Continuing the discussion from How to anonymize Google Analytics?:
For the GDPR it’s required to send IPs anonymized IPs because they are personal identifiable information. However, there doesn’t seem to be an option in Discourse for this?
The suggestion in the old thread is to put the GA code in Admin → Customize → HTML. But that option has since disappeared it seems.
How to use Google Analytics with Discourse and comply with the GDPR?
The option to add custom HTML is still there, you’d need to go to admin → customize → themes and from there create a new theme component, which will then have the option for custom CSS/HTML:
One more question, when I copy/paste the gtag.js stuff before the </head> tag, analytics stops to work. I disabled Analytics in the admin settings. Or should I keep that enabled and do I only have to add certain config settings in my custom HTML for e.g. IP anonymization? How would I do that? Is Discourse blocking external loaded Javascript by default? Is there a allowlist? A lot of questions 
This is the gtag.js I got from the admin panel in Google Analytics and placed that before the ` tag in Discourse:
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-12345678-1"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-12345678-1', { 'anonymize_ip': true });
</script>
The Google Analytics code that’s enabled by the admin settings is different, and does not external Javascript code. So that might be the main difference?
The above is correct (of course change your UA ID). Extra step that’s needed is: go to your admin settings and search for content security policy script src.
There add https://www.google-analytics.com/analytics.js, then it works.