Cookie Consent Management Platform (CMP)
HIPAA-compliant cookie consent management platform for privacy compliance (GDPR, CCPA, HIPAA) and developer-friendly cookie management.
Introduction
Our Privacy’s Cookie Consent Management Platform is built to give you:
- HIPAA-compliant consent management: Ensure your site meets HIPAA, GDPR, and CCPA requirements for privacy and consent.
- Complete control over consent collection: Customize categories, vendors, regions, and UI text.
- Custom domains: Deploy your consent banner and scripts on your own branded domain for trust and compliance.
- Easy installation: Just one script in your
<head>
. - Compliance out of the box: Supports major frameworks like GDPR, CCPA, and HIPAA.
- Advanced blocking: Manual and automatic script blocking.
- Region-specific rules and translations: Geolocation-based consent modes, legal language, and automatic translation for global compliance.
- Versioned configurations: Roll out new rules safely and maintain a history of consent changes.
- Developer-friendly integration: Access and listen to consent states in your JavaScript layer.
- Privacy-first: No unnecessary tracking and deep integrations with the Ours Privacy CDP mapping layer.
Installation & Quick Start
Setting up your CMP is fast and easy. Just follow these steps:
-
Copy your install script
In your configuration under Install & Setup, you'll see an installation script tag like:<script src="https://cdn.oursprivacy.com/cmp-init?token=YOUR_TOKEN_HERE"></script>
-
Paste it into your website’s
<head>
Add the script tag as high as possible in your site's<head>
. This ensures it runs before other tracking scripts and can manage consent blocking correctly. -
Publish your configuration
Make sure you've saved and published your CMP configuration in the dashboard. -
Verify the banner
Load your site and confirm that the consent banner/modal displays correctly. Test acceptance, rejection, and preference management to ensure it meets your requirements.
Important: Place the script before any other analytics or advertising tags so it can block them if the user hasn't consented.
Note: If you have a custom domain configured for your Ours Privacy account, you can load the Ours Privacy consent management platform from your own first-party custom domain as well.
General Settings
Your General Settings section is the central place to configure everything about how your CMP works, looks, and enforces consent. It includes:
- Categories: Define the types of cookies and trackers you need consent for, like "Necessary," "Analytics," or "Advertising."
- Vendors & Trackers: Maintain a list of known vendors and domains that need to be blocked or managed, with category assignments and cookie-clearing rules.
- Consent Modal & UI Text: Customize all text, labels, and translations shown to visitors in your consent banner and preferences modal.
- Default Consent Settings: Set the default consent mode (opt-in or opt-out), regional overrides, automatic cookie clearing, and versioning.
Each of these helps you:
- Collect clear, granular consent for each purpose and vendor.
- Ensure compliance with laws like GDPR, CCPA, and HIPAA.
- Provide a branded, clear experience with customizable text and design.
- Keep your site privacy-friendly by preventing unauthorized tracking before consent.
Below you'll find details on each part:
Categories
Define the categories users see when managing their consent. Examples include:
- Necessary (cannot be disabled)
- Analytics
- Advertising
- Custom categories you define
Categories allow granular consent collection and make sure your site aligns with legal requirements for purpose-based consent.

Vendors & Trackers
Set up the list of scripts, domains, and vendors that need consent management:
- Add domain patterns (e.g.
google-analytics.com
) - Assign them to categories
- Define cookies to clear if consent is withdrawn
- Add internal notes for team management
This ensures accurate blocking and transparent disclosure.

Consent Modal & UI Text
Customize the full user experience:
- Banner titles and descriptions
- Buttons (Accept All, Reject All, Preferences)
- Terms of Service and Privacy Policy URLs
- Footer text and preferences modal sections
- Support for translations and region-specific language
Helps create a clear, branded, and compliant interface for your visitors.

Default Consent Settings
Set the overall behavior of your consent system:
- Consent mode (opt-in or opt-out)
- Auto show banner on load
- Disable page interaction until consent
- Auto-clear cookies on rejection or withdrawal
- Region-specific overrides with tailored modes and text
- Consent revision/versioning to ensure you can roll out new policies safely
These settings ensure your site behaves correctly by default for all users, while giving flexibility for local laws and best practices.

Creating Regional Specific Consent Policies
The Ours Privacy CMP supports Regional-Specific Overrides to help you comply with GDPR, CCPA, and other state or country-specific privacy laws. These overrides allow you to redefine any consent settings, UI text, categories, or behavior for visitors from specific regions.
You can think of them as complete reconfigurations for specific regions. For example:
- Change the consent mode to opt-in for EU/EEA visitors and opt-out for US states that allow it.
- Customize the consent banner text to match legal requirements in different jurisdictions.
- Provide translations for specific languages or legal disclaimers.
- Override categories or default states for specific laws.
- Tailor the preferences modal for different compliance frameworks.
How it works:
- Define as many region-specific rules as needed in your configuration.
- Select the region or country code (like
EU
,US-CA
for California, etc.). - Customize all available settings (categories, vendors, UI text, consent mode, etc.) just like your global/default configuration.
- Users in those regions will see the specifically tailored banner and experience you’ve designed.
This flexibility ensures that your site:
- Automatically adapts to visitors’ locations.
- Meets global privacy law requirements.
- Offers a clear, localized, and compliant experience.
Tip: Always review legal requirements in target regions to ensure your overrides meet local consent standards.

Script Blocking
Our CMP is designed to prevent tracking scripts from running until consent is given. It does this in two complementary ways: automatic blocking (always on) and manual blocking (optional for advanced control).
All blocking relies on the concept of Services you define in your configuration. Each Service includes:
- A domain pattern to match requests (e.g.
*.google-analytics.com
) - The category it belongs to (like Analytics or Advertising)
- Rules for clearing related cookies
When a user hasn't consented to a category, any Service matching that category will be blocked.
Automatic Blocking
Automatic blocking is always enabled. It scans your pages for network requests and script loads that match any configured Service domains:
- Blocks requests that match configured Services immediately on page load.
- Also blocks dynamically injected scripts (e.g. from Google Tag Manager).
- Stops these scripts from executing until consent is granted for their category.
Important: Always test your implementation to ensure no critical functionality is inadvertently blocked.
Manual Blocking
Manual blocking gives you precise, in-page control over which scripts are held back until consent.
For this approach, you manually mark scripts in your HTML with special attributes that identify their category:
<script
type="text/plain"
data-cookiecategory="analytics"
src="https://www.google-analytics.com/analytics.js"
></script>
When the user consents to "analytics," these scripts are dynamically enabled.
Benefits of manual blocking:
- Full control over which inline or external scripts are gated.
- Ensures even scripts without network patterns can be held until consent.
- Useful for self-hosted or custom third-party scripts.
Tip: Combine automatic blocking (for domain-level detection) with manual blocking (for page-specific script tags) to ensure comprehensive coverage.
Example: Consent Platform Theme
Our Privacy CMP offers a variety of theme options to match your website’s branding and user experience needs. You can choose from multiple layouts, and button styles to create a consent banner that fits seamlessly with your site. The example below shows just one possible configuration—many more are available and fully customizable.


Accessing Consent in JavaScript (advanced)
You can interact with the CMP on your site using the global window.ours_consent
object. This object provides methods and events to read, update, and respond to user consent.
Note: For most users, you do not need to use these methods directly. The consent UI and banner handle all standard consent flows for you. These APIs are intended for advanced or custom integration scenarios only.
1. getConsent()
getConsent()
Get the full consent object.
const consent = window.ours_consent.getConsent();
Returns all categories and their statuses.
2. getCategoryStatus(category)
getCategoryStatus(category)
Check if a specific category is granted.
const isAnalyticsAllowed = window.ours_consent.getCategoryStatus("analytics");
3. acceptAll()
acceptAll()
Programmatically accept all categories.
window.ours_consent.acceptAll();
4. rejectAll()
rejectAll()
Programmatically reject all categories.
window.ours_consent.rejectAll();
5. setConsent(consentObject)
setConsent(consentObject)
Manually set consent for categories.
window.ours_consent.setConsent({
analytics: true,
advertising: false,
});
6. openConsentModal()
openConsentModal()
Open the consent banner or preferences modal programmatically.
window.ours_consent.openConsentModal();
7. onConsentChange(callback)
onConsentChange(callback)
Subscribe to changes in consent.
window.ours_consent.onConsentChange((updatedConsent) => {
console.log("Consent updated:", updatedConsent);
});
8. onAccept(callback)
onAccept(callback)
Subscribe to when a user accepts all categories.
window.ours_consent.onAccept(() => {
console.log("All consent accepted");
});
9. onReject(callback)
onReject(callback)
Subscribe to when a user rejects all categories.
window.ours_consent.onReject(() => {
console.log("All consent rejected");
});
10. onModalOpen(callback)
onModalOpen(callback)
Run code when the consent modal is opened.
window.ours_consent.onModalOpen(() => {
console.log("Consent modal opened");
});
Tip: Always check thatwindow.ours_consent
is loaded before calling these methods. These callbacks and methods let you deeply integrate your consent choices with your site's tracking, advertising, and analytics setups.
Feature Table
Below is an overview of the features currently supported in Our Privacy CMP:
Feature | Our Privacy Support |
---|---|
Consent banner/modal | Supported |
Per-category controls | Supported |
Various themes | Supported |
Full text control (UI and legal language) | Supported |
Geolocation-based banner logic | Supported |
Geolocation-based banner legal language | Supported |
Geolocation-based transcriptions (per legal language) | Supported |
Region-specific rules and translations | Supported |
Custom domains | Supported |
Automatically generate transcriptions | Supported |
Automatically detected vendors/scripts/cookies | Supported |
Auto-blocking of scripts without manual tagging | Supported |
Manual tagging of scripts in addition to autoblocking | Supported |
Versioned consent config | Supported |
Consent logging (timestamp, ID, version, IP) | Supported |
Visitor-linked identity (via CDP integration) | Supported |
Fully open source & embeddable via script | Supported |
GTM + Google Consent Mode integration | Supported |
Planned / In Progress | |
Templates for compliance (e.g. GDPR text) | Planned |
Google Consent Mode
If you are not using the Ours Privacy CMP, you will typically need to wire Google Consent Mode manually so GTM/GA4 respects your cookie categories.
Below is a minimal example of how to do this:
<!-- Load GTM container as usual -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
// 1. Default: Set denied for analytics/ad storage
gtag('consent', 'default', {
ad_storage: 'denied',
analytics_storage: 'denied'
});
// 2. Normal gtag config
gtag('js', new Date());
gtag('config', 'G-XXXXXXX');
</script>
Then, when the user consents via your CMP:
// On user acceptance
gtag('consent', 'update', {
ad_storage: 'granted',
analytics_storage: 'granted'
});
This ensures Google Analytics and Ads respect user consent choices.
Note for Ours Privacy users
If you're using the Ours Privacy CMP, you do not need to do this manually.
Our platform automatically integrates with Google Consent Mode out-of-the-box:
- Sets initial denied state.
- Automatically updates Google Consent Mode when users give or withdraw consent.
- Works seamlessly with GTM, GA4, and Google Ads tags.
No extra code required.
FAQs
Do I need to use thewindow.ours_consent
methods?
For most users, you do not need to use these methods directly. The consent UI and banner handle all standard consent flows for you. These APIs are intended for advanced or custom integration scenarios only.
Is the CMP compliant with GDPR, CCPA, and HIPAA?
Yes, Our Privacy CMP is designed to help you comply with GDPR, CCPA, HIPAA, and other major privacy regulations. You can configure region-specific rules and consent modes to meet legal requirements.
Can I customize the look and feel of the consent banner?
Absolutely! You can fully customize the text, button labels, and even translations for different regions to match your brand and compliance needs.
How does script blocking work?
The CMP automatically blocks scripts and network requests for services that require consent. You can also manually tag scripts for advanced blocking control. Scripts are only enabled after the user grants consent for the relevant category.
Can I use my own domain for the CMP script?
Yes, you can configure a custom domain to serve the CMP script, ensuring first-party trust and compliance.
How do I test if my implementation is working?
After installing the CMP, load your site and verify the banner appears. Test accepting, rejecting, and managing preferences. You can also use browser developer tools to check that scripts are blocked or enabled based on consent.
Updated about 10 hours ago