Overview
WooCommerce works with CookiePilot when cart cookies stay necessary and WooCommerce order attribution does not set sbjs cookies before consent.
Why WooCommerce needs a dedicated flow
The store cannot break after Reject. CookiePilot treats WooCommerce cart/session cookies as necessary: woocommerce_cart_hash, woocommerce_items_in_cart and wp_woocommerce_session_*.
Analytics and marketing tags such as GA4 ecommerce, Google Ads, Meta Pixel, TikTok, Hotjar and Klaviyo should wait for consent.
WooCommerce-safe settings in the plugin
The WooCommerce component exposes Apply WooCommerce-safe settings. It saves enforceBlocking: true, blockingMode: AUTO and denied Consent Mode defaults for analytics/ad/ad_user_data/ad_personalization.
The WooCommerce Shop banner preset uses WooCommerce purple #7f54b3, a cart icon and a visible reject button.
Production smoke test
Test product, add-to-cart, cart, checkout and thank-you page before consent, after Reject and after Accept.
Google cookieless pings are not failures when storage is denied and no tracking cookies are written. Real failures are tracking cookies or marketing requests before consent.
Setup steps
- 1Install the CookiePilot WordPress plugin.
- 2Enable WooCommerce-safe settings and Consent Mode default denied.
- 3If sbjs_* cookies appear, disable WooCommerce Order Attribution or gate it behind consent.
- 4Test product, add-to-cart, cart and checkout in a clean session.
Test checklist
- The product is public and add-to-cart works.
- After Reject, checkout still shows the order form.
- Before consent there are no Meta, TikTok, Hotjar or Google Ads requests.
- After Accept, the consent update grants analytics and marketing.
FAQ
Is this legal advice?
No. It is an implementation guide. For unusual data flows, confirm the setup with your legal or privacy team.
Does CookiePilot block every script automatically?
CookiePilot supports autoblocking and Consent Mode. Trackers hardcoded before the CMP still need to be moved behind the stub or into GTM Consent Initialization.