Spotlight on Google Tag Manager: Open and Secure Tag Management


Our Vendor Tag Template Program allows tag providers to natively integrate with our tag templating system. Google performs a security review of each tag that is submitted through the program. The resulting tags are integrated into Tag Manager, and displayed with the company’s logo and an easy-to-use form to configure and deploy the tag.


Some recent additions include:

Are you a vendor who would like your tag supported? Learn more about the Vendor Tag Template Program and enroll here.

Secure container loading

At Google, we constantly look to develop products with best in class security. Google Tag Manager already has a host of security features such as user access controls, 2-step verification, malware detection, and tag blacklists. We’ve now also made some changes to the Google Tag Manager container snippet — given out in our user interface and documentation — to improve security and performance even more.

Previously, the Tag Manager container snippet loaded containers in a protocol-relative manner. That is, on pages with an https:// URL, the container would be loaded securely using HTTPS. Our new snippets will always use the secure protocol (HTTPS) by default, regardless of the protocol of the page. This helps protect containers from malicious parties and snooping, and in many cases, will also improve performance.

You’ll also notice that we’ve made a change to how we recommend Tag Manager be implemented, now with the container snippet split into two parts:

  • A JavaScript snippet that should be implemented as high in the head of your page as possible to ensure the best tag performance. This change is especially important if you plan to use Tag Manager to deploy Google Optimize.
  • An iframe snippet that should be implemented just after the opening body tag. This snippet handles firing of image pixels for users with JavaScript disabled, and also enables Google Search Console verification.

To get the best performance, it’s recommended that you implement both container snippets following the latest installation instructions.

What if you already have Google Tag Manager implemented on your site? Not to worry: These changes are optional, and your existing implementations will continue to work without a problem. To get the highest level of security and performance, you can update your implementations at your earliest convenience.

Happy tagging!

Leave a Reply

Your email address will not be published. Required fields are marked *

Spotlight on Google Tag Manager: Open and Secure Tag Management


Our Vendor Tag Template Program allows tag providers to natively integrate with our tag templating system. Google performs a security review of each tag that is submitted through the program. The resulting tags are integrated into Tag Manager, and displayed with the company’s logo and an easy-to-use form to configure and deploy the tag.


Some recent additions include:

Are you a vendor who would like your tag supported? Learn more about the Vendor Tag Template Program and enroll here.

Secure container loading

At Google, we constantly look to develop products with best in class security. Google Tag Manager already has a host of security features such as user access controls, 2-step verification, malware detection, and tag blacklists. We’ve now also made some changes to the Google Tag Manager container snippet — given out in our user interface and documentation — to improve security and performance even more.

Previously, the Tag Manager container snippet loaded containers in a protocol-relative manner. That is, on pages with an https:// URL, the container would be loaded securely using HTTPS. Our new snippets will always use the secure protocol (HTTPS) by default, regardless of the protocol of the page. This helps protect containers from malicious parties and snooping, and in many cases, will also improve performance.

You’ll also notice that we’ve made a change to how we recommend Tag Manager be implemented, now with the container snippet split into two parts:

  • A JavaScript snippet that should be implemented as high in the head of your page as possible to ensure the best tag performance. This change is especially important if you plan to use Tag Manager to deploy Google Optimize.
  • An iframe snippet that should be implemented just after the opening body tag. This snippet handles firing of image pixels for users with JavaScript disabled, and also enables Google Search Console verification.

To get the best performance, it’s recommended that you implement both container snippets following the latest installation instructions.

What if you already have Google Tag Manager implemented on your site? Not to worry: These changes are optional, and your existing implementations will continue to work without a problem. To get the highest level of security and performance, you can update your implementations at your earliest convenience.

Happy tagging!

Leave a Reply

Your email address will not be published. Required fields are marked *