Features · every capability in the platform
Every layer of consent. One platform.
From a lightweight loader to a complete consent log, every piece is built to snap together. No glue code. No spreadsheet exports. No “enterprise tier to unlock the basics.”
The platform
Everything you need to ship compliant consent.
Drop in a script and get a banner, a cookie scanner, geo rules, and a consent log — all wired to the same source of truth, and all drivable by an AI agent.
Script blocking
Blocks tracking scripts until visitors consent — 20+ built-in rules for Google, Meta, TikTok and more, plus custom per-site rules.
Content blocking
Consent-gate embeds and iframes per service, with a click-to-load placeholder until the visitor opts in.
Banner builder
3 templates (floating, wide bar, modal) · 7 positions · full color, text and logo theming with per-button toggles.
Floating preferences button
A “Manage preferences” button stays after the banner closes — pick a preferences, shield, cookie or custom icon.
Google Consent Mode v2
Granular ad_storage, analytics_storage, ad_user_data and ad_personalization signals mapped from your categories.
Global Privacy Control
The GPC browser signal is detected, honored (configurable) and recorded on the consent record.
Microsoft Clarity consent mode
A built-in toggle drives Clarity in consent mode so heatmaps and recordings respect the visitor’s choice.
Cookie scanner
Crawls your site, detects known services and flags unrecognized scripts into a review queue with suggested categories and scan-to-scan diffs.
Geo consent rules
GDPR, CCPA/CPRA and LGPD templates apply the right behavior by region — or build custom, priority-ordered geolocation groups.
Consent log with CSV export
Every decision is recorded — categories, jurisdiction, banner version, salted IP hash (never raw IPs) — filterable and exportable to CSV.
Do Not Sell workflow
Track CCPA/CPRA “Do Not Sell” requests with a status workflow, ready for the opt-out signals regulators expect.
Compliance score
A 0–100 score in the dashboard grades how complete your setup is, so you always know what’s left to configure.
10 banner languages
Banner copy ships translated in 10 languages, with per-string overrides. Language count is plan-gated (1 on Free, 2 on Solo, unlimited above).
JS + React SDK
The @consentlayer/sdk exposes hasConsent(), onConsentChange() and more — plus React useConsent() and <ConsentGate>.
REST API & API keys
A typed REST API (OpenAPI) with create/revoke API keys lets you script sites, scans and banner config from your own tooling.
MCP server for AI agents
Claude Code, Cursor and any MCP client can create the site, run the scanner, configure the banner and return the install snippet — on every plan.
01 / performance
Lightweight by design. Runs before any tracker.
The loader is dependency-free vanilla JavaScript, generated per site and served from a CDN. It loads asynchronously so it never blocks rendering, and it blocks tracking scripts before consent is given — so trackers can’t fire ahead of a decision.
- Dependency-free vanilla JavaScript — nothing else to install
- Loads async and never blocks page rendering
- Blocks tracking scripts before consent is granted
- CDN-served, per-site bundle tailored to your config
<!-- 1 · Add to <head> --> <script async src="https://api.consentlayer.com/banner/<projectKey>/banner.js"></script> <!-- 2 · Optional: react to changes --> window.consentlayer.onConsentChange((s) => { analytics.toggle(s.analytics); });
_clarity · clarity.ms · new_ga, _gid · google-analytics.com__tld__ · ads.linkedin.com · newcf_clearance · cloudflare.com__stripe_mid · stripe.com02 / detection
The scanner finds what you missed.
ConsentLayer crawls your site and matches what it finds against the built-in service library. Known services are categorized for you; anything unrecognized lands in a review queue with a suggested category you can accept or change. Every run is compared to the last, so new trackers stand out.
- Crawls your site and detects known services from the library
- Unrecognized scripts go to a review queue with suggested categories
- Scan-to-scan diffs surface what changed since last time
- Scheduled scans on paid plans · manual scans on Free
03 / agentic
Built for the agentic web.
ConsentLayer ships an MCP server at https://api.consentlayer.com/mcp. Connect it once and an AI coding agent can stand up consent management for you — create the site, run the scanner, configure categories and the banner, and hand back the install snippet.
- Connect in one command:
npx -y @consentlayer/mcp setup - 20+ tools:
create_site,scan_site,configure_from_scan,get_setup_snippet… - Works with Claude Code, Cursor and any MCP client
- Available on every plan, including Free
DE · GDPR · banner v17FR · GDPR · banner v17US-CA · CCPA · analytics offBR · LGPD · analytics onUS-CA · recorded04 / compliance
Consent log & compliance.
Every decision is recorded — categories, jurisdiction, banner version and a salted IP hash (raw IPs are never stored). Filter by country, decision or date and export the log to CSV. A compliance score tracks how complete your setup is.
- Records categories, jurisdiction, banner version & salted IP hash
- Filter and export to CSV in a click
- Retention by plan: 30 / 365 / 365 / 730 days
- Do Not Sell tracking, compliance score & a hosted cookie policy page (Agency)
Developer experience
Built for engineers who hate consent tooling.
A script tag or a typed SDK, a REST API you can script, and an MCP server for your agent. Works in your existing stack.
SDK
Script tag or typed SDK
Drop in the script tag, or install @consentlayer/sdk for a typed API. React gets useConsent() and <ConsentGate> out of the box.
API
Typed REST API & keys
An OpenAPI-described REST API lets you manage sites, scans and banner config from your own tooling. Create and revoke API keys from the dashboard.
Agents
MCP server for agents
Connect the MCP server and let Claude Code, Cursor or any MCP client create the site, run the scanner and return the install snippet — from your editor.
WordPress
WordPress-friendly embed
The banner is a single async script tag, so it drops cleanly into WordPress — add it with a snippet plugin like WPCode and you’re live.
FAQ
Frequently asked — about the product.
Have feature questions? Here are the ones we hear most. For billing or plan questions, see the pricing page.
How much can I customize the banner?
A lot. Choose one of three templates — floating, wide bar, or modal (modal is Solo and up) — from 7 positions, then customize colors, text and logo, with per-button visibility toggles. For deeper control, the JS SDK lets you drive consent state yourself with hasConsent(), onConsentChange() and showPreferences().
How does ConsentLayer block trackers before consent?
The banner runtime intercepts tracking scripts as the page loads — both static tags and dynamically injected ones — and holds them until the visitor consents. It ships 20+ built-in rules for services like Google, Meta and TikTok, plus custom per-site rules, and can consent-gate embeds and iframes too.
What languages does the banner ship with?
10 built-in languages: English, German, French, Spanish, Italian, Dutch, Portuguese, Polish, Swedish and Danish. You can override individual strings per locale. The number of languages you can use is plan-gated — 1 on Free, 2 on Solo, unlimited on Studio and Agency.
Which plans include the API, SDK and MCP server?
All of them, including Free. The typed REST API, the @consentlayer/sdk (JS + React) and the MCP server for AI agents are available on every plan — no upgrade required to build against them.
What gets recorded in the consent log?
Each decision stores the categories chosen, the jurisdiction, the banner version, the user agent and a salted hash of the IP — raw IPs are never stored. You can filter by country, decision or date and export the log to CSV. Retention is 30 days on Free, 365 on Solo and Studio, and 730 on Agency.
Can an AI agent set ConsentLayer up for me?
Yes. Run npx -y @consentlayer/mcp setup to connect the MCP server, then an agent like Claude Code or Cursor can create the site, run the scanner, configure your categories and banner, and return the install snippet — effectively adding consent management from your editor with one prompt.
How does region detection work without storing IPs?
ConsentLayer reads the visitor’s country from a CDN request header, including EU/EEA and UK detection. No raw IP is stored client-side and there’s no third-party geo provider. Built-in templates cover GDPR (opt-in), CCPA/CPRA (opt-out + GPC) and LGPD (opt-in), and you can add custom geolocation groups on paid plans.
Ship Consent. For Every Visitor. It’s That Simple.
Join the engineering teams using ConsentLayer to gate scripts, audit decisions, and stay compliant — across humans, agents, and every region.
Free tier
No credit card required
Install in seconds
GDPR / CCPA / LGPD ready