Understanding WordPress Cookie Consent Mode
If you are utilising WordPress, GA4 and GTM for your website performance the following information is designed to assist in some of the set up processes, error messages you may be seeing and getting to grips with the different cookie classifications.
Google Consent Mode & Cookieless Tracking
With Google Analytics 4 (GA4) and Advanced Consent Mode, you can record events even without user consent. However, these events won’t be attributed to a specific, personally identifiable user who declined consent. Instead, via Advanced Consent Mode, they are recorded as ‘cookieless pings’.
Essentially, you will need to utilize the traffic reports and user reports in GA4 to understand the difference in session-based reporting data, especially in relation to events occurring on-site. Traffic reports can contain more data without requiring cookies, ensuring compliance with privacy laws.
The events sent via cookieless pings act as data packets that can then benefit from Google’s modeling process. However, this feature is only available to businesses that use the ‘blended’ reporting identity in GA4 and meet the minimum data requirements of at least 1,000 daily users—which excludes many small businesses.
Blended Reporting identity
You may encounter the following message in your reporting identity if you have opted for blended reporting feature, but that have not met the traffic volume:
“Modeling is unavailable for this property. Once it’s available, it will be turned on by default in your reports.”
What is consent mode?
Consent Mode allows websites to adjust their Google Analytics and Google Ads tracking based on a user’s cookie consent preferences. When a user declines analytics or ad cookies, Consent Mode ensures that data collection adheres to privacy regulations while still providing valuable insights through aggregated and modeled data.
How Consent Mode Works:
If consent is granted, standard tracking and data collection occur.
If consent is denied, cookieless pings are sent, allowing Google to model data while respecting privacy laws.
Consent settings can be managed using a Consent Management Platform (CMP) integrated with Google Tag Manager (GTM).
Types of Cookies & Their Classifications
Google and Consent Management Platforms (CMPs) classify cookies into different categories based on their purpose and regulatory requirements:
| Cookie Category | Purpose | Used For? | Typical Consent Requirement? |
|---|---|---|---|
ad_storage | Ad-related cookies | Remarketing, conversion tracking | Requires user opt-in (GDPR, ePrivacy) |
ads_personalization | Personalization of ads | Customizing ads based on user behavior | Requires user opt-in (GDPR) |
ad_user_data | User data for ads | Google Ads features like customer match | Requires user opt-in |
analytics_storage | Analytics data storage | GA4, behavioral tracking, performance analytics | Sometimes exempt if anonymized |
functionality_storage | Functional site cookies | Saving user settings, preferences, logins | Often allowed without opt-in |
security_storage | Security-related cookies | Fraud prevention, login security | Typically exempt |
personalization_storage | UI personalization | Dark mode, language settings, saved preferences | May require opt-in |
performance_storage | Site performance & UX improvement | A/B testing, heatmaps, page speed data | Sometimes exempt if anonymized |
Additionally, CMPs (Consent Management Platforms) often group cookies into broader categories:
- Strictly Necessary – Essential for the website to function (login, security, fraud prevention).
- Performance/Analytics – Used for insights, traffic measurement, UX improvements.
- Functionality/Preferences – Saves user settings (language, dark mode).
- Advertising & Marketing – Tracks users across sites for remarketing and ad targeting.
- Social Media Cookies – Allows sharing content via social networks.
Cookies & Compliance Trends
The landscape of cookie tracking is changing due to:
· Regulatory updates (GDPR, ePrivacy, CCPA, Digital Markets Act).
· Tech industry shifts (Google phasing out third-party cookies by 2024-2025).
· Browser policy changes (Safari, Firefox blocking third-party cookies by default).
· Server-side tracking replacing traditional cookies (Google Consent Mode v2, FLoC/Topics API).
Achieving compliance
Install & Configure
the CMP Plugin in WordPress
Choose a WordPress-compatible CMP (e.g., Complianz, CookieYes, Usercentrics, Cookiebot).
Follow the CMP’s setup wizard to configure region-specific consent (GDPR, CCPA, etc.).
Ensure Google Consent Mode integration is enabled (most top CMPs offer this).
The CMP will auto-generate and display a cookie banner.
At this stage, the CMP blocks non-essential cookies until consent is given.
A helpful link to configuring your CMP and GTM container – watch the video and learn more about the GTM settings.
Configure (GTM)
to Work with Consent Mode
In GTM, configure Consent Mode settings:
Set Default Consent State (e.g., “denied” until user consents).
Enable ad_storage, analytics_storage, ad_user_data, ads_personalization for Google Tags.
Modify GTM triggers to fire tags only after consent is granted.
Implement Consent Checks:
Modify Google Analytics 4 & Google Ads conversion tags to respect consent preferences.
Now, Google Ads & GA4 will only fire cookies if the user consents.
