Consent Mode - Setup and Implementation

Home / Everything About / Everything About Analytics / Consent Mode - Setup and Implementation

Consent Mode is a feature in analytics platforms (especially Google's ecosystem) that lets you track differently depending on whether a user has consented. In full mode, you track with cookies and detailed data. In restricted mode, you track anonymously or aggregated. Setting up consent mode correctly lets you get the most analytics value while respecting user privacy choices.

How Consent Mode Works

Consent Mode is implemented through tag management platforms like Google Tag Manager. You configure your analytics tags to behave differently based on user consent. Before the user sees the consent banner, tags fire in "denied" mode (no tracking). If they consent, tags switch to "granted" mode (full tracking). If they reject or later withdraw consent, tags revert to "denied" mode.

Two Consent Modes: Granted and Denied

Granted mode: User has given explicit consent. Tags fire normally. Cookies are set. Full analytics data is collected.

Denied mode: User has not given consent or has withdrawn it. Tags fire in a degraded state. No cookies are set. Analytics platform may collect aggregated or anonymized data instead of individual-level data.

The Google Consent Mode V2 Update

Google updated Consent Mode to V2 to be more specific about consent types. It now tracks two separate consents: analytics consent (whether to track user behavior) and marketing consent (whether to use data for marketing and ads). This gives platforms more granular control and reflects modern privacy frameworks more accurately.

Setting Up Consent Mode in Google Tag Manager

The implementation process involves: declaring consent parameters in Google Tag Manager before tags load, setting up the consent banner (or using a third-party consent manager), and configuring tags to respond to consent state changes.

Step 1: Declare Consent State

In GTM, you define variables for analytics consent and marketing consent. These variables represent the user's current consent state. On the first page load, before any tags fire, declare these as "denied" by default. This ensures no tracking happens until consent is given.

Step 2: Connect Your Consent Banner

Your consent banner (custom-built or from a vendor like OneTrust, Cookiebot, Termly) needs to update GTM variables when the user makes a choice. Most consent vendors have integrations with GTM. When the user clicks "Accept," the integration updates the consent variables. When they click "Reject," it updates differently.

Step 3: Configure Tags to Respect Consent

In GTM, set up triggers for your tags that fire only when consent is granted. Google Analytics tags should have a trigger that checks: "analytics consent is granted." Marketing pixels should check: "marketing consent is granted." This ensures tags don't fire unless appropriate consent exists.

Step 4: Test and Verify

Test the implementation in a staging environment. Simulate accepting and rejecting consent. Verify that analytics tags fire when you accept and don't fire when you reject. Use browser developer tools to check for cookies and network requests. Only deploy after testing confirms the implementation works correctly.

Consent Mode vs. Cookie Blockers

Consent Mode helps you adapt to user choice. But some users use browser extensions or privacy tools that block cookies regardless of what you ask. Consent Mode doesn't override these. The user has taken a stronger action (technical blocking), and you must respect it. Your tag configuration should not fight privacy tools.

Consent Mode in Different Platforms

Google's ecosystem (Tag Manager, Analytics, Ads) has native Consent Mode integration. Other analytics platforms (Mixpanel, Amplitude, Heap) may or may not support Consent Mode directly. Check your platform's documentation. Some require custom integration. Some offer their own consent mechanisms.

For Non-Google Platforms

If your platform doesn't have built-in Consent Mode support, create your own consent-aware implementation. Use JavaScript to check consent state before firing the tracking code. If denied, don't load the analytics library. If granted, load it normally. This gives you consent-aware behavior even without platform-specific Consent Mode.

Common Mistakes in Consent Mode Implementation

Setting consent to granted by default: Wrong. Default to denied. The user must opt in.

Not testing consent rejection: Always test both paths: consent granted and denied. Many implementations work when granted but break when denied.

Using Consent Mode without a proper consent banner: Consent Mode is useless if users never get asked. You need a clear, compliant consent mechanism that updates GTM.

Forgetting third-party tags: Consent Mode applies to your tags. Third-party tags (vendor scripts) also need to respect consent. Configure all tags, not just your primary analytics.

How do I prevent tags from firing before the consent banner appears?

Should I build custom consent logic or use a consent vendor with GTM integration?

Does the user need to refresh the page when they withdraw consent?

Which non-Google analytics platforms support Consent Mode natively?

How do I know if my GTM setup is actually blocking non-consented tracking?

What data do I lose if most users reject consent?