ProtoConsent
ProtoConsent

Build with ProtoConsent

Read user consent preferences directly from the browser. No backend, no identity, no tracking

Optional integration
Read-only
MIT SDK
Null-safe
How the browser enforces

What ProtoConsent does

ProtoConsent is a browser extension that lets users define how different data‑use purposes should be treated on each site, then applies those rules locally in the browser. All preferences and enforcement happen on the user's device.

  • Per‑site purpose profiles: choose how to treat functional, analytics, advertising, personalisation, third‑party services and advanced tracking for each domain.
  • Network‑level enforcement: uses browser extension APIs to block or allow requests related to specific purposes, with observable results.
  • Optional enhanced protection: activate curated third‑party blocklists for broader coverage, with presets or individual list control.
  • Conditional GPC signal: sends Sec‑GPC only when privacy‑relevant purposes are denied, per site, not globally.
  • Site declarations: websites can publish a .well-known/protoconsent.json to declare their data practices. No SDK required.
  • Local‑only, composable: runs entirely in the browser. Designed to sit alongside existing consent tools.
Log tab showing blocked domains grouped by purpose
Blocked domains grouped by purpose in the Log tab.
Read preferences

Query consent state per site

The SDK returns true, false, or null (extension absent) for each purpose. Per-site only, fully local.

See the SDK integration →

Adapt behaviour

Don't negotiate, respond

Use the signal to load or skip scripts, simplify banners, or respect user choices without guessing. The extension enforces at the network level regardless. The SDK lets you adapt gracefully.

Global Privacy Control

A legally recognised privacy signal, per site

ProtoConsent sends the Sec‑GPC header automatically when privacy‑relevant purposes (ads, third‑party sharing, advanced tracking) are denied for a site.

Unlike browser‑wide GPC toggles, ProtoConsent's signal is conditional and per‑site: it only fires when your purpose choices justify it. GPC already has legal weight under California's CCPA/CPRA and is under discussion in the EU.

Check it live on the demo site →

GPC signal detected on globalprivacycontrol.org
GPC signal detected on globalprivacycontrol.org when privacy purposes are denied.
Path A: Zero code

Declare data practices

Best for: publishers, static sites, any website.

Publish a .well-known/protoconsent.json file at your domain root declaring which purposes your site uses, what legal basis it claims, and which third parties it integrates. The extension reads this file and displays it in a side panel with Consent Commons icons. One static file is all it takes.

Site declaration side panel with Consent Commons icons
Site declaration displayed with Consent Commons icons. See the demo site for a complete example.

Read the spec →  ·  Validate your file →  ·  Demo site source →

Path B: SDK

Read user preferences in 3 lines

Best for: any website that wants to read user preferences and adapt accordingly. 

// Load the SDK (ES module, MIT licensed)
import ProtoConsent from 'protoconsent.js';

// Check a single purpose
const allowed = await ProtoConsent.get('analytics');
if (allowed) loadAnalytics();

// Or read all purposes at once
const all = await ProtoConsent.getAll();
// { functional: true, analytics: false, ads: false, ... }

Returns null if the extension is not installed. Safe by default, always graceful.

Full API: get(purpose), getAll(), getProfile().

Protocol spec →  ·  SDK source →  ·  TypeScript declarations →

What ProtoConsent is not
  • Not a CMP: it does not manage consent on behalf of your site or negotiate with vendors.
  • Not a tracking API: the SDK transmits no identity, no cookies, no cross-site state.
  • Not a browser-wide toggle: preferences are per-site and per-purpose, not global.

Website participation is optional and does not affect user-side enforcement.

Trust and guarantees
  • SDK communication is fully local, via the content script bridge.
  • Everything runs in the browser: local storage, local enforcement, local decisions.
  • Open source: extension (GPL-3.0+), SDK (MIT). Inspectable behaviour.
  • Observable enforcement: users see blocked requests, GPC signals, and domain-level detail.
Live test

Your preferences for this site

This section queries the ProtoConsent extension in real time using the SDK protocol. If the extension is installed, your current preferences for protoconsent.org are shown below.

Go deeper

Specifications and architecture

Questions or integration ideas? Open an issue or contact us.