GdprCookie Module
Overview
The GdprCookie module manages cookie consent banners, cookie categories, and third-party script blocking. It provides customers with granular control over cookie preferences while ensuring compliance with GDPR cookie regulations.
Features
- Customizable cookie consent banner
- Four cookie categories (Essential, Analytics, Marketing, Functional)
- Third-party script blocking until consent
- Cookie preferences center
- Accept All / Required Only buttons
- LocalStorage-based consent persistence
- CSP-compliant implementation
- Multi-store cookie policies
Configuration
Path: Stores > Configuration > GDPR Compliance > Cookie Management
Cookie Banner Settings
| Setting | Description | Default |
|---|---|---|
| Enable Cookie Banner | Show/hide cookie consent banner | Yes |
| Banner Position | Bottom or Top of page | Bottom |
| Banner Background Color | Hex color code | #2c3e50 |
| Banner Text Color | Hex color code | #ffffff |
| Show on First Visit Only | Hide banner after consent given | Yes |
| Auto-hide Delay | Seconds before auto-hiding (0 = never) | 0 |
Banner Content
| Setting | Description |
|---|---|
| Banner Title | Main heading text |
| Banner Message | Description text (supports HTML) |
| Accept All Button Text | Label for accept button |
| Required Only Button Text | Label for essential-only button |
| Customize Button Text | Label for preferences link |
| Privacy Policy Link | Link to full privacy policy |
Cookie Categories
Path: GDPR > Cookie Categories
Essential Cookies
- Always Active - Cannot be disabled
- Purpose - Required for basic site functionality
- Examples:
- Session cookies
- Shopping cart
- Security tokens
- Language preferences
Configuration:
Name: Essential
Description: Necessary for the website to function properly
Enabled: Always (cannot be disabled)
Scripts: (automatically detected)
Analytics Cookies
- Default State - Can be enabled/disabled by default
- Purpose - Track site usage and performance
- Examples:
- Google Analytics
- Hotjar
- Custom tracking scripts
Configuration:
Name: Analytics
Description: Help us understand how visitors interact with our website
Enabled by Default: No (recommended)
Scripts:
- Google Analytics: UA-XXXXX-X
- Google Analytics 4: G-XXXXXXXXXX
Marketing Cookies
- Default State - Can be enabled/disabled by default
- Purpose - Personalized advertising and retargeting
- Examples:
- Google Ads
- Facebook Pixel
- AdRoll
Configuration:
Name: Marketing
Description: Used to deliver personalized advertisements
Enabled by Default: No (recommended)
Scripts:
- Google Ads: AW-XXXXXXXXX
- Facebook Pixel: XXXXXXXXXXXXXXX
Functional Cookies
- Default State - Can be enabled/disabled by default
- Purpose - Enhanced features and personalization
- Examples:
- Chat widgets
- Video players
- Social media embeds
Configuration:
Name: Functional
Description: Enable enhanced functionality and personalization
Enabled by Default: Yes (optional)
Scripts:
- YouTube embeds
- Zendesk Chat
Managing Cookie Scripts
Adding Cookie Scripts
Navigate to GDPR > Cookie Categories > [Category] > Scripts
For each script, configure:
| Field | Description | Example |
|---|---|---|
| Script Name | Friendly name | Google Analytics |
| Script Type | JavaScript, Pixel, Iframe | JavaScript |
| Category | Which category | Analytics |
| Provider | Company name | Google LLC |
| Purpose | What it does | Track page views |
| Cookie Names | Cookies created | _ga, _gid |
| Expiry | How long cookies last | 2 years |
| Script Code | Actual script | <script>...</script> |
| Block Until Consent | Wait for consent | Yes |
Cookie Information Management
The module stores information about cookies used on your site:
- Cookie name and provider
- Purpose and description
- Expiry period
- Cookie category assignment
- Privacy policy links
Cookie Preferences Center
Customers manage cookies at: Customer Account > Privacy Settings > Cookie Preferences
Features
- Toggle each cookie category on/off
- View detailed description of each category
- See list of cookies in each category
- Save preferences
- Reset to defaults
Guest Users
Guest users can access cookie preferences via:
- Cookie banner "Customize" button
- Footer link to cookie preferences
- Direct URL: /customer/account/privacy
Integration with GTM
For script blocking and consent-aware tracking, use the GdprGtm module which integrates with Google Tag Manager and Google Consent Mode v2.
Banner Customization
Custom CSS
Add custom styles at Stores > Configuration > GDPR > Cookie Management > Custom CSS
.gdpr-cookie-banner {
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
border-radius: 10px;
box-shadow: 0 10px 40px rgba(0,0,0,0.3);
}
.gdpr-cookie-banner__button {
background: #ffffff;
color: #667eea;
border-radius: 25px;
padding: 12px 30px;
}
Banner Templates
Override template: view/frontend/templates/cookie/banner.phtml
Custom Layouts
Modify: view/frontend/layout/default.xml
Multi-Store Configuration
Different cookie settings per store view:
- EU Store - Strict consent required
- US Store - Implied consent, banner informational
- UK Store - UK GDPR rules
Configure per store: - Banner messages in local language - Different cookie policies - Regional script requirements
API Endpoints
REST API for cookie consent:
POST /rest/V1/gdpr/cookie/consent
GET /rest/V1/gdpr/cookie/preferences
PUT /rest/V1/gdpr/cookie/preferences
DELETE /rest/V1/gdpr/cookie/consent
Best Practices
Cookie Banner Design
- Keep message concise and clear
- Use contrasting colors for visibility
- Make "Required Only" as prominent as "Accept All"
- Test on mobile devices
Cookie Categories
- Only include truly necessary cookies in Essential
- Be transparent about what each category does
- Provide examples of cookies in each category
- Link to detailed cookie policy
Script Management
- Audit all third-party scripts quarterly
- Remove unused tracking scripts
- Document why each script is necessary
- Test that blocking actually works
Performance
- Minimize banner size and complexity
- Load cookie preferences asynchronously
- Cache consent decisions in LocalStorage
- Lazy-load non-essential scripts
Compliance
- Essential cookies should work without consent
- Non-essential requires explicit consent
- Respect withdrawal of consent immediately
- Keep cookie policy updated
Troubleshooting
Banner not appearing
Check: - Module enabled in configuration - Cache cleared - JavaScript not blocked by CSP - Store view scope correct
Scripts not being blocked
Verify:
- Correct data-gdpr-cookie-category attribute
- Category name matches configuration
- JavaScript console for errors
- No caching issues
Consent not persisting
Ensure: - LocalStorage enabled in browser - No privacy mode blocking storage - Correct domain for cookies - Cache not interfering
Buttons not working
Debug: - Check browser console for JavaScript errors - Verify Alpine.js loaded - Check for CSS conflicts - Test in different browsers
Related Modules
- GdprCookieHyva - Hyvä theme compatibility
- GdprCookieTemplates - Pre-configured cookie definitions
- GdprAnalytics - Analytics consent integration
- GdprGtm - GTM consent mode
- GdprFrontend - Frontend components