If Google Tag Assistant is showing you the message "A Consent Management Platform (CMP) may be blocking tags," the first thing to know is that it is usually not an error. It means Tag Assistant found a consent banner on your site that is stopping Google tags from firing until a visitor makes a choice. That is exactly what a consent tool is supposed to do. The real question is not "how do I make the warning disappear," it is "are my tags behaving correctly, and am I staying compliant while they do."
Key Takeaways
- 01The Tag Assistant warning usually means your CMP is doing its job: holding Google tags until the visitor consents.
- 02It is only a real problem if tags stay blocked after consent, or if you "fix" it by firing tags before consent.
- 03The correct fix is Google Consent Mode v2, so tags load in cookieless mode first and fully activate on consent.
- 04"Allow Google tags to fire before consent" clears the warning but can put you back out of compliance.
- 05Scan your site to see whether your tags actually fire before consent or wait for it.
What does "a consent management platform (CMP) may be blocking tags" mean?
It is an informational warning from Google Tag Assistant, the tool you use to debug Google Tag Manager, Google Analytics, and Google Ads tags. It appears when Tag Assistant detects a consent management platform (a cookie banner) that is preventing one or more Google tags from firing. Google's own documentation is explicit that this is often expected behavior, not a fault. Your CMP is blocking tags before consent because, in most of the world, it is legally required to.
Is the warning actually a problem?
Usually, no. There are two situations, and only one of them is a bug. In the first, the warning is expected: your tags are blocked before consent and then fire normally once the visitor accepts. Nothing is broken. Tag Assistant flags the CMP so you are aware of it, but consent is working. In the second, the warning points to a real issue: your tags stay blocked even after the visitor consents. That almost always means your CMP is not sending a consent update to Google, so the tags never get the signal that they are now allowed to run. That is the case worth fixing.
Open Tag Assistant, load your site, and accept your banner. If your Google tags move from blocked to firing after you accept, consent is working and the warning is harmless. If they stay blocked, your CMP is not sending the consent update.
Why your CMP blocks Google tags before consent
Under the GDPR, the ePrivacy Directive, and a growing list of US state laws, analytics and advertising tags that read or write cookies need a legal basis before they run. For most sites that basis is consent. A consent management platform enforces this by holding those tags until the visitor chooses. Google describes three ways a CMP can do this: automatic script blocking, consent checks inside Google Tag Manager, and manual blocking. All three produce the same Tag Assistant warning.
The wrong fix: letting tags fire before consent
Most CMPs offer a setting with a name like "Allow Google tags to fire before consent." Turning it on makes the warning go away, because the tags are no longer blocked. It also fires tracking before the visitor has agreed to anything, which is the exact behavior that regulators fine and that pixel-tracking and wiretap lawsuits are built on. Clearing the warning this way trades a harmless diagnostic message for real legal exposure.
That setting loads analytics and ad tags, and sets their cookies, before the visitor consents. That is the leak. The warning was never the real problem; firing tags before consent is.
The right fix: Google Consent Mode v2
The correct fix keeps tags blocked before consent but still gives Google the data it can legally collect. That is what Google Consent Mode v2 does. Instead of hard-blocking Google tags, you let them load in a "cookieless" state: they run, but they do not set cookies or send identifiers until the visitor consents. Google can still model conversions from this anonymous signal, so your Ads and Analytics reporting does not fall off a cliff. When the visitor accepts, you send a consent update and the tags switch to full mode.
- Set your consent defaults to denied for ad_storage, ad_user_data, ad_personalization, and analytics_storage before any Google tag loads.
- Keep functionality and security storage granted so the site itself works.
- Send a consent update the moment the visitor accepts, switching the granted signals on.
- Do not also hard-block the Google tags themselves. Let consent mode gate them, so the cookieless pings still go out.
- Reload in Tag Assistant and confirm the consent state moves from denied to granted after you accept.
// Before any Google tag loads: deny by default
gtag('consent', 'default', {
ad_storage: 'denied',
ad_user_data: 'denied',
ad_personalization: 'denied',
analytics_storage: 'denied',
functionality_storage: 'granted',
security_storage: 'granted',
wait_for_update: 500,
});
// When the visitor accepts your banner: grant what they allowed
gtag('consent', 'update', {
ad_storage: 'granted',
ad_user_data: 'granted',
ad_personalization: 'granted',
analytics_storage: 'granted',
});| Approach | Before consent | Compliant? | Keeps Google modeling data? |
|---|---|---|---|
| Hard-block the tag | Tag never loads | Yes | No |
| Fire tags before consent | Tag loads and sets cookies | No (this is the leak) | Not applicable |
| Consent Mode v2 (recommended) | Tag loads cookieless, no identifiers | Yes | Yes |
How ConsentStack handles this
ConsentStack ships this configuration by default. Its Google integration sets Consent Mode v2 to deny ad_storage, ad_user_data, ad_personalization, and analytics_storage until consent, keeps functionality and security storage on, and uses Google's own recommended privacy settings (ads_data_redaction and url_passthrough). Google tags are allowed to load in cookieless mode rather than being killed, so you keep conversion modeling. The moment a visitor accepts, ConsentStack sends the consent update and the tags switch to full measurement.
You still decide which tags belong in which category, and correct setup always matters, but the consent-mode plumbing that trips up most sites is handled for you. That is the difference between a banner that looks compliant and one that actually behaves correctly: blocked before consent, firing the instant it is given, and never leaking in between.
How do I know if my tags are actually leaking?
The Tag Assistant warning tells you a CMP is present. It does not tell you whether tags fire before consent. The only way to know is to load your site, refuse consent, and watch what still runs. ConsentStack's free compliance scanner does exactly that: it visits your site, rejects the banner, and reports which trackers and cookies fired anyway. If Google Analytics or an ads tag shows up in that report, your tags are leaking, no matter what the banner looks like.
See what your tags do before consent
The Tag Assistant warning does not tell you whether your tags leak. Our free scanner rejects consent, then shows you exactly which trackers fired anyway.
Frequently asked questions
Usually not. Google Tag Assistant shows this message whenever it detects a consent banner holding tags until consent, which is normal and often legally required. It is only a real problem if your tags stay blocked after the visitor accepts, which points to a missing consent update from your CMP.
Implement Google Consent Mode v2 so tags load in cookieless mode before consent and fully activate after. Confirm in Tag Assistant that the consent state flips from denied to granted when you accept your banner. Do not simply allow tags to fire before consent, which removes the warning but breaks compliance.
No. That setting loads analytics and advertising tags, and their cookies, before the visitor agrees. It clears the warning but fires tracking without consent, which is what privacy regulators and pixel-tracking lawsuits target. Keep tags blocked before consent and use Consent Mode to preserve your data instead.
Consent Mode resolves the underlying issue rather than the message. Tag Assistant may still note that a CMP is present, but with Consent Mode configured correctly your tags load in cookieless mode, send modeling pings, and switch to full measurement once the visitor consents. That is the compliant state Google is nudging you toward.
With Consent Mode v2, much less than you would expect. Google models conversions from the anonymous cookieless pings sent before consent, then adds full measurement after. If you hard-block Google tags entirely, you lose that modeling, which is why letting them load in cookieless mode is the recommended approach.
A banner that blocks the right things by default
ConsentStack ships Google Consent Mode v2 configured correctly, so tags wait for consent and fire the moment it is given. We will even set it up for you, free.
Related Posts
How Cookie Consent Script Blocking Actually Works (And Why Most CMPs Fake It)
Most CMPs display a banner while tracking scripts fire freely. A technical breakdown of the three script blocking approaches and why only parse-time blocking actually works.
React Cookie Consent: How to Actually Block Trackers (Not Just Show a Banner)
Most React cookie-consent libraries show a banner but never block trackers, so your app leaks data before users opt in. Here's what a compliant flow really needs, and how to build it.
GDPR Cookie Consent Requirements in 2026: A Developer Guide
What GDPR actually requires for cookie consent in 2026. What developers need to implement, what regulators enforce, and how to stay compliant.