Do you know what a cookie consent window actually does?

Here's what this site does. No Cookiebot would have been needed if we hadn't started running Google Ads today.

• First-party only. Visit data goes to our own PostgreSQL. No Google Analytics, no tracking pixels.
• No third-party cookies. The only cookies are session and a first-party kompas_src for campaign attribution.
• Cookiebot added today — because Google Ads loads gtag.js, which sets cookies. Without ads, we wouldn't need a consent banner at all.
• Google Consent Mode defaults everything to denied. Scripts are blocked until you consent.

If you can build this yourself, you probably don't need to pay for a CMP. The question is whether the time it takes is worth more than the subscription.

A cookie consent window is a gatekeeper. It controls which scripts are allowed to run on the page before you say yes. Here's the short version:

• Before you consent: third-party scripts (analytics, ads, tracking pixels) are blocked. The site works, but it can't measure you.
• When you click accept: those scripts load. They set cookies, send data to their servers (Google, Meta, etc.), and start tracking your behavior across sites.
• When you decline: the scripts stay blocked. The site still works. You're just invisible to the measurement layer.

The third-party solutions you're paying for? They're doing exactly this — scanning your site for cookies, generating the banner, and managing consent state. The cost isn't the banner itself. It's knowing which scripts you're running and what they do.

This site runs no third-party tracking. We added a consent banner today only because we started running Google Ads. Here's the full picture: