Consent mode overview

Consent mode allows web and app developers to adjust tag and app SDK behavior based on user consent choices.

Managing user consent requires the following:

  1. Obtain the user’s consent choice to grant or deny consent for storing information about their behavior. You are responsible to obtain users’ consent on your website or app or any data you upload to Google.
    For websites and apps, you can implement a consent banner or other custom consent solution, or use a Consent Management Platform (CMP).
    For data uploads to Google, please consult with your legal department on a consent management solution that fits your business needs.
  2. Communicate the user’s consent choice, or consent state, to Google. Many CMPs handle sending the consent state to Google. If you implement a custom consent solution, you must implement a method to send the consent state to Google, see Choose a framework to manage consent.
  3. Ensure that Google tags and third-party tags behave according to the user’s consent choice.

Tags and SDKs for the following Google products contain built-in consent checks and adjust their behavior based on consent state:

  • Google tag
  • Google Analytics (includes Google Analytics for Firebase SDK)
  • Google Ads (includes Google Ads Conversion Tracking and Remarketing; support for Phone Call Conversions is pending.)
  • Floodlight
  • Conversion Linker

The following terms have a special meaning in the context of consent mode:

  • Consent checks: Causes tags and SDKs to modify behavior based on consent state and consent type.
  • Consent state: Represents user choices and can be granted or denied, for each consent type. Tags and SDKs with consent checks modify their behavior as described in How consent affects tag behavior.
  • Consent type: Indicates the type of storage. Consent can be granted or denied for each type.

Consent types include:

Consent Type Description
ad_storage Enables storage, such as cookies (web) or device identifiers (apps), related to advertising.
ad_user_data Sets consent for sending user data to Google for online advertising purposes.
ad_personalization Sets consent for personalized advertising.
analytics_storage Enables storage, such as cookies (web) or device identifiers (apps), related to analytics, for example, visit duration.
functionality_storage Enables storage that supports the functionality of the website or app, for example, language settings
personalization_storage Enables storage related to personalization, for example, video recommendations
security_storage Enables storage related to security such as authentication functionality, fraud prevention, and other user protection

Basic versus advanced consent mode

You can implement consent mode on your website or app in either of two ways: basic or advanced.

When you implement consent mode in its basic version, you prevent Google tags from loading until a user interacts with a consent banner. This setup transmits no data to Google prior to user interaction with the consent banner. When the user grants consent, Google tags load and execute the consent mode APIs. The tags send the consent states to Google in the following order:

  1. Send default consent states.
  2. Send updated consent states.

However, when the user doesn't consent, no data is transferred to Google at all – not even the consent status. Google tags are completely blocked from firing. Consent mode's conversion modeling in Ads is then based on a general model.

When you implement consent mode in its advanced version, Google tags load when a user opens the website or app. The tags load the consent mode API and do the following:

  1. Set default consent states. By default, consent may be denied, unless you set your own defaults. While consent is denied, the Google tags send cookieless pings.
  2. Wait for user interaction with the banner and update consent states. Only when a user grants consent to data collection, Google tags send the full measurement data. Learn more about tag behavior.

This implementation enables improved modeling compared to the Basic one as it provides an advertiser-specific model as opposed to a general model.

Overview

Feature Basic consent mode Advanced consent mode
Tag loading Blocked until user interaction with a consent banner. Loads with defaults set to denied, unless configured otherwise.
Data transmission No data is sent before a user consents - not even the default consent status. When consent is denied, consent state and cookieless pings are sent.
When consent is granted, cookies are written and all measurement data is sent.
Consent states Set after user interaction. Defaults set to denied, unless configured otherwise; updates based on user choice.
Tag behavior after user interaction Loads and executes consent mode APIs only when a user grants consent. Adjusts tag behavior based on user consent choice.
Conversion and key event modeling General model (less detailed modeling). Advertiser-specific model (more detailed modeling).

In general, when users grant consent, tags function normally.

When users deny consent for ad personalization or ad user data, tags or app SDKs can't use user data for ad targeting purposes.

When users deny consent for storage, consent-aware tags or app SDKs do not store cookies (web) or device identifiers (apps). Instead, tags communicate consent state and user activity by sending cookieless pings (web), or signals (apps), to the Google server. This enables Google Ads and Google Analytics 4 properties to model conversions and key events, see Consent mode modeling.

The following signals communicate consent state:

  • Consent state pings: Consent state pings are sent from each page the user visits where consent mode is implemented. These pings communicate a consent state of granted or denied for each consent type, such as ad storage or analytics storage.

  • Key event pings: Key event pings are sent to indicate that a key event has occurred.

  • Google Analytics pings: Google Analytics pings are sent on each page of a website using Google Analytics when events are logged.

Pings can include:

  • Functional information (such as headers added passively by the browser):
    • Timestamp
    • User Agent
    • Referrer
  • Aggregate / non-identifying information:
    • An indication for whether or not the current page or a prior page in the user's navigation on the site included ad-click information in the URL (e.g., GCLID / DCLID)
    • Boolean information about the consent state
    • Random number generated on each page load

Besides allowing the consent state to modify tag behavior, you can also redact stored data when a user denies consent. For example, a user might have granted consent to store data for ads and then change their mind and deny consent. If you enable ads_data_redaction, when the user denies consent, Google Ads will delete the stored information.

Tags with built-in consent checks amend their behavior based on different consent states. The following table explains tag behavior by consent types, consent state, and whether ads_data_redaction is set to true.

Consent type(s) Denied or granted Behavior
ad_storage and analytics_storage granted
granted
  • Cookies and device identifiers pertaining to advertising may be read and written.
  • IP addresses are collected.
  • The full page URL, including ad-click information in URL parameters (e.g., GCLID / DCLID) is collected.
  • Third-party cookies previously set on google.com and doubleclick.net, and first-party key event cookies (e.g., _gcl_*) are accessible.
ad_personalization denied

Personalized advertising is disabled, the following features won't receive data:

  • Remarketing in Google Ads, Display & Video 360, Search Ads 360
  • Personalized advertising with Google's advertising products
ad_user_data denied

Personal data collection for online advertising is disabled, including:

  • user_id
  • Enhanced conversions: Hashed first party data
ad_storage denied
  • No new cookies or device identifiers pertaining to advertising may be written.
  • No existing advertising cookies or device identifiers may be read.
  • Requests are sent through a different domain to avoid previously set third-party cookies from being sent in request headers.
  • Google Analytics will not read or write Google Ads cookies, and Google signals features will not accumulate data for this traffic.
  • Ads products truncate IP addresses at collection.
  • Full page URLs are collected, including ad-click information in URL parameters (e.g., GCLID / DCLID)
analytics_storage denied
  • Will not read or write first-party analytics cookies or app identifiers.
  • Cookieless pings (web) or signals (apps) will be sent to Google Analytics for basic measurement and modeling purposes.
ad_storage and ads_data_redaction denied and true
  • No new cookies or device identifiers pertaining to advertising may be written.
  • No existing advertising cookies or device identifiers may be read.
  • Requests are sent through a different domain to avoid previously set third-party cookies from being sent in request headers.
  • Google Analytics will not read or write Google Ads cookies or device identifiers, and Google signals features will not accumulate data for this traffic.
  • Ad-click identifiers (e.g., GCLID / DCLID) in consent and key event pings are redacted.
  • Ads products truncate IP addresses at collection.
  • Page URLs with ad-click identifiers are redacted.

When you implement consent mode, consent mode parameters are translated into HTTP request parameters such as dma, gcd, and gcs. Consent to Google services is encoded using dma_cps. These fields collectively provide information about consent states and related configuration settings. Google tag fields may be encoded to improve transmission efficiency. These fields may be subject to change as these services evolve.

The gcs parameter is used to transmit the ad_storage and analytics_storage parameters, indicating the user's consent choice regarding the storage of advertising and analytics cookies (web) or device identifiers (app). The gcd parameter is always sent to Google services, regardless of whether consent mode is activated or not. The gcd parameter encodes detailed information about the user's consent choice through the consent types.

Tag Assistant can help you understand these fields and how your Google tag is behaving, so that you can better debug your setup. Learn how to debug consent mode.

Consent mode modeling

To mitigate any data collection gaps, Google products use these pings to model your metrics for your measurement solutions. In order to protect user privacy, your tag or app SDK needs to meet a certain data collection threshold. You can find more information about what is modeled and under which circumstances in the articles linked below: