Cookie Banner Setup Guide & Documentation
Our documentation is available in English only.
Getting Started
Get up and running with Concentio in minutes. Follow these five steps to go from signup to full consent compliance on your website.
1. Create your account
Sign up for a free Concentio account. No credit card is required. The free plan includes up to 500 sessions per month and access to all features.
2. Add a website
From the dashboard, create a new website. Give it a name that helps you identify it, such as the domain name or project name. You can manage multiple websites from a single account.
3. Add a domain and run your first scan
Add your domain to the website and trigger an automated scan. Concentio uses a headless browser to visit your site and detect all third-party vendors, tracking scripts, cookies, and embeds. The scan typically takes one to two minutes.
4. Configure your consent banner
Customize your consent banner from the Banner tab. Set your brand colors, choose a position, write your consent text, and configure which buttons to show. Preview changes before publishing them to your domain.
5. Install the script tag
Copy the Concentio script tag from the Installation tab and paste it into the head section of your website, before any other third-party scripts. Once installed, Concentio handles banner display, script blocking, consent collection, and session tracking automatically.
Installation
Installing Concentio on your website requires adding a single script tag. This section covers placement, configuration, and verification.
The script tag
Add the following script tag to the head section of every page on your website:
<script src="https://cdn.concentio.io/cmp.js"
data-concentio-key="YOUR_WEBSITE_ID">
</script>
Finding your website ID
Your website ID is available in the Concentio dashboard. Navigate to your website, then open the Installation tab. The complete script tag with your website ID pre-filled is ready to copy.
Script placement
The script loads synchronously to ensure it can intercept third-party scripts before they execute. Place it as the first script in your head tag. If you are using a tag manager such as Google Tag Manager, the Concentio script should be loaded before the tag manager script.
Verifying the installation
After installing the script, visit your website in a browser. You should see the consent banner appear. Open the browser console and check for the __cmpDebug object to verify that Concentio is loaded and configured correctly. If the banner does not appear, check that the website ID matches your Concentio dashboard and that the script is not blocked by a Content Security Policy.
Banner Configuration
The consent banner is fully customizable from the Concentio dashboard. You can control its appearance, content, behavior, and legal disclosure settings. All changes are versioned automatically for audit compliance.
Appearance
Control how the banner looks and where it appears on your website.
| Setting | Description |
|---|---|
| Primary color | Sets the accent color for buttons and interactive elements. Enter any hex color code to match your brand identity. |
| Position | Choose where the banner appears: bottom of the page, centered overlay, or top of the page. |
| Show reject button | When enabled, displays a "Reject All" button alongside the "Accept All" button. Recommended for GDPR compliance. |
| Show settings button | When enabled, displays a "Settings" button that opens a detailed view where visitors can toggle individual consent categories. |
Content
Customize the text displayed in the consent banner. All text fields support translations for multi-language banners.
| Field | Description |
|---|---|
| Title | The heading displayed at the top of the banner. Default: "Cookie Consent". |
| Description | The main text explaining why consent is needed. Should describe the types of cookies and their purposes. |
| Accept button text | Label for the accept all button. Default: "Accept". |
| Reject button text | Label for the reject all button. Default: "Reject". |
| Settings button text | Label for the settings/preferences button. Default: "Settings". |
Legal disclosure
GDPR requires transparency about data processing. The legal disclosure section is shown in the settings view and includes three fields: Data Controller (the entity responsible for data processing), Legal Basis (the lawful basis for processing), and Data Transfer Notice (information about international data transfers). These fields help satisfy GDPR Article 13 requirements.
Behavior
Control when and how the banner is displayed. The geo-policy setting determines whether the banner is shown to all visitors, only to visitors in specific regions, or never. You can also set the position of the floating privacy button that appears after consent, and provide a link to your full cookie or privacy policy page.
Banner versioning
Every time you save the banner configuration, Concentio creates an immutable version snapshot. This includes all field values at the time of save. When a visitor interacts with the banner, the version ID is recorded in their consent record. This creates a tamper-proof audit trail proving exactly which banner text and options were presented to each visitor.
Floating privacy button
After a visitor gives consent, the banner is removed and a small floating button appears in the corner of the screen. Visitors can click this button at any time to reopen the consent banner and change their preferences. The button uses your configured primary color and can be positioned at the bottom-left or bottom-right of the page.
Vendor & Tracker Management
Concentio automatically detects third-party vendors on your website through scanning. Each detected vendor is categorized and mapped to consent categories so visitors can make informed decisions about their data.
How scanning works
When you trigger a scan, Concentio launches a headless browser that visits your website pages. It monitors all network requests, scripts, cookies, and embedded content to build a complete picture of third-party activity. Each detected item is matched against a vendor database using host patterns, script URL patterns, and cookie patterns. Scan results show detected trackers grouped by type (cookies, scripts, network requests) along with the vendor they belong to.
Consent categories
Every vendor is assigned to one of four consent categories. Visitors can grant or deny consent per category in the banner settings view.
| Category | Description | Examples |
|---|---|---|
| Necessary | Essential for the website to function. Always enabled, cannot be rejected by visitors. | Session cookies, load balancers, security tokens |
| Analytics | Measure website usage and performance to help improve the user experience. | Google Analytics, Hotjar, Plausible |
| Marketing | Used to track visitors across websites for advertising and retargeting purposes. | Google Ads, Meta Pixel, LinkedIn Insight |
| Personalization | Enable personalized content and recommendations based on visitor behavior. | YouTube embeds, Intercom, recommendation engines |
Managing detected trackers
After a scan completes, review the detected trackers in the Vendors tab. Each tracker shows its type, associated vendor, consent category, and detection confidence. You can reassign vendors, change categories, enable or disable individual trackers, and self-declare trackers that belong to your own website. Bulk operations are supported for assigning vendors to multiple trackers at once.
Custom vendors
If a detected tracker does not match any vendor in the database, you can create a custom vendor. Specify the vendor name, category, and detection patterns (host, script URL, or cookie patterns). Custom vendors are scoped to your account and used in all future scans.
AI-powered vendor suggestions
For unrecognized trackers, Concentio can suggest vendor matches using AI analysis. The system examines the tracker's domain, script patterns, and cookie names to propose the most likely vendor and category. You can review and apply these suggestions with a single click, or use them as a starting point for creating a custom vendor.
Re-scanning
Trigger a new scan at any time to detect changes. Concentio compares scan results with previous scans and highlights new, removed, or changed trackers. Automatic periodic re-scans can be configured to keep your vendor list up to date without manual intervention.
Script Blocking
Concentio blocks third-party scripts, cookies, and embeds before consent is granted. This ensures your website is compliant with privacy regulations that require prior consent before any non-essential tracking occurs.
How blocking works
The Concentio runtime script intercepts third-party resources before they load:
- The script loads before any other third-party scripts on the page.
- It checks the visitor's consent state from local storage.
- Scripts, cookies, and embeds that belong to non-consented categories are blocked from loading.
- When the visitor grants consent, blocked resources for the approved categories are released and execute normally.
Category-based blocking
Blocking is managed at the consent category level: Necessary, Analytics, Marketing, and Personalization. When a vendor is assigned to a category, all of its scripts, cookies, and network requests are automatically blocked or allowed based on the visitor's consent for that category. Necessary scripts are never blocked.
Cookie blocking
In addition to blocking scripts, Concentio intercepts and removes cookies that belong to non-consented categories. Cookies are matched using domain and name patterns configured for each vendor. When consent is withdrawn, cookies for the affected categories are automatically deleted.
Advanced blocking
Concentio supports blocking of iframes, stylesheets, and other embedded resources in addition to scripts. Script execution order is preserved when blocked scripts are released after consent. The system also handles dynamic script injection, intercepting scripts that are added to the page after the initial load.
Multi-Language Support
Concentio supports over 50 languages for the consent banner, ensuring visitors see the banner in their preferred language. All banner text, category descriptions, and legal disclosures can be translated.
Supported languages
Concentio includes built-in support for all 24 official EU languages plus additional languages including Norwegian, Icelandic, Turkish, Japanese, Korean, Chinese, Arabic, and many more. Regional variants such as Brazilian Portuguese and Latin American Spanish are also supported.
Adding languages
Add languages to your banner from the Translations tab in the dashboard. When you add a language, Concentio automatically creates a translation template pre-filled with default text. You can then customize each field to match your preferred wording.
Managing translations
Each language has its own set of translatable fields: banner title, description, button labels, consent category names and descriptions, and legal disclosure text. Edit translations directly in the dashboard. You can reset any language back to the default template at any time.
Default language
Set one language as the default for your banner. This is the language displayed when the visitor's browser language does not match any of your configured translations.
Language detection
Concentio automatically detects the visitor's preferred language from their browser settings. If a matching translation exists, the banner is displayed in that language. Otherwise, the default language is used. The detection is instantaneous and does not require any additional configuration.
Regional variants
For regions that require specific legal text, you can create region-specific translation variants. For example, you can have different banner text for EU visitors (citing GDPR) and US visitors (citing CCPA), even when both groups read the banner in English. Regional variants combine with language translations for maximum flexibility.
Regional Compliance
Concentio supports multiple privacy regulations and automatically adapts the consent experience based on the visitor's location. Each region can have its own consent model, banner content, and legal requirements.
Supported regulations
| Region | Regulation | Consent Model |
|---|---|---|
| EU / EEA | GDPR + ePrivacy Directive | Opt-in (prior consent required) |
| United Kingdom | UK GDPR + PECR | Opt-in (prior consent required) |
| United States | CCPA / CPRA | Opt-out (notice with right to reject) |
| Brazil | LGPD | Consent-based |
| Canada | PIPEDA | Transparency mode |
| Switzerland | Swiss nDSG (revFADP) | Hybrid (consent + legitimate interest) |
Region detection
Concentio detects the visitor's region using IP-based geolocation. The detection considers the visitor's country and maps it to the appropriate regulatory framework. Region detection is performed on the server side and the result is included in the configuration delivered to the runtime script.
Configuring active regions
Select which regions are active for your website from the dashboard. For each active region, you can customize the banner content and legal disclosure text to meet the specific requirements of that regulation. Only active regions will trigger region-specific behavior; visitors from other regions will see your default banner.
Fallback region
Set a fallback region that applies when a visitor's location does not match any of your active regions. This determines the default consent model and banner behavior for visitors from regions without specific rules. We recommend using the strictest region (typically EU/GDPR) as your fallback to ensure maximum compliance.
Global Privacy Control (GPC)
Concentio detects the Global Privacy Control signal sent by browsers. When a visitor has GPC enabled, Concentio automatically applies this preference according to the applicable regional rules. For CCPA, GPC is treated as a valid opt-out signal. GPC detection is included in consent analytics so you can track adoption rates.
Google Consent Mode v2
Concentio integrates with Google Consent Mode v2, allowing Google services to adapt their behavior based on the visitor's consent status. This is required for using Google Ads and Google Analytics in the EU/EEA since March 2024.
What is Google Consent Mode?
Google Consent Mode is a framework that lets you communicate your visitors' consent choices to Google services. When consent is denied, Google's tags adjust their behavior: analytics collects aggregated data without cookies, and ads measurement uses conversion modeling instead of tracking individual users.
Enabling Google Consent Mode
Enable Google Consent Mode from the Google Consent Mode section in your website settings. Concentio automatically sets the correct default consent state and sends consent updates to Google when visitors interact with the banner. No additional code is required on your website.
Default consent state
Before a visitor interacts with the banner, Concentio sets a default consent state that denies all non-essential consent signals. This is the configuration sent to Google before the visitor makes a choice:
gtag('consent', 'default', {
'analytics_storage': 'denied',
'ad_storage': 'denied',
'ad_user_data': 'denied',
'ad_personalization': 'denied',
'functionality_storage': 'denied',
'personalization_storage': 'denied',
'security_storage': 'granted'
});
Consent update signals
When a visitor grants or denies consent, Concentio immediately sends an update to Google with the new consent state. The consent signals map to Concentio categories: analytics_storage maps to the Analytics category, ad_storage and ad_user_data map to Marketing, and personalization_storage maps to Personalization.
Google Tag Manager integration
If you use Google Tag Manager, Concentio detects it automatically and integrates via the data layer. Consent state changes are pushed as data layer events, allowing you to configure triggers in GTM that fire based on consent status. Enter your GTM container ID in the Tag Manager settings to enable this integration.
Tag allowlisting
By default, Concentio blocks all tags managed by your tag manager until consent is granted. If you have tags that must fire regardless of consent (such as essential analytics), you can add them to the allowlist. Allowlisted tags bypass consent-based blocking and execute immediately.
Consent Analytics
Track how visitors interact with your consent banner. Concentio provides detailed analytics including consent rates, category breakdowns, trends over time, and funnel analysis to help you optimize your consent experience.
Analytics dashboard
The consent analytics dashboard provides a real-time overview of consent activity across all your domains. View key metrics at a glance, filter by date range, and drill down into specific domains or time periods.
Key metrics
- Total consents: The total number of consent interactions recorded.
- Consent rate: The percentage of visitors who granted consent (accepted all or selected categories).
- Grants: The number of visitors who accepted consent.
- Rejections: The number of visitors who rejected all non-essential cookies.
- Withdrawals: The number of visitors who withdrew previously granted consent.
- Unique visitors: The number of distinct visitors who interacted with the banner.
- GPC detections: The number of visitors with Global Privacy Control enabled in their browser.
Trends and comparisons
View consent activity trends over time with period-over-period comparisons. Identify seasonal patterns, measure the impact of banner changes, and track whether your consent rate is improving or declining.
Funnel analysis
The consent funnel shows the journey from banner impression to consent decision. See how many visitors see the banner, how many interact with it, and how many ultimately grant, reject, or withdraw consent. This helps identify drop-off points and optimize your banner design.
Exporting consent records
Export individual consent records as JSON or CSV for compliance auditing or external analysis. Filter exports by date range and domain. Each record includes the timestamp, consent choices per category, IP address, user agent, banner version, and region.
Cookie Declaration
The cookie declaration is a public, embeddable widget that lists all cookies and trackers detected on your website. It provides transparency to your visitors and helps satisfy disclosure requirements under GDPR and other privacy regulations.
What is a cookie declaration?
A cookie declaration is a detailed list of all cookies and tracking technologies used on your website. It typically includes the cookie name, provider, purpose, category, and duration. Many privacy regulations require websites to maintain an up-to-date cookie declaration accessible to visitors.
Enabling the declaration
The cookie declaration is generated automatically from your scan results. Once you have completed at least one scan, the declaration data is available. You can preview the declaration in the dashboard to see exactly what will be shown to your visitors.
Embedding on your website
Embed the cookie declaration on your cookie policy page using the Concentio runtime. The declaration is rendered as a structured table grouped by consent category, showing each tracker's name, vendor, purpose, and type. It inherits your banner's primary color for visual consistency.
Automatic updates
The cookie declaration updates automatically whenever a new scan is completed. As trackers are added, removed, or recategorized, the declaration reflects the latest state without any manual intervention. This ensures your cookie policy page always shows accurate, current information.
WordPress Integration
Concentio provides a dedicated WordPress plugin for easy integration. The plugin handles script injection, configuration synchronization, and provides a settings page within the WordPress admin.
Installing the plugin
Download the Concentio WordPress plugin and install it through the WordPress admin panel under Plugins > Add New > Upload Plugin. Activate the plugin after installation.
Connecting to your account
After activation, navigate to the Concentio settings page in the WordPress admin. Click "Connect to Concentio" to initiate the connection flow. You will be redirected to your Concentio dashboard to authorize the connection and select which website to link. Once authorized, the plugin automatically configures the script tag on your WordPress site.
Configuration
The plugin settings page shows your connection status, linked website, and script configuration. You can disconnect and reconnect at any time. All banner configuration and vendor management is done from the Concentio dashboard — the plugin handles the script delivery automatically.
Diagnostics
The plugin includes a diagnostics panel that checks the health of your integration. It verifies the script is loading correctly, the website ID is valid, and the connection to the Concentio API is active. Use the diagnostics panel to troubleshoot issues before contacting support.
Tag Manager Integration
Concentio integrates with Google Tag Manager and other tag management systems. Consent state changes are communicated via the data layer, allowing you to create consent-aware triggers for your tags.
Setting up GTM integration
Enter your Google Tag Manager container ID in the Tag Manager settings within the Concentio dashboard. Concentio will automatically detect GTM on your pages and integrate via the data layer. You can also configure custom tag managers by specifying the data layer variable name.
Data layer events
Concentio pushes consent events to the GTM data layer whenever the visitor's consent state changes. Use these events to create custom triggers in GTM:
// Concentio pushes events to the data layer:
window.dataLayer.push({
event: 'concentio_consent_update',
concentio_consent: {
necessary: true,
analytics: true,
marketing: false,
personalization: false
}
});
Creating consent-aware triggers
In Google Tag Manager, create a custom event trigger for the "concentio_consent_update" event. You can then add conditions based on the consent object properties (e.g., fire only when analytics is true). This allows you to defer tag firing until the visitor has granted consent for the relevant category.
Billing & Plans
Concentio uses session-based pricing. You pay based on the number of unique visitor sessions that require a consent state, not page views. All plans include access to every feature and unlimited domains.
How sessions are counted
A session represents a unique visitor that requires a consent state on your website. Sessions are tracked via the Concentio runtime script. Each unique visitor is counted once per session window, regardless of how many pages they visit. Sessions are aggregated monthly across all domains in your account.
Available plans
All plans include every feature. The only difference between plans is the number of sessions included per month.
| Plan | Sessions / month | Price |
|---|---|---|
| Free | Up to 500 | Free |
| Starter | Up to 7,500 | €6 / month |
| Growth | Up to 100,000 | €18 / month |
| Scale | Up to 500,000 | €49 / month |
| Pro | Up to 2,000,000 | €99 / month |
| Enterprise | Unlimited | Custom |
Usage dashboard
Monitor your session usage from the Billing page in the dashboard. View current month usage, historical usage trends, and how your usage maps to billing tiers. You can also view and download invoices, update your payment method, and manage your subscription.
JavaScript API
The Concentio runtime exposes a JavaScript API on the global Concentio object. Use it to programmatically read consent state, reset consent, or access debug information from your own scripts.
Reading consent state
Call Concentio.getConsent() to get the current consent state. Returns an object with boolean values for each category (necessary, analytics, marketing, personalization). Returns null if the visitor has not yet interacted with the banner.
const consent = Concentio.getConsent();
// Returns: { necessary: true, analytics: true,
// marketing: false, personalization: false }
Resetting consent
Call Concentio.resetConsent() to clear the stored consent state and re-display the banner. This is useful for testing or when you need to prompt the visitor again after a material change to your privacy policy.
Concentio.resetConsent();
// Clears stored consent and re-shows the banner.
Debug mode
Access the debug API in your browser's developer console to inspect the current Concentio state. The debug object shows the loaded configuration, consent state, blocked scripts, active vendors, detected region, and language selection.
// Access the debug API in the browser console:
window.__cmpDebug
// Shows: config, consent state, blocked scripts,
// active vendors, and region detection info.