Your GA4 is missing data from EU visitors. Your Google Ads conversions look lower than they should. Both problems have the same fix — consent mode v2. The setup isn’t complicated, but every guide makes it seem like it is. Here’s exactly what to do.
This is the practical implementation guide. If you want to understand what Google Consent Mode v2 actually is — what changed from v1, whether it replaces GDPR compliance, and how it works under the hood — read the companion guide first. This article is purely the setup.
Three paths are covered here: Google Tag Manager with a CMP template (the standard approach), direct gtag.js implementation (for developers), and WordPress via a CMP plugin (the easiest option for most site owners). Pick your path and follow the steps.
Do You Actually Need Consent Mode v2?
Short answer: yes, if you have any EU/EEA or UK traffic and you’re using Google Ads or GA4.
Required for Google Ads in EEA & UK
Google made consent mode v2 a requirement for EU/EEA advertisers in March 2024. From July 2025, enforcement tightened further — sites without proper consent signaling began losing GA4 data accuracy and access to Google Ads remarketing features for EU/EEA traffic. This is ongoing in 2026. Non-compliant sites are operating with degraded measurement right now, not facing a future deadline.
If you don’t run Google Ads and your site has zero EU/EEA visitors, you can skip this. For everyone else, this is a live requirement.
Basic mode vs advanced mode — which should you use?
| Basic mode | Advanced mode | |
|---|---|---|
| Tags fire before consent? | No | Yes (cookieless pings) |
| Conversion modeling? | Limited | Full |
| Recommended for? | Maximum privacy stance | Most GA4 + Google Ads setups |
Basic mode blocks all tags until the user makes a choice. You lose data on visitors who never interact with the banner. Advanced mode lets tags fire immediately but sends cookieless pings (no personal data, no cookies) when consent is denied — this feeds Google’s conversion modeling and gives you much better attribution data. For most businesses, advanced mode is the right call.
What You Need Before You Start
Before touching GTM or your codebase, sort out two things.
Step 1: Pick a Google-certified CMP
A consent management platform (CMP) is the software that runs your cookie banner. For consent mode v2 to work correctly, it needs to fire the right signals at the right time — before any Google tags load. A Google-certified CMP handles this automatically. A random cookie banner script probably doesn’t.
Google maintains a certified partner list. You don’t need to buy anything expensive. Several options have free or trial tiers (see the CMP comparison table at the end of this article).
Step 2: Decide on your implementation path
Three options:
- GTM + CMP template — the standard approach if you already use Google Tag Manager. Your CMP publishes a GTM Community Template that handles all the consent signaling. Clean, maintainable, recommended.
- Direct gtag.js — for developers who manage tags in code rather than GTM. More control, more maintenance responsibility.
- WordPress CMP plugin — if you’re on WordPress, most certified CMPs offer a plugin that handles everything without touching GTM or code at all.
Pick one and follow the relevant path below.
Path A: Implementing Consent Mode v2 via Google Tag Manager
This is the approach most sites should take. Here’s the exact sequence — in this order, because order matters:
- Enable Consent Mode overview in GTM — go to Admin → Container Settings → Enable Consent Overview. This activates the consent management layer in GTM and makes the Consent tab visible in Preview mode.
- Install your CMP’s GTM community template — in GTM, go to Templates → Community Template Gallery. Search for your CMP (Cookiebot, CookieYes, CookieFirst) and click Add to workspace. This template replaces any manual consent code you might have added.
- Add the Consent Initialization trigger — create a new trigger, set the trigger type to Consent Initialization, and assign it to your CMP template tag. This is the step Modo25 (the current featured snippet holder) misses entirely — without it, your consent defaults may fire after other tags.
- Set the default consent state to denied for EEA/UK visitors — inside the CMP template tag settings, configure all six parameters to denied by default for EEA and UK regions:
ad_storage,analytics_storage,ad_user_data,ad_personalization,personalization_storage,functionality_storage. The CMP fires updates when the user actually chooses. - Check that Google tags have built-in consent enabled — open each Google tag in GTM (GA4 Configuration, Google Ads Conversion Tracking, etc.). Under Advanced Settings → Consent Settings, confirm that built-in consent checks are active. GA4 and Google Ads tags have this enabled by default; verify it hasn’t been switched off.
- Verify with Tag Assistant — see the verification section below.
Enable Consent Mode overview in GTM
Worth spending an extra moment here: Consent Overview in GTM gives you a dashboard view of which tags have consent requirements and which don’t. It’s in Admin → Container Settings → Enable Consent Overview. Once enabled, you’ll see a shield icon next to each tag in your workspace.
Install your CMP’s GTM template
Every major certified CMP has a Community Template in GTM. Search the gallery by your CMP name. When you add it, the template creates a tag that handles the gtag('consent', 'default', {...}) call before any other tags fire, and the gtag('consent', 'update', {...}) call when the user makes a choice on your banner.
Do not add a second consent initialization tag on top of this. One CMP tag with a Consent Initialization trigger is all you need.
Set the default consent state
The most common mistake: not setting defaults at all, or setting them in the wrong tag type. The default state must fire before any other tag in the container. That’s what the Consent Initialization trigger ensures.
For EU/EEA sites in 2026, set all six parameters to denied by default. The CMP will update them to granted when the user accepts. If a user never interacts with the banner, the defaults stand — and Google’s tags continue sending cookieless pings if you’re in advanced mode.
Configure consent signals on your Google tags
GA4 and Google Ads tags read consent signals automatically once Consent Overview is enabled. You don’t need to add custom consent checks to these tags — they’re built in. What you do need to verify (step 5 above) is that the built-in checks haven’t been disabled.
Handle non-Google tags (Facebook Pixel, etc.)
Third-party tags like the Meta Pixel don’t read Google’s consent signals automatically. You need to add an Exception trigger on each non-Google tag: fire only when ad_storage = granted (or whichever consent type applies). GTM’s built-in consent variables make this straightforward — create a variable that reads the consent state, and use it as an exception condition on the tag.
Path B: Implementing Consent Mode v2 Directly (No GTM)
If you manage tags in code rather than GTM, add these two calls directly to your site’s HTML.
Add the gtag.js default consent snippet
Place this snippet in your <head>, before the Google tag script loads:
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
// Set defaults — all denied for EEA/UK before any user choice
gtag('consent', 'default', {
'ad_storage': 'denied',
'analytics_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'personalization_storage': 'denied',
'functionality_storage': 'denied',
'region': ['GB', 'AT', 'BE', 'BG', 'HR', 'CY', 'CZ', 'DK', 'EE',
'FI', 'FR', 'DE', 'GR', 'HU', 'IS', 'IE', 'IT', 'LV',
'LI', 'LT', 'LU', 'MT', 'NL', 'NO', 'PL', 'PT', 'RO',
'SK', 'SI', 'ES', 'SE', 'CH']
});
</script>
<!-- Your Google tag (gtag.js) loads after this -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXX"></script>
The region array restricts these defaults to EEA and UK visitors. Traffic from other regions gets default granted behavior.
Update consent state on user interaction
When the user makes a choice on your cookie banner, your banner code calls:
// Called by your CMP when user accepts all
gtag('consent', 'update', {
'ad_storage': 'granted',
'analytics_storage': 'granted',
'ad_user_data': 'granted',
'ad_personalization': 'granted'
});
Your CMP should handle this automatically if it’s integrated with your custom implementation. If you’re building the banner yourself, you wire this call to the accept and reject button events. All six parameters need to be explicitly updated — not just the four from v1.
WordPress: the Easiest Path
If you’re on WordPress, you don’t need to touch GTM or write any code. A CMP plugin handles the entire consent mode v2 implementation.
CMPs that handle Consent Mode v2 automatically on WordPress
Install the CMP plugin, connect it to your Google Analytics and Google Ads, and configure the banner. The plugin takes care of the default consent states, the update calls, and — with a certified CMP — ensures all six v2 parameters are included.
The setup typically takes 15–20 minutes. You configure the banner appearance, set your consent categories, choose your jurisdiction (EEA, UK, or both), and the plugin handles everything else. No gtag.js editing, no GTM configuration.
For Shopify and Wix users: both platforms have certified CMP apps in their respective app stores. The setup is similarly plugin-based, with no code required.
How to Check If Consent Mode v2 Is Working
Don’t skip this step. A technically installed CMP isn’t the same as a working consent mode integration.
Using Google Tag Assistant (the right way)
- Install Google Tag Assistant as a Chrome extension
- Navigate to your site and open Tag Assistant — click Connect
- Start a recording session
- Interact with your cookie banner: first accept all, check the results; then open a fresh tab and reject all
- In Tag Assistant, click the Consent tab in the left panel
- You should see a log showing the consent state changes — all six parameters moving from denied to granted (on accept) or staying denied (on reject)
- Specifically confirm that
ad_user_dataandad_personalizationare present. If they’re missing, your CMP is running a v1 implementation and needs updating.
What to look for in GTM Preview mode
If you’re using GTM, Preview mode gives you a second verification layer. When you trigger the consent banner in Preview mode, you should see a Consent Initialization event firing before any other events. The Consent tab in Preview shows the current state of all six parameters.
If the Consent Initialization event fires after GA4 Page View or any other event, your trigger order is wrong — fix the trigger assignment on your CMP tag.
A network-level check: in Chrome DevTools → Network tab, filter for google-analytics.com requests and reject cookies. You should see requests with gcs=G100 in the URL — the cookieless pings confirming advanced mode is active. No gcs parameter at all means the implementation isn’t working.
Which CMPs Make This Easiest?
Not all certified CMPs are equally straightforward to set up. Here’s a practical comparison focused on ease of implementation for the three paths above:
| CMP | Free tier | GTM template | WordPress plugin | Shopify app | Certified partner |
|---|---|---|---|---|---|
| CookieYes | Yes | Yes | Yes | Yes | Yes |
| Cookiebot | Trial only | Yes | Yes | Yes | Yes |
| CookieFirst | Yes (limited) | Yes | Yes | No | Yes |
| Complianz | Free (basic) | Custom only | Yes | No | Yes |
| Consentmo | No | Yes | No | Yes | Yes |
CookieYes and CookieFirst are the friendliest options for WordPress and GTM users who want a free tier to start. Cookiebot is the strongest for EU-focused businesses that need audit trails and detailed consent records — see our Cookiebot alternatives guide if the pricing doesn’t fit. For a direct comparison of the two most popular options, the Cookiebot vs CookieYes comparison covers pricing, features, and consent mode setup in detail.
If GDPR compliance is the broader concern driving this setup — not just Google’s requirements — the CMP choice also affects your consent records, DPA management, and cookie audit capabilities. Those factors are worth weighing alongside the setup complexity.
Outside the EEA, CCPA compliance has its own requirements — consent mode isn’t required there, but privacy-first data practices are increasingly expected regardless of region.
FAQ
Is Consent Mode v2 mandatory?
Yes, for EU/EEA and UK advertisers using Google Ads or GA4. Google began enforcing this in March 2024 and tightened restrictions from July 2025. Sites without consent signaling lose GA4 measurement accuracy, remarketing access, and conversion modeling for EU/EEA traffic.
Can I implement Consent Mode v2 without a CMP?
Yes — Path B (direct gtag.js) doesn’t require a CMP. But you’re responsible for maintaining the implementation yourself, including adding new parameters if Google updates the spec. A Google-certified CMP updates automatically and removes that maintenance burden.
What’s the difference between basic and advanced consent mode?
In basic mode, Google tags don’t fire until the user makes a consent choice — you get zero data on visitors who leave before choosing. In advanced mode, tags fire immediately but send cookieless pings (no personal data) when consent is denied, which feeds Google’s conversion modeling. Advanced mode is recommended for most advertisers.
How do I check if Consent Mode v2 is working?
Use Google Tag Assistant. Start a recording session on your site, interact with the cookie banner, and check the Consent tab. All six parameters — including ad_user_data and ad_personalization — should update on accept and reject. Missing either of those two means you’re running a v1 implementation.
The setup is done — but you still need a CMP that handles consent mode correctly and keeps up with Google’s requirements as they evolve. We’ve tested the most popular options. Read our full comparison of the best consent management platforms →
