What Google Consent Mode v2 is and why it matters
Google Consent Mode is a framework that lets your website adjust how Google tags (GA4, Google Ads, Floodlight) behave based on the user's consent choices. Instead of blocking tags entirely when consent is denied, Consent Mode allows tags to fire in a restricted, cookieless mode - sending pings to Google without setting cookies or reading identifiers. Google then uses machine learning to model the conversions and behaviour it could not directly measure.
Version 2, introduced in late 2023 and required since March 2024, added two new consent signals: ad_user_data (controlling whether user data can be sent to Google for advertising purposes) and ad_personalization (controlling whether data can be used for remarketing and personalised ads). These were added to comply with the EU Digital Markets Act (DMA).
Without Consent Mode v2 properly configured, Google Ads loses the ability to model conversions for unconsented EU sessions. This directly impacts Smart Bidding performance, audience sizes for remarketing, and the accuracy of your conversion reporting. In practice, advertisers with broken Consent Mode implementations see 20-40% fewer reported conversions from EU traffic.
The 4 consent signals explained
ad_storage
Controls whether advertising cookies (like _gcl_au, _gcl_aw) can be read or written. When denied, Google Ads tags fire without setting cookies and use cookieless pings instead. This is the primary signal for Google Ads conversion tracking.
analytics_storage
Controls whether analytics cookies (like _ga, _gid) can be read or written. When denied, GA4 still sends measurement pings but does not set cookies. Google models the session and user data it cannot directly collect.
ad_user_data
New in v2. Controls whether user data (like email addresses in Enhanced Conversions) can be sent to Google for advertising purposes. This is separate from ad_storage - even if cookies are allowed, sending user data for ads requires this additional signal to be granted.
ad_personalization
New in v2. Controls whether data can be used for ad personalisation, including remarketing lists and dynamic remarketing. When denied, the user is excluded from remarketing audiences even if other signals are granted.
How to manually check Consent Mode
There are three methods for manually inspecting Consent Mode. Each reveals different information, and a thorough audit uses all three.
Method 1: GTM Preview mode
Open GTM, click Preview, and enter your site URL. In the Preview panel, click on any tag event in the left sidebar and switch to the Consent tab. This shows the consent state at the exact moment that tag fired. Start with the Consent Initialization event - all four signals should show "denied" for EU visitors. After the user accepts consent, check a subsequent event to verify signals updated to "granted."
Pay attention to the tag firing order. If your GA4 Configuration tag fires before the Consent Initialization event, Consent Mode is not protecting that first pageview - the tag fires in an undefined consent state, which Google treats as granted.
Method 2: Browser console - dataLayer inspection
Open your site in an incognito window (no GTM Preview). Open the browser console and run:
dataLayer.filter(e => e[0] === 'consent')This returns all consent-related dataLayer pushes. You should see a consent default entry with all four signals set to denied, and after accepting the banner, a consent update entry with the relevant signals set to granted.
Method 3: Network request inspection
Open DevTools Network tab and filter for requests to google-analytics.com or googleads.g.doubleclick.net. Look at the request parameters. Before consent, GA4 collection requests should include gcs=G100 (all denied). After consent, the parameter should change to gcs=G111 (all granted). The gcs parameter encodes the consent state as a bitmask.
5 common Consent Mode v2 failures
These are the failures we see most often when auditing Consent Mode implementations. Each one silently degrades your measurement without generating errors.
Missing v2 signals: ad_user_data and ad_personalization
The most common failure. Sites that implemented Consent Mode v1 before the v2 update often still only set ad_storage and analytics_storage. The two new signals default to undefined (not denied), which Google treats differently depending on the context. Some CMPs require a manual configuration update to send the v2 signals - it is not always automatic.
Consent default not set before GTM loads
The consent default command must fire before any Google tag initialises. If your CMP script loads asynchronously and GTM fires first, there is a window where tags run without consent defaults. The Consent Initialization trigger in GTM exists specifically to solve this - but many implementations use the All Pages trigger instead, which fires later.
Consent signals not updating after user accepts
The consent default fires correctly (all denied), but after the user clicks Accept, the consent update command never fires - or fires with the wrong signal names. This happens when the CMP integration is misconfigured, often because the CMP-to-GTM mapping uses a different consent type naming convention than Google expects.
Wrong initialization order between CMP and GTM
GTM needs to be aware of the CMP before it initialises. If you load GTM before your CMP script, or if you have the CMP loading inside GTM as a tag (instead of natively on the page), the consent initialization can race. The safest pattern is: CMP script in the page head, then GTM, with the consent default set by a Consent Initialization tag inside GTM that reads the CMP state.
Region-specific configuration missing
Consent Mode supports region-specific defaults. Many implementations set consent to denied globally, which means non-EU users also get restricted measurement unnecessarily. Conversely, some set it to granted globally and only denied for EU - but the EU region list is incomplete (missing EEA countries like Norway, Iceland, Liechtenstein, or UK).
Automated checking vs manual audits
Manual Consent Mode audits using GTM Preview and console inspection are thorough but time-consuming. Each check requires clearing cookies, loading the page, interacting with the banner, and inspecting multiple data points. For a single page in one region, a manual audit takes 15-20 minutes. Multiply that across different pages, consent states, and regions, and a comprehensive audit can take an entire day.
The bigger problem is that manual audits only capture the state at the moment you check. Consent Mode can break silently when someone updates the GTM container, changes a CMP setting, or deploys a new website version. You will not know until you audit again - or until you notice a drop in conversion data weeks later.
Automated tools like the Cookie Compliance Checker Google Consent Mode Checker verify all four signals, check initialization order, validate CMP integration, and test consent update behaviour in a single scan. They catch issues that manual checks miss, particularly timing-related failures where consent defaults and tag firing overlap within milliseconds.
Frequently asked questions
What is Google Consent Mode v2?
Google Consent Mode v2 is an updated framework that lets websites adjust how Google tags behave based on user consent choices. Version 2 added two new signals - ad_user_data and ad_personalization - alongside the original ad_storage and analytics_storage. Since March 2024, Consent Mode v2 is required for any site running Google Ads measurement for EU/EEA audiences.
How do I check if Consent Mode is working?
Open your browser console and run dataLayer.filter(e => e[0] === "consent") to see consent commands. In GTM Preview mode, check the Consent tab for each tag event. You should see all four signals set to denied by default and updating to granted after the user accepts consent.
What happens if Consent Mode v2 is not set up?
Without Consent Mode v2, Google restricts measurement capabilities for EU/EEA traffic. Google Ads will not be able to model conversions for unconsented sessions, remarketing audiences will shrink significantly, and Smart Bidding performance will degrade because it loses signal data from users who decline consent.
Do I need Consent Mode v2 for Google Analytics?
Yes. While the most publicised requirement is for Google Ads, GA4 also uses Consent Mode signals. The analytics_storage signal controls whether GA4 sets cookies and collects full measurement data. Without it properly configured, GA4 will not model behavioural data for unconsented users.
How do I test Consent Mode in GTM Preview?
Open GTM Preview mode and load your site. Click on any tag event in the left panel, then switch to the Consent tab. This shows the consent state at the moment that tag fired. Check the Initialization event first to verify defaults are set to denied. Then check events after the user clicks Accept to verify signals update to granted.
Related articles and resources
Verify your Consent Mode v2 setup automatically
Cookie Compliance Checker validates all 4 consent signals, checks initialization order, tests CMP integration, and catches timing failures that manual audits miss.