datascale

Tool

CMP and GTM Consent QA Template

A QA template to test default denied states, consent updates, and tag firing for ad_storage, analytics_storage, ad_user_data, and ad_personalization in GTM.

A repeatable test plan to QA your CMP and GTM Consent Mode setup — default denied states, consent updates, tag firing, and all four signals. Built for engineers and analytics teams who need to prove the consent chain works, not hope it does.

The June 15, 2026 change made Consent Mode the single control for Google Ads data collection from GA4-linked setups. That puts the burden on the signal layer — and the only way to trust a signal layer is to test it under each consent state. This template turns "is Consent Mode working?" into a checklist of concrete, repeatable test cases.

Background reading: What the June 2026 Google Consent Mode change means for GA4 and Google Ads.

Who this template is for

  • Engineers implementing or maintaining GTM / server-side GTM and the CMP wiring.
  • Analytics leads who need QA evidence before signing off a setup.
  • Agencies and partners standardizing consent QA across client accounts.
  • Privacy and legal stakeholders who want test evidence on file (operational evidence, not legal advice).

Why a dedicated QA pass

"Consent Mode is enabled" is a configuration claim. QA is a behavior claim. The two diverge constantly: a banner displays, a template is installed, the technical report says "v2 enabled" — and yet tags fire on default settings because the CMP was never actually connected, or the default snippet loads after the tag library. A structured QA pass catches the gap between configured and working.

What's inside

A QA spreadsheet plus implementation notes covering the test matrix:

  • States to test: initial (pre-decision) default, accept-all, reject-all, and granular/partial choices.
  • Per-state expectations for each of the four signals — ad_storage, analytics_storage, ad_user_data, ad_personalization.
  • Tag-firing behavior: which tags should fire or be blocked in each state.
  • Network evidence: what to look for, including the gcd parameter for default × update.
  • Server-side checks: consent-state parity between client and sGTM.
  • Pass/fail log: with columns for evidence (screenshot/HAR) and owner.

The implementation notes explain how to read each result and the most common root causes when a test fails.

Preview — sample test cases

#ScenarioExpected resultHow to verify
1Page load, no decision yetAll four signals denied by default; no ad cookiesNetwork panel; gcd shows default-denied
2User clicks "Accept all"Signals flip to granted; an update firesCompare signals before/after; tag fires
3User clicks "Reject all"Signals stay denied; ad tags blockedConfirm no ad cookies; tag blocked
4Granular: analytics yes, ads noanalytics_storage granted, ad signals deniedPer-signal check
5Server-side paritysGTM consent state matches clientInspect sGTM container / outgoing requests

These cases ship in the template; you run them against your own property and log the evidence.

How to use it

  1. Copy the spreadsheet and assign a tester/owner.
  2. Run each scenario in a clean session (and incognito for cookie checks).
  3. Capture evidence (screenshot or HAR) per row and mark pass/fail.
  4. For failures, use the implementation notes to identify the root cause.
  5. Re-test after fixes; keep the completed sheet as your QA record.

Get the QA template

Enter your details to receive the QA spreadsheet + implementation notes. Soft gate — download on the next page.

Form fields: Work email · Company · Role · Current stack (GA4 / Google Ads / GTM / Server-side GTM / CMP / BigQuery / Other) · Consent checkbox.

Prefer we run the QA with you? Datascale validates CMP, GTM, and server-side consent behavior as part of a Measurement & Consent Audit Sprint.

  • Q01
    Does this replace the audit checklist?

    No. The checklist covers the whole 7-layer setup; this template is the deep, repeatable QA pass for the CMP and GTM signal behavior specifically.

  • Q02
    Which CMPs does it work with?

    Any CMP that integrates with Consent Mode. The test cases are CMP-agnostic; the implementation notes mention common patterns for Usercentrics, Cookiebot, and OneTrust.

  • Q03
    Do I need server-side GTM?

    No, but there is a dedicated parity section if you run it, to confirm the client and server consent states match.

  • Q04
    Is this legal sign-off?

    No. It is technical QA evidence. Legal and privacy review should be done with qualified counsel.

More than 2 red checks?

An Audit Sprint delivers a prioritised action plan in two weeks.

Request an Audit Sprint →