Google Consent Mode v2

  • Updated

Integrate Osano with Google Consent Mode v2 to ensure compliance with data privacy laws while managing Google Analytics, Ads, and other Google Marketing Platform services according to user consent preferences.

Overview

Google Consent Mode allows websites to adjust how Google tags and scripts behave based on the user's consent choices. It is essential for sites implementing Server-Side Tagging.

For more details on Google Consent Mode, view the official Google Consent Mode documentation.


 

Getting Started with Consent Mode v2

Osano integrates with Google Consent Mode v2 as follows:

  • Based on the user's location and applicable privacy laws, Osano blocks all non-essential cookies and scripts until the user grants consent.
  • Once consent is given, Osano communicates the user's preferences to Google Consent Mode, which adjusts the behavior of Google services based on these settings.

Note: Osano only shares consent preferences with Google, such as whether marketing or analytics cookies are accepted. No personal data is transmitted.

Requirement: Ensure you are using Google’s gtag.js for this setup.

Example: 

<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID"></script>

 


Enabling Google’s Consent within Osano

Google Consent Mode is automatically enabled for new configurations created after March 2024. If your configuration was created before this, follow these steps:

  1. Log in as an Admin or Consent Manager.
  2. Navigate to Consent Management.
  3. Create or Edit a Consent Manager configuration.
  4. Under Settings, toggle the Google Consent Mode switch on.
  5. Save and Publish the configuration.

Screenshot 2023-01-18 at 11.11.08 AM

 

For more information regarding Google Consent with gtag, including which tags and containers are supported, go to https://developers.google.com/gtagjs/devguide/consent

 

Enabling IAB TCF 2.2 within Osano (Optional)

Starting January 16, 2024, Google AdSense, Ad Manager, and AdMob require publishers to use a CMP certified by Google and integrated with the IAB's Transparency and Consent Framework (TCF) when serving ads to users in the EEA or UK.

To enable IAB TCF 2.2:

  • Access your configuration in Osano and enable the IAB EU TCF 2.x Framework.

Note: If you opt not to use the IAB TCF 2.2 framework, you must include this Google Privacy link in your banner. This can be done by adding "Additional Link Text" in your Cookie Consent Manager settings and choosing "Google Privacy Policy" from the list of additional links. 
Link: https://business.safety.google/privacy/

CMP_Google_CM_Link.png

 


Implementing Google Consent Mode via Gtag or Google Tag Manager

This setup applies to Google Ads, Floodlight, Google Analytics, and Conversion Linker tags deployed directly via gtag.js or through Google Tag Manager (GTM).

  1. Enable Google Consent Mode in Osano.
  2. Add the following Data Layer code to your website before Osano's JavaScript executes:
    html
     
<script>
  window.dataLayer = window.dataLayer ||[];
  function gtag(){dataLayer.push(arguments);}
  gtag('consent','default',{
    'ad_storage':'denied',
    'analytics_storage':'denied',
    'ad_user_data':'denied',
    'ad_personalization':'denied',
'personalization_storage':'denied',
'functionality_storage':'granted',
'security_storage':'granted',
  'wait_for_update': 500
  });
  gtag("set", "ads_data_redaction", true);
</script>

Note: It is recommended to add this script directly to the HTML before Osano.js is loaded. If using GTM (not recommended), ensure this code fires before any other Google tags.

 

Advanced Features & Customization

For advanced use cases, such as region-specific behavior and URL passthrough, Google’s API documentation provides further steps. Osano automates many of these configurations, reducing manual setup.

You may adjust ad_storage and analytics_storage values to ‘granted’ for opt-in scenarios like CCPA compliance. Osano will manage all consent communication with Google.

 

Consent Category Mapping Between Osano and Google

Osano's consent categories map to Google's as follows:

Osano Google Consent Mode Categories
Marketing ad_storage, ad_user_data, ad_personalization
Analytics analytics_storage
Personalization personalization_storage
Essential functionality_storage, security_storage

When users opt out of a category in Osano, the corresponding Google consent setting changes from granted to denied.

 


Setup Workflow & Best Practices

Execution Order on Your Website:

  1. Google Consent Mode Data Layer – Sets default consent.
  2. Osano.js – Manages consent changes and updates.
  3. Google Applications – Ensures Google tags respond appropriately to consent changes.


 

Basic vs. Advanced Setup

The key difference between a Basic Google Consent Mode setup and an Advanced Google Consent Mode setup depends on how you classify the Google Content with the Osano Admin Portal. 

 

Basic Setup:
Classify Google scripts and cookies within the Osano admin portal (e.g., Google Analytics = Analytics) as you would normally reflecting their function. Osano will handle when and if these tags fire based on user consent. This setup ensures compliance and is recommended.

This setup is the most compliant and is recommended by Osano.

Advanced Setup:
Classify scripts and cookies as "Essential" within the Osano admin portal (e.g. _ga = Essential). This setup puts Google in full control of their tags and content. 

IMPORTANT: This setup option renders the Osano Pledge null and void. 

When you implement consent mode in via the advanced setup, Google scripts load when a user opens the website or app - in this way, Google can send "Cookie-less pings" for modeling purposes. The Google cookies, however, will respect the consent preferences communicated by the default data layer established previously and any consent updates passed to Google by the Osano Cookie Consent manager. See Impact of Google Applications for more details. CMP_Google_Advanced_Basic_mode.png

View more about Basic vs Advanced setup on Google's site here.

 


 

Impact on Google Applications (Advanced Setup ONLY)

When consent is denied, the associated Google tags deployed via gtag.js or Google Tag Manager will adjust their behavior accordingly.

In all cases, pings may include:

  • Functional Information - Timestamp, User-Agent, Referrer
  • Aggregate/non identifying information - An indication for whether or not the current page or a prior page in the user's navigation on the site included ad-click information in the URL (e.g., GCLID / DCLID), 

Consent and conversion pings may include the following behaviors depending on the state of the consent settings and the configuration of your tags.

ad_storage='denied':

  • No new cookies pertaining to advertising may be written.
  • No existing first-party advertising cookies may be read.
  • Third-party cookies previously set on google.com and doubleclick.net may be sent in request headers (but limited to use for spam and fraud purposes).
  • Google Analytics will not read or write Google Ads cookies, and Google signals features will not accumulate data for this traffic.
  • IP addresses used to derive IP country but are never logged by our Google Ads and Floodlight systems and are immediately deleted upon collection. Note: Google Analytics collects IP addresses as part of normal internet communications.
  • Full page URL is collected, including ad-click information in URL parameters (e.g., GCLID / DCLID).

ad_storage='denied' + ads_data_redaction=true:

  • No new cookies pertaining to advertising may be written.
  • No existing advertising cookies may be read.
  • Requests are sent through a different domain to avoid previously set third-party cookies from being sent in request headers.
  • Google Analytics will not read or write Google Ads cookies, and Google signals features will not accumulate data for this traffic.
  • Ad-click identifiers (e.g., GCLID / DCLID) in consent and conversion pings are redacted.
  • IP addresses used to derive IP country but are never logged by our Google Ads and Floodlight systems and are immediately deleted upon collection. Note: Google Analytics collects IP addresses as part of normal internet communications.
  • Page URLs with ad-click identifiers are redacted.

analytics_storage='denied':

  • Will not read or write first-party analytics cookies
  • Cookieless pings will be sent to Google Analytics for basic measurement and modeling purposes.

Checking your Setup

Verify Execution Order: Ensure Google Consent Mode defaults execute before Osano.js.

Osano Should Execute Second.

Ensure that all subsequent scripts execute after The GCM default and the Osano script. Also, ensure that you have not given prior consent (i.e., you should see the Osano banner/popup and NOT the cookie icon). 

Next, ensure your tags are firing: For this, you can GTM's preview mode or the Google Tag Assistant browser extension, which can be found HERE

Ensure that the appropriate tags are firing on your page prior to consent: 

 

Inspect the Data Layer: Open your browser's Developer Tools and use dataLayer to confirm the consent status is being properly communicated.

  • To check the data layer to ensure your consent preferences are being updated, open a new browser window (preferably a clear incognito or private window) and open your Inspector/Developer tools. 
  • Go to "Console" and navigate to your site. 
  • Enter the following into the console. 
dataLayer

Prior to consent being granted, the output for the above should read something like this: 

Arguments(3)0: 
"consent"
1:"default"
2:{ad_storage: "denied", analytics_storage: "denied"}
Arguments(3)0:
 "consent"
1: "default"
2: ad_storage: "denied"
analytics_storage: "denied"

This should match with your set defaults. If you then grant consent (to analytics and/or marketing), save those changes, and call that function again, you should see something similar to the following: 

Arguments(3)0:
 "consent"
1: "update"
2: {analytics_storage: "granted", ad_storage: "granted"}

 

Test Cookie Behavior: Before consent, confirm that cookies like _ga, _gid, and _gat are not set. Use a fresh browser session (e.g., incognito mode) to avoid cross-session tracking.

Start with a clean browser. We recommend opening a brand new incognito or private window. If given the option, ensure the "Block third-party cookies" option is turned off to simulate a normal browsing session. Ensure that you have no other incognito or private windows open.

If you are not using an incognito or private window, be sure to clear all storage and trackers before testing: Clear your history, cache, cookies, local storage...everything. Then restart the browser (i.e., fully close and re-open a new browser window). 

Once your browser is ready, open your developer tools:

  • In Chrome, Right-Click > Inspect
  • In Firefox, Right-Click > Inspect Element
  • In Edge, Right-Click > Inspect 
  • in Safari, Develop Menu > Show Web Inspector

Go to "Applications" or "Storage" (depending on the browser) and find "Cookies." Here you want to look for the appropriate Google cookies. Before granting consent, you shouldn't be seeing the _ga_gid, or _gat cookies being set.

If the first two checks executed as expected, it will be unlikely that you will see these cookies getting set prior consent. If they are, then you are likely adding them through an inline script, like analytics.js (which doesn't support Consent Mode).


What do you do if you have done all of this, but your data STILL doesn't look right? 

We're happy to review your Osano setup and the interaction with GTM! As a Google certified CMP partner, we are happy to assist you with troubleshooting and recommendations as well as any escalations to Google that may need to occur.

 

Review Osano on G2