Consent Mode Implementation Template

Background

Template to plan implementation of Consent Mode

1. Setup & Planning

Decide on your consent management platform (CMP): e.g., OneTrust, Cookiebot, Quantcast
Decide which platforms need consent-based tagging (e.g., Google Ads, GA4, Meta Pixel, TikTok Pixel or all). Typically you want all of them to have them.
List all tag types: conversion, re-marketing, analytics, A/B testing etc.
Decide which tags fall under which category:

Consent Category	Description	Consent Mode Signals
`ad_storage`	Ad-related storage, like conversion tracking or remarketing pixels	`granted` / `denied`
`analytics_storage`	Analytics tools that track user behavior (e.g., GA4, Hotjar)	`granted` / `denied`
`functionality_storage`	Features that enhance user experience (e.g., language settings)	`granted` / `denied`
`security_storage`	Tags that ensure site security or prevent fraud (e.g., bot detection)	`granted` / `denied`
`personalization_storage`	Customizes user experience (e.g., recommended products, A/B testing tools)	`granted` / `denied`

Example:

Consent Mode Tag Categorization Template

This document outlines how common tag types map to Consent Mode categories.

Tag Name / Vendor	Purpose	Consent Category	Notes
Google Ads (gtag/remarketing)	Conversion tracking, remarketing	`ad_storage`	Disable until ad_storage is granted
GA4 (Google Analytics)	Website analytics	`analytics_storage`	Use Consent Mode defaults
Meta Pixel (Facebook)	Ad performance + remarketing	`ad_storage`, `analytics_storage`	Add custom consent triggers in GTM
Hotjar	Session replay + heatmaps	`analytics_storage`	May also require personalization_storage
A/B Testing Tools (Optimizely)	Site experiments	`personalization_storage`	Fire only when consent is granted
Cloudflare Bot Management	Bot protection	`security_storage`	Should fire even when no consent is given
OneTrust or Cookiebot	Consent banner and preferences	`functionality_storage`	Should always be allowed to fire
Intercom / Drift	Chat widgets	`functionality_storage`, `personalization_storage`	Often requires both categories
Shopify or BigCommerce Tracking	Purchase and session tracking	`analytics_storage`, `ad_storage`	Check platform documentation

2. Core Consent Mode Script

Either on the page code itself, or within your tag manager, place this script in the <head> before any other tags:

<script>
	window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}

  gtag('consent', 'default', {
    ad_storage: 'denied',
    analytics_storage: 'denied',
    functionality_storage: 'denied',
    personalization_storage: 'denied',
    security_storage: 'granted'
  });
</script>

3. Consent Update Script (Triggered by CMP)

This should be triggered when the user makes a choice (either via banner or on privacy choices section of your site):

example:

<script>
gtag('consent', 'update', {
ad_storage: 'granted',
analytics_storage: 'granted'
});
</script>