Google Tag Manager Cookie Consent: 4-Step Setup With Screenshots

Quick Overview: To set up Google Tag Manager cookie consent, add a consent management platform (CMP) tag in GTM and fire it on Consent Initialization. Set default consent states to denied for ad_storage, analytics_storage, ad_user_data, and ad_personalization. Then configure consent-based triggers so that non-essential tags fire only after the visitor accepts.

Google Tag Manager cookie consent becomes a real problem once your container already runs GA4, Meta Pixel, LinkedIn Insight Tag, or TikTok Pixel. If any of those tags fire before a visitor makes a choice, you have a consent gap that creates both compliance risk and unreliable data.

That gap is more common than most teams expect, because GTM evaluates tags in the order they load, not the order they appear in the workspace. Without the right trigger sequence, your cookie consent for Google Tag Manager setup can look correct in the interface and still fail on the live page.

This guide covers how to install Enzuzo's consent management platform in GTM, configure Google Consent Mode v2, set up consent-based triggers, and test the full flow before publishing.

What is GTM cookie consent and why does it matter?

In GTM, cookie consent is the logic that controls when tags can fire, what data they can store, and how consent choices are passed to the tools connected to your site. In practice, cookie consent GTM setup means your banner collects the visitor’s choice first, then GTM uses that choice to decide whether analytics, advertising, and other non-essential tags should run.

That matters even more now that many teams use Google Consent Mode v2 alongside their banner. Consent Mode v2 lets Google tags read consent signals for analytics and advertising activity, including whether ad-related data and personalization can be used.

If you already run Google Analytics, Google Ads, Meta Pixel, LinkedIn Insight Tag, or TikTok Pixel through GTM, this layer helps Google tags adjust their behavior based on consent.

Now, the compliance side is where this stops being a small configuration job and starts affecting the entire stack. A weak GDPR cookie consent setup can let tags fire before consent is granted, drop cookies too early, or send data before the user has made a choice. That creates two problems at once.

First, it can undermine the GDPR and the CCPA’s consent requirements. Second, it can make your reporting harder to trust, since data may be collected under the wrong consent state. Clean consent handling helps support compliance and makes your measurement data more reliable.

Setting up cookie consent in Google Tag Manager (step-by-step)

A solid Google Tag Manager cookie consent setup does four things in order. It loads your CMP first, sets a default consent state before other tags evaluate, updates that state when the visitor makes a choice, and blocks non-essential tags until the right consent exists. That order matters. If the cookie banner or consent state loads late, analytics and ad tags can fire first and send data under the wrong conditions.

Note: This guide assumes you already have Google Tag Manager set up on your website. If you don’t follow these instructions from Google before the steps below.

Step 1: Install the Enzuzo cookie banner

• Open your Google Tag Manager container and make sure you’re in the Workspace tab.

• Go to the Templates section → click Search Gallery.

• Select the Enzuzo Cookie Manager template → Add To Workspace → Add.

• Go to Tags → New.

• Give it a descriptive name → select Enzuzo Cookie Manager as the tag type → Set the trigger to Consent Initialized – All Pages → Save.

• In Tag Configuration fill in the Enzuzo Script URL field. You can find the correct URL under Cookie Consent → Cookie Banner → Add To Site.

Tip: If you already manage a busy container with GA4, Meta Pixel, LinkedIn Insight Tag, or TikTok Pixel, keep this tag early and keep the setup clean. Only deploy the Enzuzo script via GTM, not by hard-coding it in your site header. Hard-coding creates conflicting sources of truth, making debugging difficult. Also, hard-coded pixels outside GTM won’t respect GTM’s consent controls.

Step 2: Configure Google Consent Mode v2

Next, configure Google Consent Mode v2 so Google tags can read the visitor’s consent state. In GTM, the key idea is simple. Set a default consent state before the user interacts with the banner, then update that state after the visitor accepts, rejects, or customizes consent.

Consent Initialization exists for exactly this reason. It runs before other triggers, so consent settings are in place before tags try to fire. For V2, the main consent signals to account for are ad_storage, analytics_storage, ad_user_data, and ad_personalization.

Note: Because you’re using the Enzuzo Cookie Manager template (from Step 1) triggered on Consent Initialization, you don’t need to create a separate custom HTML tag for the default consent states.

Step 3: Set Up Consent-Based Tag Triggers

Once the Enzuzo Cookie Manager tag (from Step 1) sets the consent state, you need to make every other tag in your container respect it.

1. Create the enzuzo_consent_update Custom Event trigger (required for first-page opt-ins):

• Go to Triggers → New.

• Name it enzuzo_consent_update.

• Choose Trigger Configuration → Custom Event.

• In the Event name field, type exactly: enzuzo_consent_update (case-sensitive, no quotes) → Save.

• Go to Tags in the left sidebar and open the Google tag you want to edit.

• Scroll down to Advanced settings → Consent Settings. Check the box Require additional consent for the tag to fire.

• Add the relevant consent types, e.g., analytics_storage, ad_storage, ad_user_data, ad_personalization.

• Click Save.

• Go to Tags in the left sidebar. Click the name of the third-party tag you want to edit (this opens the tag editor).

• In the tag editor, scroll down to the Triggering section. Keep your existing trigger (usually All Pages or Page View) → click the plus (+) icon to add another trigger.

• Select the enzuzo_consent_update trigger you created earlier.

• Now scroll further down to Advanced settings. Inside Advanced settings, expand the Consent Settings section. Check the box Require additional consent for the tag to fire.

• Add the matching consent category (e.g., ad_storage for advertising pixels like Meta/TikTok/LinkedIn, or analytics_storage for tools like Hotjar/Clarity — match whatever you set in your Enzuzo dashboard).
  
  
• Click Save.

Step 4: Test Your Setup

Before you publish, test the whole flow in Preview mode.

1. Launch GTM Preview mode

• In your GTM workspace, click Preview. This opens Google Tag Assistant.

• Enter your website URL and click Connect.

• Use an incognito/private browser window (or clear all cookies/storage for your domain). This ensures no old consent cookies affect the test.

• Look at the Summary tab and confirm the first event is Consent Initialization. Switch to the Consent tab and verify:
• Default consent states are set to denied (ad_storage, analytics_storage, ad_user_data, ad_personalization) before any other tags load.

• Interact with the Enzuzo banner on your site:
• Accept consent → confirm the consent state updates to granted for the chosen categories.
• The enzuzo_consent_update event should appear.

• Test 1 (New visitor – no consent yet): Refresh the page. Confirm all non-essential tags that you intend to block before consent remain blocked and do not fire before you interact with the banner. If you’re using basic consent mode, Google tags should stay blocked until the visitor interacts with the banner. If you’re using advanced consent mode, Google tags may load with denied defaults and send cookieless pings before the user makes a choice.
  
  
• Test 2 (Accept consent): Click “Accept” (or your equivalent). Confirm the correct tags now fire on the same page (thanks to the enzuzo_consent_update trigger).
  
  
• Test 3 (Reject consent): Refresh in a new incognito window, click “Reject” (or customize and deny). Confirm the same tags remain blocked and don’t fire.

• In Tag Assistant, verify that no Google or third-party tags fired early.
• Check the Console tab for any consent-related errors.
• (Optional) Use Google’s Consent Mode checker or browser dev tools ataLayer search for “consent”) for extra confirmation.

Want a done-for-you service instead? Book a call or start building for free

Common mistakes to avoid

Most GTM consent issues don’t stem from a single big failure. They usually come from small setup mistakes that change the order in which tags load, update, or stay blocked. When that happens, you can end up with tags firing too early, consent states not updating properly, or reporting that no longer reflects what users actually agreed to.

1. Firing the banner too late

If the Enzuzo tag doesn’t fire on Consent Initialization – All Pages, other tags can emerge first. The result is simple: analytics or ad tags may load before consent is available, creating a consent gap from the first page view.

2. Letting non-essential tags fire on page load

Tags like GA4, Meta Pixel, LinkedIn Insight Tag, and TikTok Pixel shouldn’t run off a broad trigger like All Pages unless the right consent checks are in place. If they do, they can drop cookies or send data before the visitor has made a choice. That creates compliance risk and can taint the data collected in that session.

3. Sending only the old v1 signals

Many setups still only pass ad_storage and analytics_storage. For Consent Mode v2 you must also handle ad_user_data and ad_personalization. If these are missing or left at their default, Google treats the implementation as incomplete, which can break modeling and ad compliance.

4. Forgetting to update consent after the user makes a choice

A default denied state is only the starting point. Your setup also needs to update consent when the visitor accepts, rejects, or customizes preferences. If that update never happens, tags may stay blocked when they should fire, or keep using the wrong consent state after the user has already decided.

5. Ignoring first-page consent updates

If you don’t use the enzuzo_consent_update event, tags may not fire on the same page where the visitor gives consent. The practical consequence is delayed tracking, missing events on landing pages, and a harder time figuring out whether the setup is broken or just incomplete.

6. Skipping a real test before publishing

A setup can look fine in GTM and still fail on the live page. If you skip Preview mode and Tag Assistant, you can publish a configuration that appears correct in theory but still fires tags too early, misses consent updates, or blocks tags that should run.

FAQ: Setting up a cookie consent banner with GTM

How do I implement cookie consent with Google Tag Manager?

Start by adding your CMP tag in GTM and firing it on Consent Initialization – All Pages. Then set a default denied consent state, update that state when the visitor makes a choice, apply consent checks to your tags, and test the flow in Preview mode and Tag Assistant. That’s the core of a working cookie consent GTM tutorial.

Is Google Tag Manager GDPR compliant?

Google Tag Manager by itself isn’t a compliance tool. It can support a compliant setup when you use it to load your consent banner first, block non-essential tags until consent is granted, and make sure your tags respect the visitor’s choice. If tags fire before consent, your Google Tag Manager GDPR compliant setup falls apart pretty quickly.

Does Google Tag Manager use cookies?

GTM itself is a tag management system. It loads and manages tags on your site, but the cookies usually come from the tags you deploy through it, such as Google Analytics, ad pixels, or other third-party scripts. In other words, GTM is the delivery layer. The tags are usually the ones doing the actual cookie work.

What’s the difference between a cookie banner and Google Consent Mode?

A cookie banner collects and records the visitor’s consent choice. Google Consent Mode takes that choice and passes consent signals to Google tags so they know what they can and can’t do. For third-party tags, you still need GTM triggers or consent settings to block or allow them.

How do I know if my GTM consent setup is working?

Test it in GTM Preview mode and Tag Assistant using a fresh session. Check that consent defaults load before other tags, confirm non-essential tags stay blocked before consent, then accept or reject the banner and confirm the consent state updates correctly. If tags start firing before the visitor chooses, the setup still needs work.