Documentation/GDPR Cookie Consent/How to setup CookieYes GDPR Cookie Consent Plugin(CCPA)

How to setup CookieYes GDPR Cookie Consent Plugin(CCPA)


The GDPR Cookie Consent(CCPA) plugin makes a website comply with the GDPR & CCPA law for the usage of cookies on a website. To name a few you can:

  • add a cookie notice bar on the front end of the website to notify usage of the site cookies
  • restrict banner to EU or CA visitors or all.
  • scan your website for cookies and add it to your cookie list.
  • render or block the scripts of these cookies based on the user’s consent either via the automatic script blocker or by manually adding scripts.
  • maintain an audit log of user consents
  • consent withdrawal


After purchasing the GDPR Cookie Consent by WebToffee, the plugin will be available as a zip file in the API Downloads section of your MY ACCOUNT page.

  1. Download the zip file from API Downloads by logging into your WebToffee MY ACCOUNTS page.
  2. Log in as the WordPress Admin of your website.
  3. Navigate to Plugins > Add New to upload the downloaded plugin.
  4. Choose the plugin file to upload.
  5. Finally, activate the plugin.


  • Please uninstall the basic version (in case you have it installed) prior to installing the premium version to avoid any conflicts.
  • The plugin requires a minimum of WordPress v4.5 or above.

License Activation

After you have installed and activated the GDPR Cookie Consent plugin on your website, you need to activate the license of the plugin so that you will be notified of the plugin updates. To do so, from the WordPress admin dashboard, go to GDPR Cookie Consent > Settings > License.

The page looks as in the screenshot below:


Enter the license key and the license email that you will get from the My Account page in WebToffee and click activate.

Get Started

After you have activated and installed the GDPR Cookie Consent plugin on your WordPress website, on your dashboard, you will see a menu for the GDPR Cookie Consent plugin.

GDPR Cookie Consent-from WordPress dashboard

And on the user end of the website, you will be able to see a cookie message bar at the bottom end of the screen.

GDPR&CCPA-Cookie Notice Home page (Click to expand)

The plugin can be setup in two parts.

  1. Cookie law selection and customisations.
  2. Identifying the cookies used on the website and the scripts of the non-necessary cookies and add them to the plugin.

You can explicitly enable the required law and customize the appearance of the cookie notice bar to match with the theme of your website from the Settings window as shown below.

GDPR&CCPA-Cookie Law Settings
GDPR&CCPA-Cookie Law Settings

The different tabs of the Settings page allow you to customize the different parts of the cookie consent bar. Let’s go through each of these tabs of the settings page in detail.

General Settings

You can select the type of law and manage its country restrictions from the general window

GDPR&CCPA-Cookie Law Settings

The general settings consists of the following options:

  • Enable Cookie bar: You can enable or disable the cookie bar on your website. By default, it is in the enabled state which shows the banner at the front end of the website. Disable to not show the banner on the front end of the website.
  • Select the type of law: You can either choose GDPR, CCPA, or both based on your site requirement.
<div class="alert alert-info" role="alert">
GDPR refers to cookie/privacy law related to EU territory. CCPA is related to the California Consumer privacy act.
  • GDPR Settings:
    • Show only for EU Countries enables you to show the cookie notice only to the visitors from the European countries.
  • CCPA Settings: The right to opt-out in the California Consumer Privacy Act gives consumers the ability to direct a business not to sell their personal information to a third party. The shortcode for ‘DO NOT SELL’  is [wt_cl i_cc pa.optout] To setup CCPA, refer here.
    • Enable CCPA: Check the option to enable CCPA for your site.
    • Restrict CCPA only to California: Enable to show banner only for the visits from California; applicable to all visitors when disabled.
    • Enable CCPA notice: Enabling the notice will display the banner with the relevant text as per your configuration. Use this option particularly to record prior consent from the website visitors.
  • More options
    • Enable the Auto-hide cookie bar after the delay option and configure time if you want to assume the user acceptance if he/she lingers on the web page for the specified amount of time.
    • Enable the Auto-hide cookie bar (Accept on scroll) option if you want to assume the user acceptance if he/she scrolls the web page.


The screenshot of the Other section is as shown below.

GDPR&CCPA-Cookie Law Settings-Customise Cookie Bar-Other
GDPR&CCPA-Cookie Law Settings-Customise Cookie Bar-Other
  • Enable Consent Logging: Set yes, to record the consent of each user in the database. You can access the same from the Consent Report page.
  • Reload after scroll accept event: Choose yes to reload the webpage automatically when the user scrolls, thereby, accepting consent.
  • Reload after Accept button click: Choose yes to reload the webpage automatically when the user clicks on the accept button.
  • Reload after Reject button click: Choose yes to reload the webpage automatically when the user clicks on the Reject button.

Customize Cookie Bar 

The cookie bar message and its styling can be modified from Customise Cookie Bar tab.

Following are the fields in this tab:

  • Enter an appropriate message title for the cookie bar in the field provided. Leave it blank if you don’t need one.
  • The message field populates the default cookie banner content. It supports basic HTML tags and other shortcodes for Accept button, Rejects button, etc.
  • You also have a provision to control the color of the Cookie Bar and/or the message font. By default, the plugin will take the active theme font.
  • The three different styles supported for the cookie bar are Banner, Pop up, or as a widget.
    • With the banner option, you get to choose if you want to place the banner in the header or footer.
    • The pop-up type will show the cookie message bar as a popup instead of a banner. You can set an overlay along with the popup, which will block the user from browsing the website unless consent is obtained. 
  • As for the widget, you can position it to the left or right of the website.
  • On load option allows you to either animate the notification or make it sticky while loading the website.
  • On hide option allows you to either animate the way the notification disappears or to disappear without any visual effect.
Sample cookie bar as popup with overlay

Revisit Consent

Below is the screenshot of the Revisit Consent section and its fields explained.

GDPR&CCPA- Settings-Customise Cookie Bar-Show again tab
  • Enabling the revisit consent automatically displays a small privacy widget at the footer of your website. You can also manually insert a link to manage consent by adding the shortcode Privacy & Cookies Policy to your website.
  • You can place the Manage consent tab to either the left or right of the web page.
  • Use the From left margin to position the show again tab. Enter a value in either pixel or percentage to specify the distance from the respective margin, to place the dialog accordingly.
  • The Title field allows you to customize the text on the widget. For instance, you can key in ‘Privacy and Cookie Policy’ as a title or whatever you may like.

Customize Buttons 

Customize the buttons and links used in the cookie message bar. Copy the shortcodes of button/link and paste it to the cookie message bar.

  • The Accept, Accept All, Reject and Settings Button section consists of the following fields as shown below:
    • The Text field lets you add the button text.
    • Text Color lets you choose the text color.
    • Show as field lets you choose whether the shortcode should appear as a button or as links. Choose button style to set required the background colour.
    • You have the option to set an action against the button/link. The close header option simply closes the cookie bar upon a user action whereas the Open URL option opens the specified URL in a new or existing window as the case may be.
    • Select the desired size for the button from the drop-down as either Extra large, Large, Medium, or Small.
  • The Read More Link opens to the Privacy & Cookie Policy page of your website.
  • The additional fields for the Read More Link apart from the common options are the following:
    • URL: Redirect users to the specified page URL.
    • Page: Select a page from the list of available pages on the website to redirect users. (My Account, Checkout, Cart).
    • Choose yes, to open Privacy & Cookie Policy page in a new window.


There are two main panels within the Themes: a Cookie bar-Design editor and a Cookie message-Text editor.

  • The Cookie bar-Design editor window will display the cookie bar that is currently active on the website. Click on a cookie text, buttons, etc from the design editor to customize it. You can customize the font size, color, weight, border, or even include a custom CSS from the control panel. You can customize the font size, color, weight, border, or even include a custom CSS from the control panel.
Cookie Law Settings-Themes-Edit Control Panel
  • Edit the cookie bar content from Cookie message-Text editor.
Cookie Law Settings-Theme-Cookie Design Editor and Cookie Text Editor

Once done with the styling, Save & Publish the changes. Click on Change template to view other template options. Cancel to revert to your previously active template.

Alternatively, you may use the Change template button to adopt a cookie bar from some of our default templates under the Banner or Pop up or Widget formats in the following manner.


Just select any template from the list and click on the Live preview button to experience it against your website. If you like what you see click on Customize to get it onto your design editor. Besides if you need to customize further you may make the necessary changes from the design editor.

Cookie-Law-Settings-Theme-Live Preview and Customize button

Finally, click on Save & Publish button to set the customized template as the current cookie bar.

Advanced Settings

The settings come with an Advanced tab with the following options:

GDPR Cookie-Advanced tab
GDPR Cookie-Advanced tab
  • Reset all values: The Delete settings and reset button will restore the plugin to its default state overriding all your settings.
  • Override caching: When enabled, the GDPR plugin overrides the cached webpages to show the webpage with respective user consent.
  • Cookie scanner URL per request: Depending on server limitation, restrict the number of URLs scanned per request. For example, if you face an error “Unable to connect..retrying ” during a scan, try reducing the number to ‘2’.

Once done, click on the Update Settings button.


The Help guide tab consists of two sections Shortcodes and Help links.

Shortcodes are used to insert cookie banner elements in website pages/posts. To add the shortcodes inside a template file, you can use the ‘do_shortcode’ function.

Cookie Law Settings-Help-Shortcodes

To know more about the shortcodes used in the plugin, read this article.

Help Link

This section gives you links to resources related to the GDPR Cookie Consent plugin. The screen looks as below:

GDPR cookie consent allows you to add the cookies automatically by using a cookie scanner. GDPR Cookie Consent now uses CookieYes to bring you enhanced scanning for cookies on your website.

Our cookie scanning solution lets you:

  • Discover first-party and third-party cookies used on your website.
  • Identify what personal data they collect and what are the other purposes they serve.
  • Determine whether you need to comply with the data protection laws governing cookies. Eg:- EU’s GDPR, ePrivacy Directive (EU Cookie Law), California’s CCPA, etc.

The GDPR Cookie Consent plugin comes with multiple ways with which you can add the cookies to the plugin.

1. Connect with CookieYes

The plugin lets you automatically scan the cookies and add them to the plugin. From GDPR Cookie Consent > Cookie scanner, Click on the Connect and Scan button.

Click on the Connect and scan button to connect with the CookieYes.

Existing users of CookieYes can enter the username and password.

However, new users will get connected automatically with CookieYes. Upon successfully connecting with the CookieYes, you can start the scanning process.

2. Scan website for cookies

Click on the Scan website for cookies to begin the scanning.

Subsequently, scanning of cookies will be initiated. It might take a few minutes to a few hours to complete the scanning of your website. This depends on the number of pages to scan and the website speed. You can even switch between your screens even while the scanning is in progress. Scanning can be aborted by clicking on Abort scan.

3. Scan completion

After the scan is complete, you can view all the cookies that have been scanned and the URLs that have been scanned from the Scan result. The result will look as shown below:

From here, you can add the scanned cookies to the cookie list, download the cookies into a CSV file, and perform the scan again.

4. Cookie import options

When you choose to add the scanned cookies to the list, you are presented with three options as shown below:

Add to cookie list options
  • Replace old: In the first option, you can replace all the existing cookies in the list and add the newly scanned cookies.
  • Merge (Recommended): With the second option, the plugin performs a check whether the scanned cookies are already present in the list and skip those cookies that exist. This is the recommended method to add cookies.
  • Append (Not recommended): In the third method, you can append the newly scanned cookies with the existing cookies in the list. This is not recommended since it could result in duplicate entries in the cookie list.

After you select an option, click on the Start Import button.

All the scanned cookies and their related data will be added to the cookie list. The data added to the cookie list are the cookie ID, cookie-type, cookie category, and the duration of the cookies.

By default, the values in the cookie type field thus added will be persistent, all the cookies will be assigned to the non-necessary category or necessary category which are the two predefined categories of the plugin, and the value in the cookie-sensitivity field will non-necessary.

Scanned cookies added to the Cookie List page
Scanned cookies added to the Cookie List page

All these, of course, can be edited from the Edit Cookie by clicking on the respective cookie name from the cookie list page.

Using the GDPR plugin, you can even manually add the cookies. To do that, navigate to GDPR Cookie Consent > Cookie List. This will take you to the Cookie List page as shown below:

The Cookie List page with no cookies added
The Cookie List page

Click on Add New button to add cookies manually. The steps to add cookie manually are explained below:

Import cookie using a CSV

You can import the cookies into the plugin using a CSV file. You find the option to import cookies under GDPR Cookie Consent > Cookie List. Prepare a CSV in the required format, click on the Import from CSV button.

Cookies Import from a CSV button
Cookies import button

This will take you to the Import from a  file page.

Cookie import page
Cookie import page

From this page, upload the CSV to the plugin and import. All the cookies and their details can be seen on the Cookie List page after the import.

Click here to download the sample CSV.

The plugin also has an export feature that helps to export the cookies and its related details to a CSV file. To do that, click on the Download as CSV button from the Cookie List page.

Cookie list export button
Cookie list export button

This becomes very useful if there are websites using GDPR plugin that uses similar cookies or if you want to migrate the cookies you set up in the plugin from the development site to the production site. All you need to do is export the cookies of one website into a CSV file and then import them to the other.

To add the cookies manually, click on the Add New button under GDPR Cookie Consent > Cookie List. Add the cookies and the cookie details from the Add New Cookie Type page. The following is a screenshot of the Add New Cookie Type page.

Add New Cookie Type page
Add New Cookie Type page

The following are the fields in the Add New Cookie Type page.

  • Cookie Title – Add the title of the cookie. This field is for audit purposes, so this field allows you to add the name of the cookie in a user-friendly manner.
  • Cookie description – This allows you to add the description of the plugin so that you can explain what the purpose of the cookie is, what it does, what data it collects, etc.
  • Cookie Category – Add the category that the cookies belong to.
  • Cookie Type – This is to indicate the type of the cookie. The types include persistent, session, or third-party. Persistent cookies are those that generally persists even after the browser is closed. Session cookies are those cookies that will expire when the session is over. Third-party cookies are the cookies that are installed by third-party services being used on the website.
  • Cookie Duration – This is the time duration the cookies will be active on the browser. The easiest way to find out the duration of a cookie is from the developer console of the browser.
  • Cookie Sensitivity – Cookies are either necessary or non-necessary. The necessary cookies are those cookies that, as the name indicates, are absolutely necessary for the website to function in its intended way. The users do not have the control to disable this category of the cookies. The non-necessary cookies are those cookies whose scripts need to be added in the plugin and that the users can enable/disable.
  • Head Scripts/Body Scripts – This is where the scripts related to the cookies are to be added. If the scripts are added in the Head Scripts field, the scripts, on user consent, will be rendered in the head of the website and the scripts will be rendered in the body if added in the Body scripts area.

The screenshot below shows an example of adding Google Analytics cookies to the Cookie list from the Add New Cookie Type page:

Adding Google Analytics cookie
Adding Google Analytics cookie

After all the details have been added as above, click on the update button and the cookie will be added to the Cookie List.

The GDPR Cookie Consent gives the users granular control over the cookies that they want to allow. They can turn the cookies on/off in their browser depending on their category.

For this, the plugin gives you two predefined categories named Necessary and Non-necessary. You can add the necessary cookies of your website to the Necessary category. The users will not be able to disable the cookies that are categorized as Necessary. So the cookies that are essential for the functioning of the website should be added to this category.

Cookie Category

For the rest of the non-necessary cookies used by the website, you can either add them to the Non-necessary category or you can create categories of your own. This allows you to create cookie categories like Analytics, Statistics, Advertisement, etc. based on the nature of the cookies.

To create a new category for the cookies, go to GDPR Cookie Consent > Cookie Category. This will take you to the Cookie Category page where you can add the name of the category, slug, description of the category, and give the priority to determine the order in which the categories will appear on the front end. 

If you enable Load on Start option, scripts under the created category will be rendered without waiting for user consent on the first page visit. This option is discreetly used only if you are sure that no user sensitive data is being obtained via the specified scripts.

If you enable the Category default state option, the category toggle button will be in the active state for cookie consent.

If you enable Sell Personal Information option, scripts under this category will be considered as personal data collecting scripts and will be blocked if opted out from CCPA.

The categories thus added will be visible on the user-end on a pop-up when the user clicks on the Settings button on the cookie bar. When clicked on each category, the users will be shown the description of the category as added by the admin. The user can then choose to enable or disable the cookies of each category from the popup.

Note: The categories, either predefined or user-defined, are only visible on the popup when there are cookies added into that category.

Policy Generator

You can easily create and generate the cookie policy from the Policy generator module. Policy generator will help you in creating a separate page for cookie policy which will list out various details like:

  • About the cookie policy
  • What are cookies?
  • How do we use cookies?
  • What types of cookies do we use?
  • How can I control the cookie preferences?
GDPR Cookie Consent-Cookie policy generator
GDPR Cookie Consent-Cookie policy generator

You can even add additional details from the Add New button. You will get a live preview of the cookie policy from here. Subsequently, a new cookie policy page can be created or an existing page can be updated.

On creating a new policy page it can be published for it to be made available in your store.

Cookie Policy Page
Cookie Policy Page

Blocking Cookies Automatically

Using the GDPR Cookie Consent plugin you can automatically block the scripts of the cookies being rendered on the website.

The script blocker lists out services/plugins currently supported for auto-blocking. Enabled services/plugins will be blocked by default on the front-end of your website prior to obtaining user consent and rendered respectively based on consent. 

It is further categorized into script and plugin sections.

The third-party services that are currently being auto blocked are the following: 

  • Google Analytics
  • Facebook Pixel
  • Google Tag Manager
  • Hotjar Analytics
  • Google Publisher Tag
  • Youtube Embed
  • Vimeo Embed
  • Google Maps
  • AddThis Widget
  • ShareThis widget
  • Twitter Widget
  • SoundCloud Embed
  • SlideShare Embed
  • LinkedIn Widget
  • Instagram Embed
  • Pinterest Widget
  • Google Adsense
  • Hubspot Analytics
  • Matomo Analytics

To automatically block the scripts of the cookies installed by these services using the GDPR Cookie Consent plugin, go to GDPR Cookie Consent > Script Blocker > Scripts tab. This will take you to the Manage Script Blocking page as shown in the screenshot below.

To block the scripts automatically from rendering on the website, enable the toggle button for the selected scripts. This will block the scripts from any sources rendering on the website unless the user consents. If the toggle buttons are in the disabled state, the scripts from other sources other the GDPR plugin will not be automatically blocked.

To autoblock scripts of plugins, move on to the Script Blocker >Plugins section. It will allow you to manage automatic script blocking for your website. The following three plugins are currently supported for auto-blocking.

  • Official Facebook Pixel
  • Smash Balloon Instagram Feed
  • Smash Balloon Twitter Feed
  • Feeds for youtube
  • Monster Insights

Plugins marked inactive are either not installed or activated on your website. Enabled plugins will be blocked by default on the front-end of your website prior to obtaining user consent and rendered respectively based on consent.

If you wish to disable automatic script blocking for any of these pluginsyou can do so by simply toggling the button against the respective plugin.

For more information on automatic script blocking read: How to Automatically Block Cookies Using the GDPR Cookie Consent Plugin.

You can keep a record of the users who have given their consent using the GDPR Cookie Consent plugin. To log the consent given by the users, make sure that you have enabled the Enable Consent Logging field under GDPR Cookie Consent > Cookie Law Settings > General > Other. When the consent is being logged, the IP addresses of the users that have given their consent and the cookie categories that they have given consent to will be recorded in the Consent Report page, along with the date and time of the visit and the user ID if the user has logged in.

GDPR Consent History page
Log consent history

It is completely up to the admin to decide whether he wants to keep a record of the consent. However, when the consent logging is enabled, the users should be notified that their IP address will be collected for the consent logging purposes.

All this data in the consent report can be exported to a CSV file by clicking on the Export Report button on the Consent Report page.

Show the Cookie Bar Only for the EU Countries

You can make the cookie message bar to be visible only for the visitors from the European Union. Using this feature, the consent for using the cookies on the website will only be taken from the visitors of the European Union.

To set the cookie notification only for the EU visitors, go to the Cookie Law Settings page under GDPR Cookie Consent. Click on ‘yes’ for Show only for EU Countries ( GeoIP ) field and update the settings.

Cookie Law Settings-Show only for EU Countries

The GeoIP feature can be extended to more countries using the code snippet in this article.

To know more about the GDPR Cookie Consent plugin, visit the plugin product page.

The Ultimate WordPress Plugin for EU Cookie Law (GDPR) Compliance

Used by 1 Million+ WooCommerce Stores

#1 in Customer Satisfaction

WebToffee Guarantee: Get Your Money Back if You Are Not Satisfied With The Product

Buy Now!

  • Was this article helpful?
  • YesNo