Cookie Policy
ConsentLayer generates a cookie policy for each site automatically. It lists every category, service, and cookie you've configured — including the per-cookie name, description, and duration — and re-renders whenever that configuration changes. There's nothing to write or keep in sync by hand.
This guide covers the three ways to put it in front of your visitors: the hosted page, a link from the consent banner, and embedding it directly on your own site.
The hosted page and embed are available on the Agency plan. The banner's Cookie Policy link is available on every plan.
Enable the hosted page
In the dashboard, open Site → Settings → Hosted cookie policy page and turn on Publish public page. Once enabled, your policy is served at:
https://api.consentlayer.com/policy/YOUR_PROJECT_KEYThe page updates within about a minute of any change to your categories, services, or cookies. You can force a re-render any time with Re-render now.
Prefer to drive it from an agent or script? Use the MCP tools:
set_cookie_policy_enabled { siteId, enabled: true }
get_cookie_policy { siteId } → publicUrl, fragmentUrl, embedSnippet
regenerate_cookie_policy { siteId }Link it from the banner
The consent banner can show a Cookie Policy link next to the Privacy Policy link. When the hosted page is enabled, the banner links to it automatically — no configuration needed.
To point the link somewhere else — for example, a policy you've embedded on your own domain (see below) — set a custom URL in Site → Banner → Policy links → Cookie policy URL, or over MCP:
update_banner_config { siteId, cookiePolicyUrl: "https://example.com/cookie-policy" }Leave the field empty to fall back to the automatic behavior.
Embed it on your own site
Hosting the policy on your own domain keeps visitors on your site and lets the policy inherit your page's fonts and colors. Two ways to do it.
Client-side (any site)
Drop a container where you want the policy, plus the loader script. This is the snippet shown in Settings → Embed on your site:
<div id="consentlayer-policy"></div>
<script src="https://api.consentlayer.com/policy/YOUR_PROJECT_KEY/embed.js" defer></script>The script finds the container, fetches the current policy, and injects it. It's
self-updating — when your configuration changes, the embed reflects it on the
next page load. defer is fine here (unlike banner.js, which must run
synchronously): the policy is content, not a tracking gate.
You can place the container anywhere and target it either by id or with a
data-consentlayer-policy attribute:
<section data-consentlayer-policy></section>Server-side rendering
If you render pages on the server (Next.js, Astro, Hugo, a CMS, anything), fetch the raw HTML fragment at build or request time and inline it:
https://api.consentlayer.com/policy/YOUR_PROJECT_KEY/fragment// Example: fetch at request time and render the fragment inline.
const res = await fetch(
"https://api.consentlayer.com/policy/YOUR_PROJECT_KEY/fragment",
);
const html = await res.text();
// ...then render `html` inside your page (e.g. dangerouslySetInnerHTML in React).The fragment is a single <div class="cl-policy"> with its own scoped styles —
safe to place inside any layout. It sets structure only (tables, spacing) and
does not pin fonts or text color, so it blends into your typography.
Languages
If your site has multiple languages enabled, the policy is generated for each
one. The hosted page and both embed endpoints pick the language from the
visitor's Accept-Language header automatically.
To force a specific language, add a ?locale= query parameter to the page or
fragment URL, or set data-locale on the embed container:
<div id="consentlayer-policy" data-locale="de"></div>