Google Analytics

Google Analytics

Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.

Google
Part of Google
Back to Vendor Library

Overview

Google Analytics is the most widely deployed web analytics platform, used by millions of websites to measure traffic, user behavior, and conversion performance. The current version (GA4) uses an event-based data model, replacing the session-based Universal Analytics (UA).

What This Script Does

The Google Analytics script (gtag.js or the older analytics.js) loads from googletagmanager.com and collects the following data on every page view and interaction:

Cookies set:

  • _ga — Client ID cookie (first-party, 2-year expiry). Generates a unique identifier per browser to distinguish unique visitors and track them across sessions.
  • _ga_<MEASUREMENT_ID> — Session cookie (first-party, 2-year expiry). Stores session state including session count, engagement time, and session start timestamp.
  • _gid — Daily visitor identifier (first-party, 24-hour expiry). Used in Universal Analytics; deprecated in GA4.
  • _gat — Throttle cookie (first-party, 1-minute expiry). Rate-limits requests to Google Analytics.

Data collected per hit:

  • Page URL, title, and referrer
  • Browser and device information (user agent, screen resolution, language)
  • IP address (used for geolocation, then truncated in GA4 by default)
  • Client ID (from _ga cookie)
  • Event name and parameters (page_view, scroll, click, etc.)
  • Traffic source and campaign attribution (utm parameters)
  • User-defined custom dimensions and metrics

Network requests fire to google-analytics.com/g/collect (GA4) or google-analytics.com/collect (UA). Each request transmits the above data as query parameters.

Cross-domain tracking: When configured, GA4 decorates outbound links with a _gl parameter containing the client ID, enabling user tracking across multiple domains you own.

Google Signals: When enabled, GA4 links analytics data with Google account data from signed-in users, enabling cross-device reporting and demographics. This significantly expands the personal data scope.

Consent & Compliance

Google Analytics falls under the analytics consent category.

Under GDPR and ePrivacy, Google Analytics requires explicit opt-in consent before loading. The _ga cookie is a persistent unique identifier that constitutes personal data (an "online identifier" under GDPR Article 4). Multiple EU Data Protection Authorities have issued rulings on Google Analytics:

  • The Austrian DSB and French CNIL ruled that Google Analytics transfers to US servers violated GDPR (pre-EU-US Data Privacy Framework rulings).
  • The EU-US Data Privacy Framework (adopted July 2023) provides a legal basis for US transfers, but requires Google's self-certification and appropriate safeguards.
  • Several DPAs have stated that Google Analytics requires consent regardless of IP anonymization settings.

Under CCPA, Google Analytics data collection constitutes processing of personal information. If analytics data is used for cross-context behavioral advertising (e.g., via Google Signals or linked Google Ads accounts), it may constitute "sharing" requiring opt-out rights.

Google Consent Mode v2 allows the GA4 tag to operate in a restricted mode when analytics_storage=denied. In this mode, GA4 sends cookieless pings that do not set the _ga cookie and transmit limited data. Google uses this data for conversion modeling. Whether these cookieless pings require consent is debated — some DPAs consider any data transmission to a third party as requiring consent.

Server-side Google Analytics: Some implementations proxy GA4 through a first-party endpoint to reduce third-party cookie dependencies. This does not eliminate consent requirements — the data still reaches Google's servers and the processing purpose remains analytics.

Should You Block This Without Consent?

Yes. Google Analytics sets persistent tracking cookies, generates unique visitor identifiers, and transmits behavioral data to Google's servers. It is the canonical example of a non-essential analytics tool requiring consent under GDPR/ePrivacy. Block the script entirely until the user grants analytics consent. If using Google Consent Mode v2, you may load the tag in cookieless mode without consent, but consult your DPA's guidance on whether cookieless pings require consent in your jurisdiction.

Visit website

Consent Categories

Analytics

Also Known As

GA4Universal Analyticsgtag.jsanalytics.js_ga cookieGoogle Analytics 4

Industries

Computers Electronics and TechnologySearch Engines

Tracked Domains (1)

google-analytics.comAnalytics

Frequently Asked Questions

Does Google Analytics require cookie consent?

Yes. Google Analytics is the canonical example of a non-essential analytics tool requiring explicit opt-in consent under GDPR and ePrivacy. The _ga cookie is a persistent unique identifier constituting personal data. The Austrian DSB and French CNIL have both ruled that Google Analytics requires consent. Block it until analytics consent is granted.

What cookies does Google Analytics GA4 set?

GA4 sets _ga (first-party, 2-year) as the unique client identifier, _ga_<MEASUREMENT_ID> (2 years) for session count and engagement time, and _gid (24 hours) as a day-level identifier. Hits fire to google-analytics.com/g/collect transmitting page URL, referrer, device info, IP address, and event parameters.

How does ConsentStack manage Google Analytics consent?

ConsentStack classifies Google Analytics as analytics and blocks gtag.js until consent is granted. It supports Google Consent Mode v2, sending analytics_storage signals to GA4. When denied, ConsentStack can load GA4 in cookieless mode for modeling if your jurisdiction permits. Full tracking with the _ga cookie fires only after consent is granted.

Other Google Products

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Ads
Google Ads
Google Ads is Google's advertising platform for search, display, and remarketing campaigns. Conversion tracking scripts fire on advertiser landing pages to measure actions taken after ad clicks. The remarketing tag builds audience lists for retargeting users across Google's ad network.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
YouTube
YouTube
YouTube is Google's video platform, widely used to embed video content on external websites. The YouTube iframe player loads JavaScript that communicates with Google's servers for video playback, quality control, and ad serving. Embedded players may set cookies tied to the viewer's Google account to track watch history and personalize recommendations.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
YouTube Player
YouTube Player
YouTube Player embeds YouTube videos on external websites via iframe. Scripts load from Google's servers and set cookies for video playback preferences, watch history, and ad targeting. Cookies are dropped even when visitors only view the embed without interacting with the player.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.
Amazon.com
Amazon.com
Present on third-party sites through Amazon Associates (affiliate tracking), Amazon Advertising pixels, and AWS-hosted assets. The Associates script fires conversion events when users arrive from Amazon affiliate links. Amazon Advertising's pixel tracks product page views and purchase events to build retargeting audiences on Amazon's ad network.

Manage consent for Google Analytics

ConsentStack automatically detects and manages Google Analytics trackers so your site stays compliant with global privacy regulations.

Get started