Google Tag Manager Integration

Add SpamBlock to any website using Google Tag Manager

Overview

Google Tag Manager (GTM) lets you publish the SpamBlock pixel without touching code repositories. Once the tag is live, the script injects our honeypot, intercepts form submissions, and scores each request before your backend ever sees it.

Prerequisites

  • A GTM container with publish access
  • Forms that submit via standard <form> elements (GET or POST)
  • Optional: specific form selectors (data-block-spam) if you only want to protect certain forms

Setup

1. Add the SpamBlock tag

  1. Open your GTM workspace.
  2. Click Tags → New → Tag Configuration.
  3. Choose Custom HTML and paste the helper snippet:
<script>
  (function () {
    var pixel = document.createElement('script');
    pixel.src = 'https://api.spamblock.io/sdk/pixel/v1.js';

    // Optional: Add configuration attributes
    // See /docs/ for all available options
    // pixel.dataset.maxScore = '60';
    // pixel.dataset.debug = 'false';

    document.head.appendChild(pixel);
  })();
</script>

Why a helper script? GTM sanitises inline <script> elements and strips data-* attributes. Creating the element programmatically preserves every configuration option.

  1. Set Support document.write to false (default).

2. Choose a trigger

  • All Pages – protects every form automatically.
  • Specific forms only – create a trigger that targets pages or events where the protected forms exist.

If you only want certain forms protected on a page, add data-block-spam to those forms in your HTML templates:

<form data-block-spam action="/api/contact" method="post">
  ...
</form>

3. Preview & publish

  1. Click Preview in GTM.
  2. Load your site with the preview container and submit a test form.
  3. To view detailed scoring logs, add pixel.dataset.debug = 'true'; inside the helper script.
  4. Once you see clean submissions passing and spam being blocked, click Submit in GTM to publish the version.

Configuration

Add configuration attributes to the pixel object in the helper script. For example:

pixel.dataset.maxScore = '60';
pixel.dataset.debug = 'false';
pixel.dataset.blockGeo = 'RU,CN'; // Block specific countries

See the complete configuration reference for all available options.

Testing

  • Use addresses like [email protected] or phrases such as "win a casino jackpot" to trigger spam signals.
  • The browser console will show logs when pixel.dataset.debug = 'true'.
  • See the documentation for more testing tips.

Troubleshooting

Issue Resolution
Tag loads but forms still submit spam Ensure triggers fire on the correct pages and the forms are real <form> elements.
Some forms should remain untouched Add data-block-spam only to the forms you want protected; the rest will bypass SpamBlock.
Need analytics elsewhere Forward the SpamBlock console logs to your dataLayer inside the GTM preview callback.

That’s it—once published, GTM will roll the pixel out everywhere that trigger fires, and SpamBlock keeps your forms clean automatically.