Testing Consent

This guide walks through verifying your Consent implementation is complete and working as intended.

Existing Consent Solutions

Any existing consent solutions will conflict with DataGrail Consent's functionality on your site. In order to test DataGrail effectively, ensure you have removed your existing solution from your staging site. You should also ensure any firing triggers are removed from GTM Tags (in staging), as this will prohibit DataGrail from managing them.

Testing Environment

Before you start testing, ensure your testing environment is set up correctly. DataGrail always recommends testing Consent using Google Chrome. Some browsers block scripts and send consent signals by default, which may hinder testing.

• Use an incognito / private window: Ensures no existing site cookies suppress the first-time consent experience.
• Avoid browser extensions (e.g. ad blockers): They can block the consent script; if blocked, non-essential services will remain disabled (this is expected and treated as an implicit revocation).
• Do not use a VPN: Prevents inaccurate geolocation that could load the wrong policy or layout.
• Do not send GPC or DNT signals: Many browsers send these signals by default. DataGrail may opt you out of tracking services automatically, depending on your configuration.

Testing Scenarios

Implementing a Consent Management Solution is a major change on your website. Consent interacts with your other third-party scripts and cookies, so we always recommend publishing DataGrail on a staging site before doing so on your production one.

If you do not have a staging site, we recommend using Test Mode.

Cloning Your GTM Configuration

If you don't already have a staging container to map to your staging website, you can use Google Tag Manager's built in export/import functionality to clone your container tags and settings to a new container that will be attached to the staging site.

Validating Consent Behavior

The steps below outline DataGrail's recommended method to validate a successful Consent implementation.

Check Consent Version

Before completing any testing, ensure the latest version of DataGrail's consent configuration is deployed on your site. Changes made in the DataGrail app are not automatically synced to your website.

You should always publish before completing any testing, even if you are sure did so recently:

1. Publishing to Google Tag Manager
2. Publish to Embedded Containers

Confirm Policy Behavior

The first configuration you want to validate is the consent defaults. These are the consent categories accepted when a user visits the page for the first time and are governed by your Geolocated Request Policies.

1. Open your browser console (Developer Tools).

2. Run the following command:

   window.DG_BANNER_API.config()

3. Validate the consentPolicy matches the one assigned to your location. Viewing the site from California, you should see an output like this:

   consentPolicy:{name: 'CPRA', default: false}

   If you are seeing the incorrect policy for your location, ensure you are not using a VPN and review your Policy Configuration in DataGrail. It's very likely the current version of Consent published to your site differs from the one in DataGrail.

4. Validate the default Consent categories (initialCategories) are correct for the given policy. As an example, California is an opt out configuration where all trackers (categories) should run initially until a consent preference is made.

   {
   "respect_gpc": true,
   "respect_dnt": true,
   "respect_optout": false,
   "initial": [
       "dg-category-essential",
       "dg-category-performance",
       "dg-category-functional",
       "dg-category-marketing"
   ],
   "gpc": [
       "dg-category-essential"
   ],
   "optout": [
       "dg-category-essential",
       "dg-category-performance",
       "dg-category-functional"
   ]
   }

Check Your Layouts

Now that you have confirmed the correct policy is assigned on initial load, confirm the correct Banner Layout is being served to the Data Subject.

Typically, if your policy is being set correctly, the correct banner layout should be served. If you are not seeing the correct language/styling, confirm the following:

1. You have published the latest changes to your site
2. Your banner layout is associated with the correct Consent Policies

Test Script Blocking

While there are many potential methods to validate script blocking, we document two common ones below.

Manually Trigger Banner

You can quickly reveal the banner to try a new scenario by typing in the following command within your browser's developer console: window.DG_BANNER_API.showConsentBanner()

Privacy Inspector (Recommended)

DataGrail's Privacy Inspector is the best method to validate script blocking for both GTM Tags and scripts deployed/loaded directly on your site.

1. Open your site in a new incognito window.

2. Confirm the scripts loaded initially are associated only with categories granted to the relevant Consent Policy by default.

   In the example below, the page is loaded from an opt-out policy, so all scripts should load by default.

   

3. Open the banner and test the Accept All and Reject All actions. Validate the Detected Trackers only includes scripts from categories that you have explicitly accepted.

   After rejecting all, you should ideally see no non-essential tracking services detected.

   

If you see tags firing from categories that have not been accepted:

1. Check the script/tag is mapped correctly in DataGrail and this version of Consent has been published to your site.
2. Confirm the script is not Google-owned service running in Consent Mode. When Consent Mode is enabled, Google-owned services will continue to fire even after a Data Subject opts out.
3. Confirm the script is not being loaded inline and is unmanaged by DataGrail.
   • Select the script icon in the Privacy Inspector to reveal the script code.
   • Right click on the page and select View Page Source.
   • Search the page source for the script code identified above.
4. If you identify the script code in the page source, it is being loaded inline and is likely unmanaged by DataGrail. Follow the Inline Script Management Instructions to ensure the script is correctly controlled by Consent.

Seeing trackers from app plugins or pixels?

DataGrail Consent can manage both a data subject's online tracking preferences as well as tracking that occurs in-app or via other marketing automation platforms and solutions like Segment or HubSpot.

DataGrail will continuously report the preference of a Data Subject through a Callback Function, so your team can send this information to other downstream apps and services.

Google Tag Assistant

Google Tag Assistant allows you to simulate the updated container version running on your site in a sandbox environment, before publishing to your production website.

Testing Consent with Tag Assistant is most viable when all tracking scripts are loaded through Google Tag Manager. Tag assistant cannot validate that inline scripts are successfully managed.

To validate script blocking with Tag Assistant:

1. Log in to Tag Manager in a new incognito window.

2. Select the relevant container and navigate to the Versions tab.

3. Find your Live, Latest version, select the three dots, and then Preview.

4. You will be redirected to Tag Assistant and asked to input your site's URL.

5. With Tag Assistant connected, review the Summary tab. In the Tags Fired section, you should only see tags from categories in enabled in the relevant Consent Policy defaults.

   In the example below, the page is loaded from an opt-in policy, so only Essential tags should load.

   

6. Open the banner and test the Accept All and Reject All actions. Validate the Tags Fired only includes tags from categories that you have explicitly accepted.

If you see tags firing from categories that have not been accepted:

1. Check the tag is mapped correctly in DataGrail and this version of Consent has been published to your site.
2. Confirm the tag is not Google-owned service running in Consent Mode. When Consent Mode is enabled, Google-owned services will continue to fire even after a Data Subject opts out.

Test Cookie Blocking

Prioritize managing trackers at the script level first. Scripts are the source that load or set most cookies; if you block a tracking script until consent is granted, its downstream cookies and network calls never occur.

After all scripts are audited, categorized, and gated by consent, perform a secondary review to identify any residual cookies that were not set from scripts. This top‑down approach reduces compliance risk and simplifies maintenance versus chasing individual cookies.

1. Open a new incognito window. Navigate to the Application tab of your browser's Development Tools and select your website's domain.

2. Confirm the cookies loaded initially are associated only with categories granted to the relevant Consent Policy by default.

   In the example below, the page is loaded from an opt-out policy, so all cookies should load by default.

   

3. Open the banner and test the Accept All and Reject All actions. Validate the cookies in your Application tab are only from categories that you have explicitly accepted. The Console in your Developer Tools will also output cookies that are deleted.

   After rejecting all, you should ideally see no non-essential cookies.

   

If you see cookies firing from categories that have not been accepted:

1. Check that the tracking script that sets the cookie is correctly managed by DataGrail.
2. Check the cookie is mapped correctly in DataGrail and this version of Consent has been published to your site.
3. Confirm the cookie is first-party and set on your domain. It is not possible to manage third-party cookies set on external domains. You should managing the tracking script that sets the cookie in this case.

Use DataGrail's Cookie Scanner to evaluate the usage of cookies on your site!

Frequently Asked Questions

Why am I not seeing the banner?

If you are not seeing the Consent Banner when you load your site, check the following:

1. DataGrail is successfully deployed. If the following browser console command produces an error, DataGrail is not loading on your site:

   window.DG_BANNER_API.showConsentBanner()

2. Your currently assigned Consent Policy shows the banner by default.
3. You are using a browser that does not block scripts (or Google Tag Manager) by default. Safari should never be used to test Consent.
4. You are not using a browser extension that blocks scripts, like an ad blocker.
5. You are not sending a GPC or DNT signal. Some browsers sent privacy signals by default. This can prevent DataGrail's banner from being shown, based on your Policy Settings

Why am I not seeing my latest changes?

If you are not seeing the latest changes to your configuration or banner styling, it is likely you have not published the latest version of consent to your site. Always publish to connected containers after making changes.

Why are my non-essential services blocked after accepting all?

If your non-essential services are not loading after accepting all, it is likely a browser extension (e.g. ad blocker) or browser is blocking scripts directly. We always recommend testing in a Google Chrome incognito window with no extensions enabled.

Why does my banner never load in Safari? Why do my scripts never run?

Safari is known to aggressively block scripts from loading by default, which may include Google Tag Manager and DataGrail Consent. In this case, the user is implcicitly revoking their consent, so it is expected that your banner and non-essential scripts do not load.

We do not recommend managing essential inline scripts with DataGrail. In cases where DataGrail is blocked completely, these scripts cannot be loaded.