KookiTrust CMP Documentation
Understand how the CMP works and how to enable it on your site.
Tip: use the FR/EN toggle to read this documentation in your preferred language.
CMP at a glance
KookiTrust helps you collect consent choices and properly activate/deactivate your marketing & analytics scripts, while keeping proof evidence you can export.
1) Installation
Retrieve the script
- In the dashboard, open your site page (or property) and find the “Integrations” section.
- In step 1, choose GTM or GA4 and enter your ID (`GTM-…` or `G-…`).
Integrate the snippet
- Click “Get script”: widget-only snippet (GTM) or gtag + widget (GA4; no manual `gtag('config')` in HTML — the widget applies it after consent).
- Copy the integration script shown.
data-category : Attribute example: <script ... data-category="ANALYTICS"></script>
Publish & verify
- Paste it into your site: preferably in `<head>`, or near the end of `<body>` depending on your CMS.
- Publish and reload a page on your site: the widget should execute and communicate with the dashboard.
- Go back to the dashboard and check the integration status (widget detected / green check).
- If detection does not work: confirm the script loads correctly (no console errors) and use the integration refresh control.
2) Script blocking
The CMP activates/deactivates tags based on consent categories. Use the `data-category` attribute to associate each script with a category.
3) Consent Mode v2
The CMP can also emit the signals required for tools that support Consent Mode v2. The goal: reduce usage of non-consented tags while respecting consent logic.
4) Consent widget
The widget shows the banner (and its configuration view) and records user choices. After activation, scripts start only after explicit consent.
If you disable the floating “Manage cookies” button, add a footer/menu link to `/#kookitrust-manage-cookies` so users can reopen preferences.
6) Proof of consent
The dashboard stores consent proofs: modal version, browser info, and a modal snapshot. Export your data as CSV from “Consents”.
7) Daily stats cron
- Entry point: `GET /api/cron/daily-stats` (or `POST`) with secret via `Authorization: Bearer`, `x-cron-secret`, or `?secret=`.
- Recommended frequency: once a day in UTC (preferably early morning) to aggregate D-1.
- Health check: `GET /api/cron/daily-stats?health=1` to compare latest aggregated date vs expected date.
- Backfill: `?backfill=7` (or N) to recompute previous days with idempotent behavior.
- Local smoke test: `npm run cron:daily-stats:smoke` (uses `APP_URL` and `CRON_SECRET` from `.env`).
- Scheduler wiring: plug either Vercel Cron or a Linux/external cron pinger to this endpoint.