Getting Started

Understanding Consent Management

Last updated February 27, 2026

Understanding Consent Management

Cookie consent management is a legal requirement in most jurisdictions. LegalBanner helps you collect, store, and prove visitor consent.

Opt-In vs. Opt-Out

Opt-In (GDPR model)
  • Non-essential cookies are blocked by default
  • Visitors must click "Accept" before analytics, marketing, or functional cookies can be set
  • Required in the EU, UK, and many other regions
  • LegalBanner blocks scripts automatically until consent is given
Opt-Out (CCPA model)
  • Non-essential cookies are allowed by default
  • Visitors can choose to opt out via a "Do Not Sell My Personal Information" link
  • Common in the United States
  • Scripts run immediately; consent is recorded when the visitor interacts

Consent Categories

LegalBanner groups cookies into five categories:

Essential — Always active, cannot be disabled. These are cookies required for your site to function (session tokens, security cookies, load balancers). Functional — Enhance user experience but aren't strictly necessary. Examples: live chat widgets, language preferences, saved form data. Analytics — Track how visitors use your site. Examples: Google Analytics, Hotjar, Mixpanel. Marketing — Used for advertising and retargeting. Examples: Google Ads, Facebook Pixel, LinkedIn Insight Tag. Unclassified — Cookies detected by the scanner that haven't been categorized yet. Review these periodically and assign them to the correct category.

How Consent Is Stored

When a visitor makes a choice, LegalBanner stores their preferences in:

1. A cookie named lb_consent (valid for 1 year) 2. A localStorage backup named lb_consent_ls (fallback if cookies are blocked)

The stored data includes which categories were accepted and a timestamp, but no personal information.

Global Privacy Control (GPC)

If a visitor's browser sends a Global Privacy Control signal, LegalBanner automatically honors it by treating the visit as a "Reject All" — no banner is shown, and no non-essential cookies are set.

What Happens After Consent?

  • Accepted categories — Scripts tagged with those categories are activated automatically
  • Rejected categories — Scripts remain blocked
  • Consent log — Every decision is recorded in your consent log for compliance proof