TITLE: GTM Consent Mode v2 (Advanced) + GA4 + Meta Pixel (SPA) — Implementation & Validation Guide
SUMMARY
This guide describes a working setup for Google Consent Mode v2 in Advanced mode with GA4 and Meta/Facebook Pixel using Google Tag Manager (GTM), specifically for Single Page Apps (SPA). It also explains how to validate correct behavior through network requests.
SECTION 1 — Key Concepts
1.1 Advanced vs Basic Consent Mode
• Advanced mode: Google tags fire even when consent is denied; Google receives cookieless “denied pings.”
• Basic mode: tags are blocked until consent is granted; no pre-consent pings; GTM does not replay skipped hits.
Important: If you require analytics_storage for GA4 tags inside GTM, you are effectively running Basic mode.
SECTION 2 — Google Consent Mode v2 Tag Options
2.1 Pass Ad Click Information Through URLs (url_passthrough)
Meaning
When users deny storage, Google can’t use cookies for attribution. If url_passthrough is true, Google tags append click/session identifiers to same-domain URLs so attribution can persist without cookies.
Recommended values
• true if you run Google Ads and want better attribution/modeling under denied consent.
• false if you don’t use Ads or legal prefers no identifiers in URLs.
2.2 Redact Ads Data (ads_data_redaction)
Meaning
When ad consent is denied, Google sends limited “denied pings.” With redaction on, those pings strip ad-related fields more aggressively.
Recommended values
• true if legal requires strict redaction on denied ad consent.
• false if you want maximum Ads modeling/attribution recovery.
2.3 Push dataLayer Event
Meaning
On consent updates, the Consent tag can push a custom event (commonly gtm_consent_update) so other tags can react to consent changes.
Recommended values
• Enable if you want tags to fire immediately after user consent changes.
• Disable if you don’t need consent-update triggers.
SECTION 3 — GA4 Setup for Advanced Mode (Recommended)
3.1 Correct GA4 Configuration
Step 1 — Defaults to denied early
Create a Consent Initialization tag that sets consent defaults before any tags load, e.g.:
CODE: Consent defaults (Consent Initialization trigger)
gtag('consent', 'default', {
ad_storage: 'denied',
analytics_storage: 'denied',
ad_user_data: 'denied',
ad_personalization: 'denied'
});Step 2 — GA4 fires once per page load
• GA4 Google Tag / Config should fire on Initialization (or All Pages).
• In GA4 tag consent settings: DO NOT require analytics_storage.
This allows GA4 to send cookieless denied pings pre-consent.
3.2 Expected Behavior
• First visit with denied consent: GA4 still fires → sends denied/cookieless page_view.
• After accept: GA4 continues normally and can set/read cookies.
SECTION 4 — How to Validate GA4 via Network Requests
4.1 Pre-consent denied ping pattern
Look for a request like:
• endpoint includes /g/collect
• en=page_view (or your custom event name)
• gcs=G100
• pscdl=denied
• often npa=1
This confirms Advanced mode is functioning.
4.2 Post-consent normal pattern
After accept, requests should show:
• gcs=G111
• npa=0
• pscdl=noapi is OK (browser label API missing, not a consent issue)
4.3 Note about cid
Seeing cid=… in denied hits can be an ephemeral/cookieless identifier.
The real check is cookies:
• Before consent: no ga cookies
• After consent: ga cookies appear
SECTION 5 — Custom GA4 Events Before Consent
In Advanced mode it is normal and compliant to send custom events pre-consent if:
• They are sent under denied consent (gcs=G100).
• They do NOT contain PII.
Do NOT send pre-consent:
• emails, full names, phone numbers
• exact addresses
• free-text form fields
• user IDs that map to a person
• very precise location data unless approved
Denied events may not show in Realtime but can appear later and feed modeling.
SECTION 6 — Meta / Facebook Pixel (Non-Google Tags)
6.1 Why Meta Pixel differs
Meta Pixel does not automatically support Google-style cookieless denied pings.
Therefore, in EU/GDPR contexts it should be blocked until marketing/ad consent is granted.
SECTION 7 — Using the Facebook Pixel GTM Template (Single Tag Type)
7.1 What the template does
The template:
• Injects the SDK load:
CODE:
injectScript('https://connect.facebook.net/en_US/fbevents.js
', ...)
• Initializes the pixel base:
CODE:
fbq('init', pixelId, cidParams);
• Guards against re-initialization using a global list fbqgtm_ids.
• Always sends an event every time the tag fires (trackSingle / trackSingleCustom).
Implication
This template is “base + event” combined. It is not a pure base-only tag.
SECTION 8 — Recommended Meta Pixel Setup for SPAs
8.1 Main trigger: History Change
Use the template tag as an event tag for SPA route views.
Configuration
• Trigger: History Change
• Consent requirement in tag: ad_storage (and if mapped: ad_user_data, ad_personalization)
• Tag firing option: Once per page is OK (template already avoids re-init per route).
Outcome
• Pre-consent: Meta Pixel does not fire.
• Post-consent: every SPA route change sends a Meta PageView.
8.2 Optional: Consent update landing-page PageView
Add a gtm_consent_update trigger only if marketing wants to count the current landing page immediately on accept.
Risk
SPAs may also fire a History Change right after accept → potential duplicate PageView.
Mitigation guard (simple flag)
• After the Meta tag fires on History Change, set a flag:
CODE: Flag setter (Custom HTML, same trigger as Meta tag)
window.metaPVSent = true;
• Only fire on gtm_consent_update if metaPVSent is false.
8.3 Do NOT trigger Meta tag on plain Page Load / All Pages
In SPA + consent gating, All Pages adds little benefit and increases duplicate risk.
SECTION 9 — What “Good” Looks Like
Fresh first visit:
Pre-consent
• GA4 sends denied/cookieless page_view + denied custom events (gcs=G100).
• Meta Pixel sends nothing.User accepts
• GA4 continues normally on same page (gcs=G111).
• Optional Meta PageView fires once on gtm_consent_update (with guard).SPA navigations
• GA4 logs virtual pageviews (enhanced measurement or manual).
• Meta Pixel template logs PageView on each History Change.
SECTION 10 — Checklist
GA4 (Advanced)
• Consent defaults denied in Consent Initialization
• GA4 config fires on Initialization/All Pages
• No required analytics_storage
• Pre-consent hits show gcs=G100
Meta Pixel (Template)
• Require ad/marketing consent
• Trigger on History Change
• Optional gtm_consent_update only with guard
• No All Pages trigger