ConsentPixel – Privacy · Verified

Framer · Custom Code + Embeds ⚡ One Embed, No Plugin

Cookie Consent for
Framer That Blocks
Scripts Before Consent.

Framer ships beautiful sites fast — but it has no native consent layer that blocks tracking. The GA4, Meta Pixel, GTM, and session-replay scripts you add through Framer's custom code and embeds fire on every page load, with nothing holding them until your visitor consents. ConsentPixel — Privacy · Verified blocks every registered script with one custom code embed, styled to match the site you designed in Framer.

Works on all Framer plans
GDPR · CCPA · CIPA · 19 US state laws
Google Consent Mode v2 built in
Blocks custom code & embed scripts
Fastest
Growing design-first site builder for startups & agencies
$5,000
Per-visitor CIPA exposure from session-replay on California traffic
€20M
Max GDPR fine — or 4% of global annual revenue
2 min
To add ConsentPixel via Framer custom code

Framer Has No Native Script-Blocking Consent Layer

Framer is built for designers and is exceptional at shipping polished, animated marketing sites quickly. But that design focus means it does not include a built-in consent management system that blocks tracking scripts. Framer can show a custom banner you design, but a banner is only the visible half of compliance — the half that matters legally is whether tracking scripts are actually held until consent.

Every analytics and advertising tag on a Framer site is added through custom code (site or page settings) or an embed. With no native consent layer, those scripts — GA4, Meta Pixel, GTM, Hotjar — execute on page load. A hand-built banner that sets a cookie when clicked does nothing to stop them.

⚠ The DIY Consent Trap Why a designed banner without script blocking is not compliance

It is tempting to add a styled cookie banner in Framer and call the site compliant. But unless something intercepts and holds the tracking scripts until the visitor clicks accept, the banner is cosmetic. The scripts fire before the visitor ever sees the banner.

This is exactly the pattern regulators have penalised: a notice on screen while data already flows to Google, Meta, and session-replay vendors in the background.

✗ Custom-code GA4 fires on load

Adding GA4 via Framer custom code means it runs the moment the page renders — long before any banner interaction.

✗ Embedded Meta Pixel fires

A Meta Pixel embed executes immediately. A designed banner has no mechanism to delay it.

✗ Session-replay runs pre-consent

Hotjar or Clarity added via custom code records sessions before consent — $5,000/visitor CIPA exposure for California traffic.

✗ No GCM v2 / GPC

There is no native Framer feature for Google Consent Mode v2 parameters or Global Privacy Control detection.

For Framer's core users — agencies shipping client sites and startups shipping landing pages — this is a real liability. The faster you ship, the easier it is to drop in a tracking pixel and forget that nothing is gating it.

Trackers Commonly Running on Framer Sites

Framer sites are typically startup marketing sites, product launches, and agency client builds — carrying conversion-focused analytics and advertising stacks. These are the most common integrations and the exposure each creates.

📊
Google Analytics 4
GDPR · CCPA · GCM v2
The most common tracker on Framer sites. Sets _ga cookies and transmits to Google on page load. Needs Google Consent Mode v2 default-deny set before GA4 initialises.
🔖
Google Tag Manager
GDPR · GCM v2 Required
Every tag inside a GTM container fires on load — conversion pixels, remarketing, analytics. The GCM v2 default state must be set before GTM loads, not after.
📘
Meta Pixel
GDPR · CCPA · CIPA
Loads from Facebook's CDN and fires on load, sharing browsing behaviour and conversions with Meta's ad network regardless of any banner shown.
🔥
Hotjar / Microsoft Clarity
GDPR · CIPA
Session-replay snippets added via Framer custom code or embeds run on load with nothing to gate them — $5,000/visitor CIPA exposure for California visitors.
🎯
LinkedIn / TikTok Pixels
GDPR · CCPA
External pixels that set identifiers and fire on load. Common on B2B, agency, and creator sites and frequently missed in consent configurations.
📹
YouTube / Vimeo Embeds
GDPR
Embedded players set third-party cookies and load tracking when the page renders — not when the visitor presses play. Must be consent-gated for GDPR.
💬
Live Chat (Intercom, Drift, Crisp)
GDPR · CCPA
Chat widgets set persistent identifiers and load before consent. Common on SaaS, service, and agency sites.
📧
Email / Marketing Automation
GDPR · CCPA
HubSpot, Mailchimp, Klaviyo, and ConvertKit tracking scripts install cookies and track page views independently of any consent layer.

Manual Banner vs. ConsentPixel on Framer

A designed-in-Framer banner and ConsentPixel are not equivalent. A banner displays a notice; ConsentPixel actually blocks the scripts — the part that determines compliance.

CapabilityDIY Framer BannerConsentPixel
Blocks external JS before consent✗ Not supported✓ All registered scripts
Blocks GA4 / GTM tags✗ No✓ Yes
Google Consent Mode v2 (all 4 params)✗ No✓ All plans
Global Privacy Control (GPC) detection✗ No✓ Auto-detected
CIPA session-replay blocking✗ No✓ Yes
US state law opt-out (19 states)✗ No✓ All plans
Timestamped consent audit log⚠ Basic / none✓ Full log, exportable
Page-scoped consent enforcement✗ No✓ Yes
Works without platform plan upgrade⚠ Often gated✓ Any plan
🚫
A banner that doesn't block scripts is decoration, not consent. GDPR and CIPA care about whether tracking happens before consent, not whether a notice appeared. If your Framer banner sets a cookie but your GA4, Meta Pixel, and Hotjar already fired, you have the legal exposure without the protection.

See what fires on your Framer site before consent

ConsentPixel scans your published Framer site in a fresh session — no cache, no prior consent — and shows every script transmitting data before consent is recorded.

Scan My Framer Site →

How to Install ConsentPixel on Framer

ConsentPixel installs on Framer as a single custom code entry in your site settings — no plugin, no marketplace install. It must load before your other scripts so pre-consent blocking works correctly.

1

Create your ConsentPixel account and scan your site

Sign up at consentpixel.com, add your Framer site's domain, and run the auto-scanner. ConsentPixel maps every tracker across your published site — including custom code and embeds. Copy your unique pixel snippet.

2

Add the snippet to Framer site custom code (start of head)

In Framer, open Site Settings → General → Custom Code. In the Start of <head> tag field, paste the ConsentPixel snippet, before any GA4, GTM, or Meta code.

Site Settings → Custom Code → Start of <head> tag
<!-- ConsentPixel — must be first in head -->
<script
  src="https://pixel.consentpixel.com/YOUR-SITE-ID.js"
  async></script>

Using the Start of <head> field rather than End of <body> ensures ConsentPixel initialises before tracking scripts placed lower in the document.

3

Publish your site

Click Publish. Custom code runs on the published site, not in the Framer canvas preview. ConsentPixel begins blocking registered scripts on the live site immediately.

4

Register your external scripts and configure GCM v2

In the ConsentPixel dashboard, register each tool by category: Analytics (GA4), Marketing (Meta, LinkedIn, TikTok), Functional (chat), Session Recording (Hotjar, Clarity). ConsentPixel holds each category until consent.

Enable Google Consent Mode v2 — ConsentPixel sets all four GCM v2 parameters as the first head script, before your GTM or GA4 code loads.

5

Style the banner to match your Framer design

In the ConsentPixel dashboard, set the banner colours, radius, and typography to match the design system you built in Framer. On Agency Lite and Pro plans you can fully white-label the banner so it reads as part of your — or your client's — brand.

💡
Check the load order after publishing. Open your live Framer site in incognito and check the DevTools Network tab — ConsentPixel's domain must appear before googletagmanager.com or connect.facebook.net. If a tracker still fires early, confirm its code is registered in ConsentPixel and that ConsentPixel sits in the Start of head field, not the end of body.

What ConsentPixel Does for Your Framer Site

🛡️

Real script blocking, not a notice

Intercepts GA4, Meta Pixel, GTM tags, Hotjar, and embeds added through Framer custom code and holds them until consent — the protection a designed-only banner cannot provide.

📡

Google Consent Mode v2 — correct order

Sets all four GCM v2 parameters as the first head script, before your tags load. Protects Google Ads conversion measurement for EU and UK visitors.

🌐

GPC browser signal detection

Honours the Global Privacy Control signal for California, Colorado, Virginia, and Connecticut visitors automatically — no native Framer equivalent exists.

🔥

CIPA session-replay protection

Blocks Hotjar, Clarity, and Lucky Orange before consent — removing the $5,000/visitor CIPA exposure for California traffic that session-replay creates.

🎨

Designed to match your Framer build

Fully styleable banner that matches the typography, colour, and radius of the site you designed — no clashing default widget. White-label on Agency plans.

No plugin, ships at Framer speed

One custom code entry, configured from a dashboard. Fits the rapid-ship workflow Framer agencies and startups rely on — no build step, no maintenance.

Framer Privacy Compliance Checklist (2026)

📋 Framer Site Compliance Checklist — 2026 11 items
Audit every external script loading on your Framer siteCheck GTM tags, embedded code, app/plugin scripts, and any integration that calls a third-party domain
Verify external JavaScript is blocked before consent — not just first-party cookiesTest in your browser's DevTools Network tab in a private/incognito window before accepting anything
Add ConsentPixel to the Start of <head> custom code fieldMust initialise before tracking scripts — a designed banner alone does not block anything
Configure Google Consent Mode v2 with all four parametersRequired for EEA/UK Google Ads — the default-deny state must fire before GTM or GA4 loads
Block session-replay tools before consent$5,000/visitor CIPA exposure — Hotjar, Clarity, Lucky Orange must never run before explicit consent
Implement GPC browser signal recognitionMandatory in California, Colorado, Virginia, and Connecticut — most native banners do not provide this
Add a "Do Not Sell or Share" opt-out for US visitorsRequired across California and all 19 active US state privacy laws in 2026
Consent-gate all embedded third-party content — maps, video, social widgetsYouTube, Google Maps, and X/Twitter embeds set third-party cookies and must be gated for GDPR
Update your privacy policy to disclose all external integrationsName GA4, GTM, Meta, LinkedIn, Hotjar, and any automation platform as third-party data recipients
Maintain a full timestamped consent audit logRequired under GDPR Article 5(2) accountability — keep an exportable record of every consent choice
Re-test after any Framer template, theme, or app changeUpdates can change script load order — confirm ConsentPixel still loads first after any change

Frequently Asked Questions

Framer can display a banner you design, but it has no native consent layer that blocks tracking scripts. A designed banner that sets a cookie does not hold GA4, Meta Pixel, or Hotjar — those are added through custom code or embeds and fire on page load regardless. Real compliance requires something that intercepts and holds those scripts until consent, which is what ConsentPixel does.
Add the ConsentPixel script to Site Settings → General → Custom Code, in the Start of <head> tag field, before any analytics or pixel code, then publish. No plugin or marketplace install is needed, and it works on every Framer plan.
Because compliance depends on whether tracking happens before consent, not on whether a notice appeared. A banner styled in Framer that simply sets a cookie when clicked does not stop the GA4, Meta Pixel, and session-replay scripts that already fired when the page loaded. ConsentPixel intercepts and holds those scripts until the visitor consents.
If your Framer site runs session-replay or heatmap tools and receives California visitors, CIPA applies. With no native blocking, those tools record from page load. California's wiretapping statute carries statutory damages of up to $5,000 per affected visitor with no proof of harm required. ConsentPixel blocks all session-replay scripts before consent.
Yes. The banner's colours, corner radius, and typography are all configurable from the ConsentPixel dashboard so it matches the design system you built in Framer. On Agency Lite and Pro plans you can fully white-label the banner for your own or a client's brand.
No. ConsentPixel loads asynchronously from Cloudflare's edge and adds only a few kilobytes. Because it holds tracking scripts until consent, visitors who have not consented load fewer third-party scripts on first paint, which can improve initial load. It does not affect Framer's animations or rendering.
Framer Compliance — Block, Don't Just Display

One custom code entry.
Real blocking, your design.

ConsentPixel — Privacy · Verified blocks the GA4, GTM tags, Meta Pixel, and session-replay scripts your Framer custom code loads — while passing all four GCM v2 parameters and honouring GPC signals. Styled to match the site you designed. No plugin, ships at Framer speed.

Scroll to Top