Tool
CMP and GTM Consent QA Template
A QA template to test default denied states, consent updates, and tag firing for ad_storage, analytics_storage, ad_user_data, and ad_personalization in GTM.
A repeatable test plan to QA your CMP and GTM Consent Mode setup — default denied states, consent updates, tag firing, and all four signals. Built for engineers and analytics teams who need to prove the consent chain works, not hope it does.
The June 15, 2026 change made Consent Mode the single control for Google Ads data collection from GA4-linked setups. That puts the burden on the signal layer — and the only way to trust a signal layer is to test it under each consent state. This template turns "is Consent Mode working?" into a checklist of concrete, repeatable test cases.
Background reading: What the June 2026 Google Consent Mode change means for GA4 and Google Ads.
Who this template is for
- Engineers implementing or maintaining GTM / server-side GTM and the CMP wiring.
- Analytics leads who need QA evidence before signing off a setup.
- Agencies and partners standardizing consent QA across client accounts.
- Privacy and legal stakeholders who want test evidence on file (operational evidence, not legal advice).
Why a dedicated QA pass
"Consent Mode is enabled" is a configuration claim. QA is a behavior claim. The two diverge constantly: a banner displays, a template is installed, the technical report says "v2 enabled" — and yet tags fire on default settings because the CMP was never actually connected, or the default snippet loads after the tag library. A structured QA pass catches the gap between configured and working.
What's inside
A QA spreadsheet plus implementation notes covering the test matrix:
- States to test: initial (pre-decision) default, accept-all, reject-all, and granular/partial choices.
- Per-state expectations for each of the four signals —
ad_storage,analytics_storage,ad_user_data,ad_personalization. - Tag-firing behavior: which tags should fire or be blocked in each state.
- Network evidence: what to look for, including the
gcdparameter for default × update. - Server-side checks: consent-state parity between client and sGTM.
- Pass/fail log: with columns for evidence (screenshot/HAR) and owner.
The implementation notes explain how to read each result and the most common root causes when a test fails.
Preview — sample test cases
| # | Scenario | Expected result | How to verify |
|---|---|---|---|
| 1 | Page load, no decision yet | All four signals denied by default; no ad cookies | Network panel; gcd shows default-denied |
| 2 | User clicks "Accept all" | Signals flip to granted; an update fires | Compare signals before/after; tag fires |
| 3 | User clicks "Reject all" | Signals stay denied; ad tags blocked | Confirm no ad cookies; tag blocked |
| 4 | Granular: analytics yes, ads no | analytics_storage granted, ad signals denied | Per-signal check |
| 5 | Server-side parity | sGTM consent state matches client | Inspect sGTM container / outgoing requests |
These cases ship in the template; you run them against your own property and log the evidence.
How to use it
- Copy the spreadsheet and assign a tester/owner.
- Run each scenario in a clean session (and incognito for cookie checks).
- Capture evidence (screenshot or HAR) per row and mark pass/fail.
- For failures, use the implementation notes to identify the root cause.
- Re-test after fixes; keep the completed sheet as your QA record.
Get the QA template
Enter your details to receive the QA spreadsheet + implementation notes. Soft gate — download on the next page.
Form fields: Work email · Company · Role · Current stack (GA4 / Google Ads / GTM / Server-side GTM / CMP / BigQuery / Other) · Consent checkbox.
Prefer we run the QA with you? Datascale validates CMP, GTM, and server-side consent behavior as part of a Measurement & Consent Audit Sprint.
Does this replace the audit checklist?
No. The checklist covers the whole 7-layer setup; this template is the deep, repeatable QA pass for the CMP and GTM signal behavior specifically.
Which CMPs does it work with?
Any CMP that integrates with Consent Mode. The test cases are CMP-agnostic; the implementation notes mention common patterns for Usercentrics, Cookiebot, and OneTrust.
Do I need server-side GTM?
No, but there is a dedicated parity section if you run it, to confirm the client and server consent states match.
Is this legal sign-off?
No. It is technical QA evidence. Legal and privacy review should be done with qualified counsel.
More than 2 red checks?
An Audit Sprint delivers a prioritised action plan in two weeks.
Request an Audit Sprint →