Common Issues

Symptoms: No consent banner appears on your website.

Check these things:

  • Script is loaded: Open DevTools > Network tab, filter by “consent.js”. The script should return 200. If it’s 404, you haven’t published yet.
  • Script is in <head>: The script tag must be in the <head> section, not at the end of <body>.
  • Console errors: Check the browser console for JavaScript errors. CSP violations will appear as errors mentioning cdn.cookieboss.io.
  • Consent already given: If you’ve already accepted/rejected, the banner won’t show again. Clear consent with the snippet below.
  • Geo rules: If your default geo rule has showBanner: false, visitors outside EU/California won’t see a banner. Check your geo rules configuration.

Clear consent to re-show the banner:

javascript 
document.cookie = 'cookieboss_consent=; path=/; max-age=0';
localStorage.removeItem('cookieboss_consent');
location.reload();

Symptoms: The banner reappears on every page load even after accepting.

Possible causes:

  • Cookies blocked by browser: Some browsers (Safari with ITP, Brave) aggressively block cookies. CookieBoss uses localStorage as a fallback, but both may be cleared in private/incognito mode.
  • Multiple domains: If your site spans multiple subdomains (e.g. www.example.com and shop.example.com), the consent cookie (which uses path=/) is set on the current hostname. Use a consistent domain.
  • Content Security Policy: If CSP blocks cdn.cookieboss.io, the script can’t write the consent state. See CSP Configuration.

Script not loading after publish

Symptoms: You clicked Publish but the old banner (or no banner) appears.

Check:

  • CDN cache: The CDN serves cached scripts for 24 hours. After publishing, it may take a few minutes for the cache to update. Try adding ?v=timestamp to the script URL temporarily to bypass cache.
  • Publish status: Check if publishing completed using the API (see command below).
  • Browser cache: Hard-refresh the page (Ctrl+Shift+R / Cmd+Shift+R) or test in an incognito window.

Check publish status via API:

bash 
curl https://api.cookieboss.io/api/v1/sites/$SITE_ID/publish/status \
-H "Authorization: Bearer $TOKEN"

GTM tags not firing

Symptoms: Google Tag Manager tags aren’t firing after consent is given.

Check:

  • GTM enabled: Make sure GTM integration is enabled in your banner settings.
  • Trigger setup: In GTM, verify you have a Custom Event trigger for cookieboss_consent_update (not cookieboss_consent_accept_all — the update event covers all scenarios).
  • Data Layer Variables: Verify variable names exactly match: cookieboss.consent.analytics, cookieboss.consent.marketing, etc.
  • Script order: The CookieBoss script must load before the GTM container. Check the Network tab to verify loading order.

Check dataLayer in the browser console:

javascript 
// Check if CookieBoss events are in dataLayer
window.dataLayer.filter(e =>
typeof e === 'object' && e.event?.startsWith('cookieboss')
);

Geo detection returning wrong region

Symptoms: EU visitors see the wrong consent mode, or non-EU visitors get the GDPR opt-in banner.

Possible causes:

  • VPN/proxy: Visitors using VPNs will be classified based on the VPN server’s location, not their real location.
  • Stale geo cache: Geo detection results are cached in localStorage for 24 hours. Clear it with the snippet below.
  • Geo endpoint unreachable: If the geo endpoint fails, CookieBoss defaults to the most restrictive mode (EU/opt-in). Check the Network tab for failed requests to a.cookieboss.io.

Clear geo cache:

javascript 
localStorage.removeItem('cookieboss_geo');
location.reload();

Still stuck? Check the Debugging guide for step-by-step diagnostic techniques.