Setting up a consent banner is a good start. But to truly be compliant, you need to translate your visitors’ choices (or lack of choice) into concrete technical actions.
Your website must behave differently depending on the user's consent status:
✅ If the user gives consent for a service:
→ You can load the service and run the associated scripts.
❌ If the user explicitly refuses the service:
→ The service must not be loaded, and no data should be sent to it.
🕓 If the user has not yet interacted with the banner (no consent expressed):
→ By default, the service must be blocked until a choice is made.
This conditional behavior is what we call consent-based logic. It ensures that services requiring consent are only triggered when authorized, and remain blocked otherwise.
How to implement consent logic
You can set it up in two ways:
Manually in your site’s code, by writing conditions (e.g. “if the user has consented to this service, then load this script”)
Via a visual interface like a tag manager, which lets you define rules without writing code. The tag manager then handles the execution logic in the browser.
How are services triggered on your site?
For each listed service, it’s important to check how it is loaded. There are several methods, but most often, you’ll encounter two main scenarios:
The script is hardcoded directly into your page source, usually copy-pasted from the provider’s documentation
The service is loaded via a Tag Manager (like Google Tag Manager), either with a custom HTML tag or a predefined tag template
In other cases, you might also come across:
CMS plugins (WordPress, Shopify…) that embed third-party services
iframes (e.g. YouTube, Google Maps)
dynamically injected scripts via JavaScript frameworks
There are other situations, but the two methods above cover most use cases.
Our recommendation: centralize scripts in your Tag Manager
If you’re already using Google Tag Manager (or another tag manager), we strongly recommend centralizing all your services within it. Here's why:
You get a unified view of all third-party services
You can easily manage consent logic using GTM’s trigger system
Most importantly, you avoid editing your site’s code, which can be tricky if you’re not comfortable with development
👉 In practice: for each script hardcoded on your pages, create a tag in GTM to replace it, then remove the hardcoded version. This way, everything is managed from GTM, including the triggering based on Axeptio consent.
Not using a Tag Manager?
If you’ve integrated your services directly into your website’s code and are not using a Tag Manager, you can still apply consent logic manually. We provide code snippets to help you implement this in our dedicated article.
This approach involves:
Listening for the Axeptio consent state
Only executing third-party scripts once consent has been given
This solution is more technical and requires development resources, but gives you precise control over how your site behaves.
Remember: simply displaying a consent banner is not enough. If you don’t implement this consent-based logic, your visitors may refuse a service… but it could still load behind the scenes.
To be compliant, services must be blocked until the user gives their consent, and only triggered once consent has been granted.
To illustrate consent-based logic, let’s take a concrete case you might encounter.
Identify the service and its status
You ran a scan of your site with Shake, and the PDF report shows that a Facebook Pixel is present on some pages.
➡️ This service is listed as collecting personal data. It must therefore be subject to consent.
Check how the service is integrated
Now you ask yourself:
👉 How is the Facebook Pixel loaded on my site?
Upon checking, you notice that:
The Pixel is not directly embedded in your page code,
It is loaded via Google Tag Manager, either as a custom HTML tag or using the Facebook tag template provided in GTM.
Condition the trigger in GTM
Since you use GTM, you can condition the firing of the Facebook Pixel tag on the Axeptio consent status.
Result: the Facebook Pixel will only fire if the user has given their consent to this service via the Axeptio banner.
If the user refuses, or does not respond, the Pixel will not fire.
What if the script was hard-coded?
In that case, you would have had to add a condition in your code to listen to the consent status and only trigger the Facebook script if explicit consent was given.