Wire / Cookie Banners / Article
┌── POST 06.03 · Cookie Banners · 4 min read

Klaro CMP Open Source: Self-Host Your Cookie Consent

Consent Mode HQ
Independent · affiliate-disclosed
Published June 3, 2026

If you have been shopping for a Consent Management Platform and balking at monthly SaaS fees, Klaro CMP open source is worth a serious look. Klaro is a lightweight, MIT-licensed consent library that you self-host, configure by hand, and own completely — no vendor lock-in, no per-domain pricing, and no third-party JavaScript phoning home on your users’ behalf.

What Klaro Is (and What It Is Not)

Klaro is a JavaScript consent UI and service-blocker. You drop a single script on your page, point it at a plain-JavaScript config file, and it intercepts third-party scripts until the user grants permission. It supports Google Consent Mode v2 signals, stores consent in a first-party cookie, and ships with a clean, WCAG-accessible modal out of the box.

However, Klaro is not a fully managed CMP. There is no auto-scanner that crawls your site and generates a cookie declaration. There is no compliance dashboard or audit log. Every service — Google Analytics, Meta Pixel, HubSpot chat — must be declared manually in your config file. That distinction matters when you are evaluating the tool against commercial alternatives.

When Self-Hosting a CMP Actually Makes Sense

Self-hosting is a good fit for three types of teams:

  • Developer-led startups that already manage infrastructure and want to avoid recurring SaaS spend.
  • Agencies building many client sites where per-domain pricing from paid CMPs adds up fast.
  • Privacy-first products where routing consent data through a third-party vendor is itself a problem.

In contrast, if your team has no developer bandwidth, or if your tag inventory changes frequently, the manual upkeep of Klaro will cost more in engineering time than a paid CMP would cost in subscription fees. For a broader look at that tradeoff, see our post on building your own CMP vs paying for one.

Implementation on a Static Site

For a static site — Eleventy, Hugo, plain HTML — the setup takes roughly 30 minutes.

  1. Download klaro.js from the Klaro GitHub repository and serve it from your own origin.
  2. Create a klaro-config.js file. Each service entry declares a name, a purposes array, and the cookies patterns Klaro should watch for.
  3. Convert any third-party <script> tags you want to block to type="text/plain" and add a data-type="text/javascript" attribute. Klaro will swap the type and execute them only after consent.
  4. Add the Consent Mode v2 default call before Klaro loads, so Google tags receive a denied state on page load. Then wire Klaro’s update callback to push the appropriate gtag('consent', 'update', …) call.

For example, a minimal service declaration looks like this:

{
  name: 'google-analytics',
  title: 'Google Analytics',
  purposes: ['analytics'],
  cookies: [/^_ga/, '_gid'],
}

Implementation on WordPress

WordPress is slightly more involved because plugins and themes inject scripts dynamically. The recommended approach is to enqueue your self-hosted klaro.js and config via functions.php or a lightweight custom plugin, then use a hook like script_loader_tag to rewrite plugin-injected <script> tags to type="text/plain". Alternatively, a caching layer such as WP Rocket’s script delay feature can act as the blocker while Klaro handles the UI and consent storage.

You will still need to audit every plugin that loads external scripts and add each one to your Klaro config manually. There is no scanner — that audit is your responsibility.

Klaro vs Paid CMPs: Honest Tradeoffs

Here is a plain summary of what you gain and give up:

  • Free and self-hosted — no per-domain fees, no data processor agreement with a vendor.
  • Fully customizable UI — override CSS variables or rewrite templates entirely.
  • No auto-scanning — you must discover and declare every cookie and service yourself.
  • No built-in audit log — consent records must be implemented separately if you need proof of consent under GDPR Article 7.
  • IAB TCF not supported natively — if your site monetises with programmatic advertising, Klaro is likely not sufficient on its own.

For teams evaluating paid alternatives, our Termly review covers a mid-market CMP that sits at the opposite end of the configuration-vs-automation spectrum.

Conclusion

Klaro CMP open source is a genuinely capable consent solution for developer-led teams willing to own their configuration. It is free, privacy-respecting, and integrates cleanly with Google Consent Mode v2. However, it demands manual upkeep and offers none of the compliance automation that paid CMPs bundle in. Go in with clear eyes on that tradeoff, and Klaro can be a robust, long-term foundation for cookie consent on your site.

#cmp comparison #consent mode v2 #cookie-consent #gdpr #klaro cmp open source #self-hosted cmp
C
About the author
Consent Mode HQ
Editorial team at Consent Mode HQ
Read more by author ↗
── related from the wire ──
05.30 · Cookie Banners

Termly Review 2026: Good Enough or a Compliance Risk?

This Termly review 2026 cuts through the marketing copy to give you a frank assessment: accurate scanning, honest pricing, IAB TCF reality,…

4 min ↗
05.27 · Cookie Banners

OneTrust vs Cookiebot Enterprise: Honest Comparison

The OneTrust vs Cookiebot enterprise decision is rarely straightforward. Both platforms handle cookie consent, but they are built for different operational scales,…

4 min ↗
05.23 · Cookie Banners

Cookiebot vs Iubenda 2026: Which CMP Fits Your Team?

Choosing between Cookiebot vs Iubenda in 2026 comes down to more than a price comparison. Both platforms handle cookie consent, but they…

4 min ↗