Consent.
Respect.
Protect.
Simplified user data protection for website managers.
Copy. Paste. Done.
A single script tag in your <head> and your visitors are protected.
Create your site
From the ConsentKit dashboard, add your domain. Configure cookie categories and the services you use.
Customize the banner
Choose the display style, colors, and position. Preview in real time directly in the dashboard.
Add the script
Copy the script tag from the Embed tab and paste it into your site's <head>. ConsentKit handles the rest.
<!-- Google Consent Mode v2 — synchronous defaults --> <script> gtag('consent', 'default', { analytics_storage: 'denied', ad_storage: 'denied' }); </script> <!-- ConsentKit — a single line --> <script data-site="YOUR_SITE_ID" src="https://consent.oui.services/v1/consentkit.js" defer></script>
Your tools,
under control.
Seven pre-configured services cover the most common use cases. Add your own with just a few lines of JavaScript.
Google Analytics 4
Injects the gtag script after consent. Native integration with Google Consent Mode v2 for advanced measurements.
Google Tag Manager
Conditional loading of the GTM container. Tags only activate when consent is granted.
Meta Pixel
Facebook and Instagram conversion tracking. The pixel only loads after explicit marketing consent.
TikTok Pixel
TikTok Ads audience segmentation. Conditional activation, clean deactivation with cookie cleanup.
YouTube
Automatic iframe replacement with an elegant placeholder. The embed only displays after consent.
Vimeo
Same placeholder system as YouTube with automatic thumbnail retrieval via the Vimeo API.
Brevo (Sendinblue)
Email marketing platform. The tracking script loads after marketing category consent.
Need Hotjar, Matomo, Crisp? Add any service via window.CKQueue.push()
Manage everything,
at a glance.
A complete dashboard to configure your banners, track consent rates, and export your audit log.
Designed for
compliance.
Consent Mode v2
Google Consent Mode defaults are injected synchronously before any tag. The analytics_storage and ad_storage signals are updated in real time.
Immutable audit log
Every consent is recorded in a D1 database with timestamp, configuration hash, and visitor fingerprint. JSON or CSV export.
No personal data
The visitor fingerprint is a SHA-256 hash of the IP and User-Agent. No name, email, or identifier is ever stored.
CNIL 13-month expiration
The consent cookie automatically expires after 13 months, in accordance with CNIL recommendations. No implicit renewal.
« Deny all » visible
The deny button has the same visual weight as the accept button, as required by CNIL. No dark patterns, no manipulation.
Permanent withdrawal
A persistent icon allows visitors to change their choice at any time. The preferences panel is always accessible.
For those who
take privacy seriously.
Developers
Clean API, custom events, custom service registration. Integrate ConsentKit into any stack in minutes.
Web agencies
Deploy the same solution across all your clients. Multi-site, customizable theme per client, near-zero cost.
E-commerce
GA4, Meta Pixel, TikTok — all your marketing tools managed from a single GDPR-compliant banner.
Businesses
Self-hosting, audit log, no data with third parties. Compliance verifiable by your legal teams.
Media & éditeurs
Automatic YouTube and Vimeo iframe replacement. Your videos only load after explicit consent.
DPO & legal
Immutable audit trail, evidence export, versioned configuration. Everything you need to demonstrate compliance.
Built on
Cloudflare.
Edge-first architecture. The script, API, and dashboard run on the global Cloudflare network — close to your visitors, always fast.
Client script, Worker API, and dashboard — one language, shared types.
Serverless API on 300+ points of presence. KV for config, D1 for audit.
The embedded script has no external dependencies. Rollup + esbuild for 6.7 KB.
TanStack Query, Recharts, Cloudflare Pages. Protected by Cloudflare Access.