Skip to content

Documentation

Consent Models Explained

Consent Models Explained

Last updated Mar 24, 2026

Kukie.io supports four consent models, each designed for different regulatory requirements. The consent model determines whether cookies and scripts are blocked by default, when the banner appears, and how Google Consent Mode signals are set. You can assign different models to different regions using region rules.

OI Opt-in Block until consent GDPR, ePrivacy Strictest OO Opt-out Allow, let user refuse CCPA, CPRA Moderate NO Notice Only Inform, no blocking Low-regulation Informational HI Hidden No banner shown No consent needed Silent

Opt-in (GDPR)

The Opt-in model is the strictest option and the one required by GDPR and the ePrivacy Directive in the EU/EEA. All non-essential cookies and scripts are blocked until the visitor explicitly accepts them. Google Consent Mode defaults are set to denied for all parameters.

How it works

  1. The banner appears on the first visit.
  2. No analytics, marketing, or functional cookies are set until the visitor clicks Accept All or saves custom preferences.
  3. Google Tag Manager is not loaded until consent is given.
  4. If the visitor rejects all, only necessary cookies are used.

Tip: This is the recommended model for any website serving visitors in the EU, UK, or other strict-consent jurisdictions.

Opt-out (CCPA)

The Opt-out model allows all cookies by default and gives the visitor the option to refuse. This matches the CCPA/CPRA approach used in California and other US states where consent is implied until the user opts out.

How it works

  1. Google Consent Mode defaults are set to denied, then immediately updated to granted.
  2. All scripts and cookies load normally from the first page view.
  3. The banner still appears, informing the visitor and offering a way to opt out.
  4. If the visitor opts out, non-essential cookies are blocked going forward.

Notice Only

The Notice Only model shows the banner as an informational notice without any blocking. All cookies and scripts run regardless of the visitor's interaction with the banner. This is suitable for regions with minimal cookie regulation or where you only need to inform visitors that cookies are used.

How it works

  1. The banner appears with an informational message.
  2. All cookies and scripts are active from the start.
  3. The visitor can dismiss the banner but this does not change cookie behaviour.
  4. Google Consent Mode defaults are set to denied and immediately updated to granted, the same as opt-out.

Hidden

The Hidden model does not display any banner at all. Consent is granted silently, and all Google Consent Mode parameters are set to granted. Use this for regions where cookie consent is not legally required, or for internal/intranet sites.

Important: Using the Hidden model in a region that requires consent (such as the EU) may result in non-compliance. Always check local privacy regulations before choosing this model.

Google Consent Mode Interaction

All four models integrate with Google Consent Mode v2. The key difference is timing:

  • Opt-in - GCM defaults stay denied until the visitor explicitly grants consent.
  • Opt-out / Notice Only - GCM defaults are set to denied, then immediately updated to granted before GTM loads.
  • Hidden - GCM defaults are set to denied and immediately updated to granted. No banner is shown.

For full details on the Google Consent Mode integration, see Integrations.

Choosing the Right Model

Most websites need at least two models: Opt-in for EU/UK visitors and Opt-out for US visitors. You can configure this using region rules, which let you assign different consent models to different geographic regions.

Next

Region Rules & Geo-Detection
Was this helpful?