CookieBoxs – GDPR/CCPA Cookie Consent & Google Consent Mode v2
CookieBoxs is a cookie consent plugin for WordPress that helps site owners manage visitor consent preferences and configure consent-aware integrations. Free features include: Google Consent Mode v2 support Automatic script blocker and cookie cleaner 25+ built-in integrations Content blockers for embedded media and maps 40 interface languages Region presets Consent logging in WordPress Floating settings badge Self-hosted plugin files Optional PRO features include two-phase Cookie Scanner (server + browser-based detection), geo-targeting, additional templates, cookie declaration, consent analytics, tamper-proof consent records with CSV export and printable certificates, A/B testing of banner variants, granular per-service consent, a live banner design editor, branding options, and custom CSS. Documentation: cookieboxs.com Source Code All JavaScript and CSS files included in this plugin are human-readable and not minified or compiled. No build tools (npm, webpack, composer) are required to work with this plugin’s source code. All plugin-authored JavaScript and CSS is written directly and included as-is. Third-party libraries and embed snippets: assets/js/chart.min.js — Chart.js library (MIT License). Source code and unminified version available at: https://github.com/chartjs/Chart.js assets/js/cookieboxs-consent-mode.js — Contains standard third-party integration embed snippets (e.g., Google Tag Manager, Meta Pixel, TikTok Pixel, Microsoft Clarity, Hotjar, LiveChat, Intercom, etc.). These are the official JavaScript snippets provided by each service for website embedding, written in their standard compact form. Each snippet includes a source URL comment pointing to the official documentation. A full list of source URLs is also available in the file header comments. The surrounding plugin logic (consent state management, Google Consent Mode v2 setup, custom script injection) is authored by this plugin and is fully human-readable. Official documentation URLs for all embedded third-party snippets: Google Tag Manager: https://developers.google.com/tag-platform/tag-manager/web Meta Pixel: https://developers.facebook.com/docs/meta-pixel/get-started TikTok Pixel: https://ads.tiktok.com/help/article/get-started-pixel Microsoft Clarity: https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-setup Hotjar: https://help.hotjar.com/hc/en-us/articles/115011639927 Heap Analytics: https://developers.heap.io/docs/web Mixpanel: https://docs.mixpanel.com/docs/tracking-methods/sdks/javascript PostHog: https://posthog.com/docs/libraries/js LinkedIn Insight Tag: https://learn.microsoft.com/en-us/linkedin/marketing/integrations/ads-reporting/insight-tag Pinterest Tag: https://help.pinterest.com/en/business/article/install-the-pinterest-tag Snapchat Pixel: https://businesshelp.snapchat.com/s/article/snap-pixel-about Twitter/X Pixel: https://business.x.com/en/help/campaign-measurement-and-analytics/conversion-tracking-for-websites Microsoft Advertising UET: https://help.ads.microsoft.com/apex/index/3/en/56682 LiveChat: https://developers.livechat.com/docs/getting-started/installing-livechat Crisp: https://docs.crisp.chat/guides/chatbox-sdks/web-sdk/ Tawk.to: https://help.tawk.to/article/adding-a-tawk-to-widget-to-your-website Intercom: https://developers.intercom.com/installing-intercom/web/installation Yandex Metrica: https://yandex.com/support/metrica/code/counter-initialize.html Matomo: https://developer.matomo.org/guides/tracking-javascript-guide Privacy Policy CookieBoxs does not send visitor consent records to the plugin author’s servers. Consent records are stored in the WordPress database. Optional third-party integrations that you configure, such as analytics, advertising, chat, or embedded media services, connect directly from the visitor’s browser to those third-party providers after the relevant consent conditions are met. Admin-only connections used for plugin news, optional deactivation feedback, or optional license validation are described below. External Services This plugin uses external services only for user-configured integrations. Third-party integrations are optional, disabled by default, and only activated when the site administrator enables and configures them. The plugin does not offload any of its own assets (JavaScript, CSS, images) to external servers — all plugin files are included locally. Plugin services VisionSolutions API – plugin news and updates: used in the admin area only; sends plugin version, WordPress version, and site language when an administrator opens the settings page. Provider: VisionSolutions, https://visionsolutions.pl Terms of use: https://visionsolutions.pl/regulamin/ Privacy policy: https://visionsolutions.pl/polityka-prywatnosci/ VisionSolutions API – deactivation feedback (optional): sends selected reason, optional comment, site URL, WordPress version, and PHP version only if an administrator submits feedback during deactivation. Provider: VisionSolutions Terms of use: https://visionsolutions.pl/regulamin/ Privacy policy: https://visionsolutions.pl/polityka-prywatnosci/ VisionSolutions API – PRO license validation (optional): sends license key, site domain, and plugin version on activation and periodic validation. Provider: VisionSolutions Terms of use: https://visionsolutions.pl/regulamin/ Privacy policy: https://visionsolutions.pl/polityka-prywatnosci/ ipapi.co geolocation API (optional, PRO): used only when geo-targeting is enabled and fallback geolocation is needed; sends visitor IP address. Provider: ipapi Terms of use: https://ipapi.co/terms/ Privacy policy: https://ipapi.co/privacy/ Cookie Scanner (admin-initiated, PRO): two-phase scan. Phase 1 (server): sends requests from your server to your own website pages to detect cookies and tracking scripts from HTML. Phase 2 (browser): loads the scanned page in a hidden iframe within the administrator’s browser to detect cookies set by JavaScript (e.g. pixels loaded via Google Tag Manager). All scanning happens locally — no external provider is contacted. Optional integrations (services) These are third-party services that the site administrator can optionally enable. When enabled, the plugin loads the official embed snippet provided by each service, which connects the visitor’s browser directly to that service provider. These are service integrations, not offloaded plugin assets. Each integration is disabled by default and only activates when the administrator provides their account ID. Google Tag Manager – tag management service; may load on page view and use Consent Mode signals. Loaded from: www.googletagmanager.com. Provider: Google LLC. Terms of use: https://marketingplatform.google.com/about/analytics/terms/us/ Privacy policy: https://policies.google.com/privacy Google Analytics 4 – analytics service; loaded from www.googletagmanager.com/gtag/js via wp_enqueue_script. Provider: Google LLC. Terms of use: https://marketingplatform.google.com/about/analytics/terms/us/ Privacy policy: https://policies.google.com/privacy Google Ads – conversion tracking and remarketing service; loaded from www.googletagmanager.com/gtag/js via wp_enqueue_script. Provider: Google LLC. Terms of use: https://ads.google.com/intl/en/home/terms/ Privacy policy: https://policies.google.com/privacy Meta Pixel – advertising measurement service; loaded from connect.facebook.net. Provider: Meta Platforms, Inc. Terms of use: https://www.facebook.com/legal/terms Privacy policy: https://www.facebook.com/privacy/policy/ TikTok Pixel – advertising measurement service; loaded from analytics.tiktok.com. Provider: TikTok Inc. / ByteDance Ltd. Terms of use: https://ads.tiktok.com/i18n/official/policy/business-products-terms Privacy policy: https://www.tiktok.com/legal/privacy-policy Microsoft Clarity – session analytics and heatmaps service; loaded from www.clarity.ms. Provider: Microsoft Corporation. Terms of use: https://clarity.microsoft.com/terms Privacy policy: https://privacy.microsoft.com/en-us/privacystatement Hotjar – heatmaps, recordings, and feedback service; loaded from static.hotjar.com. Provider: Hotjar Ltd. Terms of use: https://www.hotjar.com/legal/policies/terms-of-service/ Privacy policy: https://www.hotjar.com/legal/policies/privacy/ Matomo – analytics service; loaded from the site administrator’s configured Matomo instance URL. Provider: InnoCraft Ltd. or the site owner’s Matomo host. Terms of use: https://matomo.org/matomo-cloud-terms-of-service/ Privacy policy: https://matomo.org/matomo-cloud-privacy-policy/ Yandex Metrica – analytics service; loaded from mc.yandex.ru. Provider: Yandex LLC. Terms of use: https://yandex.com/legal/metrica_termsofuse/ Privacy policy: https://yandex.com/legal/confidential/ Heap Analytics – analytics service; loaded from cdn.heapanalytics.com. Provider: Heap Inc. Terms of use: https://heap.io/legal/heap-terms-of-service Privacy policy: https://heap.io/legal/privacy Mixpanel – analytics service; loaded from cdn.mxpnl.com. Provider: Mixpanel, Inc. Terms of use: https://mixpanel.com/legal/terms-of-use/ Privacy policy: https://mixpanel.com/legal/privacy-policy/ PostHog – analytics and feature flags service; loaded from the site administrator’s configured PostHog host. Provider: PostHog, Inc. Terms of use: https://posthog.com/terms Privacy policy: https://posthog.com/privacy LinkedIn Insight Tag – advertising measurement service; loaded from snap.licdn.com. Provider: LinkedIn Corporation. Terms of use: https://www.linkedin.com/legal/l/li-marketing-terms Privacy policy: https://www.linkedin.com/legal/privacy-policy Pinterest Tag – advertising measurement service; loaded from s.pinimg.com. Provider: Pinterest, Inc. Terms of use: https://policy.pinterest.com/en/terms-of-service Privacy policy: https://policy.pinterest.com/en/privacy-policy Snapchat Pixel – advertising measurement service; loaded from sc-static.net. Provider: Snap Inc. Terms of use: https://snap.com/en-US/terms Privacy policy: https://snap.com/en-US/privacy/privacy-policy Twitter/X Pixel – advertising measurement service; loaded from static.ads-twitter.com. Provider: X Corp. Terms of use: https://twitter.com/en/tos Privacy policy: https://twitter.com/en/privacy Microsoft Advertising UET – conversion tracking service; loaded from bat.bing.com. Provider: Microsoft Corporation. Terms of use: https://about.ads.microsoft.com/en-us/policies/legal Privacy policy: https://privacy.microsoft.com/en-us/privacystatement Intercom – customer messaging service; loaded from widget.intercom.io and api-iam.intercom.io. Provider: Intercom, Inc. Terms of use: https://www.intercom.com/legal/terms-and-policies Privacy policy: https://www.intercom.com/legal/privacy LiveChat – support chat service; loaded from cdn.livechatinc.com. Provider: LiveChat, Inc. Terms of use: https://www.livechat.com/legal/terms-of-service/ Privacy policy: https://www.livechat.com/legal/privacy-policy/ Crisp – customer messaging and chat service; loaded from client.crisp.chat. Provider: Crisp IM SAS. Terms of use: https://crisp.chat/en/terms/ Privacy policy: https://crisp.chat/en/privacy/ Tawk.to – support chat service; loaded from embed.tawk.to. Provider: Tawk.to Ltd. Terms of use: https://www.tawk.to/legal/terms-of-service/ Privacy policy: https://www.tawk.to/legal/privacy-policy/ Script blocker safe domains The automatic script blocker does not block scripts from essential service domains (payment gateways, CAPTCHAs, translation). These domains are whitelisted so the script blocker does not interfere with site-critical functionality provided by other plugins or themes. The CookieBoxs plugin itself does not load any files from these domains — they are only whitelisted to prevent breakage: Stripe – payment processing service; loaded by other plugins from js.stripe.com and checkout.stripe.com. Provider: Stripe, Inc. Terms of use: https://stripe.com/legal/ssa Privacy policy: https://stripe.com/privacy PayPal – payment processing service; loaded by other plugins from www.paypal.com and www.paypalobjects.com. Provider: PayPal Holdings, Inc. Terms of use: https://www.paypal.com/us/legalhub/useragreement-full Privacy policy: https://www.paypal.com/us/legalhub/privacy-full Google reCAPTCHA – spam protection service; loaded by other plugins from recaptcha.net. Provider: Google LLC. Terms of use: https://policies.google.com/terms Privacy policy: https://policies.google.com/privacy hCaptcha – spam protection service; loaded by other plugins from js.hcaptcha.com. Provider: Intuition Machines, Inc. Terms of use: https://www.hcaptcha.com/terms Privacy policy: https://www.hcaptcha.com/privacy Cloudflare Turnstile – bot protection service; loaded by other plugins from challenges.cloudflare.com. Provider: Cloudflare, Inc. Terms of use: https://www.cloudflare.com/terms/ Privacy policy: https://www.cloudflare.com/privacypolicy/ Google Translate – translation service widget; loaded by other plugins from translate.google.com and translate.googleapis.com. Provider: Google LLC. Terms of use: https://policies.google.com/terms Privacy policy: https://policies.google.com/privacy Content blockers Content blockers are an optional feature that replaces embedded third-party media (YouTube, Vimeo, Google Maps) with a placeholder until the visitor grants consent. When consent is given, the embed loads normally from the service provider. YouTube – video embeds can be blocked until consent; loaded from www.youtube.com and www.youtube-nocookie.com. Provider: Google LLC. Terms of use: https://www.youtube.com/t/terms Privacy policy: https://policies.google.com/privacy Vimeo – video embeds can be blocked until consent; loaded from player.vimeo.com and vimeo.com. Provider: Vimeo, Inc. Terms of use: https://vimeo.com/terms Privacy policy: https://vimeo.com/privacy Google Maps – map embeds can be blocked until consent; loaded from www.google.com/maps and maps.googleapis.com. Provider: Google LLC. Terms of use: https://cloud.google.com/maps-platform/terms Privacy policy: https://policies.google.com/privacy
Top keywords
- com95×4.90%
- https89×4.59%
- privacy56×2.89%
- terms50×2.58%
- policy39×2.01%
- provider37×1.91%
- privacy policy36×1.86%
- google35×1.81%
- policy https34×1.76%
- privacy policy https34×1.76%
- service33×1.70%
- loaded31×1.60%
MaxtDesign Cookie Consent – Google Consent Mode v2
The MaxtDesign Cookie Consent Manager That Actually Works Most WordPress consent plugins either don’t actually control tracking (they just show a form) or they’re so bloated they slow down your site significantly. MaxtDesign Cookie Consent is different: proper Google Consent Mode v2 implementation in under 10KB. Why This Plugin? For Site Owners: You need CCPA/GDPR compliance but don’t want to sacrifice site performance or deal with complex configuration. For Developers: You want clean, efficient code that follows WordPress standards and doesn’t conflict with other plugins. For Agencies: You manage multiple client sites and need a reliable, lightweight solution that just works. Key Features ✓ Actually Controls Tracking Unlike “checkbox theater” plugins that only show forms, this plugin properly implements Google Consent Mode v2, ensuring GA4 and Google Ads respect user choices. ✓ Blazing Fast (<10KB) Zero performance overhead. No database queries during page load. Pure localStorage-based consent management. ✓ Three Style Presets Choose from Minimal, Modern, or Bold popup styles. Customize colors to match your brand. ✓ Works Everywhere Compatible with any theme. Works with Elementor (optional). Mobile responsive. Accessibility compliant (WCAG 2.1 AA). ✓ Developer-Friendly Clean code following WordPress standards. Two shortcodes for easy integration. No jQuery dependency. Vanilla JavaScript. ✓ Privacy-First No server-side user tracking. No external API calls. User consent stored locally. GDPR/CCPA compliant by design. What is Google Consent Mode v2? Google Consent Mode v2 (GCM v2) became mandatory in March 2024 for GA4 and Google Ads in the EU. It’s Google’s framework for managing user consent signals across their advertising and analytics products. This plugin implements all four required consent types: analytics_storage – Google Analytics cookies ad_storage – Advertising cookies ad_user_data – User data for advertising ad_personalization – Personalized advertising Without proper GCM v2 implementation, your GA4 and Google Ads tracking may be unreliable or non-compliant. How It Works Visitor arrives → Consent popup appears (customizable position, style, timing) User chooses → Three options: Accept All, Analytics Only, or Decline All Consent stored → User choice saved in localStorage (privacy-friendly, no server tracking) GCM signals updated → Google Analytics and Ads respect the user’s choice immediately No repeat popup → Cookie remembers they’ve seen popup (configurable duration) Popup Customization Style Presets: * Minimal – Clean and subtle * Modern – Rounded and polished * Bold – Strong and prominent Position Options: * Top banner * Bottom banner * Center modal Animation Options: * Slide in * Fade in * No animation Color Customization: Primary color picker to match your brand Shortcodes Display Current Status: [mdcc_consent_status] Shows consent chips: “Analytics: On/Off” and “Ads: On/Off” Manage Consent Interface: [mdcc_manage_consent title="Your Privacy Choices"] Full consent management with Accept/Analytics/Decline buttons and current status display. Both shortcodes update in real-time when consent changes. Optional Elementor Integration Prefer to use a custom Elementor popup? Simply enter your Elementor Popup ID in settings, and the plugin will use your custom popup instead while maintaining proper GCM v2 functionality. Technical Specifications Size: <10KB total (CSS + JS combined, gzipped) Performance: Zero database queries during page load Storage: localStorage-based (no server-side user tracking) Dependencies: None (vanilla JavaScript, no jQuery) Compatibility: WordPress 5.8+, PHP 7.4+ Standards: WCAG 2.1 AA accessible, mobile responsive Perfect For WordPress sites using GA4 or Google Ads CCPA/GDPR compliance requirements Performance-conscious developers Agency client sites needing scalable consent management Anyone tired of bloated consent plugins What This Plugin Doesn’t Do Not a cookie scanner – Doesn’t automatically detect all cookies on your site Not a full compliance suite – Focuses on consent management for Google tracking Not multi-platform tracking – Free version handles GA4/Ads only (Pro version coming with Facebook, Hotjar, etc.) For comprehensive cookie auditing and multi-platform tracking control, consider our Pro version (launching 2025). Coming in Pro Version Facebook Pixel control Hotjar tracking control LinkedIn Insight Tag TikTok Pixel Custom script control Consent analytics dashboard Geolocation-based prompts White-label mode for agencies Privacy Policy MaxtDesign Cookie Consent does not collect, store, or transmit any user data. All consent preferences are stored locally in the user’s browser using localStorage. No information is sent to external servers. However, this plugin manages consent for third-party services (Google Analytics, Google Ads). Those services have their own privacy policies: Google Analytics Privacy Policy: https://policies.google.com/privacy Google Ads Privacy Policy: https://policies.google.com/technologies/ads It is your responsibility to include appropriate disclosures in your site’s privacy policy about the tracking services you use. Support For support, please use the WordPress.org support forum. Credits Developed by MaxtDesign – https://maxtdesign.com Special thanks to the WordPress community for feedback and testing.