🍇 Concord

The Skinny

🍇Concord manages your trackers (think Google Analytics, Facebook SDK, etc.) and waits until after the user consents to be tracked before inserting your trackers onto your site. Why does this matter?

The European Court of Justice recently ruled that initializing trackers before obtaining user consent violates the GDPR and can incur penalties.

Companies that embed Facebook’s "Like" button on their websites must seek users’ consent to transfer their personal data to the U.S. social network. “The European court is imposing an enormous responsibility on thousands of website operators – from the small travel blog to the online megastore, as well as the portals of major publishers,” said Bitkom head Bernhard Rohleder. He said the ruling would not only affect websites with an embedded Facebook “Like” button, but all social media plugins, forcing their operators to reach data agreements or face liability for collecting the data of users.

Concord manages your GDPR compliance workflow by by seperating your trackers from your source code. Getting started is easy. In Diagnostic Mode, copy your existing trackers into a Concord configuration to learn what Concord would do.

Concord operates in two phases. Before a user consents, Concord isolates your trackers from your site and adds a Consent Banner to the page.

graph LR; A[Browser] --> |request| B{Concord} style B fill:#BD90B4,stroke:#333,stroke-width:3px B --> |response| A B --> DD(GET yoursite.com) style DD fill:#FFF,stroke:#333,stroke-width:1px DD --> | Show
Consent Banner| B

After a user consents, Concord inserts your trackers onto your site.

graph LR; A[Browser] --> |request| B{Concord} style B fill:#BD90B4,stroke:#333,stroke-width:3px B --> |response| A B --> DD(GET yoursite.com) style DD fill:#FFF,stroke:#333,stroke-width:1px DD --> |Add
Trackers| B

Migrate your trackers to Concord to respect user privacy while achieving compliance peace of mind.

You can install it for free and unlock additional features with the Pro plan.

How to Install

Powered by Cloudflare

Concord is powered by Cloudflare. If you're already using Cloudflare, click here to install Concord.

Cloudflare offers DDoS protection, a global CDN, SSL certificates, and a lot more cool stuff for free. You should probably use it.


Check out this tutorial to see Concord in action.


Concord is the most comprehensive GDPR compliance solution available that also happens to be easy to use. You can get the gist of it from the installation page but we'll dig into the full configuration details below below.

Legal Fineprint

We recommend conducting your own research about consent requirements and talking to a lawyer about what's best for your organization. Bear in mind that laws and guidance relating to the online collection of information and use of cookies vary by region and continue to evolve.

Configuration Options

Built-in Banner

The following Built-in Banner options are available:

The Built-in Banner will be used unless you provide a Custom Banner.

Agreement Text

The consent message that will be displayed to your users.

Primary Theme Color

The primary theme color controls the background and button color.

Secondary Theme Color

The secondary theme color controls the button accents.

Privacy Info URL

A URL that contains more information about your privacy policy. If not defined, the Learn More link will be hidden.

Custom Banner

The Custom Banner Theme overrides the Built-in Banner.

The following Custom Banner options are available:


Template to display for your consent banner. This should be a valid HTML template and must contain an HTML element with a concord-agree attribute. Concord uses the concord-agree attribute to add a click handler that activates Concord when the user consents.

Here's a simple example:

  .consent-link {
    position: absolute;
    bottom: 0;
    color: blanchedalmond;
<a concord-agree class="consent-link"> Ok, let's go </a>

Page Reload Delay

Duration in seconds to wait after the user consents before automatically reloading the page and inserting provided trackers. This is useful if your banner contains an animation effect.

Advanced Options

The following Advanced Options are available:

Duration in seconds after a user consents until a user is re-prompted for consent. By default, users are never re-prompted to consent.

Include Subdomains

When a user consents by default, they are only consenting on the current subdomain. They will be re-prompted if they visit another subdomain on your site. Enable this to include all subdomains when a user consents.

Agreement History

Concord uses the last value in the list to set the current user agreement cookie. If your policies change and you require users to consent again, add a unique value to this comma-separated list.


Let's say you need users to re-prompt after Privacy Policy updates, and your Privacy Policy was updated twice. In this case, your Agreement History might look like:

Agreement History: bgfa, qq12

Concord uses a default hash (Zk7QW9DVwAgGXoL0) to assign a user agreement cookie. Your Agreement History updated the hash to bgfa after the first Privacy Policy change and qq12 after the second. Just add a new unique value to your list when it changes again!

Don't delete your old Agreement History values! Keep them in your Agreement History to ensure you are always using unique values for new entries.

The following Consent Configuration options are available:

Before consent, your Consent Banner will appear at this wildcard-compatible URL. After consent, your Trackers will be inserted.

A Consent Route must include your hostname and may include wildcards designated by an asterisk (*) which match any number of characters before or after the required hostname.

Route URL Matches
*yoursite.com* all routes on yoursite.com
*yoursite.com/blog* subdomains and subroutes of yoursite.com/blog including /blog
*yoursite.com/blog/* subdomains and subroutes of yoursite.com/blog excluding /blog

Use wildcard routes to apply a single Consent Configuration to more than one page.

Diagnostic Mode

Show what Concord would do if it was running normally on a route by adding diagnostic headers to the response. Use it to safely migrate your trackers to Concord without affecting your site.

Diagnostic Mode is very helpful for setting up Consent Configurations without affecting your site.

Enabling this disables Concord from its normal operation and attaches the following headers to page responses:

  • Concord-Agreed [boolean]: Whether or not the user has consented

  • Concord-Agreement-Version [string]: The active version of your terms of service (see Agreement history)

  • Concord-Matching-Route [string]: the Consent route matching the request

  • Concord-URL-Tracker-Count [number]: the number of scripts that would be inserted

  • Concord-Agreement-Expiry-Seconds [number]: the number of seconds until a user must re-consent (defaults to 0 meaning never)


Trackers are inserted into pages matching your Consent Route after a user consents to being tracked.

Tracker Options
Option Description
Tracker Name A name or short description to help remember your tracker.
Tracker Code Well-formed HTML tracking code to insert after a user consents.
Tracker Location Decide between applying the Tracking Code to the head or body of the web page.