Is Google Analytics compliant?
Google Analytics is not banned, but it is only compliant when it loads after a visitor gives consent. In the EU and UK, GDPR and the ePrivacy Directive require prior consent before Analytics sets cookies or sends data. In the US, laws like California's CCPA require you to honor opt-outs. The common failure is Analytics firing on page load, before anyone chooses. This checker scans your live site and shows you exactly when it fires.
Google Analytics detection
Detects Google Analytics (gtag.js, analytics.js, GA4) and Google Tag Manager loading on your pages.
Fires before consent
Flags the most common violation: trackers, including Analytics, that load and set cookies before the visitor makes a consent choice.
GDPR and ePrivacy
Evaluates whether your setup meets EU and UK rules that require consent before Analytics runs.
CCPA and opt-outs
Checks US-side duties, including honoring opt-out and Global Privacy Control signals for visitors who decline.
EU vs US behavior
Scans from EU and US servers in parallel to catch when your site tracks differently by region.
The full picture
Analytics is one tracker of many. The scan also surfaces every other tracker, cookie, and your consent banner.
How to make Google Analytics compliant
- 1
Gate Analytics behind consent
Do not let gtag.js or Google Tag Manager load until the visitor accepts. This is the step most default installs skip.
- 2
Turn on Google Consent Mode v2
So declined visitors get a limited, cookieless mode instead of full tracking. See Google's Consent Mode documentation. It is a signal layer, not a blocker, so you still need step 1.
- 3
Honor opt-out signals
Respect Global Privacy Control and CCPA opt-outs for US visitors who decline.
- 4
Verify with a scan
Re-scan to confirm nothing fires before the choice, from both EU and US perspectives.
A consent management platform does all four automatically. ConsentStack blocks Analytics until consent, region by region, and honors reject for real. You can scan your site free above to see where it stands today.
Common questions
Google Analytics is not banned, but it is only compliant when it loads after a visitor gives consent. In the EU and UK, GDPR and the ePrivacy Directive require prior consent before Analytics can set cookies or send data. The common failure is Analytics firing on page load, before anyone has made a choice, which is exactly what this checker looks for.
In the EU and UK, yes. You need prior consent before Analytics runs, because it stores and reads information on the device. In the US there is no upfront consent requirement, but state laws such as California's CCPA require you to honor opt-outs, including the Global Privacy Control browser signal, for visitors who decline.
Stop Analytics from loading until the visitor accepts, enable Google Consent Mode v2 so declined visitors get a limited cookieless mode, honor opt-out and Global Privacy Control signals for US visitors, and re-scan to confirm nothing fires before the choice. A consent management platform that blocks Analytics until consent handles all four automatically.
Consent Mode v2 is Google's API for adjusting how Analytics and Ads behave based on a visitor's consent state. When consent is denied, tags run in a limited, cookieless mode instead of full tracking. It is a signal layer, not a blocker, so you still need a consent banner to gate whether the tags load at all.
No. GA4 adds privacy controls such as built-in IP anonymization and configurable data retention, but a default GA4 install still loads and starts collecting on page load, before any consent choice. To be compliant in the EU and UK you have to gate it behind consent yourself, usually with a consent management platform.
100+ happy customers
Make Google Analytics compliant.
Scan your site free to see what fires before consent, then turn on real blocking from one install. Region-aware, reject means reject.