# Secure Privacy Setup Checklist | GDPR Installation Guide

> [CMP v1] Follow the complete Secure Privacy setup checklist — covering script installation, tag blocking, cookie categorization, consent banner configuration, and privacy policy integration for GDPR compliance.

- Canonical: https://support.secureprivacy.ai/article/cmp-v1-how-to-setup-and-install-secure-privacy--stepbystep-checklist
- Product: Consent Management
- Category: Secure Privacy Legacy
- Published: 2026-03-06T12:44:00+00:00
- Updated: 2026-03-22T17:31:05.283+00:00
- Reading time: 5 minutes

---

This step-by-step checklist covers everything you need to install and configure Secure Privacy v1 \[CMP v1\] on your website — from script installation and cookie blocking setup through to banner text, consent buttons, privacy policy integration, and compliance score verification. Follow each step in order to ensure a complete and GDPR-compliant Secure Privacy implementation.

## Who Is This For?

-   Website administrators managing privacy compliance and cookie consent configuration
    
-   Web developers integrating the Secure Privacy script and blocking setup
    
-   Privacy officers and marketers verifying GDPR, CCPA, and LGPD compliance on their websites
    

## Secure Privacy Setup Checklist

### 1\. Verify the Secure Privacy script is installed correctly

Go to the **Installation** page in your Secure Privacy dashboard and copy the installation script. Paste the code at the top of the `<head>` tag in your website or CMS code view — ensure it loads before any other third-party scripts to guarantee blocking takes effect from the first page load.

### 2\. Set up your tag blocking configuration

If your implementation team has identified specific script, iframe, or pixel sources that require blocking, add them in the **Tag Blocking** tab under Classification. This ensures those sources are held until visitor consent is given.

![Secure Privacy Tag Blocking tab showing fields for adding script, iframe, and pixel sources to the blocking configuration](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/e510253201ec10be2533-f94ecb032ab6.webp)

### 3\. Review and configure target audience settings

Select the appropriate target audience for each active compliance module. This determines which visitors see your consent banner based on their geographic location:

-   **GDPR:** Active for visitors from Europe
    
-   **CCPA:** Active for visitors from California
    
-   **LGPD:** Active for visitors from Brazil
    

![Secure Privacy compliance module audience targeting settings showing GDPR, CCPA, and LGPD region selection options](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/0e0e4115de3f3ca45661-84977c39ae64.webp)

### 4\. Check your overall compliance rating and follow recommended actions

Review your latest scan report in the **Report** tab. Aim for a 100% compliance rating — items marked with a red X represent the highest-priority gaps. Work through the recommended actions to improve your score.

![Secure Privacy Report tab showing overall compliance rating with recommended GDPR actions and red X indicators for priority items](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/fa1dfc2e2b16d6ff5d10-3ade5de295cd.webp)

### 5\. Review and categorize detected cookies

Navigate to the **Classification** tab and verify that every detected cookie and service is assigned to the correct category — Essential, Functional, Analytics, or Marketing. Miscategorized cookies can affect both your compliance score and your blocking behavior.

For more information on cookie categories, see the [cookie categories support article](https://support.secureprivacy.ai/articles/235259).

![Secure Privacy Classification tab showing cookie and service categorization with category assignment options](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/34e878ea3d41642b9426-90379ec327ce.webp)

### 6\. Review and update cookie banner text

Ensure your cookie banner clearly communicates the purpose of each cookie category to visitors. Use plain, accessible language — for example:

-   **Essential cookies:** "We place essential cookies to enable our website to function correctly."
    
-   **Analytical cookies:** "We place analytical cookies to gather aggregated statistical information about visitors."
    
-   **Advertising cookies:** "We place advertisement cookies to optimize our marketing campaigns towards visitors."
    

### 7\. \[GDPR\] Confirm both Accept and Decline buttons are present on the banner

GDPR requires that visitors have an equally prominent option to decline non-essential cookies as they do to accept them. If the Decline button is not visible on your banner, enable it by navigating to **GDPR > Cookie Banner > Settings** and setting **Reject button type** to **Show as button**.

![Secure Privacy GDPR cookie banner settings showing Reject button type option set to Show as button](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/690ce1729709ba2d1c6c-4d7d68410d01.webp)

### 8\. Verify only essential cookies are placed before consent is given

Open your browser's developer tools and check the **Application** tab to inspect cookies placed before any consent interaction. Only essential cookies should be present at this stage. If non-essential cookies are loading before consent, revisit Steps 2, 3, and 4 to identify and resolve the blocking gap.

![Browser developer tools Application tab showing cookies placed on page load with only essential cookies present before consent](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/6d0e15cdc544e6d79e21-e5c5a080478f.webp)

### 9\. Enable privacy policy and cookie declaration on your website

A privacy policy and cookie declaration are required under GDPR to provide visitors with transparent information about your data practices. Enable both using the following guides:

-   [How to set up a Privacy Policy on your website](https://support.secureprivacy.ai/articles/235287)
    
-   [How to set up a Cookie Declaration on your website](https://support.secureprivacy.ai/articles/235286)
    

![Secure Privacy settings showing Privacy Policy and Cookie Declaration enable options for website compliance](https://pub-7bd19505838640d0a08ef1bd6ec3fb9b.r2.dev/articles/68b59b21bf2790c72489-1a5d0bf89ef1.webp)

### 10\. \[Optional — Enterprise\] Configure the Scan Behind Login feature

For Enterprise accounts, the Scan Behind Login feature allows Secure Privacy to scan pages behind user authentication — such as logged-in dashboards or members-only areas — ensuring cookies in restricted areas are also detected and managed.

See the [Authenticated Scans via Scan Behind Login setup guide](https://support.secureprivacy.ai/articles/235274) for configuration instructions.

## Common Issues and Fixes

### Script not running on the website

Ensure the Secure Privacy script is inserted at the very top of the `<head>` tag — before any other scripts — and clear all server and browser caches after installation. A script loaded too late in the page may allow non-essential cookies to set before the blocking engine initializes.

### Tag blocking not working for specific services

Verify that all required sources are correctly listed and saved in the **Tag Blocking** tab under Classification. Double-check that the source URL or domain entered exactly matches the one identified in your scan report.

### Accept and Decline buttons missing from the banner

Navigate to **GDPR > Cookie Banner > Settings** and confirm the **Reject button type** is set to **Show as button**. If the setting is already correct but the button is still not appearing, check for custom CSS overrides that may be hiding the element.

## Frequently Asked Questions

### Where exactly should the Secure Privacy script be placed on my website?

The script must be placed at the top of the `<head>` tag on every page of your website — before any other third-party scripts, tags, or analytics code. This ensures the blocking engine initializes before any cookies can be set. If you are using a CMS, paste the script in the header code injection area or through your tag manager as the first tag to fire.

### How do I know if non-essential cookies are loading before consent?

Open your browser's developer tools, clear all cookies, reload the page without interacting with the consent banner, and check the **Application > Cookies** section. Only cookies classified as Essential should appear. If you see Analytics, Marketing, or Functional cookies loading before consent, revisit your tag blocking configuration and re-run the scan.

### Do I need to complete all steps to pass GDPR compliance?

For full GDPR compliance, steps 1 through 9 are all required — script installation, blocking, audience targeting, cookie categorization, banner text, Accept/Decline buttons, pre-consent cookie verification, and privacy policy/cookie declaration. Step 10 is optional and applies only to Enterprise accounts with authenticated page areas.

## See Also

-   [How to Block Cookies in Complex GTM Triggers](https://support.secureprivacy.ai/article/block-cookies-in-complex-gtm-triggers--consentbased-tagging)
    
-   [Implementing Google Consent Mode (Advanced) Using Google Tag Manager](https://support.secureprivacy.ai/article/implementing-google-consent-mode-advanced-using-google-tag-manager-community-template)
    
-   [Ensuring Compliance with Google's EU User Consent Policy](https://support.secureprivacy.ai/article/google-eu-user-consent-policy-compliance-guide--secure-privacy)
    

Have more questions? Contact us at [support@secureprivacy.ai](mailto:support@secureprivacy.ai).
