTTPS connections.

Google recommends setting the SameSite attribute to None and the Secure attribute to true for all GTM cookies. This ensures that your cookies are protected from cross-site scripting (XSS) attacks and that they can only be sent to third-party websites that are using HTTPS.

To set the SameSite and Secure attributes for GTM cookies, follow these steps:

1. Go to your GTM account and click on the Tags tab.
2. Click on the New button to create a new tag.

   

3. Select the Custom HTML Tag tag type.

   

4. In the HTML Tag field, enter the following code:

<script> document.cookie = “gtm_cookie_name=gtm_cookie_value; path=/; expires=Tue, 19 Jan 2038 03:14:07 GMT; SameSite=None; Secure”; </script>

5. Replace gtm_cookie_name and gtm_cookie_value with the name and value of the GTM cookie you want to set.
6. Click the Save button.

Once you have created the tag, you need to add it to a trigger and fire it on the pages where you want to set the cookie.

To add the tag to a trigger:

1. Click on the Triggers tab.

   

2. Click on the New button to create a new trigger.
3. Select the trigger type that you want to use. For example, you could create a trigger that fires on all pages or on a specific type of page.

   

4. Click the Save button.

To fire the tag on a trigger:

1. Click on the Tags tab.
2. Click on the tag that you want to fire.
3. In the Firing Triggers section, click on the Add button.
4. Select the trigger that you want to fire the tag on.

   

5. Click the Save button.

Once you have added the tag to a trigger and fired it on the pages where you want to set the cookie, your users’ browsers will set the GTM cookie with the SameSite and Secure attributes.

Note: If you are using Google Analytics 4 (GA4), you need to set the cookieFlags parameter when you create the GA4 tracker object. To set the SameSite and Secure attributes, use the following value for the cookieFlags parameter:

cookieFlags: "max-age=7200;secure;samesite=none"

For more information, see the Google Analytics 4 documentation: https://developers.google.com/analytics/devguides/collection/ga4.