PrestaShop

CookiePilot module for PrestaShop with Consent Mode v2

Upload one ZIP in the Module Manager, connect your shop domain and the module serves the consent banner from the head of every storefront page. Supported on PrestaShop 8.0.0 to 9.99.99.

Requirements and supported versions

  • PrestaShop version 8.0.0 to 9.99.99.
  • Back office access with permission to install modules.
  • A CookiePilot account. You can register, verify your e-mail and log in directly inside the module.
  • The module ZIP, version 1.0.0, downloaded from the link below. Do not unpack it.

Download the module

The ZIP is served by the CookiePilot application at the address below and is never bundled with third-party marketplaces. After downloading, compare the SHA-256 checksum with the published value to confirm the file was not modified in transit.

Size: 228.8 KBSHA-256: 9ac5668263574e760e6f860a4a939c3ee67445d15624e02f6b03d14e5fdb95d9
Download the ZIP

On Linux or macOS run the command below. On Windows use certutil -hashfile against the downloaded file. The output must match the published digest exactly.

tmp=$(mktemp)
trap 'rm -f "$tmp"' EXIT
curl -fsSL https://app.cookiepilot.io/downloads/cookiepilot-prestashop-addons-1.0.0.zip -o "$tmp"
echo "9ac5668263574e760e6f860a4a939c3ee67445d15624e02f6b03d14e5fdb95d9  $tmp" | sha256sum --check

Install the ZIP in the Module Manager

  1. 1.In the back office open Modules, then Module Manager, and click Upload a module.
  2. 2.Drop the downloaded ZIP into the upload dialog. PrestaShop installs it and lists it as CookiePilot CMP.
  3. 3.Click Configure on the CookiePilot CMP entry to open the module configuration page.
  4. 4.If the upload is rejected, check that your PrestaShop version is between 8.0.0 and 9.99.99 and that the ZIP is the original, unmodified file.

Register, verify your e-mail and connect the shop

  1. 1.On the configuration page create a CookiePilot account or log in to an existing one. Registration needs an e-mail address and a password.
  2. 2.Confirm the verification e-mail. The module completes the login once the address is verified.
  3. 3.Connect the shop: the module creates the domain in your CookiePilot account automatically, or reconnects to an existing domain with the same host name.
  4. 4.The Shop connection panel then shows the connected domain, the account and the current plan, with the status CONNECTED.

Where the script is injected

  1. 1.The module injects the CookiePilot script into the head of every storefront page, exactly once, before analytics tags. You never paste code into the theme, and duplicate hooks in a theme do not lead to a second copy.
  2. 2.If a manually pasted CookiePilot snippet or another consent banner already exists in your theme or in a tag container, remove it. Two consent layers on one page compete for the consent state and corrupt measurement.
  3. 3.The Storefront status panel has one switch, Enable CookiePilot banner and Consent Mode, so you can confirm at any time whether the script is being served.

Consent Mode v2 mapping

  1. 1.The module sets Google Consent Mode v2 defaults to denied before the visitor makes any choice. Analytics and marketing storage stay denied until consent exists.
  2. 2.Accept All grants every category. Reject All keeps every category denied. Granular consent grants exactly the categories the visitor selected in the settings view.
  3. 3.Optional static and dynamic scripts registered in the module are blocked and released by the same categories, so a script only runs when its category is granted.

Multistore behaviour

  1. 1.In a multistore installation the configuration is stored per shop. Each shop connects its own domain and keeps its own keys.
  2. 2.A newly created shop does not inherit the keys of the owner shop. Open the module configuration in the context of each shop and connect it separately.

Check the dataLayer in the console

Open the storefront in a private window, open the browser console and paste the snippet below. Before any choice you should see a single default entry with denied values. After a choice an update entry with the granted categories must follow.

(window.dataLayer || []).forEach(function (entry) {
  if (entry && entry[0] === 'consent') {
    console.log(entry[1], entry[2]);
  }
});

Tracker tests in five states

Run each state in a fresh private session and keep the Network tab open. These five states are the acceptance test the module itself is verified against.

Before consent: while the banner is still open, the Network tab shows no analytics or marketing requests and no tracking cookies are written.
Analytics only: grant just analytics in the granular view. Analytics requests start, marketing requests and marketing cookies stay absent.
Marketing only: grant just marketing. Marketing tags may fire while analytics storage stays denied.
Accept All: the granted categories start and the dataLayer contains a consent update with granted values.
Reject All: the shop keeps working, including cart and checkout, and trackers stay silent even after a reload.

Meta Pixel and TikTok Pixel do not read Consent Mode, so Consent Mode v2 alone does not stop them. They must be covered by the module autoblocking or fired through event gating only after marketing consent.

Disable, uninstall, reinstall

Disabling the module removes the CookiePilot script from the storefront. The domain in your CookiePilot account stays untouched.

Uninstalling removes the local secrets and the hooks from the shop database. It does not delete the remote domain and it does not delete the stored consent evidence.

Reinstalling the module and reconnecting the same domain works: the module attaches to the existing domain again instead of creating a duplicate.

Troubleshooting

The banner does not appear after installation

Clear the PrestaShop cache under Advanced Parameters, Performance, and purge your CDN if you use one. Cached HTML keeps serving pages generated before the module was enabled.

Two banners or a conflicting consent state

Remove any manually pasted consent snippet from the theme, from hosting tools and from tag containers. Exactly one consent layer may run, and the module already injects it once.

Trackers fire before the banner

A theme or another module that hardcodes GA4, Meta or TikTok loads outside the consent layer. Move those tags behind the module autoblocking or into a consent-gated tag setup.

Google Tag Manager setups

Keep the module as the only consent source. Gate every GTM tag on the matching consent state or fire it after the consent update, and never paste a second CookiePilot loader into the container.

Meta or TikTok requests keep appearing

These pixels ignore Consent Mode. Confirm they are covered by autoblocking or event gating; a pixel hardcoded in the theme keeps firing until it is moved behind marketing consent.

The module in a real shop

Install the module and test your shop

Download the ZIP, connect your domain and run the five tracker states in a clean session. The whole setup happens in the back office.