Two forces are reshaping how you can measure visitors: privacy law that requires consent, and browsers that are removing third-party cookies. Get consent wrong and you risk fines and blocked data. Ignore the cookie changes and your measurement quietly breaks. Google Consent Mode v2 and server-side tracking let you stay compliant and keep usable data at the same time. This guide explains what they are, why they matter now, and how to run them on WordPress and WooCommerce.
These fit into the wider move to server-side tracking. If it is new to you, start with our guide to server-side tracking on WordPress. Consent and first-party data are what make it durable and compliant.
What is Google Consent Mode v2?
Consent Mode v2 is a framework from Google for adjusting how its tags behave based on the consent choices a visitor makes. Before consent, the tags stay in a restricted state and do not set cookies or send personal data. After the visitor agrees, they run normally. It is required for using Google audiences and conversion data for visitors in the European Economic Area.
What cookieless tracking means
Cookieless tracking is measurement that does not depend on third-party cookies. As browsers remove those cookies, any tracking that relied on them stops working. Server-side tracking and first-party data are how measurement continues: data collected from your own domain, on your own terms, rather than borrowed from a third party that the browser now blocks.
Why this matters now
- Privacy laws like GDPR require valid consent before tracking, with real fines for getting it wrong.
- Third-party cookies are being phased out, so cookie-based measurement is on borrowed time.
- Google requires Consent Mode v2 to keep using its audiences and conversion data in the EEA.
- Ad platforms increasingly rely on consented first-party data to target and measure.
How consent mode and server-side work together
Consent Mode v2 decides whether tracking runs. Server-side decides where it runs from. Together they give you a setup that is denied by default for privacy and first-party for durability. Nothing fires until the visitor consents, and once they do, the data is sent from your own server rather than a browser a blocker can reach.
How it works on WordPress
The plugin emits Consent Mode v2 in a denied-by-default state before anything loads, and it detects your consent banner automatically, whether that is the WP Consent API, CookieYes, Complianz, or Cookiebot. Tracking is gated on consent. Once the visitor agrees, events flow through a server-side Google Tag Manager container on a first-party domain to your analytics and ad platforms.
Setting it up on your store
Wiring consent, hashing, and server-side tags together by hand is exactly where compliant setups go wrong. We built our plugin and managed service to remove that. You install the plugin, import the container we provide into your Google Tag Manager, and point it at the tracking server we host. Consent Mode v2, the WooCommerce funnel, and the server are already configured, with no code to write.
Want tracking that is both compliant and complete? See plans and pricing. It is one subscription from $15 a month and we set everything up for you.
Is it worth it?
If you serve visitors in regions with consent law, or you depend on Google audiences and conversion data, doing this properly is not optional. A denied-by-default, first-party setup keeps you compliant and keeps your data usable as cookies disappear. We will tell you what your situation needs before you commit.
