Leaflet

Leaflet

Leaflet is an open-source JavaScript library for rendering interactive maps on web pages. It loads map tiles from configured tile servers and handles user interactions like panning and zooming. It does not set cookies, collect personal data, or make tracking requests, operating purely as a client-side rendering library.

Back to Vendor Library

Overview

Leaflet is an open-source JavaScript mapping library maintained by Volodymyr Agafonkin and a community of contributors under the BSD 2-Clause license. It renders interactive maps in the browser using tile layers sourced from configurable tile servers. The library itself contains no tracking code, no telemetry, and no network requests to Leaflet-controlled servers — all network activity is determined by which tile provider the operator configures (such as OpenStreetMap, Mapbox, or a self-hosted tile server).

What This Script Does

Leaflet's own code is a pure rendering library with no data collection behavior:

  • No cookies set: Leaflet itself does not set any cookies. It does not read browser storage for tracking purposes.
  • No tracking requests: The library makes no requests to Leaflet.js servers. There are no analytics, telemetry, or usage reporting calls embedded in the library.
  • Tile requests: When a map loads, the browser fetches map tile images from whichever tile provider the operator has configured. These requests expose the visitor's IP address to the tile server operator. For OpenStreetMap tiles, this means IP addresses are visible to the OSMF infrastructure. For Mapbox tiles (api.mapbox.com), Mapbox's privacy policy applies.
  • User interactions: Panning, zooming, and clicking are processed entirely client-side. Coordinates are not transmitted anywhere unless the operator has added a custom interaction handler that sends data to their own or a third-party server.
  • GeoJSON loading: If the operator loads overlay data from a third-party URL, the visitor's IP address is exposed to that third-party server, but this is a configuration choice, not Leaflet behavior.

The privacy footprint of a Leaflet integration is determined almost entirely by tile provider choice, not by the library itself.

Consent & Compliance

GDPR and ePrivacy: Leaflet's own code requires no consent. However, if the operator uses a third-party tile provider that processes visitor IP addresses (such as Mapbox, Google, or HERE Maps), those providers become data processors and their data handling must be addressed in the operator's privacy notices. Tile requests to Mapbox or commercial providers are network requests that expose personal data (IP address) to a third party, which under strict GDPR interpretation may require a legitimate interest assessment or consent.

CCPA/CPRA: Leaflet itself does not collect or share personal information. Tile provider integrations may involve disclosure of IP addresses to third-party services, which operators should disclose in their privacy policies.

This vendor falls in the functional category. It is a rendering utility with no tracking behavior. The consent question applies to the tile provider, not the library.

Should You Block This Without Consent?

No.

Leaflet itself does not require consent blocking — it contains no tracking code, sets no cookies, and makes no requests to Leaflet-controlled servers. Operators using third-party tile providers (particularly commercial ones like Mapbox) should consider whether tile provider requests require disclosure or consent under their applicable privacy framework, but the Leaflet library itself is safe to load without consent gating.

Visit website

Consent Categories

Functional

Also Known As

leafletleafletjsleaflet mapsopen source map libraryleaflet consent

Industries

Computers Electronics and TechnologyProgramming and Developer SoftwareBusiness and Consumer ServicesMarketing and Advertising

Tracked Domains (1)

leafletjs.comFunctional

Frequently Asked Questions

Is cookie consent needed for Leaflet maps?

No, Leaflet itself does not require cookie consent. It is an open-source client-side mapping library that renders interactive maps without setting cookies, collecting personal data, or making tracking requests. However, the tile provider configured with Leaflet (like Mapbox) may have its own consent requirements.

What network requests does Leaflet make?

Leaflet's own code makes no requests to Leaflet-controlled servers. All network activity depends on the tile provider the operator configures, such as OpenStreetMap, Mapbox, or a self-hosted server. The library handles pan, zoom, and marker interactions entirely client-side without transmitting visitor data.

How does ConsentStack classify Leaflet?

ConsentStack detects Leaflet and categorizes it as a functional vendor. Since it is an open-source rendering library with no built-in tracking or cookies, ConsentStack typically allows it to load freely. ConsentStack may separately manage the tile provider if that provider involves its own tracking.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Leaflet

ConsentStack automatically detects and manages Leaflet trackers so your site stays compliant with global privacy regulations.

Get started free