Integrations
WooCommerceWooCommerce
field-testedPlatforms and stores

CookiePilot for WooCommerce

WooCommerce works with CookiePilot when cart cookies stay necessary and WooCommerce order attribution does not set sbjs cookies before consent.

Overview

WooCommerce works with CookiePilot when cart cookies stay necessary and WooCommerce order attribution does not set sbjs cookies before consent.

Cart and checkout are not blocked by the CMP.
woocommerce_cart_hash and woocommerce_items_in_cart are treated as necessary.
Recommendation: disable WooCommerce Order Attribution if it sets sbjs_* before consent.

Why WooCommerce needs a dedicated flow

The store cannot break after Reject. CookiePilot treats WooCommerce cart/session cookies as necessary: woocommerce_cart_hash, woocommerce_items_in_cart and wp_woocommerce_session_*.

Analytics and marketing tags such as GA4 ecommerce, Google Ads, Meta Pixel, TikTok, Hotjar and Klaviyo should wait for consent.

Source: WooCommerce.tsx and cookie-database.ts
Necessary cart/session cookies
GA4, Ads and Meta paused before consent

WooCommerce-safe settings in the plugin

The WooCommerce component exposes Apply WooCommerce-safe settings. It saves enforceBlocking: true, blockingMode: AUTO and denied Consent Mode defaults for analytics/ad/ad_user_data/ad_personalization.

The WooCommerce Shop banner preset uses WooCommerce purple #7f54b3, a cart icon and a visible reject button.

enforceBlocking: true
blockingMode: AUTO
Preset: WooCommerce Shop

Production smoke test

Test product, add-to-cart, cart, checkout and thank-you page before consent, after Reject and after Accept.

Google cookieless pings are not failures when storage is denied and no tracking cookies are written. Real failures are tracking cookies or marketing requests before consent.

Test product → cart → checkout → thank-you
Reject must not break checkout
Accept starts vendors after consent update

Setup steps

  1. 1Install the CookiePilot WordPress plugin.
  2. 2Enable WooCommerce-safe settings and Consent Mode default denied.
  3. 3If sbjs_* cookies appear, disable WooCommerce Order Attribution or gate it behind consent.
  4. 4Test product, add-to-cart, cart and checkout in a clean session.

Test checklist

  • The product is public and add-to-cart works.
  • After Reject, checkout still shows the order form.
  • Before consent there are no Meta, TikTok, Hotjar or Google Ads requests.
  • After Accept, the consent update grants analytics and marketing.

FAQ

Is this legal advice?

No. It is an implementation guide. For unusual data flows, confirm the setup with your legal or privacy team.

Does CookiePilot block every script automatically?

CookiePilot supports autoblocking and Consent Mode. Trackers hardcoded before the CMP still need to be moved behind the stub or into GTM Consent Initialization.