GTM Consent Mode Debugging with Tag Assistant

[buffalom]

I built a custom cookie banner and am trying to make it work with GTM Consent Mode.

In nuxt.config.ts, I've got the following config:

scripts: {
  registry: {
    googleTagManager: {
      id: '...',
      trigger: 'onNuxtReady',
      bundle: false, // Required to make Tag Assistant (Preview Mode) work
      defaultConsent: {
        // https://developers.google.com/tag-platform/tag-manager/templates/consent-apis
        ad_storage: 'denied',
        ad_user_data: 'denied',
        ad_personalization: 'denied',
        analytics_storage: 'denied', // Start denied, update when analytics accepted through useCookieConsent
        functionality_storage: 'granted', // Always granted
        personalization_storage: 'denied',
        security_storage: 'granted', // Always granted
      },
    },
  },
},

$development: {
  scripts: {
    registry: {
      googleTagManager: 'mock',
    },
  },
},

In my app.vue, I've got something along the lines of:

// Initialize cookie consent management
const gtm = useScriptGoogleTagManager()

gtm.onLoaded(() => {
  console.log('Google Tag Manager loaded, initializing consent status')
  gtm.consent?.update({
    analytics_storage: 'denied', // Default to denied until user gives consent
  })
})

onMounted(() => {
  setTimeout(() => {
    console.log('Updating consent status to granted for analytics_storage')
    gtm.consent?.update({
      analytics_storage: 'granted',
    })
  }, 2000)
})

I've done this in an attempt to debug the consent mode. In reality, I have a composable (useCookieConsent()) that would track cookie banner consent in a reactive which I watch on for changes, which in turn will to the consent update.

For some reason my tags are always loaded even initially, when cookies should be rejected. This is why I am trying to debug it using the Tag Assistant. However, the Tag Assistant never shows anything related to consent as seen in the following screenshot. Neither the default consent nor the consent update appear. As I understand it, it should display the configured consent in the consent (Einwilligung) tab, as well as show a consent event on the left.

Any ideas what I might be doing wrong?

[harlan-zw]

I had a closer look at this against the current implementation and Google docs.

Nuxt Scripts is doing the expected Consent Mode queueing here: defaultConsent is pushed into the dataLayer before the synthetic gtm.js event, and gtm.consent.update() pushes ["consent", "update", state] later. I also confirmed the focused consent runtime tests pass for this ordering.

The likely mismatch is Consent Mode semantics rather than the Nuxt Scripts API. With trigger: "onNuxtReady", GTM is still loaded. A denied default is advanced consent mode behavior: Google tags may still load and can send cookieless / consent-state pings, but they should adapt storage and measurement behavior to the denied state. It does not automatically block every GTM tag from firing. If the goal is no GTM request before opt-in, gate the script itself, e.g. with useScriptTriggerConsent(), and only accept the trigger once the user opts in. If the goal is advanced consent mode, configure the GTM tags’ consent settings / additional consent checks inside GTM so tags that must wait actually require granted consent.

One other thing to check: your config has:

$development: {
  scripts: {
    registry: {
      googleTagManager: "mock",
    },
  },
}

If Tag Assistant is pointed at a dev build, that mock config means the real GTM container/default consent setup is not what you are testing. I would test against a production/preview build without the mock, then inspect window.dataLayer. You should see roughly:

["consent", "default", { ...denied state... }]
{ event: "gtm.js", "gtm.start": ... }
["consent", "update", { ...granted state... }]

So my recommendation is:

1. Remove/avoid the dev mock when testing with Tag Assistant.
2. Check window.dataLayer directly to verify the consent default and update entries.
3. Decide whether you want basic consent mode (block GTM until opt-in) or advanced consent mode (load GTM with denied defaults and let GTM/Google tags adapt).

References I checked:

• Nuxt Scripts GTM implementation: packages/script/src/runtime/registry/google-tag-manager.ts
• Google consent mode overview: https://developers.google.com/tag-platform/security/concepts/consent-mode
• Google consent mode setup guide: https://developers.google.com/tag-platform/security/guides/consent
• Tag Assistant consent debugging: https://developers.google.com/tag-platform/security/guides/consent-debugging

[buffalom]

Thanks for taking the time to look into this.

You’re right — window.dataLayer does show the consent default and the update in the correct order.

We deliberately load GTM immediately (advanced mode) because we still want cookieless data.

I tested Tag Assistant against a production build. It did show events like page load/click as seen in the initial screenshot (so the mock isn’t in use), but nothing about consent. That makes me think the consent state is the part that’s not being picked up.

Even though Tag Assistant doesn’t show consent events, I also tested in prod with tags configured to require analytics_storage. Still, in incognito, I see network requests and cookies being set before any banner action.

---

Given that, do you have any idea why consent still seems ignored? It looks like consent is queued correctly, yet cookies are still set immediately. Any hint what I should double‑check in GTM settings would be super helpful.

I know this may not be a nuxt-scripts issue, but I can’t see where else the problem might be.

[harlan-zw]

Hey @buffalom, both pieces of this are now on main. #771 (yours) fixes the underlying bug where the gtag helper was pushing a real Array onto the dataLayer instead of an Arguments object, which is what Tag Assistant and the Analytics Debugger key off, so your consent rows should now show up properly in both.

Thanks for the deep investigation and the screenshots, that made the fix obvious. #772 builds on top by adding a consent.default() method for runtime-derived defaults (handy when you resolve region/CMS state after mount), and runs every consent.* call through the canonical GCMv2 schema, warning via consola on typo'd keys or non granted/denied values, which should make this whole class of issue noisier next time. Try the next release and let us know if anything still looks off.

[buffalom]

Thanks a lot for merging this so promptly, @harlan-zw. Also for building upon it and making this sort of issue less likely or at least easier to detect in the future.

I just tested my setup with the main branch and that looks great so far. I will be testing it with the next release as well and you would hear from me again, if any more issues were to pop up.

Thanks again ☀️