Skip to content
ProductAgenciesEnterprisePricingTrustBlog
← Back to editorial
Google Consent Mode2026-06-03Updated 2026-06-038 min read

Google Consent Mode v2 Checklist for Business Websites

A practical Google Consent Mode v2 checklist for teams running GA4, Google Ads, GTM, and cookie banners on business websites.

Author
COKIQ Editorial Team
Review
Reviewed by COKIQ Privacy Operations
Google Consent Mode v2 checklist for cookie consent and marketing tags

Google Consent Mode v2 is no longer a nice technical extra for websites running Google Analytics, Google Ads, or Google Tag Manager. It is now part of the normal consent operating layer for serious business websites.

The common mistake is treating Consent Mode like a checkbox inside GTM. It is not. Consent Mode only works properly when the website has a clear consent banner, denied defaults before tags load, category mapping, tag sequencing, and a test process that proves what happens before and after a visitor chooses.

This checklist is for founders, marketers, agencies, and website teams that want a practical implementation path.

1. Start with the website’s real cookie and tag inventory

Do not start inside Google Tag Manager. Start with the actual website.

Before configuring Consent Mode, list what is already loading:

  • GA4
  • Google Ads conversion tags
  • Google Ads remarketing tags
  • Floodlight tags
  • Meta Pixel
  • LinkedIn Insight Tag
  • TikTok Pixel
  • Hotjar or session-recording tools
  • chat widgets
  • embedded forms
  • payment and checkout scripts

This matters because Consent Mode only controls Google consent signals. It does not automatically make every non-Google script compliant. If Meta Pixel fires before consent while GA4 is blocked correctly, the site still has a consent problem.

COKIQ’s scanner-first workflow is built around this: scan the domain, identify cookies and scripts, then configure the banner and consent categories around the real website.

2. Set denied defaults before Google tags load

The default state should be denied until the visitor makes a choice. This needs to happen early, before GA4 or Google Ads tags fire.

For most business websites, the default consent state should deny:

  • ad_storage
  • analytics_storage
  • ad_user_data
  • ad_personalization

After the visitor accepts the relevant categories, your consent layer updates the state to granted. If the visitor rejects analytics or marketing, the denied state remains.

The most common failure is loading GTM first, then showing a banner, then updating consent. That sequence can leak a pageview or ad signal before consent is captured.

3. Map banner categories to Google consent signals

A proper banner is not just three buttons. The categories must map to what tags do.

Use a clear structure:

  • Necessary: security, session, checkout, fraud prevention
  • Analytics: GA4, product analytics, heatmaps
  • Marketing: Google Ads, Meta Pixel, remarketing, conversion tracking
  • Preferences: language, region, UI choices

Then map consent updates carefully:

  • Accept analytics: grant analytics storage only
  • Accept marketing: grant ad storage, ad user data, and ad personalization where legally appropriate
  • Reject all: keep non-essential signals denied
  • Manage preferences: grant only the selected categories

This keeps the banner honest. It also makes consent logs useful later because each record explains the visitor’s actual choice.

4. Test before and after consent

You cannot approve a Consent Mode setup by looking at the banner. You need evidence from the browser.

Use this simple test:

  1. Open the site in a clean browser profile or incognito session.
  2. Open DevTools and filter Network for gtag, collect, google-analytics, and doubleclick.
  3. Reload the page before clicking the banner.
  4. Confirm Google tags are not collecting consented analytics or ad signals prematurely.
  5. Click Reject All and reload.
  6. Confirm the rejected state holds.
  7. Clear consent and test Accept All.
  8. Confirm accepted categories update properly.

If you use GTM Preview, check the consent state on each tag and confirm tags that require consent are not firing early.

5. Keep proof, not screenshots only

Screenshots are useful during setup, but they are weak evidence over time. A business website needs records.

Keep:

  • consent ID
  • domain
  • timestamp
  • accepted and rejected categories
  • banner version
  • policy version
  • visitor country or region where available
  • scanner history showing cookie changes

This is where many basic banners fail. They show a popup but cannot prove what happened when the visitor made a choice.

COKIQ stores consent events and scan history so the website owner can move from “we have a banner” to “we can show how consent was handled.”

6. Recheck after marketing changes

Consent Mode breaks quietly when marketing teams add new tools.

Run a recheck when any of these happen:

  • new ad campaign
  • new landing page
  • new GTM tag
  • new checkout app
  • new chat widget
  • new analytics tool
  • redesign or theme migration

The strongest operating habit is a weekly or monthly consent audit, not a one-time setup.

Final checklist

Before calling the setup ready, confirm:

  • the scanner found current cookies and scripts
  • denied defaults are set before Google tags load
  • consent categories map to real tags
  • accept, reject, and manage choices behave differently
  • consent logs are stored
  • policy links are visible from the banner
  • GTM/GA4 tests pass on desktop and mobile
  • the setup is rechecked after tag changes

Consent Mode v2 is not only a compliance task. For paid traffic teams, it protects attribution quality, remarketing discipline, and trust. The right implementation is boring, clear, and provable.

Use COKIQ to start with a scan, then build the consent workflow around what your website actually loads.

Scan before you guess

Use COKIQ to find cookies, publish a consent banner, keep visitor choice records, and prepare Google Consent Mode workflows.

Start Free Scan