Yes. In the EU, EEA, UK and Switzerland, Microsoft Clarity generally requires consent before it can set analytics cookies and enable full session-based tracking.
That answer is more certain in 2026 than it used to be.
Microsoft now provides Clarity Consent Mode and Consent API v2, and it has announced consent signal enforcement for page visits from the European Economic Area, the United Kingdom and Switzerland starting October 31, 2025. Microsoft says a valid consent signal is required to ensure full Clarity functionality for users in those regions.
Source: Microsoft Clarity Consent Mode
This does not mean Microsoft Clarity is impossible to use legally. It means the implementation matters.
If Clarity is allowed to load normally, set cookies and connect user activity across page views before the visitor has made a consent choice, that is usually a problem in consent-first jurisdictions. If Clarity is configured through a CMP, Consent Mode or Consent API v2, it can operate in a more privacy-aware way.
The practical rule is simple:
Treat Microsoft Clarity as a non-essential analytics tracker. Do not allow full cookie-based tracking until analytics consent has been granted.
This guide explains why Clarity requires consent, what Microsoft changed, which cookies Clarity uses, what happens when consent is denied, and how to configure it correctly.
Disclaimer: This article is general information, not legal advice. Consent requirements depend on your technologies, purposes, vendors and implementation.
Related guides
- Does Google Analytics Require Consent?, a companion guide covering GA4 consent requirements
- Google Consent Mode v2 Requirements, complete guide for websites and agencies
- GDPR Cookie Consent Requirements, complete guide for websites and businesses
Why Website Owners Are Asking This Question Now
For a long time, Microsoft Clarity was often added to websites without much discussion.
A marketer would paste the Clarity script into Google Tag Manager, check that heatmaps and recordings were working, and move on. Because Clarity is free and positioned as a user experience tool, many teams treated it as less sensitive than advertising pixels or retargeting scripts.
That view is too simple.
Clarity is not just a basic visitor counter. It is a behavioral analytics tool. It helps website owners understand how people click, scroll, move through pages and interact with a website.
Microsoft describes Clarity as a behavioral analysis tool that helps you understand user experience and improve your website or app.
Source: Microsoft Clarity documentation
That makes Clarity useful, but it also makes consent more important.
The consent question has become more urgent because Microsoft has formalized how Clarity should receive consent signals. It now provides specific documentation for Consent Mode, Consent API v2, CMP integrations and behavior without cookie consent.
In other words, this is no longer just a theoretical legal debate.
Microsoft itself now expects consent-aware implementation for traffic from key European regions.
What Microsoft Clarity Actually Does
Microsoft Clarity helps website owners understand user behavior.
Typical features include:
- Heatmaps
- Session recordings
- Click tracking
- Scroll tracking
- Rage click detection
- Dead click analysis
- User journey analysis
- Funnel and behavioral reporting
These features are valuable because they show what users actually do on a page. You can see where people get stuck, which elements they click, how far they scroll and whether a page creates friction.
That is different from simple traffic measurement.
A traditional analytics report might tell you that 1,000 people visited a page. Clarity can help you understand how those people behaved after they arrived.
From a privacy perspective, that distinction matters.
The more detailed the behavioral analysis becomes, the more important it is to handle consent, transparency and user choice correctly.
Does Microsoft Clarity Use Cookies?
Yes. Microsoft Clarity uses cookies in a typical implementation.
Microsoft says Clarity's typical usage requires non-essential cookies on the visitor's browser. These cookies are placed by the setup script installed to run Clarity. Microsoft also explains that Clarity cookies store a unique pseudonymous ID used to associate interaction data, connect page views and generate aggregated analytics.
Source: Microsoft Clarity cookies
Common Microsoft Clarity cookies include:
| Cookie | Type | Purpose |
|---|---|---|
_clck | First-party | Persists the Clarity user ID and preferences for the site |
_clsk | First-party | Connects multiple page views into a single Clarity session recording |
CLID | Third-party | Identifies the first time Clarity saw this user on any site using Clarity |
MUID | Third-party | Identifies unique web browsers visiting Microsoft sites |
MR | Third-party | Indicates whether to refresh MUID |
SM | Third-party | Used to synchronize MUID across Microsoft domains |
Source: Microsoft Clarity cookies
The key cookies for most website owners are _clck and _clsk.
_clck helps Clarity recognize the same user on the same site.
_clsk helps Clarity connect multiple page views into a single session.
That session continuity is what makes recordings, funnels and user journeys useful. It is also why these cookies are not usually considered strictly necessary for providing the website itself.
Why Microsoft Clarity Usually Requires Consent
The consent requirement comes from two related but separate legal layers.
The first is ePrivacy-style cookie law.
The second is GDPR or UK GDPR.
Many articles mix these together, but they are not the same thing.
The ePrivacy Issue
For cookies and similar technologies, the first question is usually:
Are you storing or accessing information on the user's device?
If the answer is yes, consent is generally required unless the cookie or technology is strictly necessary.
Microsoft Clarity normally uses cookies and identifiers to connect user interactions and page views. That means ePrivacy-style rules are highly relevant.
The UK ICO explains that organisations must explain how cookies and similar technologies work and what they are used for. Users must be able to understand the consequences of allowing them.
Source: ICO cookies and similar technologies guidance
The CNIL also states that, generally speaking, before depositing or reading a cookie or tracker, publishers must inform users of the purpose, obtain consent and provide a way to refuse. CNIL recognizes narrow exemptions for certain audience measurement tools, but only under specific conditions.
Source: CNIL analytics guidance
Microsoft Clarity is not a simple, strictly necessary website function. A site can usually load, display content and process basic user requests without Clarity.
That is why Clarity should usually be treated as non-essential analytics.
The GDPR Issue
GDPR becomes relevant because Clarity processes behavioral information.
Depending on the implementation, Clarity may process or help generate data about:
- User interactions
- Click patterns
- Scroll behavior
- Session activity
- Device and browser information
- Page journeys
- Form interaction patterns if not properly masked
- Custom identifiers if implemented by the website
This information can become personal data when it relates to an identifiable or potentially identifiable user.
That does not mean Clarity is automatically unlawful. It means the website owner needs a lawful basis, transparent disclosure and appropriate controls.
The important distinction is this:
- ePrivacy usually governs whether you may store or access cookies and similar identifiers on the device.
- GDPR governs how personal data is processed once collected.
You may need to satisfy both.
This is why relying only on a GDPR legal basis such as legitimate interest is usually not enough for cookie-based Clarity tracking in consent-first jurisdictions. The cookie access itself often needs prior consent first.
For a wider explanation of this distinction, see our guide on GDPR Cookie Consent Requirements.
What Changed with Microsoft Clarity Consent Mode?
Microsoft Clarity Consent Mode changes the practical implementation of Clarity.
Microsoft says Consent Mode allows Clarity to adjust cookie access based on the user's current consent status. With Consent Mode enabled, Clarity only sets cookies after receiving valid consent from the user.
Source: Microsoft Clarity Consent Mode
Microsoft also states that Consent Mode is enabled by default for users from the EEA, UK and Switzerland. Once enabled, Clarity waits for a valid consent signal before setting cookies.
Source: Microsoft Clarity Consent Mode
This is the part website owners should pay attention to.
If Clarity is waiting for a valid consent signal, your CMP or consent banner needs to send one.
A banner that simply says "we use cookies" is not enough. The consent choice needs to control what Clarity does.
Consent API v2 Is Now the Recommended Method
Microsoft says Consent API v2 is the latest and recommended method for passing user cookie consent status to Clarity. It replaces the older Consent API, which Microsoft says is planned for deprecation and should no longer be used for new implementations.
Source: Microsoft Clarity Consent API v2
The Consent API v2 call uses two consent signals:
window.clarity('consentv2', {
ad_Storage: 'granted',
analytics_Storage: 'granted'
});Or, when consent is denied:
window.clarity('consentv2', {
ad_Storage: 'denied',
analytics_Storage: 'denied'
});The two relevant parameters are:
| Parameter | Meaning |
|---|---|
analytics_Storage | Consent for analytics-related storage |
ad_Storage | Consent for advertising-related storage |
Source: Microsoft Clarity Consent API v2
For most Microsoft Clarity implementations, analytics consent is the central requirement.
If Clarity is connected to advertising, remarketing or Microsoft Advertising workflows, advertising consent may also become relevant.
Can Microsoft Clarity Work Without Consent?
Partially.
This is where many articles oversimplify the answer.
Microsoft Clarity does not have only two states:
- Full tracking
- No tracking at all
Microsoft documents a no-consent mode with limited tracking. If consent is denied, Clarity does not set first-party and third-party cookies. Instead, it assigns a unique ID per page view and does not use cookies to persist session data.
Source: Microsoft Clarity Consent API v2
That has a practical impact.
Microsoft explains that when users in regions requiring cookie consent do not provide it, Clarity modifies its reporting behavior. Sessions may be counted as page views. Each page view can create a new session. Session recordings, funnels and time spent metrics may also be affected.
Source: Changes to Clarity reporting without cookie consent
So the better question is not:
Can Clarity run without consent?
The better question is:
Can Clarity deliver full behavioral analytics without consent?
Usually, no.
Without consent, Clarity can operate in a reduced mode, but the features that depend on cookies and session continuity become limited.
What Happens If You Ignore Consent Signals?
There are two types of risk.
The first is legal and compliance risk.
If Clarity sets non-essential cookies before consent, your website may fail ePrivacy, UK PECR or national cookie law requirements. If the resulting behavioral data is personal data, GDPR or UK GDPR obligations also apply.
The second is product risk.
Microsoft now requires valid consent signals for full Clarity functionality in the EEA, UK and Switzerland. If you do not pass consent correctly, Clarity reporting may become fragmented or incomplete for those users.
Source: Microsoft Clarity FAQ
In plain language:
Poor consent implementation can create both compliance problems and bad analytics data.
Should Microsoft Clarity Be Categorized as Analytics or Marketing?
For most websites, Microsoft Clarity should be categorized as Analytics.
That is because the primary purpose is to understand website behavior and improve user experience.
However, the category can change depending on how you use it.
| Use case | Recommended category |
|---|---|
| Heatmaps for UX improvement | Analytics |
| Session recordings for usability analysis | Analytics |
| Funnel analysis for website optimization | Analytics |
| Clarity connected with advertising workflows | Marketing or Advertising |
| Clarity used with Microsoft Advertising | Marketing or Advertising may be required |
| Custom identifiers linked to user profiles | Requires closer review |
A safe approach is to classify Clarity as Analytics by default, then review whether your setup introduces advertising, profiling or user-level identification.
If your CMP uses only broad categories, do not place Clarity under Strictly Necessary.
Clarity is useful, but it is rarely necessary for delivering the website service requested by the user.
How to Make Microsoft Clarity Compliant
A compliant setup is not complicated, but it does need to be deliberate.
Use this checklist.
1. Decide Which Regions Require Consent
At minimum, review your traffic from:
- EU
- EEA
- UK
- Switzerland
You may also need to consider Brazil, California and other jurisdictions depending on your audience and data use.
2. Classify Clarity as Analytics
In your CMP, Microsoft Clarity should usually be listed under Analytics.
Include a clear description such as:
Microsoft Clarity helps us understand how visitors interact with our website through heatmaps, session recordings and behavioral analytics.
3. Prevent Clarity Cookies Before Consent
Before the user grants analytics consent, Clarity should not set cookies such as _clck or _clsk.
You can achieve this through:
- A CMP integration
- Microsoft Clarity Consent Mode
- Consent API v2
- Google Consent Mode support where appropriate
- Script blocking until analytics consent is granted
4. Send the Correct Consent Signal
When the user grants analytics consent, send the appropriate Clarity consent signal.
For Consent API v2, that means using analytics_Storage.
If advertising storage is relevant, also handle ad_Storage.
Source: Microsoft Clarity Consent API v2
5. Respect Withdrawal
If the user later withdraws analytics consent, your CMP should update the consent state and ensure Clarity no longer continues full cookie-based tracking.
Microsoft states that site owners are responsible for informing Clarity of changes in user consent so Clarity can remove previously set cookies accordingly.
Source: Microsoft Clarity Consent Mode
6. Update Your Cookie Policy
Your cookie or privacy policy should explain:
- That you use Microsoft Clarity
- Why you use it
- Which category it belongs to
- What cookies it may set
- How users can withdraw consent
- Whether data is shared with Microsoft
7. Verify the Setup in the Browser
Do not assume the setup works.
Test it.
Before consent:
- Open the browser developer tools.
- Clear existing cookies.
- Reload the page.
- Reject analytics cookies.
- Check whether
_clckor_clskappear. - Review network requests related to Clarity.
After consent:
- Grant analytics consent.
- Confirm Clarity receives the consent signal.
- Confirm expected cookies are set only after consent.
Microsoft also provides a verification function for checking consent status in the browser console.
Source: Microsoft Clarity Consent Mode
Microsoft Clarity and Google Consent Mode
Microsoft Clarity Consent Mode is separate from Google Consent Mode, but the concept is similar.
Both are designed to let tracking tools adjust behavior based on a visitor's consent status.
Microsoft also documents support for Google Consent Mode. It says Clarity can automatically interpret and honor Google Consent Mode signals such as ad_storage and analytics_storage.
Source: Microsoft Clarity support for Google Consent Mode
That matters because many websites already use Google Consent Mode for Google Analytics and Google Ads.
If your website already has a consent setup for Google tags, you should still verify that Microsoft Clarity is receiving and respecting the correct consent signals.
For a deeper explanation of Google Consent Mode, see our guide on Google Consent Mode v2 Requirements.
Microsoft Clarity vs Google Analytics from a Consent Perspective
Microsoft Clarity and Google Analytics are often grouped together because both are analytics tools.
That grouping is useful, but incomplete.
| Question | Microsoft Clarity | Google Analytics |
|---|---|---|
| Main purpose | Behavioral analytics and UX insight | Traffic and event measurement |
| Typical features | Heatmaps, session recordings, clicks, scrolls | Page views, events, conversions, audiences |
| Uses cookies or identifiers | Yes, in standard setup | Yes, in standard setup |
| Requires consent in EU/UK | Generally yes | Generally yes |
| Consent signaling available | Clarity Consent Mode, Consent API v2, GCM support | Google Consent Mode |
| Should be strictly necessary | Usually no | Usually no |
The practical conclusion is similar.
Both tools should usually be blocked, limited or consent-controlled before analytics consent is granted in consent-first jurisdictions.
The difference is that Clarity's behavioral features, especially session recordings and heatmaps, can make the privacy impact more visible to users and legal teams.
For a dedicated breakdown, see our guide on Does Google Analytics Require Consent?
Common Implementation Mistakes
Mistake 1: Loading Clarity Through Google Tag Manager Before Consent
This is common.
A team adds Clarity to GTM, then assumes the cookie banner handles everything.
But unless the GTM tag is controlled by consent settings, Clarity may still load too early.
Mistake 2: Showing a Banner Without Blocking Anything
A cookie banner is not enough if trackers still run before the user chooses.
Consent must control behavior.
Mistake 3: Treating Clarity as Strictly Necessary
Clarity helps you improve a website, but the site usually works without it.
That makes it difficult to justify as strictly necessary.
Mistake 4: Forgetting Withdrawal
Consent is not a one-time event.
Users should be able to change their choice later, and your implementation should respect that change.
Mistake 5: Not Testing Cookies Directly
The only reliable way to confirm your setup is to test what actually happens in the browser.
Check cookies, network requests and consent signals before and after user interaction.
Recommended Cookie Policy Wording
You should adapt this to your own legal review, but a plain-language description could look like this:
We use Microsoft Clarity to understand how visitors interact with our website. Clarity helps us analyse clicks, scrolling, page interactions and session behaviour so we can improve usability and performance. Microsoft Clarity may set analytics cookies, such as
_clckand_clsk, when you give analytics consent. You can withdraw your consent at any time through our cookie settings.
If you use Clarity with advertising or custom identifiers, the wording should be expanded.
Frequently Asked Questions
Yes, generally. In the EU, EEA, UK and Switzerland, Microsoft Clarity normally requires consent before setting analytics cookies or enabling full cookie-based behavioral analytics.
Microsoft now requires valid consent signals for full Clarity functionality for users in these regions.
Source: Microsoft Clarity Consent Mode
Microsoft Clarity can be used in a GDPR-compliant way, but the website owner is responsible for implementing it correctly.
That usually means:
- Providing clear disclosure
- Collecting consent where required
- Passing consent signals correctly
- Avoiding unnecessary collection of personal data
- Respecting withdrawal
- Keeping appropriate documentation
Not by default.
Microsoft says Clarity's typical usage requires non-essential cookies. However, Clarity can operate in a no-consent mode with limited tracking when consent is denied.
Source: Microsoft Clarity cookies
Common Clarity cookies include _clck and _clsk.
_clck persists the Clarity user ID and preferences for the site.
_clsk connects multiple page views into a single Clarity session recording.
Microsoft also documents third-party cookies such as CLID, MUID, MR and SM.
Source: Microsoft Clarity cookies
For EU, EEA, UK and Swiss visitors, you should not rely on a no-banner setup if Clarity sets cookies or performs full behavioral tracking.
You may be able to use Clarity in a limited no-consent mode, but full cookie-based tracking generally requires a valid consent mechanism.
For most websites, Microsoft Clarity is Analytics.
If you use it with advertising, remarketing, Microsoft Advertising or user-level profiling, you should review whether Marketing or Advertising consent is also required.
Yes. Microsoft documents support for Google Consent Mode and says Clarity can interpret and honor consent signals such as ad_storage and analytics_storage.
Yes, but it must be configured correctly.
If Clarity is installed on WordPress, the consent banner or CMP must send a valid consent signal before tracking scripts or cookies are activated for users in regions requiring consent.
Microsoft specifically notes that third-party platforms such as WordPress need a valid cookie consent mechanism.
Source: Microsoft Clarity cookie consent for third-party platforms
Conclusion
Microsoft Clarity is a powerful behavioral analytics tool, but it should not be treated as a consent-free script.
In the EU, EEA, UK and Switzerland, Clarity generally requires consent before it can set cookies and provide full session-based tracking.
The reason is straightforward.
Clarity uses cookies, connects page views, creates session recordings and analyses user behavior. Those activities are useful for website optimization, but they are not usually strictly necessary for delivering the website itself.
Microsoft's own documentation now reinforces this. Clarity Consent Mode, Consent API v2 and regional consent signal enforcement all point in the same direction:
Consent needs to be part of the implementation.
The safest approach is to:
- Classify Clarity as Analytics.
- Block or limit Clarity before consent.
- Send consent signals using Consent API v2, Google Consent Mode or a CMP integration.
- Verify that Clarity cookies are not set before consent.
- Let users withdraw consent later.
Concentio can automatically detect Microsoft Clarity, classify it as an analytics tracker and block it until consent is granted.