Install via script tag

Direct embed for sites without Google Tag Manager.

Untagged scripts are not blocked automatically. A Meta Pixel, Hotjar, TikTok or LinkedIn tag hard-coded in your HTML fires regardless of consent — unless you tag it (see script blocking) or gate it via GTM (see the GTM consent-wrapping checklist).

Async snippet

The simplest installation. Add this once to <head> on every page. For non-EU traffic this is fine; for EU/EEA/UK, prefer the sync snippet below so Consent Mode defaults arrive before any Google tag fires.

<script src="https://YOUR-DEPLOYMENT/consent.js" data-website-id="YOUR-ID" async></script>

Sync snippet (EU/EEA/UK)

Inline the default Consent Mode state, then load the rest async. Place as early as possible in <head>.

<!-- Default-deny EU/EEA/UK -->
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('consent', 'default', {
    ad_storage: 'denied',
    analytics_storage: 'denied',
    ad_user_data: 'denied',
    ad_personalization: 'denied',
    functionality_storage: 'granted',
    personalization_storage: 'denied',
    security_storage: 'granted',
    wait_for_update: 500,
    region: ['EU', 'EEA', 'GB']
  });
</script>
<script src="https://YOUR-DEPLOYMENT/consent.js" data-website-id="YOUR-ID" async></script>

Public API

The loader exposes window.CookieKompas:

window.CookieKompas.getConsent();
window.CookieKompas.setConsent({ analytics: true, marketing: false });
window.CookieKompas.resetConsent();
window.CookieKompas.openPreferences();
const off = window.CookieKompas.onConsentChange((c) => console.log(c));
off(); // unsubscribe