Skip to main content
All guides
Serious KVKK m.5 · GDPR Art. 6 · ePrivacy Art. 5(3) · Consent

How to set Google Consent Mode v2 defaults to denied (KVKK/GDPR)

Google Consent Mode v2 tells every Google tag — Analytics, Ads, DoubleClick — whether it may use storage. If you never set the defaults to "denied", Google tags behave as if consent were granted the moment the page loads.

Why it matters

Consent Mode is the mechanism that makes Google’s tags respect the visitor’s choice. Getting the defaults wrong is the same risk as having no consent at all: analytics and ad storage are used before opt-in (KVKK Art. 5 / GDPR Art. 6 / ePrivacy Art. 5(3)). The defaults must be denied and must run before any Google tag initialises, then be updated only when the visitor accepts.

How to fix it

Push a "default" consent state with everything non-essential set to denied, as the very first thing on the page — before gtag.js, GTM or any Google tag loads. Then, from your consent banner’s accept callback, push an "update" that grants exactly the categories the visitor chose. Re-scan to confirm nothing Google-related uses storage before the update fires.

<!-- FIRST script on the page, before gtag.js / GTM -->
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('consent', 'default', {
    ad_storage: 'denied',
    ad_user_data: 'denied',
    ad_personalization: 'denied',
    analytics_storage: 'denied',
    wait_for_update: 500
  });
</script>

<!-- In the banner's Accept handler, grant what the visitor chose -->
gtag('consent', 'update', {
  ad_storage: 'granted',
  ad_user_data: 'granted',
  ad_personalization: 'granted',
  analytics_storage: 'granted'
});

Does your site have this issue?

Run a free scan to find out in seconds.

Official sources

Links to primary legislation for reference. PrivaScan is not affiliated with these bodies; this is information, not legal advice.

Related guides

These guides cover automated checks for trackers, cookies and data flows. A full privacy review also needs legal input.