Last modified: March 19, 2025 at 8:01pm

Drupal CMS includes a flexible consent management tool designed to enhance user privacy while supporting compliance with data protection laws in locations relevant to your organization. We’ll refer to this tool as “the consent manager”.

Smart defaults and guidance for handling cookies, tracking scripts, and embedded services that ensure privacy are included in Drupal CMS. Rather than a one-size-fits-all approach, Drupal CMS allows you to configure privacy settings to align with your audience’s needs and regulatory requirements, enabling users to have control over their data.

Drupal CMS integrates the open source Klaro Privacy Manager provided via the Klaro Cookie & Consent Management module, which provides users with a streamlined consent management UI that seamlessly integrates with other Drupal CMS features.

What will users see?

Drupal CMS helps you to process personal data in a manner that is completely transparent and supports data protection laws, while disturbing your users as little as possible. The consent manager is desktop- and mobile-friendly, and works in all modern (and most older) browsers.

When a visitor’s browser attempts to store personal data using a cookie, or share it with any page containing a third-party resource (such as a map, video, or tracking script), the Drupal CMS consent manager determines whether the action is permitted and in what form.

Every time you enable new features that are included with Drupal CMS, the consent manager updates its tracking list. For example, enabling the Event feature (which uses embedded maps) or the Google Analytics feature (which uses Google Tag Manager) adds those services to the consent manager’s tracking list.

While many JavaScript snippets and cookies are detected automatically, additional configuration options ensure any use case can be accommodated.

Users of your site can expect to see the following.

A website footer containing a “My privacy settings” link, which allows users to review and update their consent preferences.

My privacy settings link in the footer of every page. Clicking this link will open the consent manager and allow you to opt-in or out of sharing data with the various services used.

Note: This link is only visible when a feature that requires consent management has been enabled.

A cookie consent management modal displaying options for enabling or disabling functional, analytics, embedded external content, and advertising & marketing cookies. A “Save” button is visible at the bottom, and the modal is powered by Klaro.

The consent manager widget presents the user with an interface that lists the different sources requesting access to their personal data, and toggles to allow complete control over whom that data is shared with.

Embedded services like Leaflet maps will display a consent widget that requires a user to confirm loading of the third-party resource.

A privacy consent prompt asking whether the user wants to load external content from an embedded map service (Leaflet). The options presented are “Yes (this time)” and “Always,” along with a link to manage privacy settings.

If the page contains embedded JavaScript snippets that are not visible in the UI, like an analytics tracking snippet, visitors will be presented with options to accept all, decline all, or customize for fine grained control over which services you’ll share your personal data with.
 

A small cookie consent notice at the bottom of a webpage, informing users that cookies and personal data processing are used for functional, embedded external content, analytics, and marketing purposes. Buttons for “Customize,” “Decline,” and “Accept” are present.

Drupal CMS implements the open source Klaro Privacy Manager through the Klaro Cookie & Consent Management module. Drupal CMS provides smart default configuration for the consent manager that should work for most situations. Administrators can modify the consent manager’s extensive configuration options to meet any legal requirements or organizational preferences.

To find configuration options for the consent manager, using the navigation toolbar, go to ConfigurationUser InterfaceKlaro! settings (/admin/config/user-interface/klaro). Klaro settings are divided into the following sections:

Settings

Contains settings related to the behavior and display of the consent manager dialog.

Drupal CMS will attempt to set the consent manager’s visibility to the best option automatically depending on the different features you have enabled for your site. You can modify these settings to fit your specific needs.

If no cookies or external services are used, the dialog can be hidden (this is the default in Drupal CMS). When features like embedded media or JavaScript tracking tags are added, the visibility settings need to be updated to ensure visitors can manage these services. Learn about the different modes in the Klaro! documentation.

Manage

Contains a list of services the consent manager can control access to and configuration for each service.

When a service is enabled, it will appear in the consent manager as a service with whom visitors can choose to share their data.

Services are the individual applications or tools on your website that collect user data, such as an analytics platform or social media plugin. Purposes denote the specific reasons for data collection by these services, such as improving user experience or targeted advertising.

Drupal CMS comes with various services pre-installed (but inactive by default) for embeds of social media platforms like YouTube, Vimeo, and many more. When a new Drupal CMS feature is enabled that requires one of these services, it will be enabled automatically. You can adapt and configure these services for your needs.

Site administrators can add new services for any applications or tools that are not already present in the list. Learn more about adding new services in Manage services and purposes | Klaro Cookie & Consent Management.

Texts

Configure text presented to visitors in the consent manager UI.

Note: The description of each service is managed as part of the service configuration. See above.

FAQ

Most likely this is because it is not needed. By default, Klaro operates in silent mode and the consent manager remains hidden unless cookies, embedded media, or third-party scripts requiring user consent are detected. If no such services are in use, the dialog will not be displayed.

If a custom theme or module overrides Klaro’s functionality, the consent manager may not display correctly. Temporarily switch to a default theme and disable conflicting modules to troubleshoot.

The Drupal CMS consent manager will attempt to automatically detect any third-party sources and add them to the available options. If it doesn’t locate your service, or you need more control over how it is managed, you can add configuration for it. Use the Log unknown resources configuration option to help detect and configure third-party services that were not automatically added.

Follow these steps to add a new service, such as a JavaScript tracking code, to the Drupal CMS consent manager:

  1. Using the navigation toolbar, go to ConfigurationUser InterfaceKlaro! (/admin/config/user-interface/klaro). Select ManageServices.
  2. Click Add service to create a new entry.
  3. Enter a Label (e.g., “Internal Tracking Script”) and Description (shown to end users in the consent manager dialog).
  4. Under Purpose, select or create an appropriate category (e.g., “Analytics” or “User Behavior Tracking”).
  5. Under the Advanced tab, add the detailed information about the elements on the page that should be blocked by Klaro until a user consents to using them. This involves providing Klaro with the information it needs to be able to find the element(s) on the page and disable them. It might include the URL of a third-party JavaScript file (e.g. example.com/tracking.js), or the HTML ID of an element (e.g. #internal-analytics). Once configured, Klaro will rewrite the HTML of the page to disable a service until it’s been accepted.

Use case: As the site administrator, I want to make the Leaflet maps service enabled by default, so that for end users, the maps will show automatically, but they can still opt-out.

  1. Go to ConfigurationUser InterfaceKlaro! (/admin/config/user-interface/klaro). Choose the Manage tab and then the Services local task.
  2. Find the service that you want to configure in the list and choose the Edit option.
  3. On the General tab of the settings form, choose the options appropriate for how you would like the default state of the service to be set in the consent manager dialog.
  4. Optionally, update the service Description to explain the default state.
  5. Press Save to update the service’s configuration. 

How can I make a service required so that users cannot opt-out?

See instructions above for changing the default opt-in state of a service.

What’s next?

After enabling new features, or changing the consent manager’s configuration, visit your site in a private browsing window to see how it affects the consent manager’s behavior.

If you’ve added custom features or additional modules to your site, temporarily enable the consent manager’s Log unknown resources option to see if there are any new services you need to configure.

Wrap-up

The Drupal CMS consent manager (powered by Klaro!) provides a flexible, automated approach to managing user privacy. With smart defaults, powerful configuration options, and deep integration with third-party tools, it balances user control with site functionality. By customizing its settings, site administrators can create a transparent, user-friendly experience that aligns with both legal requirements and audience expectations.

Additional resources

Back to top