Migration from Other CMPs
Switch from your current consent management platform to ConsentStack with this step-by-step migration guide.
Switching consent management platforms sounds daunting, but it's simpler than you think. The actual swap is one script tag out, one script tag in. The real work is a few minutes of preparation.
Before you start
Take a quick inventory of your current setup. You'll want this information handy when configuring ConsentStack.
- Consent categories — List every cookie category your current CMP uses (e.g. "Strictly Necessary", "Performance", "Targeting"). Note which ones are essential and which are optional.
- Custom integrations — Do you have any scripts that listen for consent events from your current CMP? Note these so you can reconnect them using ConsentStack's JavaScript API.
- Regulation settings — Which regions are you covering? GDPR for Europe, CCPA for California, or others? Write down which consent model (opt-in, opt-out, notice-only) applies to each region.
- Banner customizations — Note any brand colors, custom text, or layout preferences you've set up. You'll recreate these in ConsentStack's config builder.
This inventory typically takes five to ten minutes and saves time during setup.
Set up ConsentStack
If you haven't already, follow the Quickstart guide to create your account, team, and site. Then configure your consent settings to match your current setup:
- Map your categories — Create categories in ConsentStack that match the ones from your current CMP. The standard categories (Essential, Analytics, Marketing, Functional) cover most use cases. Add custom categories if your current CMP uses non-standard groupings.
- Set up your regions — ConsentStack ships with built-in regions for GDPR, US State Privacy Laws, and a default for everyone else. Review the consent models assigned to each region and adjust if needed to match your current configuration.
- Customize your banner — Use the config builder to match your brand colors, button styles, and banner text. This is also a good time to improve wording if your current banner language was unclear.
- Publish your config — Once everything looks right, publish the configuration so it's ready to serve visitors.
The swap
This is the easy part. You're replacing one line of code with another.
Remove your old CMP script tag. Find the script tag for your current provider in your site's <head> and delete it. It looks something like:
| Provider | What to remove |
|---|---|
| OneTrust | <script> tag referencing cdn.cookielaw.org |
| Cookiebot | <script> tag referencing consent.cookiebot.com |
| CookieYes | <script> tag referencing cdn-cookieyes.com |
Add the ConsentStack script tag. Paste this in the same location, replacing YOUR_SITE_KEY with your site key from the dashboard:
<script
src="https://cdn.consentstack.io/consent.js"
data-site-key="YOUR_SITE_KEY"
defer
></script>Deploy your site. That's the entire swap.
What to expect after switching
Returning visitors will see the consent banner again. This is expected. ConsentStack uses its own consent storage, so it won't read cookies set by your old CMP. Every visitor starts fresh.
This is actually a good thing for compliance. Fresh consent means your visitors are making informed decisions based on your current banner -- not a choice they made months ago under different wording or categories. Auditors and regulators view re-consent favorably.
After a few days, the vast majority of your traffic will have provided fresh consent through ConsentStack.
Verify your migration
Once the new script tag is live, confirm everything is working:
- Check the banner — Open your site in a browser (or an incognito window). You should see the ConsentStack banner appear.
- Review consent logs — Head to your site dashboard and check that consent decisions are being recorded.
- Enable debug mode — Add
data-debug="true"to your script tag temporarily to see detailed console output about category resolution, script blocking, and consent state. - Test across regions — If you have a VPN, test from different locations to verify the correct consent model appears for each region.
For a complete verification walkthrough, see the Testing & Verification guide.
CMP-specific tips
Migrating from OneTrust
OneTrust uses category names like "Strictly Necessary", "Performance", "Targeting", and "Social Media." Map these to ConsentStack categories:
| OneTrust category | ConsentStack equivalent |
|---|---|
| Strictly Necessary | Essential |
| Performance | Analytics |
| Targeting | Marketing |
| Functional | Functional |
| Social Media | Create a custom category |
If you have OneTrust's auto-blocking feature enabled, ConsentStack handles this automatically -- the SDK blocks third-party scripts before they execute, with no additional configuration needed.
Migrating from Cookiebot
Cookiebot's category structure (Necessary, Preferences, Statistics, Marketing) maps closely to ConsentStack's defaults. The migration is straightforward -- match the categories and swap the script tag. If you were using Cookiebot's auto-scan feature, ConsentStack's built-in script blocking with 5,800+ known tracker domains provides equivalent coverage.
Migrating from CookieYes
CookieYes uses the most standard category names, making this the most straightforward migration. Map "Necessary" to Essential, "Analytics" to Analytics, "Advertisement" to Marketing, and "Functional" to Functional. Swap the script tag and you're done.
No matter which CMP you're migrating from, ConsentStack detects your visitors' locations automatically and applies the right consent model -- no manual geo-targeting rules to recreate.
What's next
- Testing & Verification guide -- confirm your migration is working correctly
- Categories & Regions -- fine-tune your consent rules
- Dashboard guide -- explore banner customization and consent logs