plugin-icon

CookieKita — GDPR Consent & Cookie Banner

Door gdimitrov·
GDPR cookie consent banner with real tracker blocking, Google Consent Mode v2, consent-aware tag installer, DSAR handling and WooCommerce tracking.
Versie
1.0.8
Laatst bijgewerkt
Jul 4, 2026
CookieKita — GDPR Consent & Cookie Banner

CookieKita is the WordPress companion plugin to cookiekita.com, a GDPR/ePrivacy consent management platform. It does the on-site work — blocking trackers before consent, installing your tags consent-aware, and executing data requests — while the dashboard handles the consent log, cookie scanner and compliance reporting.

What it does

  • 🍪 Cookie consent banner — auto-injects the CookieKita banner, localized to the WordPress site language.
  • 🛡 Real tracker blocking — holds back Google Analytics, Google Tag Manager, Meta Pixel, Hotjar, Clarity, LinkedIn, TikTok and 30+ other services until the visitor consents. A banner that only shows without blocking is not compliant — CookieKita actually blocks.
  • 🔌 Integrations directory — a catalogue of 37 recognised services, each auto-blocked and mapped to the right consent category.
  • Consent-aware tag installer — paste your GA4 / Meta Pixel / GTM (and many more) ID and CookieKita installs the official tag for you as a blocked script that only fires after the matching consent. You become the bridge, not just the blocker.
  • 🛒 WooCommerce eCommerce tracking — automatically sends view_item, add_to_cart, begin_checkout and purchase to GA4 / Google Tag Manager and your ad pixels (Meta, TikTok, Pinterest, Snap, Reddit). Analytics events fire on analytics consent; ad events on marketing consent — fully consent-gated.
  • 🟢 Google Consent Mode v2 & Microsoft UET Consent Mode — consent signals are forwarded automatically.
  • 🌐 GPC / DNT signals — honours Global Privacy Control and Do Not Track.
  • 📊 Cookie declaration shortcode[cookiekita_cookies] renders a live table of the cookies discovered by the CookieKita scanner.
  • 📨 DSAR form shortcode[cookiekita_dsar] adds a GDPR data-subject-request form to any page.
  • 🤖 Auto-execute DSAR (opt-in) — verified deletion/export requests are executed via the WordPress Personal Data API and WooCommerce privacy hooks, with an audit log.

Requirements

  • A free or paid account at cookiekita.com.
  • Your Site Key (32 hex characters) from the CookieKita dashboard. If you download the plugin from your dashboard, the key is pre-configured for you.

External services

This plugin connects to the CookieKita service (cookiekita.com) — it is a companion plugin for that platform and requires a CookieKita account to function. The connection is used for the features below.

1. Banner script & configuration — On every front-end page the plugin loads the consent banner script from https://cookiekita.com/banner.js and fetches your banner configuration and cookie list from https://cookiekita.com/functions/v1/. Your public Site Key is sent so the correct configuration is returned. No personal data is sent for this.

2. Connection / heartbeat — When you save your Site Key (and roughly once a day afterwards) the plugin sends your site URL, plugin version, WordPress version and PHP version to https://cookiekita.com/functions/v1/verify-wp-site so the dashboard can show connection status and register the DSAR webhook. It also checks whether the site was disconnected from the dashboard.

3. DSAR webhook — When auto-execute DSAR is enabled, CookieKita sends signed data-subject requests (containing the requester’s email) to the plugin so they can be fulfilled on your site.

By using this plugin you agree to the CookieKita Terms of Service (https://cookiekita.com/terms) and Privacy Policy (https://cookiekita.com/privacy).

Optional third-party tags (only loaded if you enable them)

CookieKita does not load any of the third-party services below by default. The consent-aware tag installer loads a provider’s official script only when you, the site administrator, enter that provider’s ID / enable it, and even then the script is held back until the visitor gives the matching consent (analytics or marketing). When a tag fires, the visitor’s browser loads the provider’s script directly and that provider receives standard analytics/advertising data (e.g. page views, events, IP address, cookie/device identifiers) — what is sent and when is determined by that provider. Review each provider’s terms and privacy policy before enabling it:

  • Google (Tag Manager, gtag, GA4) — googletagmanager.com — terms: https://policies.google.com/terms — privacy: https://policies.google.com/privacy
  • Meta Pixel (Facebook) — connect.facebook.net — terms: https://www.facebook.com/legal/terms/ — privacy: https://www.facebook.com/privacy/policy/
  • Microsoft Clarity / UET — clarity.ms — terms: https://www.microsoft.com/legal/terms-of-use — privacy: https://privacy.microsoft.com/privacystatement
  • TikTok — analytics.tiktok.com — terms: https://www.tiktok.com/legal/terms-of-service — privacy: https://www.tiktok.com/legal/privacy-policy
  • LinkedIn Insight — snap.licdn.com — terms: https://www.linkedin.com/legal/user-agreement — privacy: https://www.linkedin.com/legal/privacy-policy
  • X (Twitter) Ads — static.ads-twitter.com — terms: https://legal.twitter.com/ads-terms.html — privacy: https://twitter.com/en/privacy
  • Pinterest Tag — s.pinimg.com — terms: https://policy.pinterest.com/terms-of-service — privacy: https://policy.pinterest.com/privacy-policy
  • Snap Pixel — sc-static.net — terms: https://snap.com/terms — privacy: https://snap.com/privacy/privacy-policy
  • Reddit Pixel — redditstatic.com — terms: https://www.redditinc.com/policies/user-agreement — privacy: https://www.reddit.com/policies/privacy-policy
  • Amazon Ads — c.amazon-adsystem.com — terms: https://www.amazon.com/gp/help/customer/display.html?nodeId=508088 — privacy: https://www.amazon.com/gp/help/customer/display.html?nodeId=468496
  • Criteo — static.criteo.net — terms: https://www.criteo.com/terms-and-conditions/ — privacy: https://www.criteo.com/privacy/
  • Outbrain — amplify.outbrain.com — terms: https://www.outbrain.com/onyx/term-of-use/ — privacy: https://www.outbrain.com/privacy/
  • Taboola — cdn.taboola.com — terms: https://policies.taboola.com/terms-of-service/ — privacy: https://policies.taboola.com/privacy-policy/
  • Hotjar — static.hotjar.com — terms: https://www.hotjar.com/legal/policies/terms-of-service/ — privacy: https://www.hotjar.com/legal/policies/privacy/
  • Segment (Twilio) — cdn.segment.com — terms: https://www.twilio.com/en-us/legal/tos — privacy: https://www.twilio.com/en-us/legal/privacy
  • Heap — cdn.heapanalytics.com — terms: https://www.heap.io/terms — privacy: https://www.heap.io/privacy
  • Amplitude — cdn.amplitude.com — terms: https://amplitude.com/terms — privacy: https://amplitude.com/privacy
  • Mixpanel — cdn.mxpnl.com — terms: https://mixpanel.com/legal/terms-of-use/ — privacy: https://mixpanel.com/legal/privacy-policy/
  • FullStory — fullstory.com — terms: https://www.fullstory.com/legal/terms-and-conditions/ — privacy: https://www.fullstory.com/legal/privacy-policy/
  • Crazy Egg — script.crazyegg.com — terms: https://www.crazyegg.com/terms — privacy: https://www.crazyegg.com/privacy
  • Mouseflow — cdn.mouseflow.com — terms: https://mouseflow.com/legal/terms/ — privacy: https://mouseflow.com/legal/privacy-policy/
  • Inspectlet — cdn.inspectlet.com — terms: https://www.inspectlet.com/terms-of-service — privacy: https://www.inspectlet.com/terms-of-service
  • Plausible Analytics — plausible.io — terms: https://plausible.io/terms — privacy: https://plausible.io/privacy
  • PostHog — posthog.com — terms: https://posthog.com/terms — privacy: https://posthog.com/privacy
  • Simple Analytics — simpleanalyticscdn.com — terms: https://www.simpleanalytics.com/terms — privacy: https://www.simpleanalytics.com/privacy-policy
  • HubSpot — js.hs-scripts.com — terms: https://legal.hubspot.com/terms-of-service — privacy: https://legal.hubspot.com/privacy-policy
  • Intercom — widget.intercom.io — terms: https://www.intercom.com/legal/terms-and-policies — privacy: https://www.intercom.com/legal/privacy
  • Drift — js.driftt.com — terms: https://www.drift.com/terms-of-service/ — privacy: https://www.drift.com/privacy-policy/
  • Crisp — client.crisp.chat — terms: https://crisp.chat/en/terms/ — privacy: https://crisp.chat/en/privacy/
  • Tawk.to — embed.tawk.to — terms: https://www.tawk.to/terms-of-service/ — privacy: https://www.tawk.to/privacy-policy/
  • LiveChat — cdn.livechatinc.com — terms: https://www.livechat.com/legal/terms/ — privacy: https://www.livechat.com/legal/privacy-policy/
  • Zendesk — static.zdassets.com — terms: https://www.zendesk.com/company/agreements-and-terms/master-subscription-agreement/ — privacy: https://www.zendesk.com/company/agreements-and-terms/privacy-notice/
Gratisvoor betaalde abonnementen
Door te installeren, ga je akkoord met de Servicevoorwaarden van WordPress.com en de voorwaarden voor plugins van derden.
Getest tot
WordPress 7.0
Deze plugin kan worden gedownload, zodat je hem op je kan gebruiken.