SDK Configuration
The LegalBanner SDK is loaded via a single script tag. Here's everything you can configure.
Basic Installation
``html
`
Script Attributes
| Attribute | Required | Description |
|---|---|---|
| data-site-id | Yes | Your unique site identifier (found in site Settings) |
| async | Recommended | Loads the script without blocking page rendering |
How the SDK Loads
1. The script tag is detected via document.currentScript
2. It reads data-site-id from the element
3. Fetches your banner configuration from the LegalBanner API
4. Checks for existing consent in cookies or localStorage
5. If no prior consent exists, renders the banner in a Shadow DOM
Consent Storage
The SDK stores consent in two places for reliability:
- Cookie: lb_consent
— Primary storage, SameSite=Lax, Secure on HTTPS, 1-year expiry - localStorage: lb_consent_ls
— Fallback if cookies are blocked
json
{
"essential": true,
"functional": false,
"analytics": true,
"marketing": false,
"timestamp": "2026-02-27T10:00:00Z",
"version": "abc123"
}
`
Global Privacy Control (GPC)
If the visitor's browser has GPC enabled (
navigator.globalPrivacyControl === true), the SDK:
- Does not show the banner
- Treats the visit as "Reject All"
- Records a
reject_all consent event
Blocks all non-essential scripts
This is automatic — no configuration needed.
Shadow DOM Isolation
The banner renders inside a Shadow DOM, which means:
- Your site's CSS cannot accidentally break the banner
- The banner's CSS cannot leak into your site
- The banner is fully self-contained
Event Tracking
Consent events are sent via
navigator.sendBeacon()` — a fire-and-forget API that works even during page unloads. This ensures no events are lost.