Help Center Configuration

Configuration

10 minute read · Updated March 2026

All configuration is managed through the Admin UI. Sign in, then use the tabs to edit each section. Click Save Changes to apply — the Redis cache is invalidated immediately and the CDN will serve the updated config within 5 minutes.

The Banner Text tab controls all the copy shown in the consent banner.

FieldShown whereDefault
HeadlineBold title at the top of the bannerWe use cookies
DescriptionSubtitle below the headlineHelp us improve your experience.
Accept all labelPrimary action buttonAccept all
Reject all labelSecondary action buttonReject all
Save labelButton in the preferences panelSave preferences
Manage labelLink that opens the preferences panelManage preferences

Privacy policy link

You can add a link to your privacy or cookie policy that appears in the banner alongside the "Manage preferences" link. Set the Privacy Policy URL field in the Banner Text tab to a full URL (e.g. https://example.com/privacy).

GDPR requirement Under GDPR Art. 13, you must provide a link to your privacy policy at the point of data collection. Including it in the banner satisfies this requirement.

Styling

The Styling tab controls the visual appearance of the banner.

Primary colour

Sets the accent colour used for buttons, toggle switches, and links. Use the colour picker or type a hex value. The SDK applies this as a CSS custom property (--cc-primary) within a Shadow DOM, so it won't leak into your page's styles.

Font family

By default this is inherit, which picks up the font from your page's body. You can override it with any CSS font stack (e.g. 'Inter', sans-serif).

Position

OptionAppearance
bottom-barFull-width bar fixed to the bottom of the viewport. Default.
bottom-leftCompact card anchored to the bottom-left corner.
center-modalCentred modal with a semi-transparent overlay. Most prominent.

Geo rules

Geo rules let you apply different consent modes based on the user's country. The SDK resolves the user's region from the CF-IPCountry header set by Cloudflare — no client-side geolocation is used.

Modes

ModeBehaviourWhen to use
opt-in Banner is shown. Nothing is granted until the user actively accepts. EU, EEA, UK (required by GDPR/UK GDPR).
opt-out + showBanner: false All categories granted silently. No banner shown. US states without strict privacy laws.
opt-out + showBanner: true Banner shown but all categories pre-granted. User can opt out. Regions where opt-out is legally sufficient but transparency is desired.

Region codes

Use EU to match all EU/EEA countries, GB for the UK, or any ISO 3166-1 alpha-2 country code (e.g. US, CA). Use * as a catch-all fallback rule — it must be listed last.

Typical setup Two rules: EU → opt-in, showBanner: true and * → opt-out, showBanner: false. EU users see the banner; everyone else gets silently opted in.

Categories

Categories define the consent groups you ask users about. Each category maps to a toggle in the banner's preferences panel.

FieldDescription
SlugMachine-readable ID used in data-cc-category attributes and the SDK's decisions object. Must be unique (e.g. analytics, marketing).
NameHuman-readable label shown in the banner (e.g. "Analytics").
DescriptionShort explanation shown below the name in the preferences panel.
RequiredIf true, the toggle is disabled and always on. Use for essential/functional cookies only. GDPR prohibits marking non-essential categories as required.
Default valueMust be false for non-required categories (GDPR Art. 4(11) — no pre-ticked boxes).

Script rules

Script rules tell the SDK which third-party scripts belong to which consent category. A script matching a rule is held until the user grants that category.

Match typeMatches when…Example value
domainThe script's hostname equals the value or is a subdomain of itgoogle-analytics.com
srcContainsThe script's full src URL contains the stringgtm.js
srcRegexThe script's src URL matches the regular expressionfacebook\.net\/.*\/fbevents
Scripts with no matching rule are treated as essential and released immediately. Only scripts explicitly matched to a non-essential category are blocked.

Script scanner

The script scanner visits a URL on your site and detects all third-party <script> tags. It cross-references them against your existing rules and tells you which scripts are already covered, which are uncovered (need a new rule), and which are unknown.

To use it, go to the Script Scanner tab in the Admin UI and enter a URL on your site. The scanner fetches the page server-side, so it won't be blocked by browser extensions.

The scanner only detects scripts present in the initial HTML. Scripts injected by other scripts (e.g. GTM loading ad pixels) are not detected in a static scan.

Saving & caching

When you click Save Changes:

  1. The config is updated in Postgres and the version number is incremented.
  2. The Redis cache entry for your customer is immediately deleted.
  3. The next request to /config/v1/:customerId.json will fetch from Postgres and re-warm the cache.
  4. The CDN (if configured) is purged via the Cloudflare API.

Visitors who already consented under a previous config version will see the banner again — their stored decisions are tied to the version number. This ensures they can re-consent after you add a new category.