How Consent Works
The full lifecycle
User visits site
→ ConsentForge runtime loads (< 10 KB)
→ Scripts marked for blocking are intercepted
→ Banner is shown (if no prior consent)
→ User decides (Accept All / Reject / Customize)
→ Consent stored (cookie + optional server-side)
→ Blocked scripts are released or remain blocked
→ Consent signals distributed to GTM / webhooks / API
→ Tamper-proof receipt written to evidence layer
On subsequent visits:
User visits site
→ Runtime loads and reads stored consent in < 10 ms
→ No banner shown (consent already recorded)
→ Scripts released/blocked based on stored decision
→ Distribution targets notified of restored consent
When consent changes
If a user changes their mind via the Preference Center:
- New consent recorded with updated timestamp
- Scripts that lost consent are blocked immediately
- Scripts that gained consent are loaded
- New consent receipt written (pointing to previous via hash chain)
- Distribution targets notified of update