GDPR · CCPA · TCF · Consent Mode v2

Consent that
feels invisible.

Real prior-blocking, a tamper-evident audit ledger, Consent Mode v2 and IAB TCF — live in one script tag. We host it; you stay compliant.

Start free
See how it works
app.forgeconsent.io/dashboard
Opt-in rate72.4%
Impressions128k
Records94,712
Opt-out27.6%
Opt-in over time
Consent ledgerintact
allow all7f3a·9c21
reject allc018·4ee2
custom9b51·270d
0.0 KB
gzipped embed
0 line
to install
0 min
to go live
0 frameworks
TCF · GPP · Consent Mode
The mechanism

Blocked before consent. Released the instant it's given.

01

Load first, block everything

The embed runs before any other tag and intercepts trackers as they enter — scripts become text/plain, iframes lose their src. Nothing fetches.

02

The visitor chooses

A keyboard-accessible banner collects a granular choice across four categories — opt-in in the EU, opt-out in the US, resolved by region.

03

Release and prove it

Allowed tags re-activate in order; the choice is written to a first-party cookie and a hash-chained record in the ledger — proof for a regulator.

What's in the box

Everything Cookiebot does — plus the part where you keep control.

Real prior-blocking

Automatic DOM-interception or manual markup. Trackers genuinely do not fire before consent — provable in the network tab.

Tamper-evident ledger

Every consent is a hash-chained record. Alter one entry and the chain breaks. Export CSV or pull signed ISO-27560 receipts for audits.

Consent Mode v2

Maps your categories to all seven Google signals, plus Microsoft UET, Meta and TikTok — through one event.

Geo & GPC

EU opt-in, US opt-out, resolved by region from CDN headers. Global Privacy Control auto-opts-out, DNT honoured.

IAB TCF & GPP

Vendor-valid TC-strings via the canonical encoder, US Privacy and GPP for ad-serving sites. Registered-CMP ready.

Auto policies

A live cookie declaration and privacy policy generated from each scan — always current, never a stale PDF.

developers.eyebrow

developers.title

developers.body

developers.point1
developers.point2
developers.point3
import { createForgeConsent } from '@forgeconsent/sdk'; const fc = createForgeConsent({ apiKey: process.env.FC_KEY }); const sites = await fc.sites.list(); const stats = await fc.consent.stats(sites[0].cbid, { from, to, });
Honest comparison

The same compliance. A different ownership model.

CapabilityForgeConsentCookiebotCookieYes
Tamper-evident consent log
Signed ISO-27560 receipts
Prior blocking
Google Consent Mode v2
IAB TCF v2.2 + GPP
Developer API + SDK + MCP
Drop-in Cookiebot migration
Questions

Frequently asked questions

Does ForgeConsent actually block cookies before consent?

Yes. The embed loads before any other tag and intercepts trackers as they enter the page — scripts become text/plain and iframes lose their src, so nothing fetches until the visitor consents. You can verify it in the browser network tab.

Is ForgeConsent GDPR, CCPA and TCF compliant?

Yes. ForgeConsent supports GDPR opt-in, CCPA/US opt-out resolved by region, IAB TCF v2.2/2.3, the Global Privacy Platform (GPP) and Google Consent Mode v2 out of the box.

How do I install ForgeConsent?

Add a single script tag to the <head> of your site with your site ID. It typically takes about five minutes to go live, and there is a drop-in migration path from Cookiebot.

What makes the consent ledger tamper-evident?

Every consent is stored as a hash-chained record. If any entry is altered, the chain breaks — giving you cryptographic proof of consent for regulators. You can export CSV or pull signed ISO-27560 receipts.

Drop it in the <head>.
Be compliant by lunch.

<script id="ForgeConsent" src="https://cdn.forgeconsent.io/consent.js" data-cbid="your-site-id" data-blockingmode="auto"></script>
Continue as guest
ForgeConsent — Consent management with real prior-blocking & audit ledger