What Microsoft Clarity Does and Why Consent Matters
Microsoft Clarity is a free behavioural analytics tool that records how visitors interact with your website. It generates heatmaps, session recordings, and engagement metrics - all useful data for improving user experience.
The catch is that Clarity sets several cookies on your visitors' browsers to make this tracking work. Under Article 5(3) of the ePrivacy Directive and the GDPR, storing non-essential cookies without prior consent is unlawful for visitors in the EU, EEA, UK, and Switzerland. Since 31 October 2025, Microsoft enforces this directly: Clarity will not collect full analytics data or set cookies unless your site sends a valid consent signal first.
Key Takeaways
Clarity's
consentv2API replaced the olderconsentAPI and requires two parameters:ad_Storageandanalytics_Storage.Without a valid consent signal, Clarity runs in a limited no-consent mode - no session recordings, heatmaps, or cross-page tracking for EEA/UK/CH visitors.
Clarity sets first-party cookies (
_clck,_clsk) and third-party cookies (CLID,ANONCHK,SM,MR), all classified as analytics cookies.Calling
window.clarity('consent', false)erases all Clarity cookies and restarts tracking in no-consent mode.A CMP like Kukie.io can send the correct consent signal automatically, so you do not need to write or maintain custom JavaScript.
Cookies Set by Microsoft Clarity
Clarity places both first-party and third-party cookies. Every one of them falls into the analytics category and requires consent under the GDPR and ePrivacy Directive before being stored on a visitor's device.
| Cookie | Type | Duration | Purpose |
|---|---|---|---|
_clck | First-party | 1 year | Stores a unique user ID and site preferences for returning visitor recognition |
_clsk | First-party | 1 day | Combines multiple page views into a single session recording |
CLID | Third-party | 1 year | Identifies the first time Clarity observed this user across any site using the tool |
ANONCHK | Third-party | 10 minutes | Indicates whether the MUID browser ID is synced with a Microsoft advertising cookie |
SM | Third-party | Session | Keeps the MUID consistent across Microsoft domains |
MR | Third-party | 7 days | Signals whether to refresh the MUID cookie |
The third-party cookies (CLID, ANONCHK, SM, MR) are set on Microsoft's domain. If your visitors block third-party cookies at the browser level, only the first-party cookies will be affected by Clarity's consent logic.
How the ConsentV2 API Works
The consentv2 API is Clarity's current method for receiving consent signals. It replaced the older V1 API (window.clarity('consent', true)), which Microsoft plans to deprecate.
The call takes two parameters, both required:
window.clarity('consentv2', {
ad_Storage: "granted",
analytics_Storage: "granted"
});Both ad_Storage and analytics_Storage accept either "granted" or "denied" as values. The property names are case-sensitive - note the underscore and capital S.
When both values are set to "granted", Clarity enables full tracking: session recordings, heatmaps, funnels, and cross-page user identification via cookies. When either value is "denied", Clarity operates in no-consent mode for that category. It assigns a unique ID per page view and does not persist session data with cookies.
Erasing Cookies on Consent Withdrawal
If a visitor withdraws consent, your site must tell Clarity to clean up. The legacy erase call still works for this purpose:
window.clarity('consent', false);This deletes all Clarity cookies from the visitor's browser, ends the current session, and restarts tracking in no-consent mode. No-consent mode stays active on future visits until the visitor grants consent again.
What Happens Without a Consent Signal
If your site does not send any consentv2 call for visitors from the EEA, UK, or Switzerland, Clarity defaults to no-consent mode. The practical impact is significant.
Session recordings will not be generated. Heatmap data will be incomplete or missing entirely. Funnel tracking will not work. You will still see basic page-level metrics, but the behavioural insight that makes Clarity valuable disappears.
For visitors outside these regions, Clarity currently operates without requiring a consent signal. That said, other privacy laws - such as the LGPD and CCPA/CPRA - may still require you to disclose Clarity's cookies and provide opt-out mechanisms.
How Kukie.io Handles Clarity Consent Automatically
Configuring Clarity consent manually means writing event listeners, mapping your cookie banner's accept and reject actions to the correct API calls, and testing the integration across different consent states. Kukie.io removes that work.
When you enable the Microsoft Clarity integration in the Kukie.io dashboard, the platform sends the consentv2 signal automatically based on your visitor's consent choice. If a visitor accepts analytics cookies, Kukie.io fires analytics_Storage: "granted". If they decline, no signal is sent and Clarity stays in no-consent mode. If the visitor later withdraws consent through the revisit consent button, Kukie.io triggers the cookie erase call.
No custom JavaScript is required. The integration also handles the ad_Storage parameter, mapping it to your visitor's marketing cookie preference.
Setup Steps
Add your site to Kukie.io and install the cookie banner.
Run a cookie scan to detect Clarity's
_clckand_clskcookies.Verify the cookies are categorised under Analytics in your cookie categories.
Enable the Microsoft Clarity integration under Integrations in your dashboard.
Test with the browser console snippet below.
If you also run Microsoft Advertising with UET tags, the UET consent mode integration works alongside Clarity. Both receive their consent signals from the same visitor choice, with no extra configuration. See the dedicated Microsoft UET consent mode guide for details on that setup.
Testing and Verification
After enabling the integration, open your site in an incognito window and check that Clarity behaves correctly in both consent states.
Console Snippet for Monitoring Clarity Calls
Paste this into your browser's developer console before interacting with the cookie banner:
const originalClarity = window.clarity;
window.clarity = function() {
console.log('[Clarity]', ...arguments);
return originalClarity.apply(this, arguments);
};Accept cookies through the banner and look for a [Clarity] consentv2 log entry with analytics_Storage: "granted". Reject cookies and confirm no consentv2 call appears, or that it appears with "denied" values.
Check the Application tab in DevTools. After accepting, you should see _clck and _clsk cookies. After rejecting or withdrawing consent, those cookies should be absent.
Region Rules: Opt-in vs Opt-out
Privacy regulations differ by jurisdiction, and your consent model should reflect that. With Kukie.io's region rules, you can apply different default behaviours based on where your visitor is located.
For visitors in the EU, EEA, UK, and Switzerland, the GDPR requires opt-in consent - Clarity cookies must not be set until the visitor actively agrees. For visitors in the United States, many state laws follow an opt-out model, where tracking may begin by default but the visitor can choose to refuse.
Kukie.io's geo-detection handles this automatically. The same Clarity integration adapts to your region rules: opt-in regions get a consent-first experience, while opt-out regions receive the appropriate default state. The consentv2 signal reflects the visitor's actual preference in both cases.
Frequently Asked Questions
Does Microsoft Clarity need cookie consent?
Yes. Clarity sets non-essential cookies like _clck and _clsk that require consent under the GDPR and ePrivacy Directive. Since 31 October 2025, Microsoft enforces consent requirements for visitors from the EEA, UK, and Switzerland.
What is the difference between Clarity ConsentV1 and ConsentV2?
ConsentV1 used a simple boolean call (window.clarity('consent', true)). ConsentV2 provides granular control with separate ad_Storage and analytics_Storage parameters. Microsoft recommends ConsentV2 and plans to deprecate V1.
What happens to Clarity data if a visitor declines cookies?
Clarity operates in no-consent mode with limited tracking. It assigns a unique ID per page view, does not persist session data with cookies, and disables session recordings, heatmaps, and funnel tracking for that visitor.
Are _clck and _clsk cookies first-party or third-party?
Both _clck and _clsk are first-party cookies set on your domain. Clarity also uses third-party cookies (CLID, ANONCHK, SM, MR) set on Microsoft's domain.
Can I use Microsoft Clarity without a cookie banner?
If your site receives any traffic from the EU, EEA, UK, or Switzerland, you need a cookie banner and a consent mechanism. Without one, Clarity will run in no-consent mode for those visitors, and you risk non-compliance with the GDPR.
How do I erase Clarity cookies when a visitor withdraws consent?
Call window.clarity('consent', false) in your JavaScript. This deletes all Clarity cookies and restarts tracking in no-consent mode. A CMP like Kukie.io handles this automatically.
Take Control of Your Cookie Compliance
If you are not sure which cookies your site sets, start with a free scan. Kukie.io detects, categorises, and helps you manage every cookie - including Microsoft Clarity's full set - so your visitors get a clear choice, and you stay on the right side of the law.
