ga4audits

Consent Mode for Analytics vs Ads: Understanding the Difference

Key Takeaway

Analytics storage and ads storage serve different purposes and have different compliance implications. Mapping your CMP categories correctly to all four consent parameters is essential; getting one wrong can break conversion modeling or violate privacy regulations.
Consent & Privacy7 min readIntermediate

Consent Mode v2 introduced four signals that control how Google's tags behave based on user consent choices. Many practitioners treat these four signals as a single on/off switch, but they serve fundamentally different purposes: two control analytics data collection, and two control advertising data usage. Confusing them leads to setups that are either over-collecting (a compliance risk) or under-reporting (a performance risk). This article explains what each signal does, how Analytics and Ads behaviour can diverge based on signal state, and why Google Signals should not be treated as a substitute for consent controls.

The four consent mode v2 signals

  • analytics_storagecontrols whether GA4 can store and read cookies and identifiers for analytics purposes. When denied, GA4 cannot set the_ga cookie, cannot link pageviews to a persistent user, and cannot maintain session continuity. Tags still fire anonymised cookieless pings that enableconsent-mode conversion modeling.
  • ad_storagecontrols whether advertising-related storage (cookies, identifiers) can be used on the device. When denied, Google Ads and GA4 cannot use theGCLIDcookie or other advertising identifiers. Attribution and conversion tracking degrade. Tags send limited signals without identifiers.
  • ad_user_datacontrols whether personal data can be used for advertising purposes, including enhanced conversions which hash and send first-party data like email addresses to Google for conversion matching. When denied, enhanced conversions cannot operate even if the user accepts other tracking.
  • ad_personalizationcontrols whether user data can be used for remarketing and personalised advertising. When denied, a user can still be counted for conversion reporting but cannot be added to remarketing audiences or shown personalised ads based on their browsing behavior.
What it controls
Denied behaviour
analytics_storage
GA4 cookie storage and persistent user identity for analytics
No _ga cookie set; cookieless pings fire; behavioral modeling activated
ad_storage
Advertising cookies and identifiers (GCLID, advertising IDs)
No advertising identifiers; Ads conversion modeling with industry benchmarks
ad_user_data
Use of personal data for advertising, including enhanced conversions
Enhanced conversions blocked; first-party match rates drop to zero
ad_personalization
Use of browsing data for remarketing and personalised ads
User excluded from remarketing audiences; audience sizes shrink

How GA4 behaves differently from Google Ads under denied consent

When analytics_storage is denied, GA4 enters a cookieless measurement mode. The GA4 tag still fires and sends anonymised event data including page view counts, interaction timings, and consent state, without any persistent user identifier. GA4 uses these signals, combined with data from consented users, to estimate user counts and session metrics through behavioral modeling. The result appears in your GA4 reports as normal data, you cannot tell which data points are observed versus modeled unless you hover over or click the data quality indicator (shield icon) in the report header. This is a frequent source ofdiscrepancy between GA4 and Google Ads numbers.

When ad_storage is denied, Google Ads conversion tracking operates without access to the GCLID or advertising cookies. Reporting and optimization may rely more heavily on Google's consent-aware advertising modeling behavior, but the exact output depends on the account, implementation, and product configuration in use.

The practical takeaway is simpler: analytics reporting and advertising reporting can diverge under denied consent even when both products are configured correctly, so teams should review each path separately instead of assuming one setting controls everything.

Unsure whether your Consent Mode signals are correctly configured?

Audit your GA4 property

Why analytics and Ads consent should be reviewed separately

Teams sometimes treat Google Signals, GA4 reporting settings, and Consent Mode as if they were one combined privacy control. They are not. Consent Mode manages how tags behave based on the user's choice — for the full implementation walkthrough, see ourConsent Mode v2 guide. Google Signals is a separate GA4 feature that affects certain reporting and audience capabilities inside Google's ecosystem.

The safest audit posture is to validate the site's consent signals directly, then separately review any GA4 or Google Ads features that depend on those signals, alongside your broaderGDPR and GA4 compliance review. Do not assume a product toggle is an advertising-consent control unless the current Google documentation says so explicitly.

Consent mode vs Google signals: they are not the same thing

A persistent source of confusion is treating Google Signals and Consent Mode as equivalent. They are not. Consent Mode manages how your tags behave based on user choice, it is a technical framework that sits between the user's browser and Google's servers. Google Signals is a GA4 feature that allows GA4 to associate user data with Google Account information for cross-device tracking and demographics reporting. Disabling Signals does not disable Consent Mode, and enabling Consent Mode does not enable Signals. They operate independently.

Analytics modeling vs Ads modeling: the key difference

GA4 behavioral modeling uses observed data from consenting users on your property to estimate the behavior of non-consenting users when the relevant prerequisites are met. Google Ads conversion modeling under denied ad_storage may rely on a different mix of signals and product logic. The exact behavior can change over time, so avoid treating one model as a permanent proxy for the other.

GA4 Behavioral Modeling
Google Ads Conversion Modeling
Data source
Consenting users on your specific property
Consent-aware advertising signals available to Google Ads
Accuracy for niche businesses
Depends on your property volume and implementation quality
Depends on the ad account setup, signal quality, and product behavior
Activation threshold
Subject to Google's current modeling prerequisites
Subject to Google Ads feature eligibility and current product behavior
Triggered by signal
analytics_storage: denied
ad_storage: denied

Consent mode signal summary

Understanding which signal controls which system is the first step to auditing your implementation. Use the checklist below as a quick reference for what each denied state actually causes.

Consent mode signal summary

  • analytics_storage denied → cookieless pings → GA4 behavioral modeling fills gaps
  • ad_storage denied → no advertising identifiers → Ads conversion modeling (less accurate)
  • ad_user_data denied → enhanced conversions blocked → first-party match rates drop
  • ad_personalization denied → user excluded from remarketing audiences → audience sizes shrink
  • Google Signals and Consent Mode should be reviewed as separate controls
  • For regions where explicit consent is required (EEA, UK), all four signals should default to 'denied' and update on explicit user consent

Audit your consent mode configuration

GA4 Audits checks all four consent signals, your CMP integration, and whether behavioral modeling thresholds are met.

Review audit findings

Audit findings should be reviewed by a qualified analyst before they are used for major reporting, media, or implementation decisions. Review your findings

GA4 Audits Team

GA4 Audits Team

Analytics Engineering

Specialising in GA4 architecture, consent mode implementation, and multi-layer audit frameworks.

Share

Keep reading

More guides in Consent & Privacy

Internal links should help the reader move deeper into the topic, not just pad the page. These are the next three most relevant reads from the library.

Consent & PrivacyHow to Test Consent Mode V2 in 5 Minutes: A DevTools WalkthroughOpen Chrome DevTools → Network tab → filter for collect → reject all on the cookie banner → confirm GA4 hits still fire with gcs=G100 (denied) and ad_user_data=denied. Then accept all → confirm gcs=G111 (granted). If hits don't fire at all in either state, Consent Mode is misconfigured. If gcs is missing entirely.9 min readConsent & PrivacyGCS Parameter Decoded: What G100, G110, G111 Mean in GA4 HitsThe gcs parameter in GA4 network requests encodes the user's consent state for two of the four Consent Mode signals. Format: G1xy where G1 is constant, x is ad_storage (0=denied, 1=granted), y is analytics_storage (0=denied, 1=granted).7 min readConsent & Privacy'consent_default' vs 'consent_update': Which Comes First in GTMThe consent_default command must fire before any tag, typically as the first script in <head> or as a Consent Initialization tag in GTM with priority 100. The consent_update command fires after the user interacts with the cookie banner.10 min read