ConsentLayer MCP server

Set up cookie consent with an AI agent

ConsentLayer ships a hosted MCP server at api.consentlayer.com/mcp. Connect it to Claude Code, Cursor, or any MCP client, and one prompt provisions your site, scans it for trackers, configures consent categories, and returns the install snippet with a real project key — not a placeholder.

Install with an AI agent

Point your agent at ConsentLayer

Authentication happens in your browser the first time your agent connects — no API keys to create, copy, or commit.

1

Connect your agent

$ claude mcp add consentlayer \
  --transport http \
  "https://api.consentlayer.com/mcp"

Connects the ConsentLayer MCP server over HTTP. Then just ask.

2

Ask your agent

add ConsentLayer to my site
3

What your agent does

  1. Create the site

    Provisions your site with a default banner and three consent categories.

  2. Scan for trackers

    Crawls for GA, Meta Pixel, Hotjar and more, then sorts them into categories.

  3. Configure & localize

    Sets banner design, script blocking, Consent Mode, and GDPR / CCPA / LGPD rules by region.

  4. Install & verify

    Adds your <script> snippet and grades the setup 0–100.

Prefer to do it by hand? Drop one <script> in your <head>see the docs.

Available on every plan, including Free

OAuth in the browser — no API keys to paste

GDPR / CCPA / LGPD templates included

claude code · /mysiteMCP
> set up cookie consent for this site
→ calling setup_site … site provisioned ✓
→ scanning mysite.example … 12 services detected
→ services sorted into consent categories
 install snippet ready — added to <head>
 banner live · trackers blocked until consent

 review it: app.consentlayer.com

Connect

One command. Any MCP client.

Authentication happens in your browser the first time the agent connects — there are no API keys to create, copy, or accidentally commit.

Claude Code

$ claude mcp add consentlayer \
  --transport http \
  "https://api.consentlayer.com/mcp"

Then ask: “set up cookie consent for this site”.

Guided setup

$ npx -y @consentlayer/mcp setup

Detects your MCP client and writes the config for you. Works for Cursor and other MCP-capable editors.

Any MCP client

{ "mcpServers": {
  "consentlayer": {
    "url": "https://api.consentlayer.com/mcp"
} } }

Streamable HTTP transport. Add it to your client’s MCP config and you’re connected.

Under the hood

What your agent actually does.

The fast path is a single tool call — setup_site provisions the site, scans it, configures categories, and returns the install snippet. Agents that want step-by-step control get a dedicated tool for every step.

01 / provision

Create the site

create_site provisions the domain with a default banner and three consent categories (essential, statistics, marketing) — or setup_site does this and every step below in one call.

02 / scan

Scan for trackers

scan_site crawls the site and detects tracking scripts and cookies — Google Analytics, Meta Pixel, Hotjar and more. configure_from_scan sorts what it finds into the right categories.

03 / configure

Banner, behavior, regions

update_banner_config sets the design; update_site_behavior toggles script blocking, Global Privacy Control, and Google Consent Mode; add_geolocation_group_from_template applies GDPR, CCPA, or LGPD rules by region.

04 / install

Snippet & verify

get_setup_snippet returns the script tag with your real project key — it goes in <head> without defer or async, so it runs before trackers do. get_compliance_score then grades the setup 0–100 with a punch list of anything missing.

Terminal · three weeks later
> did anything change on mysite.example since launch?

→ calling scan_site … → calling get_scan_diff …
 1 new service found: TikTok Pixel (unclassified)
→ calling approve_unrecognized_script … added to marketing
 banner & blocking rules updated — no redeploy needed

/ ongoing

Setup is just the start.

The same MCP server runs the whole platform, so your agent can keep the site compliant after launch — not just install a banner and disappear.

  • Re-scan and diff: scan_site + get_scan_diff surface newly added trackers
  • Review queue: approve or dismiss scripts the scanner couldn’t auto-classify
  • Audit trail: list_consent_records filters decisions by date, country, and banner version
  • Scale it: export_site_config clones a tuned setup to the next client site

FAQ

Agents have questions too.

Is the MCP server free to use?

Yes — the MCP server, REST API, and JS SDK are available on every plan, including Free. Connect it, set up a site, and go live without entering a card.

Which AI tools can I use it with?

Claude Code, Cursor, and any client that speaks MCP over streamable HTTP. The server lives at https://api.consentlayer.com/mcp; the @consentlayer/mcp npm package can write your client config for you.

Do I need an API key?

No. The first time your agent connects, your browser opens to authorize it — standard OAuth. There are no keys to create, paste into config files, or accidentally commit to a repo.

My AI tool already generated a cookie banner. Am I covered?

Usually not. Banners generated by a prompt are typically cosmetic — they show buttons, but tracking scripts still fire before anyone clicks them, and no decision is recorded anywhere. ConsentLayer blocks trackers until the visitor consents and logs every decision, which is the part regulators actually care about.

Can the agent break or delete my setup?

Configuration changes are just settings you can review and adjust in the dashboard at any time. The one destructive operation — deleting a site — requires the site’s domain to be passed back as explicit confirmation, so an agent can’t do it by accident.

Does it handle Google Consent Mode v2?

Yes. Consent categories map to Google’s ad_storage, analytics_storage, ad_user_data, and ad_personalization signals, and your agent can toggle Consent Mode with update_site_behavior.

Ship consent for every visitor. It’s that simple.

Join the engineering teams using ConsentLayer to gate scripts, audit decisions, and stay compliant across humans, agents, and every region.

No credit card required

Install in 5 minutes

GDPR / CCPA / LGPD ready