WC cookies (session, cart, checkout, login) auto-classified as necessary — visitor doesn't need to click the banner to make a purchase. Banner only asks about GA4, Meta Pixel, Ads, remarketing.
The shop must work without clicking the banner — cart, login, checkout. The banner only handles marketing and analytics cookies.
woocommerce_session_*logged-in customer sessionwoocommerce_cart_hashcart contentswoocommerce_items_in_cartcart item countwp_woocommerce_session_*server-side WC sessionwordpress_logged_in_*shop customer logincsrftoken / _wpnoncecheckout CSRF protection_ga, _ga_*Google Analytics 4 enhanced ecommerce_gcl_*, IDEGoogle Ads conversion + remarketing_fbp, frMeta Pixel: products + checkout_hjSessionUser_*Hotjar session recordings_clck, _clskMicrosoft Clarity heatmapsmc_*, klaviyo_*Mailchimp / KlaviyoSign up at cjakciasteczko.pl, add your shop's domain, grab cjakciasteczko-woocommerce.zip from the Integrations panel. ~8 KB.
CJakCiasteczko WooCommerce plugin. Shop cookies auto-classified.
Plugins → Add new → Upload plugin → pick the .zip → Install → Activate. The plugin detects active WooCommerce and shows ✓.
Paste the key from the CJakCiasteczko panel (your domain → Settings → Install key) into Settings → CJakCiasteczko. The plugin verifies once on save.
Open any product in incognito. Banner appears once. After Accept — GA4, Meta Pixel, Ads unblock via Consent Mode v2. After Reject — shop works, cart works, checkout works, just no analytics.
We use GA4 and Meta Pixel to measure conversions. Without them the shop still works — cart and checkout are always available.
“Pasted the plugin Saturday evening, by Sunday morning the regulator audit was green. GA4 conversions didn't drop — Consent Mode v2 models the missing data. Best 39 zł / month we ever spent.”
WooCommerce shops typically wire Klaviyo, Mailchimp or Omnisend to track abandoned carts and send follow-ups. Each of those systems sets a customer identifier in cookies — without consent that's a GDPR black hole.
Cookie __kla_id identifies the visitor across sessions. The Klaviyo for WooCommerce plugin sends email + cart_token at checkout-start. The banner gates this behind marketing consent — Klaviyo only fires after Accept.
Pixel-style cookie mc_* + dataLayer push with product-view events. Requires marketing consent before firing. No banner = Mailchimp doesn't fire = lead recovery at 0%.
Legally a separate matter — that's consent for email marketing (GDPR art. 6.1.a + consumer rights act). The cookie banner does NOT cover this. Your checkout needs its own opt-in checkbox with an “I consent to email marketing” clause.
Gateways set cookies for three reasons: session on their domain (necessary), fraud detection (necessary), conversion analytics (consent required). Different per gateway.
__stripe_mid — fraud, necessary__stripe_sid — fraud, necessarycookie-preferences — opt-inPAYUSESSID — session, necessary_dc_gtm_* — PayU's Google Tag analytics, opt-inPHPSESSID — session, necessary_p24_* — analytics, opt-inThe plugin only classifies cookies that physically appear on your shop — not on the gateway domains. A customer on the P24 checkout page has their own cookies there; we don't touch them (cross-domain).
No. WC Subscriptions uses the same session cookies as WooCommerce core (woocommerce_session_*) — classified as necessary. Stripe / PayU recurring payments work too, because the gateway session doesn't require consent.
The plugin reads hostname from the verify endpoint at save. Multi-language doesn't affect anything — the banner appears on every language version, banner language inherits from the visitor (Accept-Language or a manual override in the CJakCiasteczko panel).
Yes — we inject in wp_head priority 1, which runs before all theme plugins. A rewritten checkout receives the script like any other page. If the scanner doesn't auto-classify session cookies from those plugins, add them as manual overrides in the CJakCiasteczko panel (usually it picks them up automatically).
The previous CMP's storage (e.g. cookieyes_consent) stays on the visitor's device but doesn't matter — our script uses its own key cg_consent_v1. The visitor sees the banner once, the decision is recorded with us. After 30 days you can disable the old plugin; your shop cookies haven't changed.
30 days free, no card. Works from WooCommerce 6.0 + WordPress 5.8 + PHP 7.4.