Mastering Cookie Consent Mode in GA4: A Practical Guide to Privacy-Compliant Tracking

April 22, 2025
fbBack to AnalyticsMates Blog
Illustration of a person using a laptop with visuals representing GA4, a cookie consent banner, code, and a privacy shield, symbolizing data privacy and Consent Mode configuration in Google Analytics 4.
Table of Contents
Related articles
feature image
How to Handle Unassigned & (Not Set) Data in GA4: 2025 Guide for Clearer Insights
feature image
How to Integrate GSC with Google Analytics 4 and Start Tracking SEO Performance
feature image
How GA4 Consent Mode Impacts Your Data & What to Do About It?
feature image
Things to Look Out for When Testing in GA4 + GTM: Issues & Errors Testing
This is also a heading
This is a heading

At Analytics Mates, we’re all about helping businesses understand and improve their data setups. But sometimes, the issue isn’t with the data - it’s with how tools are configured behind the scenes.

Recently, during a discovery audit for one of our clients, we uncovered a bug with Google Consent Mode. Everything seemed to be in place: the cookie banner was working, tags were present, and Consent Mode was enabled. But there was one big problem - it wasn’t working properly, causing tracking of events to be >25% off from reality.

A Quick Note Before We Dive In

Before we go any further, it’s worth mentioning that this post won’t cover how to set up Consent Mode within Google Tag Manager. That’s because we’ve already written a detailed blog post that explains exactly how GA4 Consent Mode works, and what steps to take to ensure it's configured properly. This post is focused on bugs related to common bugs found within Cookie Consent Mode.

Illustration depicting the configuration or implementation of GA4 Consent Mode. A person interacts with data and code on screens, with checkmark and "X" icons representing user consent choices related to data tracking in Google Analytics 4.

We highly recommend reading that article first: How GA4 Consent Mode Impacts Your Data & What to Do About It.
Here, we’ll focus specifically on a real-world issue we encountered with a client generating $1M+ in revenue per quarter, and how we identified how the cookie tracking was going wrong, and muddying their data.

The Problem: GTM Was Being Blocked

During our audit, we discovered a critical issue: Google Tag Manager (GTM) wasn’t loading at all under certain consent conditions.

Here's what was happening:

When users interacted with the cookie banner and declined “Targeting” cookies, the GTM container script itself was being blocked.

This is a significant problem because GTM is the primary engine that powers tag deployment - including tags that handle consent decisions, fire analytics events, and control data flow to tools like GA4 and Google Ads.

The core issue was this:

  • The GTM script had been automatically classified as a “Targeting” script (C0004) by the site’s cookie management platform, OneTrust.
  • When users opted out of this category, the GTM script never loaded - effectively halting all downstream tracking and consent functionality.
  • As a result, Consent Mode couldn’t be activated, because the very mechanism needed to manage consent (GTM) wasn’t present in the first place.

In simpler terms, the consent logic was broken at the foundation:
The tool meant to enforce consent decisions was itself blocked by those decisions.

This misclassification meant:

  • Tags were not firing.
  • No analytics data was being captured for affected users. (This was distorting attribution and negatively impacting paid media's performance!)
  • No fallback or modeling could occur, since Consent Mode had no way to register user preferences.

This type of error is subtle but critical - everything can appear to be configured correctly,
but your entire data setup silently fails under real-world usage.

It's a perfect example of how Consent Mode setups can go wrong even when all the “boxes” seem to be checked.

Digging Deeper: What Was Actually Happening

We took a close look at the website’s <head> section and noticed something unusual in the GTM script:

<script class="optanon-category-C0004-C0007" ...>

That class attribute was the key. It told us that the script was being classified as a “Targeting” cookie (C0004) by the cookie management platform, OneTrust. This was a problem because targeting cookies are blocked when users decline them - which was causing the entire GTM script to be blocked.

In other words: the tool responsible for managing consent was being blocked by the consent system. That explained why tags weren’t firing and no tracking was occurring in certain sessions.

The Solution: Reclassify and Restore Functionality

Once we identified that GTM was being blocked due to its cookie classification, we collaborated closely with the client’s internal webdevelopment and privacy teams to correct the issue at its root.

The first step was to revisit the script categorization settings in OneTrust, the site’s Consent Management Platform (CMP).

By default, GTM had been assigned to the “Targeting” (C0004) category - likely due to automated scanning or a legacy configuration. While this category is valid for scripts that set marketing or advertising cookies, it’s not appropriate for the GTM container itself.

Since GTM doesn’t set cookies by default and is essential for managing Consent Mode logic, it must be allowed to load before a user makes any consent decisions.

Here's what we did:

  • In the OneTrust admin panel, we reclassified the GTM script from “Targeting” to a category that allows unconditional loading - either “Strictly Necessary” (C0001) or “Performance” (C0002), depending on the legal framework and site structure.
  • This reclassification meant that GTM could now load immediately upon page load, regardless of whether the user had accepted or declined cookies.

The updated GTM script tag looked like this:

<script async type="text/javascript" src="https://www.googletagmanager.com/gtm.js?id=GTM-XXXX" class="optanon-category-C0001"></script>

We also performed a cleanup within GTM:

A screenshot of the Tag Configuration settings for OneTrust CMP in a staging site, showing various storage categories with their corresponding IDs and global default consent status set to "On by default.
  • Removed redundant tag blockers and triggers that had been added during earlier troubleshooting efforts.
  • Ensured that consent-aware tag firing was properly implemented across GA4, Ads, and other tracking tags.

The result: Once these changes were deployed:

  • GTM loaded as intended.
  • Consent Mode became fully operational.
  • Tags respected the user’s consent choices and fired appropriately.
  • Analytics data - including modeled conversions - began flowing again. Attribution was cleaner, and Paid Search + Paid Social, in particular, were able to cleanly measure ROAS + ROI again!

This fix not only resolved the immediate data gap but also ensured long-term tracking stability and compliance.

Where You Can Learn More

If you're using OneTrust alongside Google Tag Manager, make sure you're following official documentation to configure Consent Mode properly. The issue we uncovered isn’t uncommon, especially with default configurations or unclear tagging practices.

Here are two official resources to guide your setup:

These explain how to properly classify scripts and ensure that Consent Mode works as expected with OneTrust.

Best Practices for Implementing Google Consent Mode with GTM and OneTrust

To avoid data loss and ensure your consent setup is both compliant and functional, follow these key best practices:

1. Classify GTM Correctly in Your CMP

Make sure your Google Tag Manager container is classified under a category that loads regardless of user consent - such as “Strictly Necessary” (C0001). GTM does not set cookies by itself and needs to load first to manage consent logic properly.

2. Keep Consent Mode Scripts Above Other Tags

Load the Consent Mode script before any other tags in the <head> section. This ensures that tracking decisions respect the user’s consent preferences from the start.

3. Regularly Audit Tag Behavior Across Consent States

Use tools like Google’s Tag Assistant, Preview mode in GTM, and browser dev tools to simulate different consent states and verify that tags are firing (or not firing) as expected.

4. Don’t Rely Solely on Default CMP Configurations

Default settings in platforms like OneTrust can misclassify essential scripts. Always review and customize script categorization to align with how your site operates and how GTM is used.

5. Keep GTM Clean and Organized

Avoid cluttering your GTM container with unnecessary logic or redundant tags. This makes it easier to identify issues when debugging Consent Mode or cookie behavior.

6. Document Your Consent Setup

Maintain clear internal documentation on how Consent Mode, GTM, and your CMP are configured. This is especially helpful for audits, team transitions, or troubleshooting down the line.

7. Monitor GA4 Data for Gaps

Keep an eye on anomalies in GA4 metrics - such as sudden drops in traffic or conversions - which could indicate issues with consent enforcement or tag firing.

8. Collaborate with Legal and Compliance Teams

Ensure your consent categories and data collection practices align with GDPR, ePrivacy, and other relevant laws. Technical accuracy won’t matter if your setup doesn’t meet legal requirements.

FAQs

 Can I use Google Consent Mode with platforms other than OneTrust?
 Yes! Google Consent Mode can work with various Consent Management Platforms (CMPs) like Cookiebot, TrustArc, or custom solutions. The key is proper integration that respects user consent and allows GTM to load appropriately.

What happens to GA4 data when Consent Mode is enabled but the user declines tracking?
 When users decline certain cookies, GA4 will still collect basic, anonymized data using “cookieless pings.” These are limited in scope and useful for modeling user behavior without identifying individuals.

Will Consent Mode affect my remarketing or conversion tracking in Google Ads?
 Absolutely. If users decline consent for "marketing" cookies, tags related to Google Ads remarketing or conversion tracking will not fire. That can lead to gaps in your advertising attribution.

How does Consent Mode impact data modeling in GA4 reports?
 GA4 uses consent-aware modeling to estimate conversions and user behavior when data is missing due to declined consent. You’ll see these modeled conversions labeled as such in your reports.

Should the GTM container itself be considered a necessary script?
 Yes - when properly implemented. The GTM container must load before any consent decision to enable Consent Mode functionality. It doesn’t set cookies itself, so it can be placed under “Strictly Necessary” if configured correctly.

How can I test if Consent Mode is working as intended on my site?
 Use browser dev tools and Google’s Tag Assistant extension to simulate different consent scenarios. You should also review GA4 real-time reports and look for consent signals in the dataLayer.

Can incorrect Consent Mode setup affect my GA4 retention or bounce rate metrics?
 Definitely. If your tracking setup doesn’t fire for some users, GA4 won’t capture their sessions at all - skewing bounce rates, session counts, and user retention metrics.

Final Thoughts

Getting Cookie Consent Mode right is more than ticking a compliance checkbox - it’s about building trust with your users while keeping your analytics strategy strong. With the right tools and setup, you can collect meaningful data, stay on the right side of privacy laws, and deliver better insights to your team.

Whether you're using OneTrust, GTM, or another setup, the key is clarity: know what you're collecting, when, and why. And when in doubt - test, validate, and keep things transparent.

Thank you for reading!

We're always looking for ways to improve our Google Analytics 4 blog content. Please share your feedback so we can make it even better.

Get free Google Analytics 4 reporting templates sent to your inbox...

Thank you! You have been subscribed to GA4 Updates!
Oops! Something went wrong while submitting the form.
top arrow

Unlimited Google Analytics & Tag Management Services at a Flat Rate.

Analytics Mates

About UsOur TeamTestimonialsPartner Referral ProgramContact UsPrivacy PolicyTerms of Service

Services

Google Analytics ConsultingGoogle Analytics Audit & OptimizationGoogle Analytics Implementation & SetupGoogle Tag Manager Implementation & ManagementData Analysis & Reporting (Google Looker Studio)
Resources
Free Google Analytics 4 TemplatesUseful Google Analytics Tools & SolutionsBlog
Subscribe to Analytics Mates Newsletter
Thank you! You have been subscribed to Analytics Mates Newsletter!
Oops! Something went wrong while submitting the form.

© 2025 Analytics Mates. All rights reserved.
Made with ♥️ by ZenAnchor Digital LLC

Twitter X Analytics MatesYouTube Analytics MatesLinkedIn Analytics MatesFacebook Analytics Mates
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.. View our Privacy Policy for more information.
Awesome 👌