Google Fonts

Google Fonts

Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.

Google
Part of Google
Back to Vendor Library

Overview

Google Fonts is a free font hosting service operated by Google that delivers web fonts to websites via a global CDN. It hosts hundreds of open-source typeface families and is one of the most widely used web font services.

What This Script Does

Google Fonts works in two steps:

  1. CSS request to fonts.googleapis.com — Returns a stylesheet with @font-face declarations tailored to the visitor's browser. Google uses the User-Agent header to serve optimal font formats (woff2 for modern browsers).
  2. Font file requests to fonts.gstatic.com — Downloads the actual font files referenced in the CSS.

Cookies: Google Fonts does not set any cookies. The fonts.googleapis.com and fonts.gstatic.com domains are cookie-free.

Data transmitted: The requests include the visitor's IP address (as with any HTTP request), User-Agent string, and Referer header. Google's privacy policy for Google Fonts states that this data is not logged or used for tracking purposes.

No JavaScript required: Google Fonts uses CSS <link> tags, not JavaScript. No script execution occurs. No tracking pixels, no analytics beacons, no advertising functionality.

GDPR case law note: In January 2022, a Munich court (LG München, case 3 O 17493/20) ruled that loading Google Fonts from Google's CDN without consent violated GDPR because it transmitted the visitor's IP address to Google (a US company) without justification. This ruling led many sites to self-host Google Fonts instead. However, the EU-US Data Privacy Framework (July 2023) has since provided a legal mechanism for US data transfers, and the ruling's applicability has evolved.

Consent & Compliance

Google Fonts is classified as essential in its consent category because it serves a presentational function (rendering text) with no tracking or analytics purpose.

Under GDPR, the primary concern is not cookies (none are set) but the transmission of IP addresses to Google's US servers. With the EU-US Data Privacy Framework in place, this transfer has a legal basis, though some privacy advocates recommend self-hosting as a belt-and-suspenders approach. Under ePrivacy, since no cookies or device storage is accessed, the cookie consent rules do not apply.

Under CCPA, Google Fonts does not collect personal information for advertising or marketing purposes.

Should You Block This Without Consent?

No. Google Fonts does not set cookies, does not execute JavaScript, and does not perform tracking. It serves a legitimate presentational function. Blocking it would break the visual appearance of your site. If you have concerns about IP address transmission to Google, the recommended approach is to self-host the font files rather than blocking the CDN-served version, as blocking without a self-hosted fallback will cause visible rendering degradation.

Visit website

Consent Categories

Essential

Also Known As

Google Fonts GDPRfonts.googleapis.comweb fonts privacyGoogle CDN fonts

Industries

Computers Electronics and TechnologySearch Engines

Tracked Domains (2)

fonts.googleapis.comEssential
fonts.gstatic.comEssential

Frequently Asked Questions

Does Google Fonts require cookie consent?

No. Google Fonts sets no cookies, runs no JavaScript, and performs no tracking. It delivers fonts via CSS link tags from fonts.googleapis.com and fonts.gstatic.com. Under ePrivacy, cookie consent rules do not apply since no device storage is accessed. IP address transmission to Google is addressed by the EU-US Data Privacy Framework.

What data does loading Google Fonts transmit?

Font requests transmit the visitor's IP address, User-Agent string, and Referer header to fonts.googleapis.com and fonts.gstatic.com. Google states this data is not logged or used for tracking. No cookies are set on either domain. Sites wanting zero data transfer to Google should self-host the font files rather than loading from the CDN.

How does ConsentStack treat Google Fonts?

ConsentStack classifies Google Fonts as essential and never blocks it. It is detected via link tags to fonts.googleapis.com or font requests to fonts.gstatic.com. Since no cookies are set and no tracking occurs, ConsentStack does not include it in consent decisions. Sites wanting zero data transfer to Google should self-host the fonts.

Other Google Products

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Ads
Google Ads
Google Ads is Google's advertising platform for search, display, and remarketing campaigns. Conversion tracking scripts fire on advertiser landing pages to measure actions taken after ad clicks. The remarketing tag builds audience lists for retargeting users across Google's ad network.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
YouTube
YouTube
YouTube is Google's video platform, widely used to embed video content on external websites. The YouTube iframe player loads JavaScript that communicates with Google's servers for video playback, quality control, and ad serving. Embedded players may set cookies tied to the viewer's Google account to track watch history and personalize recommendations.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.
YouTube Player
YouTube Player
YouTube Player embeds YouTube videos on external websites via iframe. Scripts load from Google's servers and set cookies for video playback preferences, watch history, and ad targeting. Cookies are dropped even when visitors only view the embed without interacting with the player.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Azure CDN
Azure CDN
Azure CDN is Microsoft's content delivery network that caches and serves website assets from globally distributed edge servers. Delivers HTML, CSS, JavaScript, images, and media to visitors from the nearest edge location to reduce latency. No tracking or advertising functionality — operates purely as transparent content delivery infrastructure.

Manage consent for Google Fonts

ConsentStack automatically detects and manages Google Fonts trackers so your site stays compliant with global privacy regulations.

Get started free