Agentic Consent management solution
Make any website compliant with one prompt
Tell Claude Code, Cursor, or any MCP-powered agent to add ConsentLayer — our MCP server runs the install. Prefer manual? Drop one <script> tag in your <head>. Either way, GDPR / CCPA / LGPD handled automatically by region.
> add ConsentLayer to my site → calling create_site … ✓ → calling scan_site … 12 services detected → calling configure_from_scan … categories mapped → calling get_setup_snippet … ✓ ✓ snippet added to app/layout.tsx ✓ banner live · GDPR / CCPA / LGPD rules by region ▸ open dashboard: app.consentlayer.com
See it in action.
From the install prompt to the audit log — pick a tab to see how the moving parts fit together.
One prompt. ConsentLayer installs itself.
Tell Claude Code, Cursor, or any MCP-powered agent to add ConsentLayer. Our MCP server runs the install — site, scan, banner config, and snippet — from one prompt.
- Works in any MCP-aware coding agent
- No copy-paste, no framework guessing
- Same prompt for every site you own
> add ConsentLayer to my site → calling create_site … ✓ → calling scan_site … 12 services detected → calling configure_from_scan … categories mapped → calling get_setup_snippet … ✓ ✓ snippet added to app/layout.tsx ✓ banner live · GDPR / CCPA / LGPD rules by region ▸ open dashboard: app.consentlayer.com
One <script async> tag in your <head>.
Prefer manual setup? Drop one script tag in your <head>. The banner runtime is lightweight, dependency-free, and loads asynchronously, so it never blocks rendering.
- Works with any JS/React SDK setup
- TypeScript types ship with the SDK
- Runs before any third-party script
// One tag. Any site. import type { Metadata } from 'next'; export default function RootLayout({ children }) { return ( <html> <head> <script async src="https://api.consentlayer.com/banner/prj_a7f3…2b91/banner.js" /> </head> <body>{children}</body> </html> ); }
Run a scan, review the findings, done.
The scanner crawls your site and classifies every cookie and third-party request. New scripts land in a review queue until you (or an agent) categorize them. Scheduled scans on Solo and up — Free plan runs scans manually.
- One-click “Block / Allow / Categorize” per finding
- Surfaces marketing-team additions before your DPO does
- Scan-to-scan diffs show exactly what changed
Your config, readable and writable by API.
Every site’s banner config, categories, and jurisdiction rules are available over the REST API. Agents call it through the MCP server; you can call it directly with an API key.
- Same REST API that powers the MCP tools
- API keys created and revoked from the dashboard
- Available on every plan, including Free
{
"site": "mysite.example",
"jurisdiction_templates": ["gdpr", "ccpa", "lgpd"],
"categories": {
"necessary": true,
"analytics": false,
"marketing": false
},
"template": "floating",
"languages": ["en"]
}
Every decision, logged and exportable.
Every visitor consent decision is recorded — categories, jurisdiction, banner version, user agent, salted IP hash. Filter by country or decision, export the whole log as CSV.
- Retention scales with your plan — 30 to 730 days
- Raw IPs are never stored, only a salted hash
- Query it from the dashboard or the API
The platform
Everything you need to ship compliant consent.
Drop in a script. Get a banner, a policy API, a scanner, and an audit log, all wired to the same source of truth.
Every site’s consent config is served from the CDN edge, readable by your app and by AI agents over MCP.
- Config served from the CDN edge
- Readable by humans and AI agents (via MCP)
- Every decision logged and exportable
{
"version": "1.0",
"site": "mysite.example",
"regions": ["EU", "US-CA", "BR"],
"categories": {
"necessary": true,
"analytics": false,
"marketing": false
},
"mcp": "https://api.consentlayer.com/mcp"
}One prompt. Your agent does the rest. Any MCP-aware coding agent installs ConsentLayer, configures the banner, and wires the policy end to end.
A banner that meets every regulation, branded to your site.
Scan your site, review a queue. New trackers get a suggested category, not a spreadsheet.
Every decision logged and exportable as CSV, whenever you need it.
Lightweight, dependency-free loader. Loads async and never blocks rendering.
GDPR, CCPA, LGPD applied automatically by visitor region. Right rules, every visitor.
Why ConsentLayer
Why engineering teams ship ConsentLayer.
Shipping compliance isn’t luck. It’s a system.
/ install
One snippet. No framework lock-in.
A single <script async> tag works on plain HTML or WordPress. Prefer code? The JS SDK and React hooks (useConsent(), <ConsentGate>) give you the same state in your components.
/ agents
Set up consent from your editor, in one prompt.
ConsentLayer ships an MCP server with 20+ tools — create a site, run the scanner, configure categories and the banner, and get back the install snippet. Any MCP-aware coding agent (Claude Code, Cursor, or any MCP client) can do the whole setup for you.
See the MCP setup command$ npx -y @consentlayer/mcp setup > create_site("mysite.example") > scan_site() > configure_from_scan() > get_setup_snippet()
/ scanner
The scanner is the input, not the chore.
Run a scan manually, or let Solo and above run it on a schedule. New third-party scripts land in a review queue with a suggested category and a one-click “allow” or “block”. You’re not auditing cookies by hand; you’re approving a queue.
See a sample scan/ type safety
A typed SDK, not a pile of globals.
The JS SDK gives you hasConsent(), getConsentState(), and onConsentChange() — plus React hooks and a zod-typed REST API. The vanilla banner runtime has zero dependencies.
import { getConsentState, onConsentChange } from '@consentlayer/sdk'; import type { ConsentState } from '@consentlayer/sdk'; const state: ConsentState = getConsentState(); onConsentChange((state) => { analytics.toggle(state.analytics); ads.toggle(state.marketing); // state is narrowed and typed. no casting. });
/ audit
Audit log auto-generated.
Every settings change, banner interaction, and consent decision is recorded — category, jurisdiction, banner version, timestamp. Export the whole log as CSV in one click. No spreadsheet exports, no last-minute scrambling.
View a sample export/ performance
Lightweight loader. CWV-safe.
The loader is lightweight and dependency-free. It loads asynchronously, runs before any tracker, blocks them until consent, and never blocks rendering — so you pass Core Web Vitals without negotiating with your ops team.
Read how it loadsFAQ
Frequently asked questions
Have questions about ConsentLayer? We’ve got answers.
What is ConsentLayer?
A consent management platform for GDPR, CCPA/CPRA, and LGPD. Drop in one snippet and you get a customizable cookie banner, script and content blocking until consent, a cookie scanner, a consent log with CSV export, and an MCP server so AI coding agents can set it all up for you.
How does script blocking work?
ConsentLayer blocks known tracking scripts — Google Ads and Analytics, Facebook, TikTok, Bing, Pinterest, Hotjar, Mixpanel, Plausible, Amplitude, and more — until the visitor consents to the matching category. You can add custom blocking rules for anything not covered by the 20 built-in rules, and gate embeds or iframes the same way with content blocking.
Do you support Google Consent Mode v2?
Yes. Categories map to Google’s ad_storage, analytics_storage, ad_user_data, and ad_personalization signals automatically, so Google tags see the same decision your banner recorded.
Do you honor Global Privacy Control (GPC)?
Yes. ConsentLayer detects the GPC signal, can be configured to honor it automatically, and records it on the consent record for that visitor.
How long does setup take?
A few minutes. Add one <script async> tag to your <head>, or point an MCP-aware coding agent at your project — it can create the site, run the scanner, and configure the banner for you. Run npx -y @consentlayer/mcp setup to connect an agent.
What languages does the banner support?
10 built-in languages — English, German, French, Spanish, Italian, Dutch, Portuguese, Polish, Swedish, and Danish — with per-string overrides if you want to tweak the wording. The number of languages available at once depends on your plan; Studio and Agency have no limit.
What does the free tier include?
One site, 1,000 monthly pageviews, one banner language, manual scans, and the standard banner with ConsentLayer branding. Paid plans add more pageviews, the modal banner template, scheduled scans, custom geolocation groups, and more languages — see pricing for details.
Can AI coding agents set this up for me?
Yes — that’s the point of the MCP server. Point an MCP client like Claude Code or Cursor at ConsentLayer and it can create a site, run the scanner, configure categories and the banner, and hand you back the install snippet, all from a single prompt.
Ship consent for every visitor. It’s that simple.
Join the engineering teams using ConsentLayer to gate scripts, audit decisions, and stay compliant across humans, agents, and every region.
No credit card required
Install in 5 minutes
GDPR / CCPA / LGPD ready