c15t 2.0: A New Foundation for Consent Infrastructure
We’ve just shipped c15t 2.0, and it’s the biggest step forward we’ve made so far.
This isn’t just an update to the banner. It’s a full rewrite of how consent works across your stack. New styling, a policy-driven runtime, a rebuilt backend, and a much cleaner developer experience.
If 1.0 was about proving a better way to do consent, 2.0 is about making it the default.
What changed
At a high level, 2.0 introduces three major shifts:
- Consent is now policy-driven, not hardcoded
- Styling is now token-based, not deeply nested configs
- The system is now designed for performance from the ground up
Everything else builds on top of that.
A new styling system (built for real apps)
We’ve moved away from CSS-in-JS and complex theme objects.
2.0 introduces a token-based styling system that controls everything from colour and typography to spacing and motion. It’s simpler, more predictable, and plays nicely with modern build tools.
Styles are now imported as CSS, which avoids runtime overhead and fixes ordering issues you get with aggressive bundlers.
The result is straightforward:
- better performance on the main thread
- fewer surprises in production
- styling that actually scales with your app
Policy packs: consent that adapts to the world
Consent is not one-size-fits-all. It never was.
In 2.0, we’ve introduced policy packs, which define how consent behaves per region.
Instead of hardcoding logic, c15t now resolves the correct behaviour at runtime based on location, fallback rules, and defaults.
That means you can:
- run EU-style opt-in flows alongside California opt-out
- respect Global Privacy Control (GPC) where it matters
- automatically re-prompt users when policies change
- catch misconfigurations before they hit production
Consent becomes something you configure and reason about, not something you hack together.
Built-in support for IAB TCF 2.3
For teams working with programmatic advertising, 2.0 includes support for IAB TCF 2.3.
We’ve added prebuilt UI components and made it available as a runtime add-on, so you only ship it if you actually need it.
If you’re hosting with Inth, you can enable this without going through the usual CMP registration flow.
A faster, simpler Next.js experience
We’ve reworked the @c15t/nextjs integration to make it feel native.
- The provider is now client-side by default
- Server data can be streamed in when needed
- Initialisation is clearer and more predictable
We’ve also formalised performance patterns:
- same-origin API rewrites as the baseline
- prefetching for static routes
- server initialisation for dynamic routes
In our benchmarks, this reduces startup time by 30–90% compared to typical client-only setups.
Script loading and network control, rethought
Third-party scripts are one of the hardest parts of consent.
In 2.0, we’ve rebuilt integrations around a manifest system with explicit lifecycle phases. No more hidden behaviour buried in callbacks.
We’ve also replaced the old tracking blocker with a network-level blocker. Instead of shipping a massive predefined list, you define your own rules.
And when consent is revoked, we reload the page.
It’s not clever, but it’s correct. Once third-party code has run, trying to undo it is unreliable.
Backend v2: smaller, faster, clearer
We rewrote the backend from scratch.
- ~60% smaller bundle size on edge runtimes
- simpler API centred around the user, not just “consents”
- improved observability with OpenTelemetry
- cleaner TypeScript experience
It’s designed to run anywhere, but especially well at the edge.
Better tooling for developers
2.0 introduces a new dev tools panel that lets you inspect everything in real time:
- consent state
- policy resolution
- geo context
- script lifecycle
No more guessing what the system is doing.
We’ve also overhauled the CLI with migration codemods, improved scaffolding, and support for installing c15t skills.
Docs that ship with your code
Every package now includes version-matched documentation inside node_modules.
This means tools and agents can read the exact docs for the version you’re using.
No mismatches, no guessing, no outdated examples.
Apache 2.0
We’ve moved c15t to Apache 2.0.
It makes the project easier to adopt in commercial environments while keeping the protections that matter.
Hosted infrastructure, rebuilt
Alongside 2.0, we’ve upgraded the infrastructure behind Inth.
It’s faster, more accurate, and better at filtering out bot traffic. You’ll notice this in cleaner analytics and more reliable consent data.
Prebuilt UI and branding
We’ve refined the default UI:
- better mobile behaviour
- improved accessibility
- localisation across all supported languages
- updated branding surfaces
It still works out of the box, but it’s easier to customise when you need to.
Breaking changes
This is a major release, and there are breaking changes:
- the old styling system is gone
- backend v1 has been removed
/initreplaces older initialisation endpoints- component names have been standardised
- consent categories are no longer GDPR-specific
If you’re upgrading, we recommend starting fresh or using the migration tooling.
Why this matters
c15t 2.0 is not just a better banner.
It’s a shift towards consent as infrastructure.
Something that lives in your codebase. Something you can reason about. Something that performs.
This is the direction we’re taking with Inth.
And 2.0 is the foundation.