Skip to main content

Overview

Google Tag Manager (GTM) integration allows you to add GTM containers to both the customer-facing shop and the admin area. The shop container tracks a comprehensive set of e-commerce events — page views, add-to-cart actions, purchases, and more — while the admin container can be used for internal usage tracking. The shop GTM container is integrated with the platform’s cookie consent system. Tracking scripts only load after customers accept analytics cookies, and consent mode signals are sent to GTM for GDPR compliance.

Shop Container

The shop GTM container loads on all customer-facing pages and provides e-commerce event tracking through the data layer.

Configuring the Shop Container

  1. Navigate to Marketing Settings in the admin area
  2. Enter your Google Tag Manager code (e.g. GTM-XXXXXXX, max 20 characters)
  3. Save
Tag triggers must be set to initialisation during setup in Google Tag Manager for the container to work correctly with the platform’s consent management.

E-commerce Events

The following events are pushed to the data layer:
EventWhen it fires
page_viewEach page navigation
loginCustomer logs in
sign_upCustomer creates an account
logoutCustomer logs out or session expires
product_impressionEvent listings are displayed
product_clickCustomer clicks on an event
product_detailCustomer views an event detail page
view_item_listItems modal is opened
add_to_cartItem added to basket
remove_from_cartItem removed from basket
view_cartBasket panel is opened
begin_checkoutCustomer starts checkout
add_shipping_infoShipping or delivery information submitted
select_promotionDiscount code applied
purchaseOrder completed successfully
purchase_errorCheckout error occurred
refundSelf-serve refund processed
shareEvent shared via social media
expireBasket expires due to inactivity
Customer data — email address and phone number — is SHA-256 hashed before being pushed to the data layer, so no personally identifiable information is sent to GTM in plain text.

Iframe Considerations

If your shop is embedded in an iframe on an external site, GTM and tracking pixels may not fire all events or may fail to initialise. This is due to browser cross-site tracking restrictions. For full tracking reliability, host your shop on its own domain rather than embedding it in an iframe. The shop container respects the platform’s cookie consent settings:
RegionBehaviour
GDPR countriesGTM loads only after the customer explicitly opts in to analytics cookies
Other regionsGTM loads unless the customer explicitly opts out
On page load, GTM consent mode defaults to denied for all consent types. When a customer accepts analytics cookies, consent is updated to granted. Tracking events that occur before consent are stored locally and replayed once consent is granted. If your company has GTM Advanced Consent Mode enabled, GTM is loaded on your site regardless of the customer’s cookie consent status. This allows Google’s consent mode to handle consent signals directly within GTM rather than blocking the script entirely. When Advanced Consent Mode is active, the platform sends consent signals to GTM:
  • Granted — when the customer has opted in to analytics cookies
  • Denied — when the customer has not opted in
This allows GTM to operate in a limited, cookieless mode when consent is denied, while enabling full tracking when consent is granted.
Advanced Consent Mode is a feature that must be enabled for your company. When enabled, a note appears in your settings: Your company has Advanced Consent Mode enabled.

Admin Container

A separate GTM container can be configured for the admin area, used for internal tracking of admin user activity.

Configuration Hierarchy

Admin GTM codes follow a two-level inheritance model:
LevelWhere to configurePurpose
ResellerReseller settingsSets the default GTM code for all companies under this reseller
CompanyCompany settingsOverride or disable GTM for a specific company

Company-Level Options

Each company has three choices for admin GTM:
OptionBehaviour
Inherit from resellerUses the GTM code set at the reseller level. This is the default.
Set custom codeUses a company-specific GTM code, overriding the reseller’s.
DisableGoogle Tag Manager is not loaded in the admin area for this company.
This inheritance model means resellers can set a single GTM code that applies to all their companies, while individual companies can override it or opt out entirely.
Admin GTM tracking does not require cookie consent — it loads automatically for all authenticated admin users when configured.

Content Security Policy

When using GTM to load third-party scripts (tracking pixels, analytics services, advertising tags, etc.), you may need to whitelist their domains in the Content Security Policy (CSP) settings so browsers allow the scripts to execute. To configure CSP URLs:
  1. Navigate to the cookies and tracking settings in the admin area
  2. Add the domains that your GTM tags need to load scripts from
  3. Save
CSP URLs support:
  • Standard HTTPS domains (e.g. https://cdn.example.com)
  • Wildcard subdomains (e.g. https://*.analytics.com)
  • WebSocket protocols for real-time tracking (e.g. wss://tracking.example.com)
If a parent company configures CSP URLs, child companies inherit them by default. However, if a child company defines its own CSP URLs, they replace the parent’s list entirely — the lists are not merged.

Restrictions

  • Shop GTM codes have a maximum length of 20 characters
  • Admin GTM codes have a maximum length of 16 characters and must contain only alphanumeric characters, hyphens, and underscores
  • Shop GTM tracking requires customer cookie consent — scripts do not load until analytics cookies are accepted
  • GTM consent mode defaults to denied on page load and only updates to granted after explicit customer consent
  • Child company CSP URL lists replace (not extend) parent company lists when defined