Features Scanner Design How it works Legal proof Compare Pricing FAQ
Get started
WordPress native — 100% self-hosted

The self-hosted CMP with court-ready proof of consent

Your choice. Protected.

GDPR, CCPA and TCF 2.3 support built in, with cryptographic proof of every consent. 36 languages, zero cloud — consent data stays on your server.

Get started Explore features
We respect your privacy

We use cookies to improve your browsing experience, deliver personalized content and analyze our traffic. By clicking "Accept all", you consent to the use of cookies.

Cookie policy
GDPR Art. 7
Consent Mode v2
IAB TCF 2.3
SHA-256 integrity
36 languages + RTL
Self-hosted
2,200+ cookies DB
WCAG accessible
Features

What's actually inside

Cookie compliance on WordPress — without the complexity or the cloud subscription. Here's what ShieldConsent handles for you, entirely from your own server.

Server-side script blocking

Tracking scripts are removed from the HTML at the server level, before the browser sees them. More reliable than JavaScript-only blocking. 290+ known scripts recognized out of the box.

Cookie scanner (2,200+ DB)

Select up to 20 pages, scan server-side and client-side, and match detected cookies against a 2,200-entry database. Schedule daily, weekly or monthly scans with email alerts. See it in action →

Google Consent Mode v2

Consent signals fire automatically to GA4, Google Ads and Tag Manager. Google requires this since March 2024 for EU ad measurement — and there's nothing for you to configure.

36 languages, auto-detected

The banner shows up in each visitor's language, based on their browser settings. Arabic visitors get proper RTL layout. No WPML needed.

Court-ready consent proof

Every consent generates a PDF with a SHA-256 hash, full audit chain, the policy version, and the exact banner text shown — in the visitor's own language. Try explaining that to a regulator with just a log file.

100% self-hosted

Consent data lives on your WordPress server — logs, scan results, configuration. No external API, no cloud sync, no third-party data transfers.

WooCommerce smart whitelist

Checkout, cart and account pages are detected automatically. Stripe, PayPal, Klarna, Mollie, Braintree, Square, Razorpay, Google Pay, Apple Pay and more get unblocked where they need to be — so checkout is not disrupted by consent requirements.

Dashboard & statistics

See how many visitors accept, decline or customize — over 7, 30, 90 or 365 days. Track consent rates by source (banner, modal, floating button) and export when you need to.

Cookie policy page generator

A full cookie policy page — intro, cookie table filled from your scan results, and outro — generated for you and updated with each scan. One shortcode, done.

Cookie Monitor

Passively detect cookies from real visitor traffic over 24–72 hours. Catches what a one-time scan can miss — scroll-triggered analytics, payment cookies, form submissions.

Auto-fill in your language

One click and everything gets pre-filled — banner text, category descriptions, modal labels, button labels — in your site's language. 36 languages, zero typing.

Fully accessible (WCAG)

Keyboard navigation, focus trapping, ARIA labels, screen reader support — the banner and modal work for everyone, not just mouse users.

How it works

Ready in under 5 minutes

No account to create, no API key to paste. Install the plugin, run the wizard, and you're done.

1
Install & scan

Activate the plugin, pick the pages to scan (up to 20). Detected cookies are matched against a 2,200-entry database and sorted into the right category. See how →

2
Auto-fill your language

One button fills in everything — banner text, category labels, modal copy and cookie policy — in your site's language. No copy-pasting from a docs page.

3
Customize your banner

Pick your colors, corners, shadows and icons — make the banner feel like part of your site. Choose opt-in for EU visitors, opt-out for US. Try it live →

4
You're covered

Scripts are blocked at the server before the page loads. Each consent is logged with integrity verification. Consent Mode v2 signals go out to Google automatically.

Cookie Scanner

Know what's on your site

ShieldConsent ships with the Open Cookie Database — 2,200+ cookies from 350+ platforms, already categorized. Select up to 20 pages, scan in one click, and detected cookies are identified, described and placed in the right category. Then let the Cookie Monitor catch what the scanner can't.

shieldconsent — cookie-scanner
$ shieldconsent scan --mode=full
── HTTP header scan ────────────────────
_ga → Google Analytics analytics
_ga_* → GA4 measurement ID analytics
_gid → Google Analytics (session) analytics
_fbp → Facebook Pixel marketing
_gcl_au → Google Ads conversion linker marketing
── JavaScript scan ─────────────────────
wp_lang → WordPress language necessary
wordpress_logged_in_* → Authentication necessary
wc_cart_hash → WooCommerce cart functional
tk_ai → Jetpack analytics analytics
_hjSession* → Hotjar session analytics
── Open Cookie Database lookup ─────────
Matched 11 cookies against 2,200+ known entries
0 unclassified — all matched
$

No more guessing what's on your site

The scanner checks both server-side (HTTP headers) and client-side (Deep Scan in your browser) for thorough coverage. Enable Enhanced scan to trigger lazy-loaded scripts via auto-scroll. Each cookie is matched against the database and assigned to the right consent category — you don't have to look anything up.

2,200+
Cookies in the database
350+
Platforms & services covered
Scheduled scans
Daily, weekly or monthly — up to 200 pages with email report
Cookie Monitor
Passive detection from real traffic — 24 to 72 hours
Get started
Design

Make it look like yours

The banner adapts to your site's personality. Sharp corners for a corporate look, soft rounding for a blog, bold gradients for a creative brand — you decide what feels right.

Live preview No CSS needed Responsive WCAG accessible
Accent
Gradient
Background
Text Dark Light
Corners Sharp Subtle Rounded Extra
Shadow None Subtle Medium Strong
Title icon
Button icon
We respect your privacy

We use cookies to improve your browsing experience, deliver personalized content and analyze our traffic. By clicking "Accept all", you consent to the use of cookies.

Cookie policy
Accept all Decline all Customize settings

No CSS, no fiddling

Background, accent color, corner style, shadow depth, button gradient, icon — everything is controlled from a visual panel with live preview, right inside your WordPress dashboard.

Colors & background
Pick an accent color, a banner background and a text color. Light mode, dark mode, or anything in between.
Corners & shadows
Four corner presets from sharp to extra rounded, four shadow depths. Applied to the banner, the modal and the buttons.
Five icon styles
Shield, cookie, fingerprint, lock or sliders — for the banner title and the floating re-open button, with an optional pulse animation.
Gradient & button icon
Add a gradient effect on the primary button and a small trust icon inside it. Subtle details that make the banner feel intentional.
Why ShieldConsent

Why we built this

Most tools block scripts in the browser — after they’ve already been downloaded. ShieldConsent removes them from the HTML at the server level, before the page reaches the visitor. Scripts are not sent to the browser without consent.

When a regulator asks "can you prove this visitor gave informed consent?", most businesses scramble. With ShieldConsent, you download one PDF — timestamped, integrity-verified, showing the exact banner the visitor saw in their own language, with a full audit chain.

And because the plugin runs entirely on your own WordPress server, there are no third-party data transfers to justify under GDPR Article 28. Your visitors' consent data stays exactly where it should — with you.

GDPR Art. 7
Proof of consent
GDPR Art. 28
No sub-processor
CCPA §999.315
GPC honored
What happens when someone visits your site
1
The page gets intercepted
Before the browser sees any HTML, ShieldConsent scans the output and swaps tracking scripts for inert placeholders.
2
Banner shows up in the right language
The visitor's browser language is matched against 36 translations. An Arabic visitor gets RTL layout, a Japanese visitor gets kanji — automatically.
3
The visitor decides
Accept all, decline all, or pick categories one by one. Consent Mode v2 signals fire to Google Analytics and Ads right away.
4
Proof is stored on your server
A signed consent record gets saved to your database — the exact banner shown, in the visitor's language, with a SHA-256 hash for legal evidence.
Legal accountability

Proof that actually holds up

Every consent event creates an integrity-verified record — not just a log line in a database, but a real legal document with everything a regulator could ask for.

The proof captures the exact banner text and category descriptions the visitor saw, in their language, plus an audit chain linking each consent to its predecessor. If the visitor changes their mind later, both the old and new records are preserved.

  • SHA-256 integrity hash on every consent record
  • Exact banner & modal text shown (in visitor's language)
  • Audit chain linking each consent to its predecessor
  • Legal dossier ZIP: config snapshot + logs + integrity manifest
  • Policy version tracking with re-consent on material changes
See pricing
PROOF OF CONSENT
Automatically generated document
Consent ID7b407dfb-72a6-4301...
DecisionAll Accepted
Date (UTC)2026-03-17 15:35:39
UI LanguageArabic (ar)
Policy Version1.0.5
Banner shownنحترم خصوصيتك
SHA-256: ee964f299abbd8e511f98d0e1834a617314bcbaeaa1b59e...
Multilingual

One banner, every language

36 languages are ready out of the box — each visitor sees the banner in their own language, detected from the browser. Need another language? Add any locale manually and fill in your banner and modal texts. No translation plugin needed.

English (US + GB) Български Hrvatski Čeština Dansk Nederlands Eesti Suomi Français Deutsch Ελληνικά Magyar Gaeilge Italiano Latviešu Lietuvių Malti Norsk bokmål Polski Português (PT + BR) Română Slovenčina Slovenščina Español Svenska Cymraeg العربية 中文 (简体 + 繁體) עברית हिन्दी 日本語 Türkçe Tiếng Việt
36
Languages
290+
Scripts blocked
6
Regulations
0
Cloud dependencies
Comparison

What most CMPs don't do

Every WordPress consent plugin ticks the GDPR box. The difference is what happens when a regulator asks for proof — or when a script fires before consent is given.

Proof, not just a log

A log row says "someone consented". A ShieldConsent proof shows exactly what they saw — the banner text in their language, the categories offered, a SHA-256 hash, and a full audit chain. One PDF, ready for a regulator.

Blocked at the source

Most tools block scripts in the browser — after they've already been downloaded. ShieldConsent removes them from the HTML at the server level, before the page reaches the visitor. Scripts are not sent to the browser without consent.

No cloud, no middleman

Your consent data stays in your WordPress database. No external servers, no third-party API, no data processor to declare. One less risk in your GDPR documentation.

Protection
  • Server-side script blocking (HTML rewrite)
  • Dynamic blocking (MutationObserver + DOM API)
  • Cookie cleaner — purges non-consented cookies
  • Iframe content blocker with consent placeholders
  • WooCommerce smart whitelist (checkout, cart, payments)
  • 290+ known scripts recognized out of the box
Legal evidence
  • Individual consent proof (downloadable PDF)
  • SHA-256 integrity hash on every record
  • Exact banner text captured — in the visitor's language
  • Audit chain (each consent links to its predecessor)
  • Legal dossier export (ZIP with integrity manifest)
  • Policy version tracking with hard re-consent
Architecture
  • 100% self-hosted — no cloud, no external calls
  • No pageview limits, no scan quotas
  • 36 languages with browser auto-detection
  • Native RTL support (Arabic, Hebrew)
  • CSP nonce support for strict security headers
  • Crash recovery — self-heals corrupted settings
Pricing

One price, no surprises

Annual billing, no pageview limits, no monthly fees that creep up. Pick the plan that fits your setup and you're covered for the year. Contact us.

FAQ

Got questions?

Here are the ones we get asked the most.

Is ShieldConsent really 100% self-hosted?
Yes. All consent data — logs, cookie scan results, configuration — is stored in your WordPress database. There are no external API calls, no cloud syncing, no third-party servers. Consent data stays on your infrastructure, which also means no data processor agreements (GDPR Art. 28) to worry about.
Does it work with page caching plugins?
Yes. ShieldConsent filters scripts at the server level before the page is sent to the browser. It works with WP Rocket, LiteSpeed Cache, W3 Total Cache, and others. If a cache was built before installing the plugin, purge it so the filtered HTML is cached. The banner itself loads via a lightweight JavaScript that's unaffected by page caching.
What happens when a visitor doesn't give consent?
Tracking scripts remain blocked. Google Consent Mode v2 sends "denied" signals, so GA4 can still use cookieless modeling if you've enabled it. Embedded content (YouTube, Maps, etc.) gets replaced with a consent placeholder. The visitor can always reopen the consent modal from the floating icon if they change their mind.
Can I customize the banner to match my website design?
Absolutely. ShieldConsent offers full visual customization: accent color, banner background color, text color (light or dark), 4 corner style presets, 4 shadow depth levels, optional gradient on buttons, 5 icon choices (shield, cookie, fingerprint, lock, sliders) with optional pulse animation on the floating button, and a button icon toggle. Everything is configured through a visual interface with instant live preview — no CSS required. The banner is also fully accessible (WCAG compliant with keyboard navigation, focus trapping, and ARIA labels).
How does the legal proof work?
Each consent event generates a record containing the visitor's decision, a timestamp, the exact banner and category texts shown (in the visitor's language), the policy version, and a SHA-256 integrity hash. You can download individual proofs as PDF or export a full legal dossier (ZIP) with your complete configuration snapshot, all logs, and an integrity manifest.
Does it support WooCommerce?
Yes. ShieldConsent includes a smart whitelist that auto-detects WooCommerce checkout, cart, and account pages. Payment gateways (Stripe, PayPal, Klarna, Mollie, Braintree, Square, Razorpay, Google Pay, Apple Pay and more) are automatically unblocked on those pages so checkout is not disrupted by consent requirements.
What's included ?
ShieldConsent includes the full feature set: banner customizer with live preview, 6 cookie categories, cookie scanner with Open Cookie Database (2,200+ entries), scheduled scans, Cookie Monitor (passive real-traffic detection), Google Consent Mode v2, IAB TCF 2.3, all three protection modes, Content Blocker, Cookie Cleaner, geolocation, unlimited translations, legal exports (PDF + ZIP), Audit Log, Legal Proof Generator, cookie policy page generator, settings import/export, and priority support.

Your choice. Protected.

Ready to stop worrying about cookies?

Install ShieldConsent, run the wizard, and go back to what you actually care about. Real compliance, real proof, zero headache.

Get started Read the docs