Agentic Consent management solution

Make any website compliant with one prompt

Tell Claude Code, Cursor, or any MCP-powered agent to add ConsentLayer — our MCP server runs the install. Prefer manual? Drop one <script> tag in your <head>. Either way, GDPR / CCPA / LGPD handled automatically by region.

Install with an AI agent

Point your agent at ConsentLayer

Authentication happens in your browser the first time your agent connects — no API keys to create, copy, or commit.

1

Connect your agent

$ claude mcp add consentlayer \
  --transport http \
  "https://api.consentlayer.com/mcp"

Connects the ConsentLayer MCP server over HTTP. Then just ask.

2

Ask your agent

add ConsentLayer to my site
3

What your agent does

  1. Create the site

    Provisions your site with a default banner and three consent categories.

  2. Scan for trackers

    Crawls for GA, Meta Pixel, Hotjar and more, then sorts them into categories.

  3. Configure & localize

    Sets banner design, script blocking, Consent Mode, and GDPR / CCPA / LGPD rules by region.

  4. Install & verify

    Adds your <script> snippet and grades the setup 0–100.

Prefer to do it by hand? Drop one <script> in your <head>see the docs.

No credit card required

Install in seconds

GDPR / CCPA / LGPD rules applied by region

cursor · /mysiteMCP
> add ConsentLayer to my site
→ calling create_site … ✓
→ calling scan_site … 12 services detected
→ calling configure_from_scan … categories mapped
→ calling get_setup_snippet … ✓
 snippet added to app/layout.tsx
 banner live · GDPR / CCPA / LGPD rules by region

 open dashboard: app.consentlayer.com
mysite.example
LIVE

Works from your AI coding tools — or any MCP client

Claude Cursor Codex
In motion

See it in action.

From the install prompt to the audit log — pick a tab to see how the moving parts fit together.

One prompt. ConsentLayer installs itself.

Tell Claude Code, Cursor, or any MCP-powered agent to add ConsentLayer. Our MCP server runs the install — site, scan, banner config, and snippet — from one prompt.

  • Works in any MCP-aware coding agent
  • No copy-paste, no framework guessing
  • Same prompt for every site you own
cursor · /mysiteMCP
> add ConsentLayer to my site
→ calling create_site … ✓
→ calling scan_site … 12 services detected
→ calling configure_from_scan … categories mapped
→ calling get_setup_snippet … ✓
 snippet added to app/layout.tsx
 banner live · GDPR / CCPA / LGPD rules by region

 open dashboard: app.consentlayer.com

One <script async> tag in your <head>.

Prefer manual setup? Drop one script tag in your <head>. The banner runtime is lightweight, dependency-free, and loads asynchronously, so it never blocks rendering.

  • Works with any JS/React SDK setup
  • TypeScript types ship with the SDK
  • Runs before any third-party script
app/layout.tsx · Next.js (App Router)
// One tag. Any site.
import type { Metadata } from 'next';

export default function RootLayout({ children }) {
  return (
    <html>
      <head>
        <script
          async
          src="https://api.consentlayer.com/banner/prj_a7f3…2b91/banner.js"
        />
      </head>
      <body>{children}</body>
    </html>
  );
}

Run a scan, review the findings, done.

The scanner crawls your site and classifies every cookie and third-party request. New scripts land in a review queue until you (or an agent) categorize them. Scheduled scans on Solo and up — Free plan runs scans manually.

  • One-click “Block / Allow / Categorize” per finding
  • Surfaces marketing-team additions before your DPO does
  • Scan-to-scan diffs show exactly what changed
scanner · 2 unreviewed Live
LI
LinkedIn Insight Tag
first-seen 12m ago · suggested: Marketing
HJ
Hotjar Recording
first-seen 1h ago · suggested: Analytics
GA
Google Analytics 4
categorized: Analytics · approved
Live
ST
Stripe.js
categorized: Necessary · approved
Live

Your config, readable and writable by API.

Every site’s banner config, categories, and jurisdiction rules are available over the REST API. Agents call it through the MCP server; you can call it directly with an API key.

  • Same REST API that powers the MCP tools
  • API keys created and revoked from the dashboard
  • Available on every plan, including Free
GET /v1/sites/:id/banner-config 200 OK
{
  "site": "mysite.example",
  "jurisdiction_templates": ["gdpr", "ccpa", "lgpd"],
  "categories": {
    "necessary":  true,
    "analytics":  false,
    "marketing":  false
  },
  "template": "floating",
  "languages": ["en"]
}

Every decision, logged and exportable.

Every visitor consent decision is recorded — categories, jurisdiction, banner version, user agent, salted IP hash. Filter by country or decision, export the whole log as CSV.

  • Retention scales with your plan — 30 to 730 days
  • Raw IPs are never stored, only a salted hash
  • Query it from the dashboard or the API
Consent log · last 24h
EU
Visitor accepted all · Germany
jurisdiction: GDPR · banner v14
12:48 UTC
US
Visitor rejected analytics + marketing · California
jurisdiction: CCPA · GPC signal honored
12:31 UTC
BR
Visitor accepted necessary only · Brazil
jurisdiction: LGPD · banner v14
11:09 UTC
EU
Visitor updated preferences · France
withdrew analytics consent · cookies auto-cleared
09:42 UTC

The platform

Everything you need to ship compliant consent.

Drop in a script. Get a banner, a policy API, a scanner, and an audit log, all wired to the same source of truth.

Config

Every site’s consent config is served from the CDN edge, readable by your app and by AI agents over MCP.

  • Config served from the CDN edge
  • Readable by humans and AI agents (via MCP)
  • Every decision logged and exportable
mysite.example · banner config
{
  "version": "1.0",
  "site": "mysite.example",
  "regions": ["EU", "US-CA", "BR"],
  "categories": {
    "necessary": true,
    "analytics": false,
    "marketing": false
  },
  "mcp": "https://api.consentlayer.com/mcp"
}
MCP server

One prompt. Your agent does the rest. Any MCP-aware coding agent installs ConsentLayer, configures the banner, and wires the policy end to end.

Consent UI

A banner that meets every regulation, branded to your site.

Scanner

Scan your site, review a queue. New trackers get a suggested category, not a spreadsheet.

Audit ledger

Every decision logged and exportable as CSV, whenever you need it.

Edge loader

Lightweight, dependency-free loader. Loads async and never blocks rendering.

Regions

GDPR, CCPA, LGPD applied automatically by visitor region. Right rules, every visitor.

Why ConsentLayer

Why engineering teams ship ConsentLayer.

Shipping compliance isn’t luck. It’s a system.

/ install

One snippet. No framework lock-in.

A single <script async> tag works on plain HTML or WordPress. Prefer code? The JS SDK and React hooks (useConsent(), <ConsentGate>) give you the same state in your components.

Read the install guide
index.html
// 1 · Drop this in your <head>. That's the install.
<script
  async
  src="https://api.consentlayer.com/banner/{projectKey}/banner.js"
/>

// 2 · Optional — react to consent changes
window.consentlayer.onConsentChange((state) => {
  analytics.toggle(state.analytics);
  ads.toggle(state.marketing);
});

// Same one script tag, every site.

/ agents

Set up consent from your editor, in one prompt.

ConsentLayer ships an MCP server with 20+ tools — create a site, run the scanner, configure categories and the banner, and get back the install snippet. Any MCP-aware coding agent (Claude Code, Cursor, or any MCP client) can do the whole setup for you.

See the MCP setup command
Human view
We value your privacy
We use cookies to measure traffic and personalise content.
Necessary
Analytics
Marketing
→ configured by your agent
Agent view · MCP
$ npx -y @consentlayer/mcp setup

> create_site("mysite.example")
> scan_site()
> configure_from_scan()
> get_setup_snippet()
→ banner + scanner + categories live

/ scanner

The scanner is the input, not the chore.

Run a scan manually, or let Solo and above run it on a schedule. New third-party scripts land in a review queue with a suggested category and a one-click “allow” or “block”. You’re not auditing cookies by hand; you’re approving a queue.

See a sample scan
Review queue · 5 new trackers scan #1284
LI
LinkedIn Insight Tag
found by scan · suggested Marketing
HJ
Hotjar Recording
found by scan · suggested Analytics
GA
Google Analytics 4
found by scan · suggested Analytics
SG
Segment.js
found by scan · suggested Analytics
?
vital-pixel.io
unknown vendor · suggested Review

/ type safety

A typed SDK, not a pile of globals.

The JS SDK gives you hasConsent(), getConsentState(), and onConsentChange() — plus React hooks and a zod-typed REST API. The vanilla banner runtime has zero dependencies.

Open the SDK reference
consent.ts · TypeScript ✓ typechecked
import { getConsentState, onConsentChange } from '@consentlayer/sdk';
import type { ConsentState } from '@consentlayer/sdk';

const state: ConsentState = getConsentState();

onConsentChange((state) => {
  analytics.toggle(state.analytics);
  ads.toggle(state.marketing);
  // state is narrowed and typed. no casting.
});
type ConsentState = {
necessary: boolean;
analytics: boolean;
marketing: boolean;
}
Imported from @consentlayer/sdk

/ audit

Audit log auto-generated.

Every settings change, banner interaction, and consent decision is recorded — category, jurisdiction, banner version, timestamp. Export the whole log as CSV in one click. No spreadsheet exports, no last-minute scrambling.

View a sample export
Audit log · last 24h
RM
Rohan Mehta updated EU banner copy
v4.2 → v4.3 · diff: 2 strings
12:48
logged
EU
Visitor consent decision · EU
accepted necessary · rejected marketing
12:31
logged
SK
Sasha Kim approved 2 trackers from scanner queue
LinkedIn Insight, Hotjar
11:09
logged
CL
ConsentLayer scan completed
2 new trackers queued for review
10:54
logged
CA
Visitor consent decision · California
Do Not Sell request recorded
10:12
logged

/ performance

Lightweight loader. CWV-safe.

The loader is lightweight and dependency-free. It loads asynchronously, runs before any tracker, blocks them until consent, and never blocks rendering — so you pass Core Web Vitals without negotiating with your ops team.

Read how it loads
Loader order · mysite.example
async
cl.js (consent)
first
html · LCP image
unblocked
ga4.js
gated
linkedin-insight
gated
hotjar.js
gated
cl.js loads async · blocks trackers until consent zero dependencies

FAQ

Frequently asked questions

Have questions about ConsentLayer? We’ve got answers.

What is ConsentLayer?

A consent management platform for GDPR, CCPA/CPRA, and LGPD. Drop in one snippet and you get a customizable cookie banner, script and content blocking until consent, a cookie scanner, a consent log with CSV export, and an MCP server so AI coding agents can set it all up for you.

How does script blocking work?

ConsentLayer blocks known tracking scripts — Google Ads and Analytics, Facebook, TikTok, Bing, Pinterest, Hotjar, Mixpanel, Plausible, Amplitude, and more — until the visitor consents to the matching category. You can add custom blocking rules for anything not covered by the 20 built-in rules, and gate embeds or iframes the same way with content blocking.

Do you support Google Consent Mode v2?

Yes. Categories map to Google’s ad_storage, analytics_storage, ad_user_data, and ad_personalization signals automatically, so Google tags see the same decision your banner recorded.

Do you honor Global Privacy Control (GPC)?

Yes. ConsentLayer detects the GPC signal, can be configured to honor it automatically, and records it on the consent record for that visitor.

How long does setup take?

A few minutes. Add one <script async> tag to your <head>, or point an MCP-aware coding agent at your project — it can create the site, run the scanner, and configure the banner for you. Run npx -y @consentlayer/mcp setup to connect an agent.

What languages does the banner support?

10 built-in languages — English, German, French, Spanish, Italian, Dutch, Portuguese, Polish, Swedish, and Danish — with per-string overrides if you want to tweak the wording. The number of languages available at once depends on your plan; Studio and Agency have no limit.

What does the free tier include?

One site, 1,000 monthly pageviews, one banner language, manual scans, and the standard banner with ConsentLayer branding. Paid plans add more pageviews, the modal banner template, scheduled scans, custom geolocation groups, and more languages — see pricing for details.

Can AI coding agents set this up for me?

Yes — that’s the point of the MCP server. Point an MCP client like Claude Code or Cursor at ConsentLayer and it can create a site, run the scanner, configure categories and the banner, and hand you back the install snippet, all from a single prompt.

Ship consent for every visitor. It’s that simple.

Join the engineering teams using ConsentLayer to gate scripts, audit decisions, and stay compliant across humans, agents, and every region.

No credit card required

Install in 5 minutes

GDPR / CCPA / LGPD ready