All docs

Integrations

Google Consent Mode v2 setup

How Consentico wires Google Consent Mode v2 into your Shopify store automatically, and what to verify after install.

If you have Google Analytics 4 or Google Ads pixels installed via Shopify or Google Tag Manager, Consentico automatically configures Google Consent Mode v2 — no extra setup. This doc covers what happens under the hood, the two installation surfaces (Shopify-native vs. GTM Community Template), and how to verify it's working.

For the longer "why" piece, read Google Consent Mode v2 for Shopify on the blog.

Two installation paths

Consentico exposes Consent Mode v2 through two surfaces. Pick whichever matches your tag deployment:

PathWhen to useSetup
Shopify-native (theme app extension)You install GA4 / Google Ads via Shopify's tag manager, the Google & YouTube channel, or hard-coded in theme.liquid.Install Consentico from the Shopify App Store. The banner ships Consent Mode v2 defaults inline before any tag fires. No further steps.
GTM Community TemplateYou manage all Google tags through your own Google Tag Manager container.Add the Consentico CMP template from the GTM Community Template Gallery, place a single tag instance on All Pages — Consent Initialization, and pass your shop ID.

The two paths are wire-compatible: the banner emits a cookieConsentUpdated CustomEvent that the GTM template listens for, so installing both is harmless if you ever migrate.

What Consentico does automatically

When the banner loads (before any other tracking script):

  1. Initialise the dataLayer. Adds the gtag stub if your store doesn't already have one.
  2. Set GCM v2 defaults — region-scoped. EEA + UK + Switzerland visitors default to denied across ad_storage, ad_user_data, ad_personalization, analytics_storage, personalization_storage. Visitors elsewhere default to granted unless you've enabled global GDPR mode in Settings. This avoids over-denying US/CA traffic where consent isn't legally required.
  3. Configure wait_for_update. Tells Google to wait up to 500ms for the visitor's decision before sending pings.
  4. Apply EEA flags. Sets ads_data_redaction=true and url_passthrough=true to preserve attribution in cookieless mode.
  5. Block tracking scripts. Three-layer blocking (createElement override, MutationObserver, type=text/plain) prevents non-Google vendors (Meta, TikTok, Klaviyo, etc.) from firing until consent.
  6. Update GCM signals on consent. When the visitor decides, calls gtag('consent', 'update', { ... }) with the granted values.

You don't have to do anything. The default-deny-in-EEA + wait_for_update + ads_data_redaction pattern is the one Google explicitly recommends for GDPR compliance.

Settings → Integrations → Google Consent Mode → Mode lets you pick between two implementations:

  • Advanced (recommended, default for new installs). Google tags load immediately with denied defaults and send cookieless pings before the visitor decides. Once consent is granted, full measurement resumes. Google uses the cookieless pings to model the missing conversions and attribute them in your Ads account. Other vendors (Meta, TikTok, etc.) stay fully blocked until consent.
  • Basic. Google tags are also blocked at the script-load layer until consent. No cookieless pings, no conversion modeling. Strictest interpretation of "no data before consent." Use this only if your legal team requires it.

Existing installs default to Basic — toggling to Advanced is a one-click change in Settings.

Verifying it works

1. Tag Assistant (Chrome extension)

Install Google Tag Assistant Companion and visit your store in incognito.

Expected on EEA / UK / Switzerland visitors (or any visitor when global GDPR mode is on):

  • GA4 tag fires with Consent state: ad_storage=denied, analytics_storage=denied, ad_user_data=denied, ad_personalization=denied.
  • First pageview ping is in "cookieless" mode (gcs=G100).

Expected on non-EEA visitors (with default region-scoped settings):

  • GA4 tag fires with all signals granted; pings are in gcs=G111 mode immediately.

After clicking Accept (anywhere):

  • GA4 tag fires with Consent state: ad_storage=granted, analytics_storage=granted, ad_user_data=granted, ad_personalization=granted.
  • Subsequent pings are in "full consent" mode (gcs=G111).

If you see gcs=G100 after Accept, GCM update isn't firing. Check that gtag is present in the global namespace and that no other script is overwriting it.

2. Google Ads diagnostics

Inside Google Ads → Tools & SettingsConversionsDiagnostics, look for:

  • ✅ "Consent Mode active"
  • ✅ "Consent Mode signals: ad_storage, analytics_storage, ad_user_data, ad_personalization"
  • ✅ "Consent Mode v2 signals received"

If any are red, your GCM v2 setup has gaps. Most often: the conversion tag is firing before GCM is initialised. Move the conversion tag inside Google Tag Manager and let GTM handle the firing order.

3. DevTools Network tab

Open DevTools → Network → filter by google-analytics.com/g/collect (the GA4 endpoint).

Expected behaviour on first visit (consent denied):

  • One request fires with gcs=G100&gcd=12222&dma=0 parameters.
  • The request payload is minimal — no client ID, no specific event details.

After Accept:

  • New requests fire with gcs=G111 and a full client ID.

Edge cases

If you already have Google Tag Manager with your own consent triggers, disable Consentico's GCM injection in Settings → Integrations → Google Consent Mode → "Manage GCM elsewhere." This prevents double-firing of consent updates.

You'll still want Consentico to:

  • Block third-party scripts (yes — leave on; this is the script-load layer, not the consent-signal layer).
  • Provide the consent UI and audit log (yes — that's what merchants pay for).

"I'm using Shopify's pixel manager"

Shopify's pixel manager (introduced 2023) offers a consent integration via the Customer Privacy API. Consentico syncs to that API automatically — when a visitor consents to "Marketing," Shopify's pixel manager unlocks Meta Pixel, Klaviyo Web, etc.

You don't need to configure anything additional. Verify by:

  1. In incognito, visit your store.
  2. Decline cookies.
  3. Add a product to cart → checkout.
  4. Open DevTools → Network → check for Meta Pixel / Klaviyo requests. There should be none until consent is given.

"I'm using Hydrogen / headless"

Hydrogen storefronts don't have a theme app extension, so the GCM setup runs via the @consentico/web package. Same defaults, same behaviour — just imported as a React component instead of a Liquid block.

import { ConsentBanner } from "@consentico/web";

// in your root component
<ConsentBanner shopDomain="your-store.myshopify.com" />

"Modeled conversions aren't showing in Google Ads"

Modeled conversions take 7–14 days to start arriving. They also require a minimum traffic volume (varies by country; ~700 ad clicks/week is the rough threshold). If you're seeing nothing after two weeks at sufficient volume:

  1. Confirm Tag Assistant shows GCM v2 active.
  2. Confirm Google Ads diagnostics shows "Consent Mode signals received."
  3. Check that Enhanced Conversions is also enabled (multiplies the modeling effect).

What if I don't have GA4 or Google Ads?

GCM injection still happens, but it's a no-op — without any Google tags listening, the consent signals don't reach anything. There's no harm in leaving it on; if you add Google tags later it'll just work.