CookieRay – Cookie Banner for Cookie Consent (GDPR/CCPA Compliant)
CookieRay is a cookie consent and privacy tooling plugin for WordPress. It stores data on your hosting account and runs in your environment. There is no external SaaS dashboard for site operation.
CookieRay helps website owners manage cookie consent settings for GDPR, CCPA, ePrivacy, and other privacy-related requirements. Legal compliance depends on your website setup, third-party tools, region, and how the plugin is configured.
CookieRay provides a visitor-facing consent experience, configurable script blocking, cookie discovery from your site, detailed consent records, and a setup dashboard to help you manage cookie consent records and support privacy-related workflows.
Cookie consent banner
A customizable consent surface with card and bar layouts, live preview in the admin, and nine placement positions. Visitors can Accept All, Decline All, or open a Preferences modal to choose which categories to allow (Necessary, Analytical, Functional, and Marketing). Banner text, colors, buttons, and fonts are editable without writing code.
Script blocking
Choose Log Only recording or Strict blocking in Settings. In Strict mode, CookieRay delays known tracking scripts until the visitor agrees to categories that match those trackers. Common patterns for services such as Google Analytics, Meta Pixel, Hotjar, HubSpot, TikTok Pixel, and many others are included out of the box.
Google Consent Mode v2
When enabled, CookieRay outputs consent state in the visitor’s browser for Google tags (such as GA4, Google Ads, or Google Tag Manager) that you have already placed on your site. Google Consent Mode v2 lets Google tags adjust their behavior based on visitor consent choices while supporting privacy-conscious measurement modes when consent is withheld.
CookieRay itself does not open separate server-side uploads of visitor payloads to Google; instead it surfaces JavaScript so tags you load can read consent signaling. Behavior of those downstream tags depends on how you configured Google products.
Further reading: Google’s Consent Mode documentation (linked under External Services).
Cookie scanner
Run a cookie scan from the WordPress admin to detect cookies surfaced on responses from your own site.
When an administrator starts a scan, CookieRay queues work on your server and uses the WordPress HTTP API to request public URLs belonging to your site domain (for example the homepage, published content URLs, WooCommerce storefront pages where applicable, and related routes depending on plugins). Cookie names surfaced in responses can be merged with your inventory for categorization alongside the plugin’s bundled tracking-cookie reference data.
CookieRay also runs deeper script-discovery passes that analyze HTML fetched from a bounded set of URLs (the embeddable deep scan inspects up to 50 URLs on the same domain, chosen from the XML sitemap when available or from the home page plus recent posts and pages). Scan coverage still depends on plugins, caches, authenticated-only flows, and what responses your site serves to CookieRay’s unauthenticated crawler.
There is no recurring unattended scan timetable built into CookieRay. You start scans from CookieRay screens (background processing completes those runs without another manual click).
Cookie inventory
View, edit, and categorize cookies discovered on your site. Assign cookies to Necessary, Analytical, Functional, or Marketing categories. Bulk-categorize or delete entries. Custom cookies can be added manually, with regex pattern support where appropriate.
Consent logs
Consent events can be logged with identifiers, statuses, granted categories, page URL, banner version, and timestamp fields available for review. Entries are searchable and filterable in the admin. You can export records as CSV, and export individual receipts as PDF for your record-keeping process.
Dashboard
See a summarized score guided by configurable checks (blocking mode, categorized cookies, policy link usage, consent expiry and scan recency reminders, whether Google Consent Mode output is enabled, and related items). Use it as onboarding guidance alongside your legal or compliance review.
Scan history
Review past scans: timing, URLs covered, counts, and summaries of results to track changes over time.
Settings
Configure consent behavior (Log Only vs Strict blocking), consent expiry, consent log retention, Google Consent Mode v2 toggle, optional data portability export flows, and related options. Banner and behavior settings are stored through WordPress options alongside plugin metadata.
Privacy and data handling
CookieRay does not send usage data, telemetry, or visitor payloads to CookieRay-operated servers. Consent logs and inventories stay in your site’s database unless you export them elsewhere.
Third-party trackers you integrate yourself (such as Google Analytics, Google Ads, Google Tag Manager, Meta Pixel, marketing pixels, embedded chat widgets, and similar vendors) may still collect information according to their own tags, configurations, vendor accounts, regions, and published policies, even when CookieRay delays or respects categories for scripts it recognizes.
A WordPress Cron task deletes consent records older than the retention period configured in Settings, whenever WordPress Cron runs normally on your host.
Pro Features
- Scheduled automatic cookie scans
- Geo targeting – show or hide the banner by country
- Integration with Google Tag Manager, Meta Pixel, Adobe Experience Platform
- Trust Badge – “Privacy Protected” badge displayed in the site footer
- Premium support and priority updates
Support
For questions, bug reports, or help with configuration, visit the CookieRay support page.
External Services
CookieRay does not send analytics, telemetry, or visitor data to CookieRay-operated servers.
1. Same-site cookie scanner
When an administrator runs a cookie scan, CookieRay uses the WordPress HTTP API (wp_remote_get) to fetch public URLs belonging to the same WordPress site — for example the homepage, published post URLs, WooCommerce storefront pages, and sitemap entries.
What is sent: Standard HTTP GET requests to your own site’s public URLs. When: Only when an administrator triggers a scan from CookieRay admin screens. Who receives the requests: Your own web server. No data is sent to CookieRay or any third party. Source file: includes/class-scanner.php
2. Google Consent Mode v2 (optional, admin-enabled)
When enabled in Settings, CookieRay outputs JavaScript on visitor pages that signals consent state to Google tags you have independently installed (e.g. GA4, Google Ads, Google Tag Manager). CookieRay does not make server-side HTTP calls to Google.
What is sent: Browser-side consent signals read by locally loaded Google tags you control. When: When Consent Mode is enabled in CookieRay Settings and visitors load pages that include your Google tags. Who receives downstream data: Google, per your Google account and tag configuration.
Google Privacy Policy: https://policies.google.com/privacy Google Terms of Service: https://policies.google.com/terms Google Consent Mode documentation: https://support.google.com/analytics/answer/9976101