navigator.geolocation
Browser exposes device location. Sites request it, users approve it. The browser never decides when location is needed.
A thin transport layer, not a consent product
Regulation is asking browsers to handle consent. navigator.consent lets you meet that obligation without becoming consent gatekeepers. You provide the plumbing. CMPs and consent assistants handle the rest.
Converging regulatory pressure
Browser consent obligations are coming from both sides of the Atlantic. The question isn’t whether but how.
GPC gives you navigator.globalPrivacyControl, a binary opt-out signal. navigator.consent extends the same navigator.* pattern from a binary signal to granular, purpose-specific consent coordination that satisfies GDPR’s specificity requirement.
California Opt Me Out Act
AB 566 (signed October 2025) requires all major browsers to include built-in Global Privacy Control functionality by January 1, 2027.
EU Digital Omnibus
Article 88b(6) requires non-SME browser providers to offer technical means for users to give or refuse consent via machine-readable signals.
Suggestion DevTools: a Consent panel
A dedicated Consent tab in DevTools, analogous to Application or Network, would give developers and regulators real-time visibility into consent state. An opportunity for browser differentiation, not a mandate.
| registrationId | reg_a1b2c3 |
| provenance | cmp |
| status | Active |
| purposes | 3 |
| vendors | 3 |
Purposes
| Purpose | Legal basis | Consent | Set by |
|---|---|---|---|
| Analytics | legitimate_interest | granted | privacy_assistant |
| Advertising | consent | denied | user |
| Functional | legitimate_interest | granted | cmp |
Vendors
| Name | Domain | Purposes | Consent | Set by |
|---|---|---|---|---|
| Analytics Co | analytics.example | analytics | granted | privacy_assistant |
| AdNetwork | ads.example | analytics, advertising | denied | user |
| Social Widget | social.example | functional | pending | — |
For developers
Inspect active registrations, vendor catalogs, purpose declarations, and real-time preference state with provenance attribution. Debug event flows and catch common mistakes like calling extension-only methods from DOM context.
For regulators
The audit timeline provides a chronological log of every consent mutation: who set it, when, and what changed. A tool for compliance verification that benefits the entire ecosystem.
A familiar pattern
navigator.consent follows the same design as Web APIs you already ship:
navigator.permissions
Browser tracks what permissions have been granted and enforces the boundary between granted and denied. It doesn’t choose for the user.
CSP / CORS
Sites declare which origins and resources are allowed. The browser enforces those declarations. No interpretation, just policy execution.
navigator.consent is the same kind of thing: the browser provides the namespace, enforces permission boundaries between DOM and extension contexts, derives provenance from runtime context, and dispatches events. It does not make consent decisions.
Permission boundaries
The browser enforces a clean separation between DOM context (page scripts) and extension context (consent assistants). Provenance is derived from runtime context. Callers cannot fake it.
| Capability | DOM context | Extension context |
|---|---|---|
| Register interfaces, vendors, purposes | Allowed | Rejected |
| Read vendor/purpose metadata, hide/show, audit | Rejected | Allowed |
| Update preferences, withdraw, listen to events | Allowed | Allowed |
| Read regulation context | Allowed | Allowed |
| Override regulation context | Rejected | Allowed |
User-provenance updates always win. Between CMP and assistant (when no user-provenance value exists), last-write-wins applies. The browser derives provenance automatically from the caller’s execution context.
Beyond consent: cooperative cookie enforcement
With CMP registrations declaring which vendor domains have consent, the browser has enough information to enforce cookie policy at the network level. Third-party cookies from domains without a matching consent signal could be blocked on Set-Cookie or erased on navigation, similar to how CSP blocks unauthorized script sources. Consented vendors keep working. Unconsented tracking stops at the boundary.
What you wouldn’t have to own
navigator.consent is a transport layer. The browser carries messages, it does not interpret them. This means browsers responsibility ends at the API boundary.
No consent UI
The CMP presents the consent interface, not the browser. No design decisions, no dark-pattern liability.
No consent decisions
The API is transport. It carries signals between CMPs and consent assistants without interpreting or overriding them.
No compliance burden
The CMP owns audit trails, legal basis, and regulatory proof. The browser is not the system of record.
No vendor curation
Open registration model. No allow-lists, no attestation gates, no gatekeeping responsibility.
Explore the specification
RFC source
The full specification.
JSON Schemas
Machine-readable payload definitions for all API types.
Shim demo
A working polyfill for experimentation.