Skip to content
FeaturesConsent AuditHow It WorksPricing
LoginRun Free Audit
Google requirement since March 2024

Consent Mode v2 Checker —
Get Your EEA Traffic Compliant in 60 Seconds

87% of EEA-facing GA4 setups we audit have at least one Consent Mode v2 failure. The consequences: lost remarketing audiences, broken conversion modeling, and real GDPR exposure. Find out where you stand in under a minute.

Check My Consent Setup — Free60 seconds · 12 consent checks · Read-only

4%

max GDPR fine

12

consent checks

Mar'24

Google deadline

Why This Matters Right Now

Consent Mode v2 isn't a future concern. It has been required since March 6, 2024.

Lost Remarketing Audiences

Without ad_personalization consent signals, Google cannot rebuild EEA audiences from modeled data. Your remarketing lists shrink every day the fix is delayed.

Broken Conversion Modeling

Smart Bidding relies on modeled conversions for non-consenting users. If your consent signals are missing or malformed, Google can't model — and your target CPA or ROAS bids become blind.

GDPR Regulatory Exposure

Pre-consent cookie firing has been the basis of multiple EU DPA enforcement actions. Fines issued in Germany, France, and Ireland for exactly this pattern. Up to 4% of global revenue.

The 12 Consent Checks We Run

The most comprehensive Consent Mode v2 audit available. Each check has a documented pass/fail condition.

Consent Mode v2 defaults set correctly

Critical

Verifies that all four consent signals (ad_storage, ad_user_data, ad_personalization, analytics_storage) default to 'denied' before any user interaction.

CMP banner present on page load

Critical

Detects whether a Consent Management Platform banner renders before any analytics or advertising scripts execute.

Tracking cookies firing BEFORE consent given

Critical

The #1 violation we find. Checks whether _ga, _gid, _gcl_*, and advertising cookies are set before the user accepts the CMP banner.

Post-consent signal recovery

High

When a user grants consent, GA4 should replay events from the current session using the consent update signal. Verifies this recovery mechanism is wired correctly.

PII in URL parameters

High

Scans for email addresses, phone numbers, and other personally identifiable information passed as URL query parameters, which GA4 logs as page_location.

Ads data redaction flag

High

Confirms that ads_data_redaction is set to true, which strips ad click identifiers from requests when ad_storage or ad_user_data is denied.

URL passthrough flag

Medium

Verifies url_passthrough is enabled, allowing conversion modeling to use URL parameters for privacy-safe click attribution without cookies.

All 4 consent signals present

Critical

Checks that ad_storage, ad_user_data, ad_personalization, and analytics_storage are all explicitly set — not just inferred from partial configuration.

wait_for_update timing

Medium

Validates that wait_for_update is configured (typically 500ms), giving the CMP enough time to signal consent before GA4 sends a non-consentable hit.

Cross-domain consent propagation

Medium

For multi-domain setups, verifies that consent state carries across domains rather than prompting users on every subdomain or property.

Advanced vs basic Consent Mode detection

Medium

Distinguishes between Basic Mode (blocks all GA4 pings before consent) and Advanced Mode (sends cookieless pings before consent for modeling). Confirms you're using the correct mode for your compliance posture.

gtag vs GTM consent call alignment

High

When both gtag.js and GTM are on the same page, verifies that consent calls aren't duplicated, conflicting, or arriving out of order — a common setup error in migrated containers.

What Happens When Consent Is Broken

Specific failure modes, their business impact, and exactly how we detect each one.

Broken ScenarioWhat You LoseHow We Detect It
Consent defaults missing — signals never setGA4 assumes 'granted'. All cookies fire immediately. GDPR violation for EEA users.Check for gtag('consent','default') call before any hit is sent
Tracking cookies fire before banner interactionPre-consent _ga and advertising cookies create a regulatable cookie wall. Real GDPR exposure.Live page inspection: capture cookies set during first 500ms before any CMP interaction
CMP calls consent update but GA4 doesn't receive itUsers who grant consent still get cookieless modeling. Conversion data remains incomplete.Monitor for gtag('consent','update') call after CMP grant event fires
ads_data_redaction not setAd click identifiers sent in requests when ad_storage is denied. Potential GDPR violation.Parse GA4 hit parameters for gclid/wbraid presence when ad_storage=denied
Only analytics_storage set, ad signals missingRemarketing audiences not rebuilt. Smart Bidding loses conversion signal. Campaign performance degrades.Verify all 4 signals are explicitly initialized in consent default call
wait_for_update too short (< 200ms)GA4 sends the first pageview before the CMP loads. Consent state not applied to that hit.Parse wait_for_update value from consent default call parameters

Consent Mode v2 — FAQ

More questions? Contact support

Don't Wait for a Regulator to Find It First

12 automated Consent Mode v2 checks. Results in 60 seconds. Know exactly where you stand before your next audit or campaign launch.

Check My Consent Setup — Free

Free scan · 60 seconds · Read-only access · No credit card required