Checking if Google Consent Mode is properly implemented
Ensure Google Consent Mode is properly implemented in your Shopify store with our guide. Learn how to verify and troubleshoot your setup for compliance and accuracy.
By using our application with Google Consent Mode integration enabled, gives you the ability to customize the behavior of your Google tags based on the consent given or not given by your users. You can specify whether consent has been granted for Analytics and/or Ads cookies, and Google's tags will dynamically adjust by using cookies only for the designated purposes or cookie categories. This serves as an alternative to script blocking.
Google Consent Mode (GCM) is a simple and trustworthy method for preventing Google scripts from setting cookies through Google Tag Manager or gtag. Despite its easy implementation, it can be challenging to confirm whether it has been correctly set up and functioning properly.
It's crucial to mention that only specific tags in Google Tag Manager have pre-installed consent checks. These are listed in the next figure.
When Consent Mode is activated, it will modify the functioning of these kinds of pings.
Consent status pings - Consent status pings are sent from each page the user visits where consent mode is implemented, as well as if the consent changes (e.g., if the user opts in). These pings communicate the consent state (i.e. granted or denied) for each consent type (e.g. ad storage, analytics storage).
Conversion pings - Conversion pings are sent to indicate that a conversion has occurred.
Google Analytics pings - Google Analytics pings are sent on each page of a website where Google Analytics is implemented and upon events being logged.
To verify the effectiveness of Consent Mode, you should examine three aspects:
Built-in consent tags are activated regardless of consent.
Google Tag Manager has recorded the default Consent Mode settings, and updated configurations are sent to the dataLayer when consent preferences are identified.
Cookies are not created prior to consent or after opting out.
These checks will assist you in evaluating whether Google Consent Mode has been properly implemented and is operating appropriately.
You can inspect the preview to confirm that Consent is enabled, and if you're on version 2. Visit Google Tag Assistant and add your store address. Another tab will open with your store. On the previous tab with the Google Tag Assistant will be able to see what is presented on the figure below.
Select "Consent"
Select the "Consent" tab
Ensure that the "On-page Defaults" are set and that they include the two new parameters; ad_personalization and ad_user_data.
You can make this check by using the dev tools of your browser in the console.
Our next step is to verify if tags were activated before obtaining consent by utilizing Google Tag Assistant browser plugin. This will confirm if the approved tags have been executed. In this instance, we can affirm that both Google Tag Manager and Google Analytics were loaded.
Note: there shouldn't be added other supported tags to this list after consent submission.
Upon loading a page before acquiring consent, the Google Consent Mode settings must be accurately recorded in Google Tag Manager. With our integration for Google Consent Mode the default settings will be transmitted to the dataLayer. Therefore, here is a script that enables you to examine the registered consent preferences in Google Tag Manager (if you don't have added GTM on your store this script will not run):
Having the Google Consent Mode integration active from inside our application means that you should see these settings in the dataLayer, before anything else.
Checking the contents of the dataLayer can be done by simply executing the command dataLayer in the console, or using this script to make it a bit easier to read:
The output should look similar to this (Google Consent Mode settings in bold):
{"set","ads_data_redaction",true}
{"set","url_passthrough",true}
{"consent","default",{"ad_personalization":"denied","ad_storage":"denied","ad_user_data":"denied","analytics_storage":"denied","functionality_storage":"denied","personalization_storage":"denied","security_storage":"granted","wait_for_update":2000}}
{"event":"Pandectes_Consent_Update","pandectes_status":"deny","pandectes_categories":{"C000":"allow","C001":"deny","C002":"deny","C003":"deny"},"gtm.uniqueEventId":4}
{"gtm.start":1676370384330,"event":"gtm.js","gtm.uniqueEventId":5}
{"event":"sh_info","page_type":"Homepage","page_currency":"EUR","user":{"type":"visitor"},"gtm.uniqueEventId":6}
{"event":"gtm.dom","gtm.uniqueEventId":7}
{"event":"gtm.load","gtm.uniqueEventId":8}
After consent has been given for all types of cookies, the dataLayer will contain both the initial, and updated Google Consent Mode settings (GCM in bold):
{"set","ads_data_redaction",true}
{"set","url_passthrough",true}
{"consent","default",{"ad_personalization":"denied","ad_storage":"denied","ad_user_data":"denied","analytics_storage":"denied","functionality_storage":"denied","personalization_storage":"denied","security_storage":"granted","wait_for_update":2000}}
{"event":"Pandectes_Consent_Update","pandectes_status":"deny","pandectes_categories":{"C000":"allow","C001":"deny","C002":"deny","C003":"deny"},"gtm.uniqueEventId":4}
{"gtm.start":1676370384330,"event":"gtm.js","gtm.uniqueEventId":5}
{"event":"sh_info","page_type":"Homepage","page_currency":"EUR","user":{"type":"visitor"},"gtm.uniqueEventId":6}
{"event":"gtm.dom","gtm.uniqueEventId":7}
{"event":"gtm.load","gtm.uniqueEventId":8}
{"consent","update",{"ad_personalization":"granted", "ad_storage":"granted","analytics_storage":"granted","ad_user_data":"granted","functionality_storage":"granted","personalization_storage":"granted","security_storage":"granted"}}
{"event":"Pandectes_Consent_Update","pandectes_status":"allow","pandectes_categories":{"C0000":"allow","C0001":"allow","C0002":"allow","C0003":"allow"},"gtm.uniqueEventId":10}
{"event":"gtm.triggerGroup","gtm.triggers":"9024031_93,9024031_140,9024031_255","gtm.uniqueEventId":11}
{"js","2023-02-14T10:26:32.900Z"}
This is the most challenging aspect. To ensure that no cookies were previously established or transported from another domain, we must confirm that there are no existing cookies.
To guarantee this, you can use incognito mode while browsing or manually erase cookies by accessing the Developer tools (F12 or Ctrl + Shift + i) and navigating to the Application → Cookies section.
Before granting consent, navigate through a few pages and click on various links. During this time, you should not notice the creation of the _ga, _gid, or _gat cookies.
If the preceding two checks have been executed correctly, it is improbable that you will observe the aforementioned cookies being established before obtaining consent. However, if you do, it is likely that you are adding them through an inline script, such as analytics.js, which does not support Consent Mode.
After configuring consent mode version 2, you can confirm its activation by checking for the gcs and gcd parameters. gcs pertains to the original consent mode, while gcd specifically relates to consent mode version 2. These parameters are visible within the network payload as illustrated below.
G111 – Presented in the G1xy format, where x and y represent Google Ads (ad_storage) and Google Analytics (analytics_storage) cookies. The values 1 and 0 indicate acceptance and rejection, respectively.
Below are the possible combinations of gcs parameter
*G100 is only possible when you implement the advanced consent mode.
However, upon adopting consent mode version 2, you will encounter the gcd parameter. This parameter encapsulates the preferences for ad_storage, analytics_storage, ad_user_data, and ad_personalization, structured as follows:
&gcd=11<ad_storage>1<analytics_storage>1<ad_user_data>1<ad_personalization>Z
Here, Z can be 5 or occasionally a different value.
Noticeably, the sequence initiates with 11, with the numeral 1 acting as a delimiter between each preference.
In application, the format appears akin to what is depicted in the provided screenshot, resembling:
gcd: 11r1r1r1r5
Below table allows you to decode the consent status for the gcd
gcd: 11l1p1u1v5 indicates that there is no signal established for ad_storage (Google Ads); analytics storage is automatically set to denied; consent for personal data usage for Google Ads purposes was initially given but later revoked by the user; and consent for personalized ads (retargeting) is provided by default, with the user also affirming this consent.
Note: The letters displayed above are subject to modification. Google may alter these to deter individuals from deciphering the consent mode by examining the URL. The most effective method to ascertain whether the consent mode is correctly configured is to utilize the tag assistant and review the consent tab as it was already described already.
Why data that appear maybe inaccurate?
After completing the previously outlined steps, you may find that your data does not align with your expectations. We receive many inquiries regarding this issue, but unfortunately, we cannot offer assistance in this area.
Google Consent Mode is primarily an API that our application uses to transmit consent information to Google Tag Manager. The manner in which a tag should interpret this data is beyond our scope. Although we can ensure that our application appropriately transmits consent settings and that Google Tag Manager accurately receives them, we have no knowledge of how tags utilize this data.
We cannot provide insight into how Google Analytics should react when presented with the Consent Mode directives, nor can we speak on Google's behalf about what data should be recorded. While this may appear unhelpful, we cannot modify the data logging process in Google Analytics from our end. Our application and Google Consent Mode integration are only responsible for setting and updating the consent status in Google Tag Manager, respectively. For more information on Consent Mode and tag behavior, please consult Google's Consent Mode documentation.
If you want to deactivate Google Consent Mode integration, please just disable it from the integration.
Video tutorial
Introduction
By using our application with Google Consent Mode integration enabled, gives you the ability to customize the behavior of your Google tags based on the consent given or not given by your users. You can specify whether consent has been granted for Analytics and/or Ads cookies, and Google's tags will dynamically adjust by using cookies only for the designated purposes or cookie categories. This serves as an alternative to script blocking.
Google Consent Mode (GCM) is a simple and trustworthy method for preventing Google scripts from setting cookies through Google Tag Manager or gtag. Despite its easy implementation, it can be challenging to confirm whether it has been correctly set up and functioning properly.
It's crucial to mention that only specific tags in Google Tag Manager have pre-installed consent checks. These are listed in the next figure.
When Consent Mode is activated, it will modify the functioning of these kinds of pings.
Consent status pings - Consent status pings are sent from each page the user visits where consent mode is implemented, as well as if the consent changes (e.g., if the user opts in). These pings communicate the consent state (i.e. granted or denied) for each consent type (e.g. ad storage, analytics storage).
Conversion pings - Conversion pings are sent to indicate that a conversion has occurred.
Google Analytics pings - Google Analytics pings are sent on each page of a website where Google Analytics is implemented and upon events being logged.
To verify the effectiveness of Consent Mode, you should examine three aspects:
Built-in consent tags are activated regardless of consent.
Google Tag Manager has recorded the default Consent Mode settings, and updated configurations are sent to the dataLayer when consent preferences are identified.
Cookies are not created prior to consent or after opting out.
These checks will assist you in evaluating whether Google Consent Mode has been properly implemented and is operating appropriately.
Check with Google Tag Assistant
You can inspect the preview to confirm that Consent is enabled, and if you're on version 2. Visit Google Tag Assistant and add your store address. Another tab will open with your store. On the previous tab with the Google Tag Assistant will be able to see what is presented on the figure below.
Select "Consent"
Select the "Consent" tab
Ensure that the "On-page Defaults" are set and that they include the two new parameters; ad_personalization and ad_user_data.
Checking if tags fire
You can make this check by using the dev tools of your browser in the console.
"Pandectes" in window
? Pandectes.consent.status && Pandectes.fn.revokeConsent()
: console.warn("Pandectes methods are not available!");
Our next step is to verify if tags were activated before obtaining consent by utilizing Google Tag Assistant browser plugin. This will confirm if the approved tags have been executed. In this instance, we can affirm that both Google Tag Manager and Google Analytics were loaded.
Note: there shouldn't be added other supported tags to this list after consent submission.
Checking the Consent Mode settings
When using Google Tag Manager
Upon loading a page before acquiring consent, the Google Consent Mode settings must be accurately recorded in Google Tag Manager. With our integration for Google Consent Mode the default settings will be transmitted to the dataLayer. Therefore, here is a script that enables you to examine the registered consent preferences in Google Tag Manager (if you don't have added GTM on your store this script will not run):
(() => {
l = s => s == undefined ? "" : s ? "granted" : "denied";
c = s => s == "granted" ? "color: #0C0": "color: #C00";
if (!"google_tag_data" in window) {
console.log("No Google Consent Mode data found");
return;
}
var g = google_tag_data.ics.entries,
i = "",
t = "",
u = "";
for (var a in g) {
i = l(g[a]['initial']);
u = l(g[a]['update']);
if (i == "" && u == "") continue;
t = ("\t" + a + ":" +
(i != "" ? "\n\t\tDefault: %c" + i : "%c")
+ "%c" +
(u != "" ? "\n\t\tUpdate: %c" + u : "%c"));
console.log(t, i != "" ? c(i) : "",
"", u != "" ? c(u) : "", "");
}
if (i == "") console.log("No default Google Consent settings found");
})()
When using other G properties
Having the Google Consent Mode integration active from inside our application means that you should see these settings in the dataLayer, before anything else.
Checking the contents of the dataLayer can be done by simply executing the command dataLayer in the console, or using this script to make it a bit easier to read:
(function(w, d, t) {
for (i of w[d])
t += JSON.stringify(i).replaceAll(/\"\d{1,}\":/g, "") + "\n";
console.log(t);
})(window, "dataLayer", "")
The output should look similar to this (Google Consent Mode settings in bold):
{"set","ads_data_redaction",true}
{"set","url_passthrough",true}
{"consent","default",{"ad_personalization":"denied","ad_storage":"denied","ad_user_data":"denied","analytics_storage":"denied","functionality_storage":"denied","personalization_storage":"denied","security_storage":"granted","wait_for_update":2000}}
{"event":"Pandectes_Consent_Update","pandectes_status":"deny","pandectes_categories":{"C000":"allow","C001":"deny","C002":"deny","C003":"deny"},"gtm.uniqueEventId":4}
{"gtm.start":1676370384330,"event":"gtm.js","gtm.uniqueEventId":5}
{"event":"sh_info","page_type":"Homepage","page_currency":"EUR","user":{"type":"visitor"},"gtm.uniqueEventId":6}
{"event":"gtm.dom","gtm.uniqueEventId":7}
{"event":"gtm.load","gtm.uniqueEventId":8}
After consent has been given for all types of cookies, the dataLayer will contain both the initial, and updated Google Consent Mode settings (GCM in bold):
{"set","ads_data_redaction",true}
{"set","url_passthrough",true}
{"consent","default",{"ad_personalization":"denied","ad_storage":"denied","ad_user_data":"denied","analytics_storage":"denied","functionality_storage":"denied","personalization_storage":"denied","security_storage":"granted","wait_for_update":2000}}
{"event":"Pandectes_Consent_Update","pandectes_status":"deny","pandectes_categories":{"C000":"allow","C001":"deny","C002":"deny","C003":"deny"},"gtm.uniqueEventId":4}
{"gtm.start":1676370384330,"event":"gtm.js","gtm.uniqueEventId":5}
{"event":"sh_info","page_type":"Homepage","page_currency":"EUR","user":{"type":"visitor"},"gtm.uniqueEventId":6}
{"event":"gtm.dom","gtm.uniqueEventId":7}
{"event":"gtm.load","gtm.uniqueEventId":8}
{"consent","update",{"ad_personalization":"granted", "ad_storage":"granted","analytics_storage":"granted","ad_user_data":"granted","functionality_storage":"granted","personalization_storage":"granted","security_storage":"granted"}}
{"event":"Pandectes_Consent_Update","pandectes_status":"allow","pandectes_categories":{"C0000":"allow","C0001":"allow","C0002":"allow","C0003":"allow"},"gtm.uniqueEventId":10}
{"event":"gtm.triggerGroup","gtm.triggers":"9024031_93,9024031_140,9024031_255","gtm.uniqueEventId":11}
{"js","2023-02-14T10:26:32.900Z"}
Checking if cookies were set
This is the most challenging aspect. To ensure that no cookies were previously established or transported from another domain, we must confirm that there are no existing cookies.
To guarantee this, you can use incognito mode while browsing or manually erase cookies by accessing the Developer tools (F12 or Ctrl + Shift + i) and navigating to the Application → Cookies section.
Before granting consent, navigate through a few pages and click on various links. During this time, you should not notice the creation of the _ga, _gid, or _gat cookies.
If the preceding two checks have been executed correctly, it is improbable that you will observe the aforementioned cookies being established before obtaining consent. However, if you do, it is likely that you are adding them through an inline script, such as analytics.js, which does not support Consent Mode.
Consent mode cookies
After configuring consent mode version 2, you can confirm its activation by checking for the gcs and gcd parameters. gcs pertains to the original consent mode, while gcd specifically relates to consent mode version 2. These parameters are visible within the network payload as illustrated below.
G111 – Presented in the G1xy format, where x and y represent Google Ads (ad_storage) and Google Analytics (analytics_storage) cookies. The values 1 and 0 indicate acceptance and rejection, respectively.
Below are the possible combinations of gcs parameter
Code of gcs | What does it mean? | Consent type value |
---|---|---|
G111 | Consent granted for Google Ads and Google Analytics | ad_storage='granted', analytics_storage='granted' |
G110 | Consent is granted for Google Ads and denied for Google Analytics | ad_storage='granted', analytics_storage='denied' |
G101 | Consent denied for Google Ads and granted for Google Analytics | ad_storage='denied', analytics_storage='granted' |
G100* | Consent denied for both Google Ads and Analytics | ad_storage='denied', analytics_storage='denied' |
*G100 is only possible when you implement the advanced consent mode.
However, upon adopting consent mode version 2, you will encounter the gcd parameter. This parameter encapsulates the preferences for ad_storage, analytics_storage, ad_user_data, and ad_personalization, structured as follows:
&gcd=11<ad_storage>1<analytics_storage>1<ad_user_data>1<ad_personalization>Z
Here, Z can be 5 or occasionally a different value.
Noticeably, the sequence initiates with 11, with the numeral 1 acting as a delimiter between each preference.
In application, the format appears akin to what is depicted in the provided screenshot, resembling:
gcd: 11r1r1r1r5
Below table allows you to decode the consent status for the gcd
gcd parameter value containing the letter (all lowercase) | Description |
---|---|
l | Lowercase L states that the signal is not set with the consent mode and therefore, nothing is either denied or consented to |
p | p stands for denied by default |
q | q stands for denied by default and even after an update from the consent banner by the user |
t | t means granted by default and there is no update even after the user takes an action on the consent banner |
r | r means the consent is denied by default and once the user grants consent, it is updated. |
m | m defines the user denied the consent and stands denied after the update. There is no default value. |
n | n conveys that the user granted the consent and therefore stands granted after the update. There is no default value. |
u | u means the consent is granted by default and denied after the user declines the consent. |
v | v tells that the consent is granted by default and after the user grants the consent. |
Example
gcd: 11l1p1u1v5 indicates that there is no signal established for ad_storage (Google Ads); analytics storage is automatically set to denied; consent for personal data usage for Google Ads purposes was initially given but later revoked by the user; and consent for personalized ads (retargeting) is provided by default, with the user also affirming this consent.
Note: The letters displayed above are subject to modification. Google may alter these to deter individuals from deciphering the consent mode by examining the URL. The most effective method to ascertain whether the consent mode is correctly configured is to utilize the tag assistant and review the consent tab as it was already described already.
Why data that appear maybe inaccurate?
After completing the previously outlined steps, you may find that your data does not align with your expectations. We receive many inquiries regarding this issue, but unfortunately, we cannot offer assistance in this area.
Google Consent Mode is primarily an API that our application uses to transmit consent information to Google Tag Manager. The manner in which a tag should interpret this data is beyond our scope. Although we can ensure that our application appropriately transmits consent settings and that Google Tag Manager accurately receives them, we have no knowledge of how tags utilize this data.
We cannot provide insight into how Google Analytics should react when presented with the Consent Mode directives, nor can we speak on Google's behalf about what data should be recorded. While this may appear unhelpful, we cannot modify the data logging process in Google Analytics from our end. Our application and Google Consent Mode integration are only responsible for setting and updating the consent status in Google Tag Manager, respectively. For more information on Consent Mode and tag behavior, please consult Google's Consent Mode documentation.
If you want to deactivate Google Consent Mode integration, please just disable it from the integration.
Updated on: 29/07/2024
Thank you!