Configure the cookie consent banner
In short. Go to Tracking Consent → Settings, turn on Enable Consent, paste your legal disclosure copy, label the Accept and Decline buttons, tick the trackers you want gated (GTM, Clarity, etc.), exclude your Privacy Policy page, and click Save Config. Verify in an incognito window — the banner should appear on your homepage and tracking scripts should be absent until the visitor clicks Accept.
On this page: What is this for? · Good use cases · Steps — General settings · Steps — choose which scripts to gate · What NOT to use this for · Tips for a clean consent setup
Overview
The Tracking Consent settings screen is where you configure the consent banner your site shows every visitor — disclosure copy, button labels, banner position, and which tracking tools are gated behind consent. A GDPR or CCPA launch is about a 10-minute job here; changes are live on the next page load.
What is this for?
The Tracking Consent settings panel is your cookie banner configuration screen. It lets your site collect a visitor's explicit permission before running tracking scripts — the core requirement of GDPR, the UK PECR, CCPA, and similar privacy laws. Use it on launch day, any time you add a new tracking tool, or whenever legal hands you updated disclosure copy.
When you save, two things happen: the banner immediately reflects the new copy and position, and your gating choices apply to every page view from that moment onward.
Scope
Covers banner copy, button labels, position, the four built-in tracker toggles, regex-based script gating, and page exclusions. Does not configure your analytics tools themselves (that lives in Google Integrations or Custom Codes) — it only decides whether those tools load at all.
| Setting area | What it controls |
|---|---|
| Enable Consent | Master on/off for the banner. Off by default on a fresh install. |
| Position | Where the banner appears: Top / Center (modal) / Bottom |
| Require I agree checkbox | Strict two-step Accept posture vs one-click Accept |
| Consent message | The HTML disclosure copy shown to visitors |
| Button labels | Accept and Decline text (and optional redirect URLs) |
| Exclusions | Toggles for GTM / Clarity / Session Attributer / Draft Form Entries |
| Other scripts | Regex patterns matching any additional tracking scripts to gate |
| Excluded Pages | Pages where the banner should NOT appear (e.g. Privacy Policy) |
A filled-in Settings panel looks like this — the master toggle, disclosure copy, button labels, four tracker toggles, and Excluded Pages already set:
Good use cases
Example 1: Launch-day GDPR switch. Your site goes live tomorrow for a UK/EU audience. Open Tracking Consent → Settings, flip Enable Consent on, paste your legal team's disclosure HTML into Consent Message, set Accept to "Accept Analytics" and Decline to "Continue without analytics", tick Google Tag Manager and Microsoft Clarity under Exclusions, add your Privacy Policy and Cookie Policy to Excluded Pages, and click Save Config. Load your homepage in a fresh browser window — the banner is there, tracking scripts are absent, and you have proof of consent being captured. That is what GDPR Article 7 asks you to demonstrate.
This is what the public homepage looks like immediately after you save — the banner sits at the bottom of the viewport, with your disclosure copy, both button labels, and the "I agree" checkbox gating the Accept button:
Example 2: Adding Hotjar after launch. Marketing has added Hotjar to track user sessions. Hotjar is a tracking tool, so it must be gated behind consent. There is no dedicated Hotjar toggle — drop /hotjar\.com/i into the Other scripts regex box, click Save, and the Hotjar script will now be suppressed on every page view until the visitor accepts the banner. No code changes anywhere else.
Here is the regex block that catches Hotjar plus a few other common scripts you may want to gate. Paste the lines you need into the Other scripts textarea, one pattern per line:
After saving, open your homepage in a fresh incognito window, right-click, pick View Page Source and search for hotjar. You should see zero matches. Click Accept on the banner, reload, search again: now hotjar.com appears in a <script src=..> tag near </body> — the script is loading because the visitor consented.
Example 3: CCPA "Do Not Sell" redirect. California visitors have the right to decline the sale of their data. Set the Decline redirect URL to /privacy/do-not-sell-confirmed so that when a visitor clicks Decline they land on a confirmation page. Your support team can point to that URL as evidence the decline flow is working.
The visitor experience: they click Decline on the banner, the banner dismisses, and the browser lands on your confirmation page — which looks like this:
Example 4: Accessibility-only consent. Your site uses an accessibility overlay that sets cookies. You want to gate only that overlay, not analytics. Uncheck GTM and Clarity under Exclusions (leave them loading), drop the accessibility script's domain into Other scripts regex, and rewrite the disclosure message to describe accessibility cookies specifically.
Example 5: Audit consent history before a dispute. A visitor contacts support saying they never accepted the banner but are receiving marketing emails. Open Tracking Consent → Logs — one row per visitor decision, showing session key, landing page, decision (accepted or declined), visibility duration, and interaction count.
The consent log list for a live site — three sample rows showing the columns an auditor needs:
Click any session key to open the full detail view — exact timestamp, decision timing, landing page, UTM parameters, device type, anonymized IP, and a step-by-step Timeline of every interaction before the decision. This is the evidence you show an auditor or legal team.
What NOT to use this for
- Not a cookie-category editor. The banner is binary Accept/Decline — no "Functional / Performance / Marketing" categories. For IAB TCF v2.0 granular categories, pair SGEN with a dedicated CMP like OneTrust or Cookiebot.
- Not a GA4 or GTM property configuration screen. GA4 measurement IDs and GTM container IDs live in Google Integrations. This screen only decides whether those scripts load at all.
- Not the whole of GDPR compliance. You still need a published Privacy Policy, a Cookie Policy page, a legitimate-interest review of any processing done without consent, and internal records for audit. The banner is one piece, not the whole picture.
- Do not point the Accept redirect URL at an external domain you do not own. Visitors who accept will be sent off your site unexpectedly. Leave the field blank to keep them on the current page.
- Do not add your homepage to Excluded Pages. The homepage is where most visitors land — exempting it defeats the compliance purpose. Excluded Pages is for your Privacy Policy and Cookie Policy.
- Do not edit consent banner copy in your database or theme files. Every change must go through the Settings panel so SGEN's audit log tracks it. Hand-edits in the database bypass the audit trail entirely.
How this connects to other features
- Google Integrations / Google Tag Manager — the Google Tag Manager toggle here only gates GTM if you have configured a GTM container ID somewhere on your site. If GTM is not set up on your site, the toggle has nothing to gate.
- Custom Codes — any third-party script you have added via Custom Codes can be gated with the Other scripts regex box. Add a pattern that matches the script's URL (for example
/hotjar\.com/i) and that Custom Code is suppressed until consent is given.
- Pages — the Excluded Pages dropdown lists every page, blog post, and custom object on your site. If a page is in Trash or unpublished, the exclusion still works — but a visitor will not land on a trashed page anyway.
- Review consent sessions — once your banner is live, the Logs screen under Tracking Consent → Logs fills up with one row per visitor decision. That is where you prove to an auditor that consent was captured.
- Site Settings — your site's overall analytics configuration (GA4 IDs, Facebook Pixel, etc.) lives in Site Settings, not here. This screen gates them; Site Settings configures them.
- Forms — the Draft Form Entries Exclusion gates SGEN's form-draft auto-save. For long forms (job applications, multi-step checkouts), weigh the UX cost of gating it against the compliance benefit.
Before you start
- Active SGEN admin session.
- Final disclosure copy from legal (or willing to start with the default wording and revise).
- For non-standard scripts (Hotjar, Facebook Pixel, etc.), the URL or domain fragment that appears in those script tags.
- Your Privacy Policy and Cookie Policy pages published (or their slugs decided).
- An incognito or private browser window ready for verification — the banner does not reappear in a browser that has already recorded a decision.
- A chosen consent posture: strict (top position, "I agree" checkbox required, all four Exclusions ticked) for EU and UK audiences; permissive (bottom, no checkbox, only marketing scripts gated) for US audiences outside California. Multi-region default: strictest posture, let translation handle the copy.
Where to go
- Open the left navigation in your SGEN admin.
- Click Tracking Consent. The Settings panel opens by default; the sibling Logs panel sits beneath it.
If Tracking Consent is not in your sidebar, your role does not have access — only Site Owner and Administrator roles see this menu by default. Editor and Author roles are intentionally excluded because changes here have site-wide compliance implications.
Bookmark /sg-admin/tracking_consent on launch day — you will return here several times in the first month.
Steps — General settings
1. Turn the banner on
The first toggle on the page is Enable Consent. It is off by default on a fresh install. Flip it on. Nothing is live yet — the banner only starts appearing once you click Save Config at the end.
2. Pick where on the screen the banner appears
The Position dropdown has three options:
- Top (default) — the banner sticks to the top of the viewport. Visitors see it first. Best for strict-consent regions where you want the banner to be unmissable.
- Center — the banner appears in the middle of the screen with a dark overlay. Modal-style, hardest to miss, most intrusive. Best for sites where analytics is critical and you want a high opt-in rate.
- Bottom — the banner sticks to the bottom of the viewport. Least intrusive, most common pattern. Best for low-friction landing pages.
3. Decide whether Accept requires a checkbox
The Require I agree checkbox toggle controls whether the visitor must tick an "I agree" box before the Accept button becomes clickable. Leave this on for the strictest compliance posture (the visitor is making a deliberate two-step choice). Turn it off for a smoother one-click Accept if your legal review allows.
When on, the checkbox text is set via Checkbox label — the default reads I agree to enable analytics and cookies as described. — rewrite to match your tone of voice or legal wording.
Steps — Consent message and buttons
4. Write the disclosure message
The Consent message box is a rich editor that accepts HTML. You can include paragraphs, bold text, links to your Privacy Policy, and so on. Keep the message short — a paragraph or two — and make sure the most important points are first.
A good disclosure tells the visitor:
- What data you collect (usually "analytics cookies" or "page-view data").
- Why you collect it (usually "to improve the site" or "to understand visitor behavior").
- What happens when they Accept or Decline.
- Where to go to learn more (link to your Privacy Policy).
A pasteable starting template — rewrite to match your voice and your legal review wording:
5. Label the Accept and Decline buttons
The Accept button text and Decline button text fields are plain text inputs. Defaults are Accept and Enable and Continue without analytics. Rewrite to match your voice — Yes, I agree and No thanks, or Accept all cookies and Essential only, or whatever reads naturally for your audience.
6. Optionally, send visitors to a specific page after their click
The Accept redirect URL and Decline redirect URL are optional. Leave blank and the visitor stays on the current page — that is almost always what you want. Fill one in if you have a dedicated "thank you for accepting" or "CCPA opt-out confirmed" page visitors should land on.
Steps — Choose which scripts to gate
7. Gate the four tracking tools SGEN knows about
Under Exclusions you get four toggles, one per built-in tracker:
- Google Tag Manager — suppresses your GTM container from loading until consent. This also stops every tag inside GTM from firing, including GA4, Facebook Pixel, conversion tags, and remarketing tags loaded via GTM.
- Microsoft Clarity — suppresses the Clarity session-recording and heatmap script.
- Session Attributer — SGEN's own session-attribution tracker that records the campaign source, medium, and referrer for each visitor.
- Draft Form Entries — SGEN's form draft-auto-save feature that writes partial form data as the visitor types. Gating this means visitors who have not consented will not have their half-finished form entries saved across page loads.
Tick the toggle for each tool you want gated. For a strict GDPR posture, tick all four.
8. Gate any other tracking scripts your site runs
If you have added Hotjar, Segment, Amplitude, Meta Pixel outside of GTM, or any other tracking tool via Custom Codes or directly in your theme, add a regex to the Other scripts textarea. One pattern per line.
Common patterns:
/hotjar\.com/i— Hotjar session recording/cdn\.amplitude\.com/i— Amplitude analytics/segment\.(com|io)/i— Segment/connect\.facebook\.net/i— Facebook Pixel (when loaded directly, not through GTM)/googletagmanager\.com\/gtag/i— GA4 loaded directly via gtag.js (not through GTM)
The patterns match against the script tag's src attribute or inline script body. If a script matches any pattern, it is suppressed on public pages until the visitor accepts.
9. Exempt pages that talk about the banner itself
The Excluded Pages dropdown is a multi-select of every page, blog post, and custom object on your site, grouped by content type with live search. Pick the pages where the banner should NOT render.
The typical list:
- Your Privacy Policy page.
- Your Cookie Policy page.
- Any "About our cookies" or "Tracking choices" information page.
The reason: if a visitor clicked a link in the banner that reads "Learn more about our cookies" and landed on a page that itself has the banner blocking 80% of the screen, they cannot read the policy you sent them to. Exempt those pages.
Steps — Save and verify
10. Save the configuration
The Save Config button sits in the sticky right-hand column of the screen and stays visible as you scroll. Click it. You will see a green confirmation message reading Ada consent configuration has been successfully updated! appear at the top of the settings panel.
11. Verify the banner is live on your site
Open a new browser window (or a different browser, or your phone) and go to your homepage. The consent banner should appear at the position you picked, with the disclosure copy you wrote, the Accept and Decline buttons labeled the way you wanted, and the "I agree" checkbox if you asked for it.
Click Accept. The banner disappears. Refresh the page — the banner does not come back. Your choice is remembered.
Now open a fresh browser window (or an incognito / private window) and go to your homepage again. The banner should re-appear because that is a new visitor with no consent yet.
Click Decline this time. The banner disappears. To confirm that your gated scripts are suppressed, right-click anywhere on the page and pick View Page Source (the menu item varies slightly by browser). In the text that opens, press Ctrl-F (Cmd-F on Mac) and search for googletagmanager.com. You should see zero matches — the script has been suppressed because the visitor declined.
12. Confirm the consent log is recording decisions
Open Tracking Consent → Logs. You should see one row for each decision you made during verification — one accepted and one declined. If the rows are there, the log is working. This is the view you share with an auditor or legal team as evidence that consent is being captured.
What success looks like
- The green
Ada consent configuration has been successfully updated!message appears at the top of the Settings panel after you click Save Config. - Loading your homepage in a fresh browser window shows the consent banner at the position you chose, with your disclosure copy, and with the Accept and Decline buttons labeled the way you wrote them.
- Clicking Accept dismisses the banner; refreshing the page does not bring it back in the same browser.
- Opening the site in a fresh incognito or private window shows the banner again (because a new visitor has no consent yet).
- Right-click on the homepage in a fresh incognito window, pick View Page Source, and search (Ctrl-F) for the domain of any tracking tool you gated (for example
googletagmanager.comorhotjar.com). You find zero matches before Accept. After clicking Accept and reloading, the same search finds the domain — the script is now loading. - On a page you added to Excluded Pages (for example your Privacy Policy), the banner does not appear at all, even in a fresh incognito window.
- The Logs panel under Tracking Consent → Logs starts filling up with one row per real visitor decision within the first hour of public traffic.
What to do if it does not work
- The banner is not appearing on my site. Open the Settings panel and confirm the Enable Consent toggle is on. Click Save Config again to be sure. Open your homepage in a fresh incognito window — if you had previously clicked Accept in a normal window, that browser has already recorded your decision, so the banner will not reappear.
- The banner is appearing on my Privacy Policy page, which should be excluded. Open the Settings panel, scroll to Excluded Pages, confirm the page is selected in the dropdown (not merely shown in the list), and click Save Config. If the page was recently renamed or its URL changed, remove it and re-add it.
- I ticked Google Tag Manager under Exclusions but GTM is still loading. There are two common causes. First, a second GTM instance may be embedded directly in your theme or Custom Codes rather than through SGEN's Google Integrations — add
/googletagmanager\.com/ito Other scripts to catch all instances. Second, your browser may have cached the previous page — hard-refresh (Ctrl+Shift+R on Windows, Cmd+Shift+R on Mac) and check again.
- The banner's disclosure text looks plain — my
<strong>and<em>tags are showing as text. The Consent Message field accepts HTML, but make sure you have typed the tags correctly with angle brackets. Pasting from a rich-text editor can introduce curly quotes that the field misreads. Clear the field, retype in plain HTML, and save.
- My Accept button does not become clickable even after I tick the "I agree" checkbox. Clear your browser cache and reload. If the problem persists, turn off Require I agree checkbox in the settings and save — you will have a one-click Accept flow without the gating checkbox.
- The green "successfully updated" message appears twice after I save. Cosmetic only. Your save did go through. Any future reload of the Settings panel will show the saved values correctly.
- I want to turn off consent entirely for now. Open the Settings panel, flip the Enable Consent toggle off, and click Save Config. The banner will stop appearing on every page of your site. Your previously saved disclosure copy, button labels, and exclusions are kept — flipping Enable Consent back on restores everything without losing your edits.
- The banner shows up but clicking Accept does nothing. A third-party script added through Custom Codes is the most likely cause — it is interfering with the banner's click handler. Open Custom Codes, disable each entry one at a time by toggling its Active switch off, reload your homepage in a fresh incognito window, and try Accept again after each toggle. The entry that, when disabled, lets Accept work is the one that needs a fix from whoever added it. If the problem persists after disabling all Custom Codes, contact SGEN support and include the URL of the page where the click does not work.
Tips for a clean consent setup
Get the disclosure copy from legal once, in writing. The wording in the Consent message field is the single piece of text most likely to be quoted in a regulator complaint — get it signed off, paste it in, leave it alone.
Decide your consent posture before you touch the toggles. Strict (top position, "I agree" checkbox required, all four Exclusions ticked) is the EU/UK default. Permissive (bottom position, no checkbox, only marketing scripts gated) is the US default outside California. Pick one and stick with it.
Test in incognito, not your normal browser. Your normal browser already has a consent decision saved in its cookies — the banner will not reappear no matter what you change.
Keep your Privacy Policy and Cookie Policy in Excluded Pages. The most-forgotten setup step. A visitor who clicks "Read our Privacy Policy" should be able to read it — not find the banner covering 80% of the screen.
Match the Decline button label to the outcome. "Decline" sounds like a refusal of service. "Continue without analytics" or "Essential cookies only" sounds like a choice. Your decline rate will reflect how honest the label is.
Resave after every theme or layout change. SGEN's banner inherits font and color tokens from your active theme. After you swap themes or edit Styles & Layouts, open Tracking Consent → Settings, click Save Config (no other changes), and verify the banner picks up the new look.
Audit your consent log monthly, not quarterly. Open Tracking Consent → Logs the first Monday of each month and look for outliers — a sudden spike in declines almost always means a layout regression or a policy edit gone wrong.
On a multi-region site, gate the strictest scripts globally and let the message localize. SGEN's banner is one global config. Tick all four Exclusions, write neutral copy that is true everywhere, and let your localization layer translate the strings.
Keep dated copies of your disclosure copy outside SGEN. The audit log records every settings change, but does not show what wording the banner displayed during a specific week. When an auditor asks "what did the banner say in March?", a shared doc with dated snapshots gives you a one-second answer.
The consent log distribution on a healthy site looks like this — most visitors accept, a meaningful minority decline, and the "no decision" bucket stays small. If your "no decision" count starts dominating, your banner is being dismissed by accident — usually a position or copy problem:
Examples in context
Example 6 — Emergency disable for legal review.
Your legal team flags a typo in the disclosure copy at 4 p.m. on a Friday — the Cookie Policy link points to the wrong slug.
The fix is two minutes of work, but legal needs the banner off until they review the corrected copy on Monday.
Open Tracking Consent → Settings, flip Enable Consent off, and click Save Config. Reload your homepage in an incognito window — the banner is gone. All four Exclusions stay ticked — Google Tag Manager, Microsoft Clarity, Session Attributer, and Draft Form Entries are still suppressed because no visitor has given consent.
The site is in a fail-safe state: no banner, no tracking scripts. On Monday morning, paste the corrected wording into the Consent Message box, flip Enable Consent back on, and the banner is live again — with your original copy, button labels, and Excluded Pages intact.
Total downtime: zero. Total tracker leakage: zero.
Example 7 — Adding a new analytics tool mid-quarter.
Your marketing team signs up for Mixpanel to track product-page conversions. It loads via a <script src="https://cdn.mxpnl.com/libs/mixpanel-3-min.js"> tag in Custom Codes — a tracking script, so it must be gated behind consent.
There is no built-in Mixpanel toggle, so open Tracking Consent → Settings, scroll to Other scripts, add /cdn\.mxpnl\.com/i on a new line, and click Save Config.
To verify: open your site in a fresh incognito window, right-click, View Page Source, search for mxpnl — zero matches. Click Accept, reload, search again: cdn.mxpnl.com now appears in a <script src=..> tag. Mixpanel is loading because the visitor consented.
The whole process takes ninety seconds, with no code change and no developer involved.
Example 8 — Migrating from a third-party Consent Management Platform.
Your site previously used a third-party CMP with a monthly subscription fee and five cookie-category toggles. After a year, analytics showed 94% of visitors clicked "Accept All" anyway and no one used the category toggles.
The migration: remove the CMP script from Custom Codes, open Tracking Consent → Settings, paste the disclosure copy (rewritten for binary Accept / Decline), tick GTM and Clarity under Exclusions, and save. The new banner is live in five minutes and behaves identically from a compliance standpoint.
The trade-off is real: SGEN's banner does not break consent into Functional / Performance / Marketing categories. If your audience genuinely uses those categories, stay on the dedicated CMP.
Example 9 — Localizing the banner for a French-speaking audience.
Your site opens a wholesale storefront for French-speaking customers in Quebec and France, served at the same domain under a /fr/ URL prefix as a separate set of French pages (SGEN has no auto-translation layer — each language is its own content). The consent banner needs to read in French for /fr/ visitors.
Because SGEN's banner is one global config, it shows the same text to every visitor regardless of which language URL they are on — there is no per-language swapping. So write short neutral disclosure copy, or bilingual copy (for example an "Accept / Accepter" button), rather than relying on the banner to translate itself. The Exclusions toggles are language-neutral — the same four scripts are gated globally — so no second config is needed.
If you need fully separate branding per region (different button colors, different banner positions per country), that requires a separate SGEN site, not a separate Tracking Consent config.
Fields
| Field | Type | What it does |
|---|---|---|
| Enable Consent | Toggle | Master switch — off by default. Turns the banner on/off globally. |
| Position | Select | Top / Center / Bottom — where the banner sits in the viewport. |
| Require I agree checkbox | Toggle | Requires visitor to tick a checkbox before Accept button activates. |
| Checkbox label | Text | The label text next to the "I agree" checkbox. |
| Consent message | HTML editor | The disclosure copy shown inside the banner. Accepts HTML. |
| Accept button text | Text | Label of the Accept (green primary) button. |
| Accept redirect URL | URL | Optional page to send visitors to after they click Accept. |
| Decline button text | Text | Label of the Decline (outline) button. |
| Decline redirect URL | URL | Optional page to send visitors to after they click Decline. |
| Gate Google Tag Manager | Toggle | Suppresses the GTM container (and all tags inside it) until Accept. |
| Gate Microsoft Clarity | Toggle | Suppresses the Clarity session recording script until Accept. |
| Gate Session Attributer | Toggle | Suppresses SGEN's own attribution tracker until Accept. |
| Gate Draft Form Entries | Toggle | Suppresses SGEN's form auto-save until Accept. |
| Other scripts | Textarea | One regex per line. Any script matching is suppressed until Accept. |
| Excluded Pages | Multi-select | Pages where the banner does not appear (e.g. Privacy Policy). |
Related reading
- Review consent sessions after the banner is live — the log of every visitor's Accept or Decline decision, with timestamps and timeline. The view you show an auditor.
- Add or edit Custom Codes — the alternate path where you add Hotjar, Mixpanel, and other third-party tracking scripts that the Other scripts regex box on this screen suppresses.
- Edit your Global SEO settings — turn search-engine indexing on after launch. The consent banner is a launch-day step; flipping the indexing toggle is the other.
