Multiple Dynamic IPs, Locations, and Devices: A Comprehensive Guide to Excluding Internal Traffic From All in Google Analytics

Special Note: Big shout out, and a huge thank you to Carlos Escalera Alonso! Not only was I able to solve this problem for my website, I was also able to confirm a few extra things on my end due to the inspirations I received from his detailed article. Also, all of my technical setup — including names, for now, blindly follows his recommendations (and I’d advise you the same if it’s your first time).

Special Note 2: This article will restrict itself on achieving this feat through Google Tag Manager only, with some of my own twists. The focus is on getting you up and running with this, as opposed to explaining the why behind everything. And therefore, for that reason, my steps aren’t necessarily in the same order as Carlos’s article; however, if you need more explanations and details, I’d highly encourage following his methodology. At the end of the day, this blog post will virtually cover a lot of the same things, and is a tribute to Carlos and his work on this — in the name of spreading the good word around! Like me, I am sure many SEOs and bloggers have wondered about this, but probably never got around to it because they didn’t know better. Expectantly, this article alleviates that pain point.

Problem/background story: I bought a new VPN where not only my IP address kept changing, but also my location. Combine that with multiple devices that I have, and the simple IP address solution wouldn’t work (static or not). In fact, that’s exactly what I had done, before I purchased a VPN. I knew that I’d be running into the issues of blocking out my internal traffic, but I valued my privacy, speed, and anonymization more than that. However, I also told myself that I’d figure out a way to do so — which is when I found Carlos’ article.

Solution and uses cases: Setting a cookie in your browser. This fix can work for the following scenarios:
1. You have employees globally, or who work remotely from different geographic locations.
2. As a personal blogger, you’re using a VPN, as I do.
3. You or your employees are always on the road, or air — so to speak, whereby, you’re constantly accessing the internet via cafes, airports, and hotels.
4. If you’re anonymizing IP addresses, to better comply with GDPR laws.
5. Any other similar situation you might be in.

Getting Started: Tools and Access Levels

To implement this solution, I’d recommend having access to the following tools — with at least the minimum permissions below.

  1. Google Analytics: Edit permission for the view that matters.
  2. Google Tag Manager: Publish permission for the container that matters.
  3. Google Tag Assistant Chrome Extension (for recordings): Not entirely sure if there is a permission level setting here per se, but you’d need to be using it with the same account that has Google Analytics (edit) and Google Tag Manager (publish) access. Otherwise, you won’t be able to view all the data for the recordings.

Step 1: Everything You Need to Do in Google Tag Manager

In Google Tag Manager, we will be creating a tag, a trigger, a variable, and updating the existing Google Analytics Settings Variable or the Tag.

Creating the New Tag

Essentially, you’d be creating a custom HTML tag, where you’d you’d copy the exact function below:

function setCookie(cname, cvalue, exdays, cdomain) {
var d = new Date();
d.setTime(d.getTime() + (exdays*24*60*60*1000));
var expires = "expires="+ d.toUTCString();
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/ ; domain=" + cdomain;
setCookie("InternalTraffic", "true", 365, "");

^^Where, you’d be replacing, with your domainname. And yes, no need to add http protocols, or www, or trailing slashes. The advantage is that it’ll work on subdomains too.

Other Tag Settings

  1. Name your tag, verbatim as–> “HTML – Set InternalTraffic cookie” (without the quotes; image below for visual reference).
initial tag setup

Creating the New Trigger

You can either continue to create the new trigger directly from the tag setup for above, or create a new one. Either Scenario, this trigger will need to be tied to the HTML – Set InternalTraffic cookie tag. See the screenshot below for reference.

tying the cookie trigger with the cookie tag

Anyhow, to create the trigger with the following configurations below. (Final Screenshot of the entire Trigger to follow to ensure you’ve done everything correctly).

  1. Name: PV – InternalTraffic
  2. Trigger Type: Page View
  3. This Trigger fires on: Some Page view> Page URL > matches RegEx > \/internal\/$|\?internal$. See the visual below for guidance.
this trigger fires on settings
  1. References to this trigger: The “HTML – Set InternalTraffic cookie” tag. Full Trigger snapshot below.
full trigger settings

Creating the New Variable

Once you’ve taken care of the two above, create a new variable as follows:

  1. Name: Cookie – InternalTraffic
  2. Variable Type: 1st Party Cookie
  3. Cookie Name: InternalTraffic
  4. References to this variable: Your GA Tag

See the image below.

variable configurations

Updating Existing Google Analytics Settings Variable or the Tag

Here, you’d be appending a custom dimension as instructed below:

  1. Edit your existing GA Tag or Variable.
  2. Expand More Settings.
  3. Under Custom Dimensions:
    • Input number ‘1’ (without the quotes) for Index. Note that the index number will need to match the custom dimension index number in Google Analytics. See more details in GA Custom dimension settings.
    • Input ‘{{Cookie – InternalTraffic}}’ (without the quotes) for Dimension Value.

Step 2: Everything You Need to Do in Google Analytics

In Google Analytics, we’ll be working on two things: Creating a custom dimension, and creating an exclusion filter for the applicable view.

Custom Dimension Configurations

The custom dimension will need to be propagated at the property level. To do so:

  1. Navigate to your admin section > and in the column for “Property”/a.k.a, the second column, scroll all the way down and look for “Custom Definitions.”
  2. Click on it, and then click again on custom dimensions.
creating a custom dimension in google analytics
  1. Once you’re there, apply the following settings:
    • Name: InternalTraffic
    • Scope: User
    • Active checkbox: Make sure it’s ticked
editing a custom dimension in google analytics
  1. Next, hit save.
  2. And lastly, note down the Index number of your dimension, because you’ll need for your GA tag or variable.
custom dimension index number
As the last step, jot down the index number somewhere, as you will need this to update your existing GTM tag or variable.

View Filter Configurations

Next, create a new Filter per the following details:

  1. Name: Exclude Internal Traffic – Dynamic
  2. Filter Type: Custom > Exclude
  3. Filter Field: InternalTraffic (This is the name of the custom dimension you just created above)
  4. Filter Pattern: True
google analytics filter settings

If you’ve followed thus far, you should be all set. Make sure to save and publish everything in GA, and GTM, respectively. Once done, it’s time to activate your cookie! To do so:

  1. Go to your homepage (technically any URL would work), and append ?internal at the end.
  2. So taking my website as an example, I’d append ?internal on my IP address anonymization blog post like this–>
  3. Wait for your entire page to load, and then wait another 5-6 seconds.
  4. Then, browse around your website. Go to other pages; maybe 4-5 more pages. In between the navigation, add ?internal to one of the other URLs too.
  5. If everything has been done correctly, your cookie should be set in your browser.

In your Chrome browser’s settings, search for “cookies and other site data.”

cookies and other site data
Search for “cookies and other site data.”

Open it, scroll down to “see all cookies and site data,” and navigate there.

see all cookies and site data

Next, search for your site under the cookie search (not the main chrome settings search).

search for your site

Lastly, open your site, and look for the cookie name called “InternalTraffic.”. Open that too, and you’re looking for content value to be “true.”

internaltraffic cookie

Verifying if Your Internal Traffic Is Blocked

All your hard work has brought you to this point! Everything is done; all the checkboxes are ticked. Now, it’s time to test your setup.

There are two methods to test.

Method 1: GA Real Time Report

This one is as straightforward as it sounds. If your traffic is blocked by the cookie you just made, your hits to your own site from your device, shouldn’t be picked up. As long as the cookie is living and breathing, it won’t matter what IP address you’re using. In all honesty, though, you need to be a bit patient with this method. It doesn’t work right away.

Method 2: Using Google Tag Assistant

Here we will be leveraging its recording capability. In fact, a lot of the steps are very similar to what I had discussed in my previous “How to Exclude Your Home Wi-Fi in Google Analytics Tracking, and Then Verifying the Exclusion” blog post. If you do not know how to use recordings, I’d highly encourage to check out blog post first.

Essentially, you can follow along up until step 3 in my blog, where I discuss Google Tag Assistant, and then you can skip step 4, to directly move onto step 5. Open up any of the page loads, and you should see the following 2 things below. (screenshot to follow).

  1. Custom dimensions in hit: The index, name, and value should match your setup.
  2. Mutations: You should see that your hits to your site are excluded because of your filter.
GTA custom dimensions and mutations

Pro Tips

  1. It might be a good idea to refresh the cookie expiry date by adding ?internal to your URLs every now and then. The default, is 365 days.
  2. You will need to activate the cookie again if you clear your browsing and cookie history.
  3. You will need to activate the cookie individually on different browsers.
  4. Similarly, every device will need to invoke the cookie at least once, which means that every device will need to be QA-ed. For this reason, if you’re an organization, it might be a good idea to create one Google Account that all employees have access to — to test. (And don’t forget about the access levels.)

You May Also Want to Check Out:


Website tracking and the exceptions that need to come with it has evolved a lot from say 5 years ago. With the introduction of Google Tag Manager, there is less reliance on the developers to execute something, and site owners can quickly take action. Plus, things can be done more so in real-time, and safely, as the actual site code isn’t messed with.

Hand in hand to that, given the current situation, almost the entire world is going remote. And with it, comes the complications of network and internet security, privacy obligations, and tracking headaches.

Hopefully, with this post, you aren’t discouraged anymore to make sound investments to make the internet a safe place for yourself, your employees, and your users. And at the same time, you aren’t stressed anymore about excluding internal GA traffic from multiple devices, multiple dynamic IPs, and multiple locations.