Echo

Consent and Bot Gating

Echo forwards the visitor's consent state with every event, but it does not enforce consent on its own. Two optional, opt-in controls on each destination let you suppress events from non-consenting visitors and from traffic the SDK flagged as bots.

How gating fits into the pipeline

The Echo client SDK attaches the visitor's consent signals and a bot flag to every event it posts. By default, Echo passes those signals through as data and still forwards the event to every destination its filters allow. Echo does not block events based on consent automatically, so if you need that behavior you turn it on yourself, per destination.

That per-destination model is deliberate. A data warehouse like Lens usually wants every event for complete analytics, while an advertising platform like Meta or Google Ads should only receive events from visitors who consented to ad targeting. Putting the control on each destination lets you make that decision separately for each platform instead of applying one blanket rule.

Both controls live on the destination's edit page, in the Consent Gating panel and the Bot Filtering panel. Open Echo > Destinations and click a destination to find them. Neither is on by default. A destination forwards every event until you configure one of these gates.

The Consent Gating panel has a single input. Its placeholder reads e.g. marketing, targeting (leave blank to forward regardless of consent). Enter a comma-separated list of consent categories using your CMP's exact names. That might be OneTrust codes like C0004, plain words like targeting or marketing, or Google Consent Mode keys like ad_storage. Matching is case-insensitive.

All listed categories must be present in the event's granted consent for the event to forward. If you list two categories and an event granted only one of them, the event is suppressed. Leave the input blank to disable gating entirely, which forwards every event regardless of consent.

Gating is default-deny when consent is absent. If you list a category but the event carries no consent signal at all, Echo treats that as not granted and suppresses the event rather than forwarding it. Suppressed events are counted in the CONSENT_SUPPRESSED metric, so they are withheld on purpose, not silently dropped.

Use your CMP's exact names

The gate compares the strings you type against the consent categories on each event. If your CMP emits C0004 but you enter marketing, nothing will ever match and every event will be suppressed. Confirm the exact category names your CMP sends before you save.

Bot filtering

The Bot Filtering panel only appears for advertising and measurement destinations, where bot traffic genuinely distorts results. Those are Google Analytics 4, Meta (Facebook), TikTok, Google Ads, Pinterest, Microsoft Ads, LinkedIn, Snapchat, Reddit, and Floodlight. The panel does not appear for Instagram, the Lens warehouse, or the Custom destination.

When the panel is visible, tick the checkbox labeled Exclude bot traffic. With it enabled, events the Echo SDK marked as bots, for example bot=1 with a bot_reason like crawler_ua, are not forwarded to that destination. This keeps automated traffic out of your ad and measurement platforms, where it would inflate conversions and drag down match quality.

Bot filtering never affects analytics completeness. Bot events are always kept in Lens regardless of this setting, so your reporting still sees the full picture. As with consent gating, suppressed events are counted in the BOTS_SUPPRESSED metric rather than silently dropped.

Reviewing what was suppressed

Open a destination's detail page to confirm the gates are working. The header shows a Consent Suppressed KPI, the count of events not forwarded in the last 24 hours because the visitor had not granted the required categories, and a Bots Suppressed KPI, the count blocked by the bot filter. Both sit next to received, delivered, and error counts.

Because suppression is metered rather than silent, a rising suppressed count is expected and healthy once you turn a gate on. If you enabled consent gating and the suppressed count is unexpectedly high, that usually points to a category name mismatch rather than a real surge of non-consenting traffic.

Tips

  • Both controls are opt-in per destination. A destination forwards every event until you set required consent categories or tick Exclude bot traffic.
  • Apply consent gating to ad destinations and leave it off Lens, so analytics stays complete while ad platforms only see consented traffic.
  • Bot filtering is recommended for ad platforms. Lens always retains bot events, so you never lose analytics visibility.
  • Watch the Consent Suppressed and Bots Suppressed KPIs after enabling a gate to confirm it behaves as expected.

Troubleshooting

Every event is being suppressed by the consent gate

This is almost always a category name mismatch. Confirm the exact strings your CMP emits and make sure they match what you typed, character for character (case does not matter, but spelling and codes do). Remember that all listed categories must be present, so listing more categories than the event ever grants will suppress everything.

The Bot Filtering panel is not showing

The panel only appears for supported ad and measurement destinations. If you are editing an Instagram, Lens, or Custom destination, there is no bot filter by design. Switch to a supported destination type like GA4, Meta, or Google Ads to see the Exclude bot traffic checkbox.

Suppressed counts are rising after I turned a gate on

That is the gate working. Suppressed events are intentionally withheld and counted in the CONSENT_SUPPRESSED or BOTS_SUPPRESSED metric. They are not errors and not lost. If the numbers look far higher than expected, double-check your consent category names before assuming a traffic problem.

Related guides

DestinationsCreate and Manage SourcesSet Up a Pipeline