Guide

How Cookie Consent Works

By Published 13 July 2026

Cookie consent works by blocking non-essential tags before they run, showing the visitor a banner, and releasing those tags only if the visitor accepts. The order is the point: the blocking happens first, on page load, before any tracking fires. The banner then collects the choice, the choice is stored so the visitor is not asked again, and the accepted tags are released. Each event is recorded so you can prove it.

A banner that appears after your analytics has already loaded is theatre. By then the cookies are set and the law is already broken.

The five steps

  1. Prior blocking. On load, the consent tool holds back non-essential scripts and cookies. Nothing beyond the exempt categories fires yet.
  2. The banner. The visitor sees an equal-prominence choice: accept, reject, or manage categories.
  3. Storing the choice. The decision is saved, usually in the browser, so the visitor is not re-prompted on every page.
  4. Releasing tags. If the visitor accepts a category, the tools in that category are allowed to run. If they reject, those tools stay blocked.
  5. Recording the event. The tool logs what the visitor saw and chose, so you can demonstrate consent. See how to prove cookie consent.

For Google tags there is an extra layer. Google Consent Mode carries the choice to GA4 and Google Ads, so they adjust what they collect rather than being blocked outright. Blocking and Consent Mode work together: the blocking stops non-Google tags, and Consent Mode tells Google's tags how to behave. See the Google Consent Mode v2 guide.

Why prior blocking is the hard part

Getting the banner to look right is easy. Getting every non-essential tag to hold until consent, across a real site with tag managers and third-party scripts, is the engineering work that actually delivers compliance. Consentfolio blocks first and asks second, and sends Consent Mode v2 signals, from one script tag. See cookie banner software and UK cookie law explained.

Frequently asked questions

What does "prior blocking" mean? Non-essential cookies and tags are held back on page load and released only after the visitor consents. It is the technical core of PECR compliance.

Where is the consent choice stored? Usually in the visitor's browser, so they are not asked again on every page. The event is also recorded on the server side so you can prove it.

What happens if a visitor rejects? The rejected categories stay blocked, so those cookies and tags never run. Only strictly necessary and exempt technologies continue.


Written by Tudor Rusmanica, founder of Consentfolio. Tudor has spent over a decade in agency SEO, working where search performance meets data protection: the analytics, tagging and consent setups that keep measurement useful and lawful. Connect on LinkedIn.

Published 13 July 2026. This guide is general information, not legal advice.

Questions? consentfolio.com · This guide is general information, not legal advice.