Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Cookie Script is a European consent management platform that scans cookies, displays a banner, blocks non essential scripts and stores consent records on EU infrastructure.
Cookie Script is a European consent management platform widely used by small and mid market sites in the EU. The product scans the website for cookies, generates a categorised cookie policy, displays a configurable banner and blocks non essential scripts before consent. The consent record is stored in a first party cookie so the same decision is reused across pages and visits.
Cookie Script writes a CookieScriptConsent first party cookie that records which categories the visitor has accepted, plus a session cookie used internally by the banner. No marketing or analytics data is collected by the platform itself. The destinations gated by Cookie Script can still set their own cookies after consent.
The CookieScriptConsent cookie is strictly necessary because its purpose is to record the visitor consent decision. It can be loaded under legitimate interest. The non essential cookies of the destinations behind the banner remain subject to article 5(3) of the ePrivacy Directive and must be blocked until consent is captured.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Configure default reject for non essential categories, expose granular controls, prevent banner pre acceptance through scrolling, store the consent record server side for audit, and integrate the IAB TCF where you serve display advertising. Document the cookie scan in your records of processing activities.
Cookie Script hosts on Hetzner data centres in Germany. No US sub processors are used for the consent record or the banner delivery, which keeps the privacy footprint inside the EEA.
Sign the Cookie Script DPA, configure default reject, document the cookie scan, integrate the consent state with your tag manager so destinations are properly gated, and re scan the site quarterly to catch new tags.
Websites using Cookie Script must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for the consent management role itself. It becomes appropriate when the operator pairs Cookie Script with extensive advertising and analytics tags, when consent is the only suppression mechanism for those tags, or when the deployment serves children below age fifteen.
Sample consent text
We use Cookie Script to ask for your consent and to remember your decision across our pages. The platform stores a small consent cookie on your device and does not collect any additional personal data.
Third-party domains contacted
cookie-script.comcdn.cookie-script.comreport.cookie-script.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| CookieScriptConsent | Strictly necessary | 6 months | First party cookie that records the visitor consent decisions managed by the Cookie Script banner. |
| cookie_script_session | Strictly necessary | Session | Internal session cookie used by the Cookie Script banner to maintain its UI state. |
Cookie Script is an essential service, but transparency matters. Manage all your consent with FlowConsent.
Cookie Script writes a CookieScriptConsent first party cookie with the visitor consent decision and a session cookie used by the banner. No marketing or analytics cookies are set by the platform itself.
The Cookie Script banner can be loaded as strictly necessary because its purpose is to capture the consent decision. The destinations it gates require their own consent under article 5(3) of the ePrivacy Directive.
Legitimate interest under article 6(1)(f) GDPR for the consent record itself, or a legal obligation when documenting consent. Each destination behind the banner needs its own legal basis, typically consent for analytics and advertising.
No. Cookie Script hosts on Hetzner data centres in Germany and does not use US sub processors for the consent record or the banner.
In general no for the consent function itself. A DPIA may be appropriate when Cookie Script is paired with extensive advertising tags, when consent is the only suppression mechanism for those tags, or when the deployment serves children.
Configure default reject, document the cookie scan, store the consent record server side, integrate the consent state with your tag manager and re scan the site quarterly to keep the cookie list accurate.
Other EU friendly CMPs include Cookiebot, Didomi, Axeptio, Iubenda, OneTrust, Sourcepoint and open source projects such as Klaro and Orestbida.
List the CookieScriptConsent cookie alongside the cookies of the destinations the banner gates, name Cookie Script as a processor located in the EU, and document the configuration of default reject and any IAB TCF support.