How To Check Whether Google Consent Mode V2 Is Properly Working

Updated on 2024-11-15

To fully understand your website visitors' behavior while respecting their privacy, it's necessary to ensure that Google Consent Mode V2 is properly implemented.

If a business is operating within the European Economic Area (EEA) this framework is a must - because of data privacy regulations (read: GDPR).

Google Consent Mode V2 enables websites to adjust the Google tags behavior based on user consent, ensuring that data collection and advertising practices comply with legal requirements.

The new version uses the raw count of users who denied tracking for modelling the numbers and predicting outcomes, while respecting user’s choice by stripping all attribution. Here's a video on Google's consent mode V2 and the use of data collected when the consent mode V2 is implemented properly.

In other words - does a consent banner do what it's supposed to?

To have a clear picture of whether a website follows the guidelines for proper consent mode v2 implementation we’ll use the official Google Tag Assistant:

tag-assistant

NB: this article will focus on how to check any site out there, in case you are checking your shopify store specifically - here's how to implement it Google Consent Mode V2 your Shopify store

After clicking on “Add domain”, simply type in the domain of the website you want to check (http part included!) and click “Start debugging”.

connect-tag-assistant

For the demo purpose - let’s pretend we’re weighing platforms that manage consent banners - currently we’re looking at Cookiebot.

Please note that we call it "consent" banner and not "cookie" banner - we believe that calling it "cookie" banner is deceitful because an average user clicks on it believing that they’re making a choice about:

a) being tracked

b) their data being shared with 3rd party platforms

The average user is not tech-savvy and shouldn't be asked about cookies - which is, simply put, just a technology behind tracking & collecting user data!

Technically speaking, a website could collect user data in 1st party context and share it with 3rd party platforms from their own servers, completely circumventing 3rd party cookies!

After clicking connect on the Tag assistant, the browser will open the Cookiebot website in a new tab:

cookiebot-site-open-with-tag-assistant

Before making any choice regarding consent - let’s go back to tag assistant. We can see that a pageview has been sent to GA4:

By clicking on the Page view tag ‘card’ we can see more details - let’s focus on the parameters highlighted in green boxes:

“Cookie consent state” parameter reflects the consent mode v1 status. Let’s decode what G100 stands for:

  • G1 is always there
  • first zero means that user has NOT allowed to be retargeted with ads based on this visit i.e. ad_storage is denied
  • second zero is for analytics_storage and it states that this visit should NOT be tracked even for understanding traffic source, website behaviour, conversions etc.

The parameter right below it, called ‘gcd’, holds information important for understanding the implementation of consent mode v2.

Its current value is 13p3p3p3p5l1. This unreadable string is actually coded consent status for:

  1. Ad storage
  2. Analytics storage
  3. Ad user data
  4. Ad personalization
  5. Ad data redaction (unofficial)

The letters in the gcd parameter determine both default and updated status of user consent for each of the five aforementioned features. Here’s what they mean:

In our particular case - 13p3p3p3p5l1 means that storage for ads and analytics, as well as user data and ad personalization is denied by default and the update is missing (p) Also ad_data_redaction is L, meaning that there’s not even default state for it.

Once we click on “Allow all” cookies button on the website - the page_view is sent again and here are the values for that event:

The gcd value turns to 13r3r3r3r5l1 i.e all p’s turned to r’s and if we look at the table above “r” stands for denied by default and granted after update.

Note the number 1 at the very end of gcd - despite heavy tests we can not confirm with 100% certainty that it stands for ads_signals GA4 setting, but some resources out there claim so. The table below reveals meaning of values 1-6 defining consent and ad signal status

Now let’s get back to the primary consent mode parameter investigation, let’s clear cookies and allow analytics tracker only, while denying the website the right to retarget us with ads based on remarketing cookie technology. We do that by customising our consent:

We accepted Statistics but denied Marketing, so let’s take a look now how does that affect gcd:

Gcd has all Q’s (denied both by default and after update) except second letter which is R - that stands for denied by default but granted after update. Note how the Client ID parameter persists from page to page now:

We encourage you to play around with different combinations of consent granted and see how your implementation behaves.

NB: There are several ways to clear cookies - we’re doing it from Chrome dev tools > Application > Cookies

clear-cookies-in-browser

Conclusion

It’s still unclear why Google documentation about consent mode v2 doesn’t follow the pace at which updates are being released.

Unfortunately, this seems like yet another Google perk that analysts are gonna have to get used to. Judging by the complaining/acceptance ratio for GA4 - Google is doing a good job.