Google Consent Mode is a framework that adjusts how Google tags behave based on a visitor’s consent choices. When a user declines cookies through your consent banner, Consent Mode tells Google Analytics, Google Ads, and other Google services to operate in a restricted way — collecting aggregated, anonymous data instead of setting cookies.
Version 2 (V2) of Consent Mode, required since March 2024, added two new parameters and became mandatory for advertisers serving ads in the European Economic Area. If your website uses Google Analytics or Google Ads and you have European visitors, Consent Mode V2 is not optional.
This guide explains what Consent Mode does, how it works technically, and how to implement it using a cookie consent management platform.
Why Consent Mode exists
Before Consent Mode, website owners had two choices when a visitor declined cookies:
-
Block all Google tags. This preserved privacy but eliminated all analytics data for non-consenting visitors, creating a blind spot that could represent 30–70% of European traffic.
-
Ignore the consent choice. This kept data flowing but violated GDPR and the ePrivacy Directive.
Consent Mode creates a middle path. When consent is denied, Google tags still fire, but they operate in a “cookieless” mode that doesn’t store cookies or collect personal identifiers. Google uses the limited signals (timestamp, user agent, page URL) combined with machine learning to model conversions and fill data gaps.
The result: you maintain directional analytics data while genuinely respecting user consent.
What changed in V2
The original Consent Mode had two parameters:
analytics_storage— controls whether analytics cookies (like_ga) can be setad_storage— controls whether advertising cookies can be set
V2 added two additional parameters:
ad_user_data— controls whether user data can be sent to Google for advertising purposesad_personalization— controls whether personalized advertising is enabled
These new parameters were Google’s response to the EU Digital Markets Act (DMA), which requires explicit user consent before personal data can be used for ad targeting. Since March 6, 2024, advertisers running campaigns in the EEA must implement all four parameters.
How Consent Mode works technically
When your consent banner loads, it communicates the visitor’s choices to Google via the gtag('consent', 'update', {...}) function. Here’s the flow:
1. Default state (before consent). When the page loads, Consent Mode sets all parameters to 'denied' by default:
gtag('consent', 'default', {
'analytics_storage': 'denied',
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied'
});2. User makes a choice. When the visitor interacts with the consent banner, the CMP sends an update:
// If user accepts all:
gtag('consent', 'update', {
'analytics_storage': 'granted',
'ad_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted'
});
// If user accepts analytics only:
gtag('consent', 'update', {
'analytics_storage': 'granted',
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied'
});3. Google tags react. Google Analytics, Google Ads, and Floodlight tags automatically adjust their behavior based on the consent state. No additional tag configuration is needed.
When consent is denied, Google tags send “cookieless pings” — minimal data packets that include the page URL, timestamp, user agent, and a consent state flag, but no cookies or user identifiers. Google uses these pings for behavioral modeling in your analytics reports.
The data impact: what you lose and what you keep
With Consent Mode active, your analytics data splits into two categories:
Observed data — from users who grant consent. This works exactly as before: full cookie-based tracking, session data, conversion tracking, audience building.
Modeled data — from users who deny consent. Google uses machine learning to estimate metrics based on the cookieless pings and the observed behavior patterns of consenting users. Modeled data appears in your reports automatically when you have sufficient traffic (typically 1,000+ daily events with consent granted per property).
In practice, you’ll see a “data quality” indicator in Google Analytics 4 that shows what percentage of your data is observed vs. modeled. A well-implemented Consent Mode setup typically recovers 70–85% of the data that would otherwise be lost from non-consenting visitors.
Implementation with a CMP
The easiest way to implement Consent Mode V2 is through a consent management platform that has built-in Google integration. Here’s how it works with CookieBoss:
Step 1: Enable Google Consent Mode in your CMP dashboard. Toggle the Google Consent Mode integration on. This tells the CMP to fire the appropriate gtag consent commands when visitors interact with the banner.
Step 2: Map consent categories to Google parameters. Your consent banner typically has categories like “Analytics,” “Marketing,” and “Preferences.” Map these to the four Consent Mode parameters:
| Banner category | Consent Mode parameter |
|---|---|
| Analytics | analytics_storage |
| Marketing | ad_storage, ad_user_data, ad_personalization |
| Preferences | (not a Google parameter — handled separately) |
| Necessary | Always granted — no consent needed |
Step 3: Set the default state. Configure the default consent state to 'denied' for all parameters. This ensures Google tags operate in restricted mode until the visitor actively grants consent — which is required for GDPR compliance.
Step 4: Deploy the script. Add the CookieBoss script tag before your Google Analytics or GTM script. The CMP must load first so it can set the default consent state before any Google tags fire.
<!-- CookieBoss must load before GTM -->
<script src="https://cdn.cookieboss.io/scripts/your-site-id/consent.js"></script>
<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){...})(window,document,'script','dataLayer','GTM-XXXXX');</script>Step 5: Verify in Google Tag Assistant. Use the Google Tag Assistant Chrome extension to confirm that consent signals are being sent correctly. You should see consent state changes in the event timeline when you interact with the banner.
Advanced: Consent Mode with Google Tag Manager
If you use GTM, you can implement Consent Mode through the built-in consent configuration:
- In GTM, go to Admin, then Container Settings, and enable “Enable consent overview.”
- Set up a Consent Initialization trigger that fires before All Pages.
- Configure each tag’s consent settings to specify which consent types it requires.
- The CMP communicates consent states through the dataLayer, and GTM respects them automatically.
GTM’s consent overview gives you a visual dashboard showing which tags require which consent types and whether they’re being blocked or allowed for each visitor.
Common implementation mistakes
Loading order. The most common error is loading Google tags before the CMP sets the default consent state. If gtag fires before consent default is set, cookies may be placed before the visitor has a chance to choose — a GDPR violation.
Missing the new V2 parameters. Some older CMP integrations only send analytics_storage and ad_storage, omitting ad_user_data and ad_personalization. This means you’re technically not compliant with DMA requirements. Verify all four parameters are present.
Setting defaults to ‘granted.’ Some implementations set the default state to 'granted' and then update to 'denied' if the user rejects. This briefly allows cookies before consent, which violates GDPR’s requirement for prior consent. Always default to 'denied'.
Not testing with real consent choices. Use an incognito window, clear your cookies, and test every consent combination: accept all, reject all, accept analytics only, accept marketing only. Verify in Tag Assistant that the correct signals fire for each combination.
Frequently asked questions
Do I need Consent Mode if my site has no European visitors?
If you’re running Google Ads campaigns in the EEA, yes — Google requires it regardless of where your website is hosted. For analytics-only sites with no European traffic, it’s not strictly required but is still good practice.
Does Consent Mode replace my cookie banner?
No. Consent Mode is the technical bridge between your cookie banner and Google tags. You still need a consent banner to collect and manage visitor choices. The CMP handles the banner; Consent Mode handles the communication with Google.
Will my GA4 data look different after implementing Consent Mode?
Initially, you may see a dip in reported metrics as non-consenting visitors shift from observed to modeled data. Over time, Google’s modeling fills the gaps, and total reported metrics typically recover to within 70–85% of pre-implementation levels.
Is Google Consent Mode the same as IAB TCF?
No. Google Consent Mode is Google’s proprietary consent signaling system. IAB TCF (Transparency and Consent Framework) is an industry-wide standard primarily used in programmatic advertising. Some CMPs support both, but they serve different purposes.
CookieBoss supports Google Consent Mode V2 on all plans, including the free tier. Setup takes under five minutes. Get started.
