This guide compares the two methods for transferring GTM consent from source to destination and helps you choose the right approach for your scenario.
Quick Decision Guide
Use Cookie Method (Preferred) When:
- Source and destination share a parent domain
example.com→shop.example.com✅app.example.com→checkout.example.com✅
- You have control over both domains
- Privacy is important (cookies not visible in URLs)
- You want the most reliable method (can't be stripped)
Use URL Parameter Method When:
- Sites are on completely different domains
example.com→different.com✅
- Cookie method isn't available
- You need cross-domain tracking
- Quick testing or debugging
Detailed Comparison
| Feature | Cookie Method | URL Parameter Method |
|---|---|---|
| Reliability | ⭐⭐⭐⭐⭐ Can't be stripped | ⭐⭐⭐ Can be stripped |
| Privacy | ⭐⭐⭐⭐⭐ Not in URLs | ⭐⭐ Visible in URLs |
| Cross-domain | ❌ Same parent only | ✅ Works everywhere |
| Setup complexity | ⭐⭐⭐ Needs custom domain | ⭐⭐⭐⭐⭐ Simple |
| URL cleanliness | ⭐⭐⭐⭐⭐ Clean URLs | ⭐⭐ Long URLs |
| Persistence | ⭐⭐⭐⭐ 5 minutes | ⭐ Not persistent |
| Browser support | ⭐⭐⭐⭐⭐ Universal | ⭐⭐⭐⭐⭐ Universal |
| Debugging | ⭐⭐⭐ Requires dev tools | ⭐⭐⭐⭐⭐ Easy (visible) |
| GDPR friendly | ⭐⭐⭐⭐⭐ First-party only | ⭐⭐⭐⭐ Visible in logs |
Method Overview
Method 1: Cookie-Based
How it works:
- Source sets cookie with
Domain=.example.com - Browser automatically sends cookie on redirect
- Destination reads cookie via JavaScript
- Applies to GTM before container loads
Advantages:
- Cannot be stripped by redirects
- Privacy-friendly (not in URL)
- Clean URLs
- Browser-managed (automatic)
Requirements:
- Sites must share parent domain
- Custom domain configured for Salesforce
- HTTPS enabled
Method 2: URL Parameter-Based
How it works:
- Source appends
?analytics=1&ad=0...to URL - User navigates to destination
- Destination reads URL parameters
- Applies to GTM before container loads
Advantages:
- Works cross-domain
- Simple implementation
- Easy to test/debug
- No server configuration needed
Limitations:
- Can be stripped by redirects
- Visible in URLs and logs
- Not persistent
Domain Scenarios
Scenario 1: Same Parent Domain ⭐ (Best Case)
Setup:
- Source:
www.example.com - Destination:
shop.example.com
What Happens:
- Cookie is set with
Domain=.example.com - URL params also added (redundant but safe)
- On destination: Cookie is found and used ✅
- URL params ignored (not needed)
Result: Cookie method wins (most reliable)
Scenario 2: Different Domains
Setup:
- Source:
example.com - Destination:
different.com
What Happens:
- Cookie is set with
Domain=.example.com - URL params added to URL
- On destination: Cookie NOT available (different domain)
- URL params are read and used ✅
Result: URL parameter method used (only option)
Scenario 3: Salesforce Without Custom Domain
Setup:
- Source:
www.example.com - Destination:
yourorg.my.site.com
What Happens:
- Cookie is set with
Domain=.example.com - URL params added to URL
- On destination: Cookie NOT available (different domain)
- URL params are read and used ✅
Result: URL parameter method used
Scenario 4: Salesforce With Custom Domain ⭐ (Recommended)
Setup:
- Source:
www.example.com - Destination:
shop.example.com(Salesforce custom domain)
What Happens:
- Cookie is set with
Domain=.example.com - URL params also added
- On destination: Cookie is found and used ✅
- URL params ignored
Result: Cookie method wins (best reliability)
Testing Both Methods
Test Cookie Method
// On source sitesetConsentCookie(consentState);console.log('Cookie set:', document.cookie);
// On destination sitewindow.GTMConsentReceiver.checkCookie();// Should show: "Current consent from cookie: {...}"Test URL Parameter Method
// On source siteconst params = consentToUrlParams(consentState);console.log('URL params:', params);
// On destination site (check URL)console.log('URL:', window.location.href);window.GTMConsentReceiver.checkURL();// Should show: "Current consent from URL: {...}"Verify Which Method Was Used
// On destination site (check console)// You'll see one of:// "📍 Using consent from COOKIE (preferred method)"// "📍 Using consent from URL PARAMETERS (fallback method)"
// Or check dataLayerwindow.dataLayer.filter(e => e.event === 'consent_transferred')// Look at transfer_method: "cookie" or "url_parameter"Dual Method Approach (Recommended)
Our implementation uses both methods simultaneously for maximum reliability:
// On source page - uses BOTH methodssetConsentCookie(consentState); // Method 1: Cookieconst finalUrl = addUrlParams(url); // Method 2: URL paramswindow.location.href = finalUrl;
// On destination page - priority systemconst result = getTransferredConsent();// Priority: 1. Cookie (if available), 2. URL params (fallback)Benefits of Dual Method
Maximum Reliability
- If cookie is blocked/stripped → URL params work
- If URL params stripped → Cookie works
- At least one method always works
Flexibility
- Works same-domain AND cross-domain
- Adapts to different scenarios automatically
No Configuration Needed
- System chooses best method automatically
- Developer doesn't need to decide
Recommendations by Scenario
E-commerce Site with Checkout
Scenario: Main site and checkout on subdomains
Recommendation: Cookie Method ⭐
- Configure:
www.example.com→checkout.example.com - Most reliable for payment flows
- Clean checkout URLs (important for trust)
Multi-Brand Platform
Scenario: Different brands on different domains
Recommendation: URL Parameter Method
brand1.com→platform.com- Only option for different domains
- Accept longer URLs for cross-brand tracking
Salesforce Experience Cloud
Scenario: Corporate site to Salesforce portal
Recommendation: Cookie Method (with custom domain) ⭐
- Configure custom domain:
shop.yoursite.com - Point to Salesforce org
- Get benefits of cookie method
Testing/Development
Scenario: Testing consent transfer
Recommendation: Dual Method ✅
- Use both for maximum compatibility
- Easy to see which method is working
- Can test both independently
Troubleshooting Decision Tree
Consent not transferred?│├─> Check console logs│ ││ ├─> "Cookie found" → Cookie method working ✅│ ││ ├─> "URL parameters found" → URL method working ✅│ ││ └─> "No transferred consent" → Neither method working ❌│ ││ ├─> Are domains different?│ │ └─> Yes → URL params should work│ │ └─> Check if params in URL│ ││ └─> Do domains share parent?│ └─> Yes → Cookie should work│ ├─> Check custom domain configured│ └─> Check cookie set on sourcePerformance Considerations
Both methods have negligible performance impact:
Cookie Method: ⭐⭐⭐⭐⭐
- Minimal overhead
- Browser handles automatically
- No URL parsing needed
- Fast
URL Parameter Method: ⭐⭐⭐⭐
- Slight URL parsing overhead
- Negligible impact
- Fast
Dual Method: ⭐⭐⭐⭐⭐
- Priority system is efficient
- Only one method is actually used
- No performance penalty
Security Comparison
Cookie Method: ⭐⭐⭐⭐⭐
- First-party only
- Not visible in URLs
- Proper SameSite flag
- Secure flag on HTTPS
- Short expiry (5 min)
URL Parameter Method: ⭐⭐⭐⭐
- Visible in URLs (logged)
- Appears in referrer headers
- Saved in browser history
- Still safe (only consent choices)
Summary & Recommendations
Use Dual Method (Default) ✅
Best choice for most scenarios:
- Works everywhere (same-domain AND cross-domain)
- Maximum reliability (at least one method works)
- No manual decision needed
Implementation:
// Automatically uses both:// 1. Sets cookie// 2. Adds URL params// Receiver chooses best available methodQuick Reference
| Your Scenario | Recommended Method | Config Needed |
|---|---|---|
| Same parent domain | Cookie (dual) | Custom domain |
| Different domains | URL params (dual) | None |
| Salesforce (default domain) | URL params | None |
| Salesforce (custom domain) | Cookie (dual) | Custom domain |
| Privacy critical | Cookie only | Custom domain |
| Cross-domain required | URL params | None |
| Testing | Dual method | None |