Cookie Consent Banners: Which CMP Works Best With GTM?

You need a consent banner. GDPR requires it in Europe. Google requires Consent Mode v2 for EU-targeted campaigns. And if you get it wrong, you either lose conversion data (banner blocks tracking before consent) or violate privacy laws (tracking fires before consent).

The right CMP (Consent Management Platform) integrates cleanly with Google Tag Manager and supports Consent Mode v2. Here’s how the major options compare.

What You Need From a CMP

At minimum:

1. Consent Mode v2 support — Sends analytics_storage and ad_storage consent signals to GTM
2. GTM integration — Works via GTM’s Consent Initialization trigger (not hardcoded scripts)
3. Auto-scan — Detects cookies your site sets and categorizes them
4. Geo-targeting — Shows the banner only where required (EU/EEA, California)
5. IAB TCF 2.2 — Required for programmatic advertising in Europe

The Comparison

Cookiebot (by Usercentrics)

Aspect	Rating
Consent Mode v2	Full support (native)
GTM integration	Excellent — dedicated GTM template
Auto-scan	Yes (monthly)
Geo-targeting	Yes
IAB TCF 2.2	Yes
Setup difficulty	Easy
Free tier	Up to 1 domain, 100 pages
Paid	From $11/mo

Best for: Most sites. The GTM template makes setup straightforward. Auto-scan categorizes cookies automatically. Free tier is generous for small sites.

Gotcha: The auto-scan runs monthly. New cookies added between scans aren’t categorized until the next scan.

CookieYes

Aspect	Rating
Consent Mode v2	Yes
GTM integration	Good — GTM template available
Auto-scan	Yes
Geo-targeting	Yes
IAB TCF 2.2	Yes (paid plans)
Setup difficulty	Easy
Free tier	1 domain, 100 pages/month
Paid	From $10/mo

Best for: Small-to-mid sites on a budget. Clean UI. Good WordPress integration.

Gotcha: Free tier has a “Powered by CookieYes” badge. IAB TCF requires a paid plan.

OneTrust

Aspect	Rating
Consent Mode v2	Yes
GTM integration	Good but complex
Auto-scan	Yes (comprehensive)
Geo-targeting	Yes (advanced)
IAB TCF 2.2	Yes
Setup difficulty	Complex
Free tier	Cookie consent banner only
Paid	From $30/mo (enterprise pricing)

Best for: Enterprise sites with complex compliance requirements. Supports GDPR, CCPA, LGPD, PIPA simultaneously.

Gotcha: Configuration is complex. Overkill for most SMB sites.

Complianz (WordPress Only)

Aspect	Rating
Consent Mode v2	Yes
GTM integration	Good — WordPress plugin handles it
Auto-scan	Yes
Geo-targeting	Yes
IAB TCF 2.2	No (uses own framework)
Setup difficulty	Easy (WordPress native)
Free tier	Basic features
Paid	From $49/year

Best for: WordPress/WooCommerce sites. Deep WordPress integration. Handles both consent banner and cookie policy page generation.

Gotcha: WordPress only. No IAB TCF means programmatic ad buyers may not recognize consent.

Osano

Aspect	Rating
Consent Mode v2	Yes
GTM integration	Moderate
Auto-scan	Yes
Geo-targeting	Yes
IAB TCF 2.2	Limited
Setup difficulty	Easy
Free tier	1 domain, 5K visitors/mo
Paid	From $199/mo

Best for: Companies that want managed compliance (Osano includes legal review). Premium pricing reflects the legal component.

The GTM Setup (All CMPs)

Regardless of which CMP you choose, the GTM integration follows the same pattern:

Step 1: Set Consent Defaults

In GTM, create a tag that fires on Consent Initialization - All Pages (the very first trigger):

gtag('consent', 'default', {
  analytics_storage: 'denied',
  ad_storage: 'denied',
  ad_user_data: 'denied',
  ad_personalization: 'denied',
  wait_for_update: 500
});

This tells Google: “Start with everything denied. Wait 500ms for the CMP to load and set the real consent.”

Step 2: CMP Updates Consent

When the user clicks “Accept” on the banner, the CMP calls:

gtag('consent', 'update', {
  analytics_storage: 'granted',
  ad_storage: 'granted',
  ad_user_data: 'granted',
  ad_personalization: 'granted'
});

GTM tags that require consent now fire. Tags fire retroactively for the events that happened between page load and consent.

Step 3: Tag Configuration

Each GTM tag must specify its consent requirements:

• GA4 tags: Require analytics_storage
• Google Ads tags: Require ad_storage
• Meta Pixel: Require ad_storage (marketing)
• Heatmaps/analytics tools: Require analytics_storage

Tags without consent requirements fire regardless of consent state — use this only for essential functionality (not tracking).

For the complete Consent Mode v2 implementation, see our step-by-step guide.

What Happens When Consent Is Denied

With Consent Mode v2, Google still receives “cookieless pings” — conversion signals without personal identifiers. Google uses these for conversion modeling:

• GA4 models ~60-70% of denied-consent conversions
• Google Ads models conversions for Smart Bidding
• You see the modeled data labeled “(modeled)” in reports

This is why Consent Mode v2 is mandatory for EU campaigns — without it, you lose ALL conversion data when consent is denied. With it, you lose some but Google fills the gap with modeling.

The Decision

Your situation	Recommendation
WordPress/WooCommerce	Complianz ($49/year) or CookieYes
Shopify	Cookiebot or CookieYes
Custom site with GTM	Cookiebot (best GTM template)
Enterprise / multi-regulation	OneTrust
Just need something basic and free	CookieYes free tier

For most sites: Cookiebot with the GTM template. It handles Consent Mode v2 automatically, auto-scans cookies, and the free tier covers small sites.

Don’t Forget to Test

After installing any CMP:

1. Open your site in incognito mode
2. Open the browser console → check for gtag('consent', 'default', ...) on page load
3. Deny consent → verify your GA4 and ad tags do NOT fire (check Network tab)
4. Accept consent → verify tags fire immediately
5. Check GA4 DebugView to confirm events arrive
6. Use GTM Preview Mode to see the consent state per tag

A misconfigured CMP is worse than no CMP — it either blocks all your tracking (lost data) or fires tracking before consent (legal liability).

Need help verifying? Run a free tracking scan — we check your consent implementation alongside your conversion tracking.