cmpwoocommerceGoogle Consent Mode v2cookie consent

Banner de cookies WooCommerce: guia Consent Mode para lojas

Marcin
13 de julho de 2026
8 min de leitura
Banner de cookies WooCommerce: guia Consent Mode para lojas

Uma loja WooCommerce combina normalmente WordPress, pagamentos, analytics, pixels de publicidade e plugins de marketing. Por isso, o consentimento é mais sensível do que num simples site institucional. This guide explains how to plan a banner de cookies WooCommerce for Portugal: which WooCommerce cookies should normally stay available for the cart, how to handle payment gateways, how to connect Google Consent Mode v2 and how to test the full purchase path before launch.

If you need the broader consent background first, read the guide to Google Consent Mode v2 and the practical GDPR cookie banner article. CookiePilot can support the implementation with localized banners, consent categories, Consent Mode v2 signals and consent records for small stores and agencies.

Porque WooCommerce precisa de configuração própria

WooCommerce is flexible because every store can add shipping plugins, payment plugins, upsell tools, analytics tools and advertising pixels. The same flexibility creates consent risk. A banner de cookies must not break the cart, but optional analytics and marketing scripts should not behave as if consent was already granted.

For a loja online in Portugal, the practical question is not only whether a banner appears. The stronger question is whether the browser behavior matches the banner choices: necessary cart cookies remain available, GA4 and advertising pixels respect the visitor decision, and Google tags receive the correct Consent Mode v2 state.

Que cookies WooCommerce são normalmente necessários

| Cookie | Purpose | Category | Consent usually required? |

|---|---|---|---|

| woocommerce_cart_hash | cart content and changes | Necessários | Não |

| woocommerce_items_in_cart | cart item count | Necessários | Não |

| wp_woocommerce_session_ | customer session and cart continuity | Necessários | Não |

| _ga, ga* | Google Analytics 4 measurement | Analítica | Sim |

| _gcl_au | Google Ads conversion and attribution | Marketing | Sim |

| _fbp or similar pixels | remarketing and ad audiences | Marketing | Sim |

The important distinction is operational. Cart and session cookies are normally needed to provide the service the shopper requested. Blocking them can damage the basket or login state. Analytics and advertising cookies should be tied to a clear visitor choice and mapped to Consent Mode v2 signals where Google tags are used.

Pagamentos e risco no checkout

Payment gateways add another layer. Stripe, PayPal, local card acquirers, bank transfer providers and fraud-prevention tools can use scripts or cookies during checkout. Treating every payment-related file as marketing can stop an order from being completed. The safer workflow is to classify payment functionality separately, document it, and test with marketing consent rejected.

A useful QA path is simple: open a clean browser, reject optional cookies, add a product to the cart, move to checkout, choose a payment method, return from the payment provider and confirm that the order status behaves correctly. Then repeat after accepting all cookies and compare analytics and conversion events.

  1. Load the cmp before optional analytics and advertising tags. This step helps keep the store measurable without turning Consent Mode into a legal guarantee. The goal is a repeatable setup that developers, marketers and store owners can check after plugin changes.

  2. Keep woocommerce cart and session cookies in the necessary category. This step helps keep the store measurable without turning Consent Mode into a legal guarantee. The goal is a repeatable setup that developers, marketers and store owners can check after plugin changes.

  3. Map analytics choice to analytics_storage. This step helps keep the store measurable without turning Consent Mode into a legal guarantee. The goal is a repeatable setup that developers, marketers and store owners can check after plugin changes.

  4. Map advertising choice to ad_storage, ad_user_data and ad_personalization. This step helps keep the store measurable without turning Consent Mode into a legal guarantee. The goal is a repeatable setup that developers, marketers and store owners can check after plugin changes.

  5. Check that ga4 and google ads tags do not set cookies before consent. This step helps keep the store measurable without turning Consent Mode into a legal guarantee. The goal is a repeatable setup that developers, marketers and store owners can check after plugin changes.

  6. Document payment and fraud-prevention scripts separately. This step helps keep the store measurable without turning Consent Mode into a legal guarantee. The goal is a repeatable setup that developers, marketers and store owners can check after plugin changes.

  7. Test reject, partial consent and accept all paths. This step helps keep the store measurable without turning Consent Mode into a legal guarantee. The goal is a repeatable setup that developers, marketers and store owners can check after plugin changes.

  8. Repeat the test after every new woocommerce marketing plugin. This step helps keep the store measurable without turning Consent Mode into a legal guarantee. The goal is a repeatable setup that developers, marketers and store owners can check after plugin changes.

For GTM-specific steps, use the related guide to Google Consent Mode v2 in Google Tag Manager. If you are comparing CMP costs for a WooCommerce store, see CMP pricing and CookiePilot pricing.

Método plugin ou GTM

A CookiePilot também tem um plugin oficial de WordPress para esta configuração. Em lojas WooCommerce, o plugin pode detetar o contexto da loja e aplicar definições de consentimento seguras para WooCommerce: os cookies do carrinho e do checkout continuam disponíveis como necessários, enquanto as tags de analytics e marketing aguardam a escolha do visitante. É mais seguro do que tratar WooCommerce como um snippet genérico, porque o percurso de compra deve continuar a funcionar após a rejeição de cookies opcionais.

| Approach | Best fit | Main risk |

|---|---|---|

| CMP/plugin script | Most small and mid-sized WooCommerce stores | The script must load early enough and categories must be reviewed |

| Google Tag Manager | Agencies and stores with advanced marketing tags | New tags can bypass consent if triggers are not reviewed |

| Custom implementation | Larger teams with developer ownership | Higher maintenance cost and more regression risk |

CookiePilot is usually the practical middle path: one consent layer, localized UI, Consent Mode v2 support, consent records and a setup that small teams can maintain. Review CookiePilot features or the Cookiebot alternative page if you are moving away from a more expensive CMP stack.

Como testar a loja

| Test | Expected result | Tool |

|---|---|---|

| Before choice | No optional analytics or marketing cookies should be created | Browser DevTools and Tag Assistant |

| Reject optional cookies | Cart, login and checkout should still work | Manual purchase path |

| Accept analytics only | Analytics behavior follows the analytics choice while ads remain denied | GTM Preview or Tag Assistant |

| Accept all | Google Ads and GA4 can receive granted signals | Google diagnostics |

| Install new plugin | Repeat cookie scan and category review | CMP dashboard and browser test |

Use Google’s official Consent Mode documentation as the technical reference. Do not rely only on whether the banner is visible. Real QA means checking storage, requests, GTM events and a full order path.

In Portugal, cookie and consent work should be framed carefully. A CMP can help collect and record choices, but it does not guarantee compliance by itself. Review local guidance from CNPD and, where relevant, electronic communications context from ANACOM. EU-wide background from the EDPB and the European Commission GDPR page is also useful.

The practical rule is to avoid overblocking necessary shop functions and avoid pre-consent optional tracking. If you are unsure whether your store needs a banner at all, start with do I need a cookie banner?.

FAQ

No. WooCommerce itself does not give you a complete CMP workflow with localized consent UI, Consent Mode v2 mapping and consent records.

Usually no. Cart and session cookies are normally necessary for the shopper-requested service. Blocking them can break the basket or checkout.

No. It sends consent state to Google tags. The banner and CMP still need to collect and store the visitor choice.

Should payment gateway cookies be marketing cookies?

Usually payment and fraud-prevention functionality should be reviewed separately and tested carefully. Do not block payment functionality just because it appears during checkout.

How often should a WooCommerce store retest cookies?

After every new marketing plugin, payment plugin, theme change, GTM publish, checkout change or major campaign launch.

Can CookiePilot help with WooCommerce?

Yes. CookiePilot can support localized banners, category management, Consent Mode v2 signals and consent records for WooCommerce stores and agencies.

Próximo passo

Start with a cookie and tag inventory, then configure the banner de cookies, connect Consent Mode v2 and test the purchase path with optional cookies rejected. CookiePilot is a practical CMP for WooCommerce teams that want predictable pricing, localized banners and a maintainable consent setup. Review features, compare pricing, read the Cookiebot alternative page or use contact if you need implementation help.

Escrito por

Marcin

Zespół CookiePilot dzieli się wiedzą o RODO, PKE i zarządzaniu cookies.

Partilhe este artigo: