HubSpot's native banner manages its own cookies, but it does not block Google, Meta or LinkedIn tags before a visitor consents. We engineer the missing layer: granular, region-aware consent that governs every tracker on your site and keeps your HubSpot analytics intact.
HubSpot's consent banner is a HubSpot-first tool. The moment you add GA4, Google Ads, Meta or LinkedIn pixels, Hotjar or a chat widget, those scripts fire regardless of what the banner says. These are the situations where bespoke engineering closes the gap.
A UK or EU B2B site running GA4, Google Ads and the LinkedIn Insight Tag alongside HubSpot needs non-essential tags held back until the visitor opts in. We inject each tag inside an addPrivacyConsentListener callback so it only fires for the matching consented category, rather than hard-coding tags that load anyway.
We map HubSpot's categories to Google's consent signals (analytics_storage, ad_storage, ad_user_data, ad_personalization, functionality_storage) and push consent updates to the dataLayer. We read the stored category preference on load to set defaults to denied before any tag fires, so Google's modelling works while denied consent is respected.
Strict opt-in for UK and EU visitors, notice-style elsewhere, configured by country, domain and URL path. We wire the third-party tags to match each region's rules so the banner and the actual tracking behaviour never disagree.
Running OneTrust, Cookiebot, CookieYes or Usercentrics as your source of truth. We build the bridge that calls setHubSpotConsent on every consent change and re-asserts it on each load, because that method does not persist across sessions, keeping HubSpot analytics and contact attribution working underneath your CMP.
A footer Cookie preferences link that relaunches the banner via showBanner, a clean withdraw-consent flow, and per-tool handling so withdrawal clears third-party cookies too, not just HubSpot's. We also make sure your HubSpot chat, meetings, pop-up forms and embedded media respect the visitor's choices.
Where shared theme modules cannot be edited cleanly (as on our own locked Argo theme), we deploy consent logic per-page in head HTML or through Google Tag Manager, with the same reliability as a theme-level build.
Default to Build. We start from your real tag stack and engineer consent that holds up to scrutiny, not a banner that ticks a box.
We catalogue every first and third-party cookie, every tracking script and where it loads, your existing banner configuration and policy type, and whether the legacy Cookie Blocking Code beta is present. That beta conflicts with the current consent API and is removed first. We confirm your portal is on the v2 consent editor and re-test wiring after the automatic v2 migration that began on 11 May 2026.
We set the correct policy type (opt-in for GDPR regions, notice elsewhere), define the category preferences, and target banners by country, domain and path. Copy, styling, the GPC signal toggle and the relaunch button are all configured natively so you can manage day-to-day text yourself.
We move every non-essential tag behind addPrivacyConsentListener so GA4, Ads, Meta and LinkedIn pixels only fire for their consented category. We read the __hs_cookie_cat_pref cookie on load to set Consent Mode defaults before any tag runs, and de-dupe so tags never re-fire. For a CMP-led setup, we build the setHubSpotConsent bridge and the per-load re-assertion.
Footer preferences relaunch, a withdraw flow that clears third-party cookies per tool, and, where you need evidentiary proof of consent, a consent log to GDPR and ePrivacy standard, since HubSpot does not provide an exportable audit trail itself.
We verify pre-consent that no non-essential tag fires, that consent and withdrawal behave correctly per region, and that HubSpot tracking and attribution still work. You get documentation and, where useful, a productised consent module you can run yourself on Railway, plus your legal team's sign-off path.
Everything you need to know about our services
It does part of it. The native banner shows the notice, offers three policy types and category choices, targets visitors by region, and gates HubSpot's own first-party cookies behind consent in opt-in mode. What it does not do is block third-party scripts. Any GA4, Google Ads, Meta, LinkedIn, Hotjar or chat tag you add manually will load regardless of the visitor's choice unless it is conditionally injected through the consent API. Closing that gap is the custom engineering this service provides.
No. The consent banner and the underlying cookie banner JavaScript API (the _hsp object) are available across all HubSpot products and plans, including free, with no premium gate. Configuration requires Super Admin rights or edit-website-settings permission, and the API just needs the HubSpot tracking code installed. The practical question is where the consent code is allowed to live: editing themes and templates cleanly favours Content Hub, and Google Tag Manager deployments need GTM container access. Neither is a consent licence, it is simply about where the code sits.
We map HubSpot's categories to Google's consent signals (analytics to analytics_storage, advertisement to ad_storage plus ad_user_data and ad_personalization, functionality to functionality_storage) and push consent updates to the dataLayer. The important detail is timing: the consent listener fires when consent is submitted, not reliably on every page load, so we also read the stored preference cookie on load to set Consent Mode defaults to denied before any tag fires, and de-dupe so tags never fire twice. This is exactly the kind of edge case a configuration-only approach tends to miss.
Yes. Usercentrics Cookiebot has a HubSpot marketplace app that maps a Cookiebot domain group to your HubSpot domain and auto-wires much of the integration. For OneTrust, CookieYes, consentmanager or a bespoke CMP, we build a custom bridge so the CMP becomes the source of truth and calls setHubSpotConsent on each consent change to drive HubSpot tracking, while GTM or the CMP governs the third-party tags. Because setHubSpotConsent does not persist across sessions, we re-assert consent from the CMP's stored state on every load so HubSpot analytics and attribution stay accurate.
Bespoke HubSpot consent and cookie engineering starts from £2,500. That is an indicative starting point for a focused single-domain build: auditing your cookies and tags, configuring the native banner and regions, wiring a handful of third-party tags through the consent API, implementing Google Consent Mode v2 via GTM, adding a preferences and withdraw flow, and testing. Cost drivers that push it higher are full CMP integration (OneTrust), multi-domain or multi-region rule sets, and evidentiary proof-of-consent logging, which typically land in the £5,000 to £10,000 plus range. Wherever the scope is well defined we quote a fixed price, and we deliver on time or you get 20 percent back. Full CMP and multi-region builds are scoped on enquiry.
We are a UK HubSpot Diamond Partner and HubSpot Custom Integration Accredited, with in-house engineers rather than configurators or no-code workarounds. We are Cyber Essentials Plus certified, which matters for work that touches privacy and tracking. We default to building real software, and where it fits we deliver the consent layer as a productised, customisable module you can host and run yourself on Railway. One thing we will not do is give compliance advice. HubSpot is explicit that there is no single solution that fits every situation, so your legal team owns the sign-off and we build precisely to it.
Decision-stage reading to help you scope the right approach.
What the native banner does, where it falls short, and what UK firms actually need.
