Advertising marketing

Microsoft Advertising (UET) — consent fix

Microsoft UET tag (bat.bing.com/uet) loads before consent. _uetsid (session cookie) and _uetvid (30 days) are set before consent. UET collects conversion data for Microsoft Advertising campaigns.

Domains

  • bat.bing.com
  • bat.r.msn.com

Cookies

  • _uetmsclkid
  • _uetsid
  • _uetvid
  • MUID

The Microsoft UET (Universal Event Tracking) tag immediately sets the _uetsid and _uetvid cookies, which remain valid for up to 30 days. Microsoft uses this to collect behavioural and conversion data for their advertising network (Bing Ads). Because this data is used commercially, it falls under the strictest category of the GDPR (marketing). If the tag fires before the visitor has explicitly given consent in your cookie banner, it constitutes a data leak and a privacy violation.

Why Microsoft Ads loads too early

Usually, the Microsoft UET tag is loaded via Google Tag Manager (GTM). The problem arises when you leave the trigger set to the default All Pages. Although Microsoft UET does support Google Consent Mode v2, many websites incorrectly rely on automatic modelling. It is much safer to simply block the tag until consent is granted.

The Fix: Block Microsoft Ads in GTM

The most reliable and clean way to make the UET tag GDPR-compliant is to instruct GTM that the tag absolutely must not load without consent for marketing (marketing_storage).

Use an Exception Trigger in GTM (Recommended)

Follow these steps in your GTM workspace:

  1. Open your Microsoft Advertising UET Tag.
  2. Scroll to the Triggering section.
  3. Click Add Exception.
  4. Click the + icon to create a new trigger.
  5. Choose the trigger type Custom Event.
  6. For Event name, enter .* and check the box for Use regex matching.
  7. Select Some Custom Events.
  8. Set the condition: Consent State — marketing_storage does not equal granted (or ad_storage, depending on your CMP setup).
  9. Save the trigger as "Exception - No Marketing Consent" and publish your changes.

Note: At the same time, ensure that in the Auto-blocking settings of your Cookie Management Platform (CMP), you assign the domain bat.bing.com to the marketing category. This provides double security.

How to Verify the Fix

Use your browser's Network tab to see hard proof that the tag is stopped.

  1. Open your website in an incognito window.
  2. Ignore the cookie banner (do not click anything).
  3. Open Developer Tools (F12) and navigate to the Network tab.
  4. Search for bing.com. There must be no calls to bat.bing.com (such as /uet) visible.

Not sure if the fix worked, or want to verify that no other scripts are leaking data? Run a free scan with ConsentChecker.eu for instant confirmation.

Sources

No CMP yet?

A Cookie Management Platform (CMP) handles consent automatically for Microsoft Advertising (UET) and other trackers — including the correct GTM integration.

Cookiebot → CookieYes → CookieFirst → Complianz → Borlabs Cookie → Enzuzo → ConsentOS →

Check your own site

Scan your website for free to see if Microsoft Advertising (UET) (or other trackers) loads before consent.

Start free scan →