GTM tags firing before consent

Why this matters

Even a well-configured CMP fails if GTM keeps firing tags on page view without consent conditions. This is a common root cause behind multiple findings at once.

How to verify manually

1. Open GTM preview mode and review which tags fire on first load before any consent action.
2. Compare GTM firing events with the banner timeline and consent state changes.
3. Identify custom HTML tags and legacy triggers that ignore consent requirements.

Typical root causes

• Tags still use generic page-view triggers with no consent conditions.
• Custom HTML tags load external scripts immediately.
• Multiple GTM workspaces or containers duplicate tag behavior.

GTM fix

1. Move non-essential tags behind consent-aware triggers.
2. Use Consent Initialization and explicit consent checks instead of late blocking.
3. Review every custom HTML tag for manual script injection.

WordPress fix

1. Ensure the site uses one GTM container and no overlapping plugin-injected tags.
2. Disable plugin features that add tracking outside GTM.
3. Retest after publish and cache invalidation.

Generic fix

1. Treat GTM as an execution layer, not a consent source of truth.
2. Centralize consent state and require it before optional tags can run.
3. Remove redundant tag paths that bypass your intended GTM flow.

How to confirm the fix worked

• In preview mode, confirm optional GTM tags do not fire pre-consent.
• Confirm only essential tags remain on first load.
• Run a fresh scan and verify related pre-consent findings drop.