ConsentOS (CMP) — consent fix

ConsentOS is a modern Consent Management Platform (CMP). Our scanner only issues a warning for ConsentOS if the setup is incorrect, allowing trackers to collect data without consent. This means your cookie banner is technically failing to do its job, placing you in violation of the GDPR.

Why ConsentOS triggers a warning

Almost all errors involving ConsentOS relate to loading order (timing) and integration with Google Tag Manager (GTM).

1. GTM is faster than ConsentOS: You have loaded ConsentOS asynchronously, but the GTM script is placed higher up in the <head>. GTM immediately fires all marketing tags before ConsentOS can even signal that consent has not yet been given.
2. No Consent Mode v2: Google Consent Mode v2 is not enabled, or the defaults are not set to denied.
3. Uncategorised trackers: ConsentOS features a powerful auto-blocker, but it refuses to block scripts if they haven't been assigned to a specific category (such as marketing or statistics) within the dashboard.

The Fix: Configure ConsentOS tightly

Follow these steps to seamlessly connect ConsentOS to your website and trackers.

1. Place ConsentOS before GTM in the source code (Crucial)

This is the most important step. ConsentOS checks consents synchronously, meaning it must be placed at the top.

1. Open your website's source code.
2. Locate the <head> tag.
3. Paste the ConsentOS banner script directly below the <head>, ensuring it sits above the Google Tag Manager container snippet.

2. Activate Google Consent Mode v2

ConsentOS can communicate perfectly with the latest Google standard, provided you turn it on.

1. Log in to the ConsentOS dashboard.
2. Go to Settings > Consent Mode.
3. Enable the integration. Ensure the default status for all categories is set to denied in regions governed by the GDPR.

3. Tight integration with GTM

If your tags do not work with Consent Mode, or if you prefer a more robust fallback, use ConsentOS Custom Events in GTM.

1. Go to your GTM workspace.
2. Create a new trigger of the type Custom Event.
3. Use the event name consentos_consent_change.
4. Link this trigger (either as a firing rule or an exception, depending on your setup) to your tags. ConsentOS also automatically fires the window.__consentos_gtm_consent_update() function under the hood upon any changes, instantly keeping GTM up to date.

4. Check the Auto-blocker categories

ConsentOS automatically intercepts script creation, cookie writing, and Storage API calls, but it needs to know what it is allowed to block.

1. In the dashboard, go to the list of detected trackers.
2. Ensure that all scripts are assigned to the correct category (Statistics or Marketing).

How to Verify the Fix

Use your browser's Network tab to inspect network requests.

1. Open your website in an incognito window.
2. Ignore the cookie banner (do not click anything).
3. Open Developer Tools (F12) and navigate to the Network tab.
4. Verify that no marketing or analytics requests (such as Facebook or Google Analytics) are firing.
5. Click "Deny" in the banner and check again. Everything should remain quiet.

Not sure if the fix worked, or want to verify that no other scripts are leaking data? Run a free scan with ConsentChecker.eu for instant confirmation.