Setup & Installation
Welcome to the Consentify documentation. Here you'll find all the information you need to install, configure, and customize the consent banner for your website. Our goal is to make GDPR compliance as simple and seamless as possible.
Setup & Installation
Welcome to the Consentify documentation. Here you'll find all the information you need to install, configure, and customize the consent banner for your website. Our goal is to make GDPR compliance as simple and seamless as possible.
Revoke Consent Button
To comply with GDPR and allow users to change their cookie preferences at any time, you must add a revoke consent button to your website. When clicked, this button reopens the Consentify banner so users can update their settings.
⚠️ Required for compliance
This button must be present and accessible on all pages where the Consentify banner is active. If you cannot add the button to certain pages (like checkout or payment pages), you must exclude those routes in your dashboard settings.
How it works
The Consentify script automatically detects any element with the id revoke-consent-btn and attaches the necessary click event to it. No additional JavaScript required on your end.
Implementation
Add this button to your site's footer or another persistent location that appears on all pages:
<button id="revoke-consent-btn">
Cookie Settings
</button>You can style this button with your own CSS classes to match your website's design. The text can also be customized to match your preferred language (e.g., "Cookie Preferences", "Manage Cookies", etc.).
Alternative: Exclude routes
If there are specific pages where you cannot include the revoke consent button (such as checkout flows, payment pages, or embedded forms), you can exclude those routes in your Consentify dashboard. This tells our system to skip compliance checks for those specific paths.
No JavaScript required!
The Consentify script handles everything automatically. Just add the HTML element with the correct ID, and it will work immediately.
Integrations
Consentify makes it easy to integrate with popular third-party services like Google Analytics, Facebook Pixel, and many more. Our system ensures that these scripts are only loaded after a user provides their explicit consent, helping you maintain GDPR compliance.
How Integrations Work
When a user gives consent for a specific category (e.g., Analytics or Marketing), Consentify dynamically injects the associated third-party scripts into your website. This means you don't need to manually manage conditional script loading – Consentify handles it for you automatically.
For each integration, you typically provide an ID (e.g., a Google Analytics Tracking ID or a Facebook Pixel ID) in your Consentify dashboard. Our system then renders the correct script for that service.
Supported Integrations
Consentify supports a wide range of popular services. You can enable and configure them directly from your dashboard under the 'Integrations' tab.
View IntegrationsPrivacy-Policy Generation
Keeping your privacy policy updated with every technical change is a hassle. Consentify automates this by generating a dynamic disclosure of all your active trackers and cookies.
How it works
Our script includes a built-in Privacy Policy engine. It detects which integrations you have enabled (like Google Analytics or custom scripts) and generates a formatted, compliant table of cookies, providers, and purposes.
Automatic Injection
To display your dynamic policy, simply create a page on your website (e.g., /privacy-policy) and add an empty element with the following ID:
Add this to your privacy page:
<div id="consentify-privacy-policy"></div>
Real-time Updates
The policy is generated on the fly. If you add a new integration in your dashboard, it will appear in the table on your website instantly-no code changes required.
Custom Styling
The injected policy comes with a clean, neutral design, but you can easily override the CSS classes (like .csfy-pp-table) to match your brand's unique look.
Tips & Tricks
How to See the Banner Again
Once a user has made a choice, the Consentify banner will not automatically reappear on subsequent visits, unless the policy version changes or the consent expires. If you need to test the banner or change your consent, here are a few ways:
- 1. Clear Local Storage: The easiest way to force the banner to reappear is to clear the `csfy_consent` item from your browser's Local Storage for your domain. You can do this in your browser's developer tools (Application -> Local Storage).
- 2. Use Incognito/Private Browsing: Opening your website in an incognito or private browsing window will treat you as a new visitor, causing the banner to display.
- 3. Programmatic Reopening: The Consentify script exposes a global function `window.consentifyReopenBanner()` that you can call from your browser's console or your own JavaScript to force the banner to show again.
Policy Versioning
Consentify uses a policy versioning system. If you update your cookie policy or make significant changes to your banner configuration in the dashboard, incrementing the 'Policy Version' will ensure that all users see the banner again and are prompted to re-consent, even if they previously accepted.
Local Storage Key
Consentify stores user consent preferences in your browser's Local Storage under the key `csfy_consent`. The stored data includes preferences for necessary, analytics, and marketing cookies, along with the `policy_version` and a `delete_token`.
Debugging the Banner
Consentify provides several built-in mechanisms to help you debug the banner and integration scripts.
Debug Modes (GTM Preview, Hotjar Verify)
The Consentify script automatically detects certain URL parameters that are commonly used by debugging tools like Google Tag Manager (GTM) Preview mode or Hotjar Verify. When these parameters are present, Consentify will activate all integration scripts regardless of the user's consent, allowing you to test your tracking setups.
- For GTM Preview mode, look for parameters like `gtm_preview`, `gtm_auth`, or `gtm_debug`.
- For Hotjar Verify, look for `hjVerifyInstall` or `hjVerifyUUID`.
Development Domain Validation Bypass
In development environments (`NODE_ENV === "development"`), Consentify automatically bypasses domain validation. This means you can test the banner on `localhost` or any development URL without needing to register it in your dashboard.
Pageview Tracking
Consentify tracks pageviews for billing and analytics purposes. The script increments a pageview counter via an API endpoint (`/api/gateway/increment-pageview`). This happens automatically on initial page load and on subsequent route changes (for SPAs) if consent is given or pre-authorized.
Advanced Usage
Once the Consentify banner is installed, you can read the consent state in your own code, both on the client side and on the server. This lets you gate your own scripts, API calls, or UI behind consent without relying on the banner to do it for you.
Reading consent in your own JavaScript
Consent is stored in localStorage under the key csfy_consent. You can read it at any time from your own scripts:
const consent = JSON.parse(localStorage.getItem('csfy_consent') || '{}');
if (consent.analytics) {
// Run your own analytics code
myAnalytics.track('page_view');
}
if (consent.marketing) {
// Run marketing code
loadRetargetingPixel();
}This is useful if you have code outside of a Consentify integration that should only run after analytics consent is given for example, a custom event tracker or an A/B testing tool.
Reading consent server-side
Consentify sets a cookie named csfy_consent with the same value as localStorage. This cookie is readable in server-side code such as Next.js middleware, API routes, or any server that receives HTTP requests from the browser.
// Next.js middleware (edge runtime)
import { NextRequest } from 'next/server';
const raw = request.cookies.get('csfy_consent')?.value;
const consent = raw ? JSON.parse(decodeURIComponent(raw)) : null;
if (consent?.analytics) {
// User has given analytics consent
}// Next.js API route / Server Component (Node runtime)
import { cookies } from 'next/headers';
const raw = cookies().get('csfy_consent')?.value;
const consent = raw ? JSON.parse(decodeURIComponent(raw)) : null;
if (consent?.marketing) {
// Skip marketing API call if not consented
}This pattern is useful for conditional server-side rendering, skipping analytics API calls in your backend, or adjusting responses based on user consent without requiring a client-side round-trip.
What needs consent and what doesn't
Not all cookies or storage require user consent. Under GDPR and the ePrivacy Directive, strictly necessary and functional cookies are exempt. Here's how to categorize your own cookies:
Strictly necessary no consent required
Cookies and storage that are technically required for the site to function, or that store a preference the user explicitly set. Examples: session tokens, authentication cookies (e.g. Supabase), CSRF tokens, language preference (NEXT_LOCALE), shopping cart state.
Analytics requires consent
Cookies used to measure how your site is used. Examples: Google Analytics (_ga, _gid), PostHog, Microsoft Clarity, Mixpanel. These must be blocked until the user accepts the analytics category.
Marketing requires consent
Cookies used for ad targeting, retargeting, or cross-site tracking. Examples: Facebook Pixel (_fbp), TikTok Pixel, LinkedIn Insight, Google Ads. These must be blocked until the user accepts the marketing category.
Custom integrations and when they run
Scripts added through Custom Integrations in your dashboard are injected after the user accepts the corresponding category. You assign each custom script to either analytics or marketing, Consentify handles the rest. If you want a custom script to also set a cookie, document that cookie in the cookie table when adding the integration so it appears correctly in the banner's disclosure modal and your auto-generated privacy policy.