• Platform
    • The Osano Platform Overview

      Get an overview of the simple, all-in-one data privacy platform

    • header__icon-1
      Cookie Consent

      Manage consent for data privacy laws in 50+ countries

    • user-square
      Subject Rights Management

      Streamline and automate the DSAR workflow

    • assessments primary 200

      Efficiently manage assessment workflows using custom or pre-built templates

    • Unified Consent primary 200
      Unified Consent & Preference Hub

      Streamline consent, utilize non-cookie data, and enhance customer trust

    • data mapping primary 200
      Data Mapping

      Automate and visualize data store discovery and classification

    • shield-tick
      Vendor Privacy Risk Management

      Ensure your customers’ data is in good hands

    • Features & Integrations

      Key Features & Integrations

    • Privacy Templates
    • GDPR Representative
    • Consult Privacy Team
    • Regulatory Guidance
    • Integrations
  • Solutions
    • By Regulation
    • CPRA

      Discover how Osano supports CPRA compliance

    • CCPA

      Learn about the CCPA and how Osano can help

    • GDPR

      Achieve compliance with one of the world’s most comprehensive data privacy laws

    • By Organization Type
    • Icon (10)

      Don’t let data privacy compliance get in the way of growth

    • Icon (11)

      Preserve your competitive edge

    • Icon (12)

      Manage data privacy at scale

    • By Use Case
    • Path
      Consent Management

      Manage consent without the complexity

    • Icon (14)
      DSAR Automation

      Never miss a DSAR deadline again

    • Icon (15)
      Vendor Risk Management

      Regain insight and control over your customers’ data

    • Icon (16)
      Privacy Program Management

      Build and grow an end-to-end privacy program

  • Resources
    • View All Resources
    • book-open-01

      Expert insights on all things privacy

    • Icon (25)
      Resource Center

      Key resources to further your data privacy education

    • globe icon primary 200
      U.S. Data Privacy Laws

      A guide to data privacy in the U.S.

    • Icon (17)

      Research the most essential privacy topics

    • hand a heart icon primary 200
      Customer Stories

      Meet some of the 5,000+ leaders using Osano to transform their privacy

    • Icon (30)

      Upcoming webinars and in-person events designed for privacy professionals

    • envelope icon primary 200

      Subscribe and become a Privacy Insider

    • Icon (21)
      Product Updates

      What’s the latest with Osano?

    Latest Blog post

    Letter blocks spelling

    Privacy Risk Quantification: How and When to Do It Effectively

    Getting buy-in for privacy resources at your organization and...

    Read Now
  • Company
    • Vector
      About Us

      The Osano story

    • Icon (25)

      Become an Osanian and help us build the future of privacy!

    • Icon (26)

      We’re eager to hear from you

    • 
      Our Pledge

      No fines, no penalties

    • Icon (27)
      Data Licensing

      Add Osano data privacy ratings and recommendations to your application

    • Icon (28)
      Osano Swag Store

      Increase Trust. Stay Compliant. Get Cool Swag.

    • Icon (29)
      Press & Media

      Inquiries and Osano in the news

    • Icon (30)
      Partners & Resellers

      Interested in partnering with us?

  • Pricing
  • Sign In Book a Demo

Osano Open Source
JavaScript API

Osano Open Source

This documentation is for Osano Open Source.

Osano Consent Management Platform (CMP) JavaScript API documentation can be found here.

How to use the Cookie Consent JavaScript API

You can add additional options to the code snippet.

Javascript and CSS can be included from the CDN or hosted on your own site. Download source from GitHub.


This example places an informational (default) red and white Cookie Consent popup inside the content block of a website (instead of body).

It disables the regional law options and shows revoke option for everyone. A callback hook is used to enable or disable cookies when the consent changes. <head> <link rel="stylesheet" type="text/css" href="css/cookieconsent.min.css" /> </head> <body> <script src="js/cookieconsent.min.js"></script> <script> window.cookieconsent.initialise({ container: document.getElementById("content"), palette:{ popup: {background: "#fff"}, button: {background: "#aa0000"}, }, revokable:true, onStatusChange: function(status) { console.log(this.hasConsented() ? 'enable cookies' : 'disable cookies'); }, law: { regionalLaw: false, }, location: true, }); </script> </body>

Static configuration

cookieconsent.status (object)
Default: {deny: ‘deny’, allow: ‘allow’, dismiss: ‘dismiss’}

These are the possible values that the cookie can be set to.

cookieconsent.hasTransition (boolean)
Default: true (if transitions are supported by the browser)

Animations are set to true by default in cookie consent. This includes the fade in/out and slide up/down animations. Set this to false to disable all animations.

Main options

These are the main options that can be passed to the Cookie Consent tool.

enabled (boolean)
Default: true

This can be used to disable the popup. It is internally used to disable itself (if needed), but can be configured externally too.

container (HTMLElement)
Default: null

The tool is automatically appended to the HTML body. Use this option to select the parent element. Use autoOpen: false to prevent the tool automatically appending itself to any container.

It is recommended to set these values to correspond with your server. You MUST set the ‘domain’ option, otherwise your cookies may not work.

cookie.name (string)
Default: ‘cookieconsent_status’

Name of the cookie that keeps track of users choice

cookie.path (string)
Default: ‘/’

URL path that the cookie ‘name’ belongs to. The cookie can only be read at this location

cookie.domain (string)
Default: ”

The domain that the cookie ‘name’ belongs to. The cookie can only be read on this domain. Guide to cookie domains

cookie.expiryDays (integer)
Default: 365

The cookies expire date, specified in days (specify -1 for no expiry)

cookie.secure (boolean)
Default: false

If secure is true, the cookies will only be allowed over https

Content options

Text strings used for cookie consent window elements.

content (object)
content: { header: 'Cookies used on the website!', message: 'This website uses cookies to improve your experience.', dismiss: 'Got it!', allow: 'Allow cookies', deny: 'Decline', link: 'Learn more', href: 'https://www.cookiesandyou.com', close: '&#x274c;', policy: 'Cookie Policy', target: '_blank', }

Overwrite these default options to change the content within the tool

Custom HTML options

elements (object)
elements: { header: '<span class="cc-header"></span>', message: '<span id="cookieconsent:desc" class="cc-message"></span>', messagelink: '<span id="cookieconsent:desc" class="cc-message"> </a></span>', dismiss: '<a aria-label="dismiss cookie message" tabindex="0" class="cc-btn cc-dismiss"></a>', allow: '<a aria-label="allow cookies" tabindex="0" class="cc-btn cc-allow"></a>', deny: '<a aria-label="deny cookies" tabindex="0" class="cc-btn cc-deny"></a>', link: '<a aria-label="learn more about cookies" tabindex="0" class="cc-link" href="" target="_blank"></a>', close: '<span aria-label="dismiss cookie message" tabindex="0" class="cc-close"></span>', }

This is the HTML for the elements above. Any word surrounded by ‘’ will be automatically replaced. The string will be replaced with the equivalent text above.
You can remove “” and write the content directly inside the HTML if you want.

ARIA rules suggest to ensure controls are tabable (so the browser can find the first control), and to set the focus to the first interactive control. Learn more about using Aria HTML elements.

window (string)
Default: <div role=”dialog” aria-label=”cookieconsent” aria-describedby=”cookieconsent:desc” class=”cc-window ”></div>

Window is the ‘container’ that houses the popup contents. It has the HTML class ‘cc-window’ and is used for the main positioning of the tool. The placeholders and both get replaced during initialisation.

Layout options

How the content window is built.

The cookie consent tool is built with two main display elements. The message, and the buttons. In this tool, the buttons are grouped into what we call a ‘compliance level’. If you want an ‘opt-in’ level of compliance, then you have two buttons where the default choice is ‘cookies are disable by default’. There are other levels of compliance too. The ones we have by default are stored in the ‘compliance’ option. You can see that the only difference between the compliance levels are the buttons which are used, and how cookies are handled by default

compliance (object)
compliance: { 'info': '<div class="cc-compliance"></div>', 'opt-in': '<div class="cc-compliance cc-highlight"></div>', 'opt-out': '<div class="cc-compliance cc-highlight"></div>', }

Each compliance level contains the HTML needed to render that level of compliance. The ‘cc-compliance’ class is used in the CSS to reference the group of buttons

type (string)
Default: info

The compliance type, which refers to the compliance above. The standard cookie consent popup is purely informational.

layouts (object)
layouts: { 'basic': '', 'basic-close': '', 'basic-header': '', }

Just like the ‘compliance’ buttons are built using the ‘’ markers, the main layout can be built too like this too. The word between these two markers tell the tool what each element is called.

Example: cookieconsent.initialise({ layout: 'my-cool-layout', layouts: { 'my-cool-layout': '<div class="my-cool-layout">\

', }, elements: { pictureOfCat: '<img href="http://placekitten/300/300" />', }, content: { header: 'My awesome cat popup!' } });

layout (string)
Default: basic

The layout type refers to how the tool is rendered. See layouts above.

Position and Theme options

position (string)
Default: bottom

Position is used to describe where on the screen your popup should display. We also use ‘position’ to assume the shape of your popup. If you specify ‘top’ or ‘bottom’, we assume that a full width ‘banner’ is required. If however you specify a horizontal direction, we assume that a corner popup is required (which we call ‘floating’).

We add CSS classes ‘cc-banner’ if the popup displays as a banner, and ‘cc-floating’ if the popup displays as a floating window.

  • top, bottom – Banner
  • top-left, top-right, bottom-left, bottom-right – Floating

theme (string)
Default: block

Cookie Consent is themed, so users can create their own themes. The chosen theme is added to the popup container as a CSS class in the form of .cc-style-THEME_NAME. Available styles:

  • block (default)
  • edgeless
  • classic

Palette options

Colours can be defined in additional stylesheets or using attributes.

palette (object)
Default: null

If palette is set to null, colours have to be defined in CSS.

To pass the colours using attributes, use:
palette: { popup: {background: '#000000', text: '#fff', link: '#fff'}, button: {background: 'transparent', border: '#f8e71c', text: '#f8e71c'}, highlight: {background: '#f8e71c', border: '#f8e71c', text: '#000000'}, }

Highlight is optional and extends `button`. if it exists, it will apply to the rightmost button.
Only background needs to be defined for every element. If text or border colour is not set, it will be calculated from the background colour.

Revoke options

Some countries require consent to be revokable. Cookie Consent keeps track of these countries and adds a button to review the consent window.

revokable (boolean)
Default: false

If set true, revoke button is displayed every time. If false, revoke button is only displayed for advanced compliance options (opt-in and opt-out) and in countries that require revokable consent. The latter can be disabled by _regionalLaw _below.

revokeBtn (string)
Default: <div class=”cc-revoke ”>Cookie Policy</div>

This is the html for the revoke button. This only shows up after the user has selected their level of consent.

animateRevokable (boolean) 
Default: true

If true, the revocable button will translate in and out. Disabled by default for mobile devices.

Behaviour options

showLink (boolean)
Default: true

Used to disable link on existing layouts. If false, replaces element messagelink with message and removes content of link.

static (boolean)
Default: false

The popup uses position fixed to stay in one place on the screen despite any scroll bars. This option makes the popup position static so it displays at the top of the page. A height animation has also been added by default so the popup doesn’t make the page jump, but gradually grows and fades in.

dismissOnScroll (false | integer) 
Default: false

To disable, set to “false”. To enable, set to the number of pixels a user must scroll vertically in order to trigger the dismiss.

dismissOnTimeout (boolean | integer) 
Default: false

Set value as time in milliseconds to autodismiss after set time.

dismissOnWindowClick (boolean) 
Default: false

Set value as true to automatically consent when the user clicks anywhere.

ignoreClicksFrom (array of strings) 
Default: [‘cc-revoke’, ‘cc-btn’]

An array of class names only used with `dismissOnWindowClick`. Add a class name here to ignore clicks from that element.

autoOpen (boolean)
Default: true

This automatically opens the popup if the user hasn’t made a decision yet.

autoAttach (boolean)
Default: true

The tools HTML is automatically appended to the container by default. If you set this to false, you must attach it yourself:
var instance = new cookieconsent.Popup(options); document.body.appendChild(instance.element);

whitelistPage (array) Default: []
blacklistPage (array) Default: []

If set, cookie consent will not be displayed pages defined here. Specify pages using string or RegExp.

  • using a string : ‘/index.html’ (matches ‘/index.html’ exactly)
  • using RegExp : /\/page_[\d]+.html/ (matched ‘/page_1.html’ and ‘/page_2.html’ etc)

overrideHTML (string)
Default: null

If this is defined, then it is used as the inner html instead of layout. This allows for ultimate customisation.
Be sure to use the classes `cc-btn` and `cc-allow`, `cc-deny` or `cc-dismiss`. They enable the app to register click handlers. You can use other pre-existing classes too.

Callback hooks

Called at certain points in the program execution

onPopupOpen: function() {}
This is called when the popup is opened. It can be used to trigger an animation, or to attach extra handlers, etc.

onPopupClose: function() {}
This is called when the popup is closed. It can be used to clean up commands from onPopupOpen

onInitialise: function(status) {}
This is called on start up, with the current chosen compliance. It can be used to tell you if the user has already consented or not as soon as you initialise the tool.

onStatusChange: function(status, chosenBefore) {}
This is called any time the status is changed. This can be used to react to changes that are made to the compliance level. You can use the popup instance functions from within these callbacks too. I.E. ‘this.hasAnswered()’ and ‘this.hasConsented()’.

onRevokeChoice: function() {}
This is called when the user clicks the ‘revoke’ button. This means that their current choice has been invalidated.

Hooks can be used to disable cookies when consent is not given, and the generally extend the tool.

Location options

The location services are disabled by default. You are encouraged to implement a handler to your own service, rather than using the free ones provided.

To enable the basic location services, set ‘location’ to ‘true’. To add you own services or configure the order or execution, pass an object with configuration properties.

location.timeout (array)
Default: 5000 (milliseconds)

We can’t react to errors from script tag resources, so we set a timeout. If we don’t have the answer after 5000ms, try the next service.

location.services (array)
Default: [‘ipinfo’]

This array defines the services that you want to use. We attempt to get the country code from the first service, and only if the service fails do we move onto the next service. If all services fail, the popup is opened without modification.

If a service succeeds, then the two letter country code is passed to the ‘Law’ module, with changes your popup options depending on the cookie laws in the country code.

location.serviceDefinitions (object)

This can be used to define new services via a key, but new services they can also go straight into the ‘services’ array in an ad-hoc fashion. It is recommended that you define services in ‘serviceDefinitions’ and use ‘services’ to configure priority between services

Law options

law.countryCode (boolean)
Default: null

Rather than getting the country code from the location services, you can hard code a particular country into the tool.

law.regionalLaw (boolean)
Default: true

If false, then we only enable the popup if the country has the cookie law. We ignore all other country specific rules.

What's New at Osano

Introducing Osano Privacy Legal Templates

Now, with Osano Privacy Legal Templates you can get started faster by leveraging templates generated by our global team of privacy experts.

Learn more

Introducing DSAR email intake

Capture data subject rights requests with the convenience of email and the efficiency of a dedicated intake form.

Learn more

New reworked DSAR and discovery

We've reworked and redesigned Osano Subject Rights Management and Data Discovery, unifying them into a single, seamless experience and creating automation to save you time.

Learn more

Stay GDPR compliant under new French ruling

Privacy regulators at the CNIL in France recently declared that Google Analytics violates GDPR. Osano’s new block list feature can disable Google Analytics in France to keep you compliant while allowing you to use Google Analytics in regions where it is still legal.


New in May 2022: DSAR conditional fields, 28 new integrations, and more!

Customize DSAR forms with conditional fields, serve consent banners in additional languages, use 28 new integrations for Data Discovery, and more! Check out our latest product announcement blog for demos, links, and more information.


View more product updates

Osano product & engineering teams have been hard at work. View the full list of all product updates.

View Product Updates