Wire / Google Consent Mode / Article
┌── POST 05.08 · Google Consent Mode · 4 min read

ads_data_redaction in Consent Mode v2: What It Really Does

Consent Mode HQ
Independent · affiliate-disclosed
Published May 8, 2026

The ads_data_redaction parameter is one of the least-documented controls in Consent Mode v2 — yet it has a direct impact on what leaves the browser when a user declines ad-related consent. Set it incorrectly and you either leak click identifiers you shouldn’t send, or you silently cripple conversion measurement you thought was intact.

What ads_data_redaction Actually Controls

When ad_storage is denied, Google’s tags already strip cookies from outbound requests. However, the request URL itself can still carry identifying parameters — most notably gclid (Google Click ID) and gclsrc. These values link a browser session back to a specific ad click.

Setting ads_data_redaction to true goes one step further. It instructs the tag to redact those click-identifier parameters from the network request entirely, not just withhold cookies. In practice, you enable it alongside a consent default like this:

gtag('set', 'ads_data_redaction', true);
gtag('consent', 'default', {
  ad_storage: 'denied',
  ad_user_data: 'denied',
  ad_personalization: 'denied',
  analytics_storage: 'denied'
});

This call must appear before any tag fires — ideally in the same script block as your consent defaults. For a detailed walkthrough of execution order, see the guide on gtag consent default vs update.

Request Before and After Redaction

Here is what a Google Ads conversion ping looks like with ad_storage denied but ads_data_redaction left at its default (false):

// ⚠ BEFORE redaction (ad_storage denied, redaction OFF)
GET https://googleads.g.doubleclick.net/pagead/conversion/
  ?gclid=Cj0KCQiA2eKtBhDcARIsAEGTG43...  ← click ID present
  &gclsrc=aw.ds
  &npa=1                                  ← non-personalised flag
  &_ncs=1

// ✅ AFTER redaction (ad_storage denied, redaction ON)
GET https://googleads.g.doubleclick.net/pagead/conversion/
  &npa=1
  &_ncs=1
  // gclid and gclsrc are absent

The npa=1 flag (non-personalised ads) is present in both cases — but only the second request fully strips the click-level identifier. Notice that the conversion ping still fires; redaction does not suppress the hit, it just scrubs the parameter that ties it to a specific user journey.

When to Set ads_data_redaction to True

You should enable it whenever you operate under the GDPR, ePrivacy Directive, or any regime where click identifiers qualify as personal data without consent. In practice, that means almost every EU-facing property.

Specifically, enable redaction when:

  • Your CMP defaults all ad consent states to denied on first load.
  • You advertise on Google Ads and import conversion events.
  • Legal or DPO review has flagged gclid as a personal identifier in your data-flow mapping.

You can leave it at the default (false) only if users have already granted ad_storage — because in that case the full click identifier is lawfully transmitted anyway.

The Measurement Tradeoff

Redacting the gclid means Google Ads cannot directly attribute a conversion to a specific click session. However, it does not eliminate conversion modeling. Google’s conversion modeling documentation confirms that aggregated, cookieless signals (page-load timing, campaign context, device type) still feed modeled conversions when Consent Mode is active.

In practice, expect a short-term dip in reported conversions after enabling redaction, followed by stabilisation as the model calibrates. Teams that also deny analytics_storage will see a similar pattern in GA4 — the mechanics there are covered in detail in the post on GA4 with analytics_storage denied.

How It Interacts with Ad Personalization Signals

It is easy to conflate ads_data_redaction with ad_personalization. They are separate levers. ad_personalization: 'denied' tells Google not to use the data for building remarketing audiences. ads_data_redaction: true strips click identifiers from the request payload itself.

You can — and usually should — have both active simultaneously for a denied user. Neither setting blocks the conversion ping from firing; they shape what data the ping carries. Enabling only one leaves a gap: personalization denied but click ID still present, or click ID stripped but audience data still flowing.

Conclusion

Setting ads_data_redaction to true is the correct default for any EU-facing Google Ads setup where consent has not been granted. It strips the gclid from outbound requests while still allowing modeled conversions to flow — giving you a defensible privacy posture without going completely dark on measurement.

#ad measurement #ads_data_redaction #consent mode v2 #gdpr #google ads #implementation
C
About the author
Consent Mode HQ
Editorial team at Consent Mode HQ
Read more by author ↗
── related from the wire ──
05.10 · Google Consent Mode

Server-Side GTM and Consent Mode: Is It Worth It?

Server side GTM consent mode is one of the most powerful — and most underused — combinations in the modern analytics stack.…

4 min ↗
05.06 · Google Consent Mode

gtag Consent Default vs update: Execution Order, Timing Rules, and a Compliant dataLayer Walkthrough

Why the Two Commands Exist Google Consent Mode operates on a simple contract: before any Google tag fires a network request, it…

4 min ↗
05.05 · Google Consent Mode

GA4 With analytics_storage Denied: Cookieless Pings, Behavioral Modeling, and How to Verify It’s Working

When a user declines analytics cookies on your site, GA4 does not go completely dark. Instead, Consent Mode v2 shifts the property…

4 min ↗