Google Consent Mode V2

Google Consent Mode V2 (GCM V2) adjusts how Google tags behave based on consent. When a visitor declines cookies, Google tags operate in a restricted “cookieless” mode — collecting aggregated signals without setting cookies.

Required since March 2024

GCM V2 is mandatory for advertisers serving ads in the European Economic Area. Without it, Google Ads will not measure conversions from EU visitors.

Enable in dashboard

  1. Open your site in the CookieBoss dashboard
  2. Go to the Banner Editor
  3. Enable Google Consent Mode V2 in the settings section
  4. Optionally enable URL Passthrough and Ads Data Redaction
  5. Publish to push the changes live

That’s it — CookieBoss handles everything else automatically.

How it works

Default denied state

When the consent script loads (before any Google tags), it sets all consent types to denied:

Automatic — you don't need to add this javascript 
gtag('consent', 'default', {
ad_storage: 'denied',
ad_user_data: 'denied',
ad_personalization: 'denied',
analytics_storage: 'denied',
functionality_storage: 'denied',
personalization_storage: 'denied',
security_storage: 'granted',
wait_for_update: 500
});

When the visitor gives consent, CookieBoss updates the signals:

Automatic — fires on consent change javascript 
gtag('consent', 'update', {
ad_storage: 'granted',        // marketing consent
ad_user_data: 'granted',      // marketing consent
ad_personalization: 'granted', // marketing consent
analytics_storage: 'granted',  // analytics consent
functionality_storage: 'granted', // functional consent
personalization_storage: 'granted' // functional consent
});

Category mapping

CookieBoss maps its cookie categories to Google’s consent signals:

CookieBoss categoryGoogle Consent Mode signals
marketingad_storage, ad_user_data, ad_personalization
analyticsanalytics_storage
functionalfunctionality_storage, personalization_storage
necessarysecurity_storage (always granted)

Optional settings

URL Passthrough

When enabled, ad click information (like gclid and dclid) is passed through page URLs instead of being stored in cookies. This preserves some conversion measurement when ad_storage is denied.

Ads Data Redaction

When enabled and ad_storage is denied, ad click identifiers in network requests are redacted. This adds an extra layer of privacy.

Script loading order

For GCM V2 to work correctly, your <head> should load scripts in this order:

html 
<!-- 1. CookieBoss consent script (sets default denied) -->
<script async src="https://cdn.cookieboss.io/scripts/YOUR_SITE_ID/consent.js"></script>

<!-- 2. Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-XXXXXXX');
</script>

CookieBoss uses wait_for_update: 500 which gives the consent script 500ms to set the default state before Google tags start collecting data. This ensures no data leaks before consent is established.

Verifying the setup

  1. Open your site in Chrome
  2. Open DevTools > Console
  3. Type dataLayer and look for consent entries
  4. You should see a consent default entry with all values denied
  5. Accept cookies in the banner
  6. Check dataLayer again — a consent update entry should show granted values

Conversion modeling

With GCM V2, Google uses machine learning to model conversions from non-consenting visitors based on the aggregated signals it receives. This means you maintain directional data even when visitors decline cookies.