PHPackages fabiodalez/faz-cookie-manager - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. fabiodalez/faz-cookie-manager ActiveWordpress-plugin fabiodalez/faz-cookie-manager ============================= The only cookie consent plugin you need. 100% free, zero cloud dependencies. Full GDPR, CCPA, ePrivacy, and IAB TCF v2.3 compliance. v1.7.2(1mo ago)593↓100%8[1 issues](https://github.com/fabiodalez-dev/FAZ-Cookie-Manager/issues)[1 PRs](https://github.com/fabiodalez-dev/FAZ-Cookie-Manager/pulls)GPL-3.0-or-laterPHPPHP >=7.4CI passing Since Mar 3Pushed 1mo ago2 watchersCompare [ Source](https://github.com/fabiodalez-dev/FAZ-Cookie-Manager)[ Packagist](https://packagist.org/packages/fabiodalez/faz-cookie-manager)[ RSS](/packages/fabiodalez-faz-cookie-manager/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)DependenciesVersions (23)Used By (0) FAZ Cookie Manager ================== [](#faz-cookie-manager) **The only cookie consent plugin you need. 100% free, zero cloud dependencies, no subscriptions.** --- **Tired of cookie consent plugins that lock essential features behind paywalls, require cloud accounts, or send your visitors' data to third-party servers?** FAZ Cookie Manager is a WordPress plugin that gives you everything you need to make your site compliant with international privacy regulations -- completely free, with no strings attached. No account to create. No cloud service to connect. No "premium" plan to unlock basic features like consent logging or geo-targeting. Everything runs on your own server, and you own all your data. Why FAZ Cookie Manager? ----------------------- [](#why-faz-cookie-manager) Most cookie consent plugins follow the same pattern: a free version with crippled features, and a paid tier starting at $10-50/month that unlocks what you actually need. FAZ Cookie Manager breaks that model: FeatureOthers (free)Others (paid)FAZ Cookie ManagerCookie bannerLimitedFull**Full**Cookie scannerNoYes**Yes**Consent logging + CSV exportNoYes**Yes**Google Consent Mode v2NoYes**Yes**IAB TCF v2.3 + GVLNoYes**Yes**Geo-targetingNoYes**Yes**Multi-language (180+)NoYes**Yes**Cloud dependencyNo**Yes****No**PriceFree$10-50/mo**Free forever**> **A note on IAB TCF v2.3:** The plugin includes a fully functional IAB TCF v2.3 CMP implementation -- TC String encoding, GVL integration, vendor consent UI, and all required `__tcfapi()` commands work correctly. However, for the TC String to be recognized by the ad-tech supply chain, the CMP must be registered with IAB Europe (which requires an annual fee). CMP registration is on the roadmap. If you'd like to help make it happen, consider supporting the project: > > [![Buy Me A Coffee](https://camo.githubusercontent.com/418c63057144bd4345ef93b2bf86dd622f2b40f0492b818be8d7719cf94bf103/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4275792532304d6525323041253230436f666665652d737570706f72742d79656c6c6f773f7374796c653d666c6174266c6f676f3d6275792d6d652d612d636f66666565)](https://buymeacoffee.com/fabiodalez) --- Screenshots ----------- [](#screenshots) ### Cookie Consent Banner [](#cookie-consent-banner) GDPR-compliant banner with Customize, Reject All, and Accept All buttons. Appears on first visit, fully responsive and keyboard accessible. [![Cookie consent banner](assets/screenshots/screenshot-1.png)](assets/screenshots/screenshot-1.png) ### Dashboard [](#dashboard) Analytics overview with pageviews chart, consent distribution (accept/reject rates), and quick links to all plugin sections. [![Dashboard](assets/screenshots/screenshot-2.png)](assets/screenshots/screenshot-2.png) ### Cookie Banner Editor [](#cookie-banner-editor) Customize layout (box, bar, popup), position, theme (light/dark), and regulation type (GDPR/CCPA/both) with a live preview. Includes tabs for Content, Colours, Buttons, Preference Center, and Advanced settings. [![Cookie Banner editor](assets/screenshots/screenshot-3.png)](assets/screenshots/screenshot-3.png) ### Cookies Management [](#cookies-management) View all detected cookies organized by category (Necessary, Functional, Analytics, Performance, Advertisement). Edit, delete, or add cookies manually. Integrated with the Open Cookie Database (2,242 definitions) for automatic categorization. [![Cookies management](assets/screenshots/screenshot-4.png)](assets/screenshots/screenshot-4.png) ### Cookie Scanner [](#cookie-scanner) Built-in browser-based scanner with multiple scan depths: Quick (10 pages), Standard (100), Deep (1,000), or Full scan. Runs locally -- no external service, no API limits. [![Cookie scanner](assets/screenshots/screenshot-5.png)](assets/screenshots/screenshot-5.png) ### Consent Logs [](#consent-logs) Complete audit trail of every visitor's consent decision. Shows consent ID, status, categories chosen, anonymized IP, and page URL. Search, filter, and export to CSV for GDPR accountability. [![Consent Logs](assets/screenshots/screenshot-6.png)](assets/screenshots/screenshot-6.png) ### Google Consent Mode v2 [](#google-consent-mode-v2) Configure all 7 consent signal types with default and granted states. Includes Google Additional Consent Mode (GACM) for ad technology provider IDs. [![Google Consent Mode](assets/screenshots/screenshot-7.png)](assets/screenshots/screenshot-7.png) ### Languages [](#languages) Select from 180+ available languages. The banner text adapts automatically to the visitor's browser language. [![Languages](assets/screenshots/screenshot-8.png)](assets/screenshots/screenshot-8.png) ### Settings [](#settings) Global controls: enable/disable banner, exclude pages, consent log retention, scanner limits, Microsoft UET/Clarity consent APIs, and IAB TCF v2.3 toggle with CMP ID and Purpose One Treatment options. [![Settings](assets/screenshots/screenshot-9.png)](assets/screenshots/screenshot-9.png) --- Compliance ---------- [](#compliance) StandardStatusDetailsGDPR (EU)CompliantOpt-in model, granular consent, right to withdrawePrivacy DirectiveCompliantNo cookies before consent, script blockingCCPA / CPRA (California)Supported"Do Not Sell" opt-out, GPC signal detectionGarante Privacy LG 2021 (Italy)CompliantEqual-weight buttons, no scroll-as-consent, 6-month max expiryEDPB GuidelinesCompliantScroll != consent, no pre-checked categories, equal button prominenceIAB TCF v2.3CompliantFull `__tcfapi()` CMP, GVL integration, real vendor consent, DisclosedVendors segmentGoogle Consent Mode v2CompliantDefault-denied signals, consent update on interactionLGPD (Brazil)SupportedConsent-based modelPOPIA (South Africa)SupportedOpt-in consentWCAG 2.1 AAPartialKeyboard navigation, focus indicators, ARIA labelsWP Consent APICompliantRegistered via `wp_consent_api_registered_` filter> **Legal Disclaimer:** Compliance status depends on correct plugin configuration for your specific use case and does not constitute a legal guarantee. This table is for informational purposes only and is not legal advice. Consult a qualified legal professional for your jurisdiction. ### Automated Compliance Tests [](#automated-compliance-tests) 175 Playwright tests verify compliance at runtime: - TF01-TF18: Full functional test suite covering banner display, cookie blocking, consent flow, mobile, accessibility, revocation, logging, GCM signals, and cookie declarations - P05: No ambiguous button labels (dark pattern check) - G07: Non-technical toggles OFF by default - I08: Technical cookies non-disableable - T01-T03: IAB TCF `__tcfapi` CMP stub, TC String format, cross-frame messaging - GCM01-GCM05: Google Consent Mode default-denied, granted on accept, revocation - CD01-CD03: Cookie declarations, descriptions, categories - VIS01-VIS09: Visual integrity checks across banner types and preference centers - IAB01-IAB39: IAB Settings page, GVL admin page, vendor selection, TC String validation **Test suite includes 175 automated compliance checks.** --- Installation ------------ [](#installation) 1. Download the latest release from [GitHub Releases](https://github.com/fabiodalez-dev/FAZ-Cookie-Manager/releases) 2. Upload the `faz-cookie-manager` folder to `/wp-content/plugins/` 3. Activate in WordPress admin > Plugins 4. Go to **FAZ Cookie** in the admin sidebar 5. Click **Scan Site** on the Cookies page to detect cookies 6. Customize banner design, text, and regulation type ### Requirements [](#requirements) - WordPress 5.0+ - PHP 7.4+ - MySQL/MariaDB - No external services required (except optional: GitHub for cookie database updates, ip-api.com for geolocation fallback) --- Features (detailed) ------------------- [](#features-detailed) ### Cookie Banner [](#cookie-banner) - **Three banner types**: Classic (bar), Popup (modal), Box (widget) - **Configurable position**: Top, bottom, or any corner - **Three legislation modes**: GDPR (opt-in), CCPA (opt-out), Info-only - **Preference center**: Granular per-category toggles with cookie audit tables - **Full color customization**: Background, text, button colors via color pickers - **Theme presets**: Light and dark themes - **Brand logo**: Upload custom logo via WordPress Media Library - **Live preview**: Real-time banner preview in admin as you edit - **Responsive**: Adapts to mobile viewports, tested on 375px width - **RTL support**: Arabic, Hebrew, Persian, Urdu, and other RTL languages - **Consent expiry**: Capped at 180 days per Garante Privacy requirements - **Revisit widget**: Floating button to reopen preferences after consent - **Video placeholder**: Blocks YouTube/Vimeo embeds until consent - **Page exclusions**: Skip banner on specific pages (supports wildcards) - **Subdomain sharing**: Share consent across subdomains - **Reload on accept**: Optional page reload after consent ### Buttons [](#buttons) - **Accept All** -- grants consent to all categories - **Reject All** -- denies all non-necessary categories (equal visual weight as Accept) - **Customize / Settings** -- opens preference center for granular control - **Read More** -- links to privacy policy (configurable: button or link, nofollow, new tab) - **Do Not Sell** -- CCPA opt-out button (only in CCPA mode) ### Cookie Management [](#cookie-management) - **Cookie list**: Full CRUD for cookies -- name, domain, duration, description, category, URL pattern - **Cookie categories**: Necessary, Functional, Analytics, Performance, Advertisement, Uncategorized - **Per-category prior consent**: Each category has a configurable `prior_consent` flag. Set to OFF for first-party analytics cookies that meet the Garante Privacy exemption (first-party only, aggregated data, anonymized IP, no cross-referencing) - **Audit table**: Per-category cookie listing embedded in the preference center - **Multilingual descriptions**: Cookie description and duration stored per-language ### Cookie Scanner [](#cookie-scanner-1) A fully local browser-based cookie crawler -- no external scanning service. - Discovers pages via sitemap.xml parsing + homepage link extraction - Scans pages in iframes to detect all cookies - Configurable scan depth: Quick (10), Standard (100), Deep (1000), Full - Deduplicates -- never overwrites existing cookie entries - Scan history with results ### Open Cookie Database [](#open-cookie-database) Integrates the [Open Cookie Database](https://github.com/fabiodalez-dev/Open-Cookie-Database) (Apache-2.0) for automatic cookie identification. - **2,200+ cookie definitions** from major platforms (Google, Facebook, Microsoft, Stripe, etc.) - **Auto-download** on first activation - **Manual update** via admin UI button - **Exact + wildcard matching**: e.g., `_gat_` prefix matches `_gat_UA-12345` - **Auto-categorize**: One-click bulk categorization ### Google Consent Mode v2 [](#google-consent-mode-v2-1) Full GCM v2 integration with all required consent signals: - `ad_storage`, `analytics_storage`, `functionality_storage`, `personalization_storage`, `security_storage` - `ad_user_data`, `ad_personalization` (v2 additions) - **Default: all denied** -- updates to granted on consent - **Wait for update** -- configurable delay (ms) for slow-loading CMPs - **URL passthrough** -- pass ad click info even when consent denied - **Ads data redaction** -- redact ad data when consent denied ### Google Additional Consent Mode (GACM) [](#google-additional-consent-mode-gacm) - Enable/disable toggle - Configure ATP (Authorized Technology Provider) IDs - Generates Additional Consent string format: `1~id.id.id...` ### IAB TCF v2.3 CMP with Global Vendor List [](#iab-tcf-v23-cmp-with-global-vendor-list) Full `__tcfapi()` implementation compliant with the IAB Transparency & Consent Framework v2.3: - **Commands**: `ping`, `getTCData`, `addEventListener`, `removeEventListener`, `getVendorList` - **Global Vendor List (GVL)**: Server-side download and caching of the IAB GVL v3 (1,100+ vendors). Weekly auto-update via WP-Cron, manual update from admin UI - **GVL Admin Page**: Browse, search, and filter all IAB-registered vendors. Select which vendors your site uses. Paginated table with purpose/feature details - **Real Vendor Consent**: TC Strings encode actual vendor consent and legitimate interest bits based on user choices and vendor purpose declarations - **Special Feature Opt-ins**: TCF v2.3 Special Features (precise geolocation, device scanning) mapped from user category consent - **DisclosedVendors Segment**: Mandatory segment listing all vendors the CMP discloses to users - **Vendor Legitimate Interest**: Honors user's Right to Object -- LI bits are only set when the user hasn't objected to the corresponding purposes - **Vendor Consent UI**: Per-vendor toggles in the preference center, with vendor name, purposes, privacy policy link, and cookie retention info - **TC String**: Full base64url encoding with core segment + DisclosedVendors segment, `euconsent-v2` cookie - **Cross-frame messaging**: `__tcfapiLocator` iframe + `postMessage` bridge - **Command queue**: Processes pre-load `__tcfapi.a` queue - **CMP Stub**: Inline stub responds to `ping` before main script loads (`cmpStatus: 'stub'`) - **Dynamic config**: ConsentLanguage, publisherCC, gdprApplies, CMP ID, Purpose One Treatment -- all configured from server-side settings - **GVL file storage**: Cached at `wp-content/uploads/faz-cookie-manager/gvl/vendor-list.json` for frontend access #### CMP ID and IAB Registration [](#cmp-id-and-iab-registration) FAZ Cookie Manager works in two modes: ModeCMP IDWhat worksWhat doesn't**Self-hosted** (default)`0`Banner, cookie blocking, Google Consent Mode v2, consent logging, all admin featuresAd-tech vendors ignore the TC String (unrecognized CMP)**IAB-registered**Your IDEverything above **plus** full TCF vendor chain -- SSPs, DSPs, and ad exchanges read and honor the TC StringRequires [IAB CMP registration](https://iabeurope.eu/cmp-list/) (annual fee)**When do you need a registered CMP ID?** - If you run programmatic advertising (header bidding, ad exchanges) and need the buy-side to respect granular vendor consent via the TC String - If your DPA or legal counsel requires a registered CMP for TCF compliance **When is self-hosted (CMP ID = 0) sufficient?** - You only need GDPR/ePrivacy-compliant cookie consent (banner + script blocking) - You use Google Consent Mode v2 (GCM uses its own consent signal channel, independent of TCF) - You don't participate in the IAB programmatic advertising supply chain To set your CMP ID: **Settings > IAB TCF v2.3 > CMP ID** ### Microsoft Consent Integration [](#microsoft-consent-integration) - **UET Consent Mode**: Sets `ad_storage`/`analytics_storage` defaults to denied, updates on consent - **Clarity Consent API**: Calls `window.clarity('consent')` when analytics accepted ### Consent Logging [](#consent-logging) Stores proof of consent in a local database table for GDPR accountability: - **Consent ID**: Unique per-visitor identifier - **Status**: accepted, rejected, or partial - **Categories**: JSON map of which categories were accepted/rejected - **IP hash**: SHA256 hash (privacy-preserving, no raw IPs stored) - **Pagination** and **search** in admin UI - **CSV export** with date-stamped filename - **Retention period**: Configurable (default: 12 months) ### Pageview Analytics [](#pageview-analytics) Built-in analytics dashboard -- no Google Analytics needed for basic metrics: - **Events tracked**: pageview, banner\_view, banner\_accept, banner\_reject, banner\_settings - **Dashboard charts**: Daily pageview trend, accept/reject rates ### Geolocation [](#geolocation) Detects visitor country for geo-targeted banner display: - **Detection chain**: Cloudflare > Apache mod\_geoip > PHP GeoIP extension > ip-api.com - **Geo-targeting modes**: ALL (everyone), EU (EU/EEA + UK), US only, Custom country list - **Proxy-aware**: Reads `CF-Connecting-IP`, `X-Forwarded-For`, `X-Real-IP` headers - **Cached**: 1-hour WordPress transient per IP ### Multilingual Support [](#multilingual-support) - **10 bundled languages**: English, German, French, Italian, Spanish, Polish, Portuguese (PT + BR), Hungarian, Finnish - **180+ selectable languages** in the admin configuration - **Browser language detection**: Parses `Accept-Language` header with quality factor sorting - **Plugin integration**: Polylang and WPML auto-detected - **Per-language banner content**: Separate title, description, button text per language - **RTL auto-detection**: Arabic, Hebrew, Persian, Kurdish, Urdu ### Shortcodes [](#shortcodes) ShortcodeDescription`[faz_cookie_table]`Responsive cookie table grouped by category for policy pages`[cookie_audit]`Backward-compatible alias**Attributes:** `columns`, `category`, `heading` --- REST API -------- [](#rest-api) All endpoints under `faz/v1`. Admin endpoints require authentication (WordPress nonce). ### Settings [](#settings-1) MethodEndpointDescriptionGET`/settings`Get all plugin settingsPOST`/settings`Update settings (merge)POST`/settings/reinstall`Recreate missing DB tablesPOST`/settings/apply_filter`Apply WP Internal filter changesPOST`/settings/geolite2/update`Download/update GeoLite2 databaseGET`/settings/geolite2/status`GeoLite2 database status### Google Consent Mode [](#google-consent-mode) MethodEndpointDescriptionGET`/gcm`Get GCM settingsPOST`/gcm`Update GCM settings### Cookies [](#cookies) MethodEndpointDescriptionGET`/cookies`List cookies (filter by category)POST`/cookies`Create a cookieGET/PUT/DELETE`/cookies/{id}`Read/update/delete a cookiePOST`/cookies/bulk-update`Bulk update cookiesPOST`/cookies/bulk-delete`Bulk delete cookiesPOST`/cookies/scrape`Lookup names against Open Cookie DatabaseGET`/cookies/definitions`Get cookie definitions statusPOST`/cookies/definitions/update`Download/refresh definitions from GitHub### Scanner [](#scanner) MethodEndpointDescriptionGET`/scans`Scan historyPOST`/scans`Start a new scanGET`/scans/{id}`Scan detailsGET`/scans/info`Scanner configurationPOST`/scans/discover`Discover site pagesPOST`/scans/import`Import scan results### Consent Logs [](#consent-logs-1) MethodEndpointDescriptionGET`/consent_logs`List logs (paginated, searchable)GET`/consent_logs/statistics`Aggregate statisticsGET`/consent_logs/export`CSV exportGET`/consent_logs/{consent_id}`Single consent record### Pageviews [](#pageviews) MethodEndpointDescriptionPOST`/pageviews`Record event (public)GET`/pageviews/chart`Pageview chart dataGET`/pageviews/banner-stats`Banner interaction statsGET`/pageviews/daily`Daily pageview breakdown### Banners [](#banners) MethodEndpointDescriptionGET`/banners`List bannersPOST`/banners`Create a bannerGET/PUT/DELETE`/banners/{id}`Read/update/delete a bannerPOST`/banners/bulk`Bulk operationsGET`/banners/preview`Banner preview HTMLGET`/banners/presets`Theme presetsGET`/banners/configs`Banner configuration### Global Vendor List (GVL) [](#global-vendor-list-gvl) MethodEndpointDescriptionGET`/gvl`GVL status (version, vendor count, purposes)GET`/gvl/vendors`List vendors (paginated, searchable, filterable)GET`/gvl/vendors/{id}`Single vendor detailsPOST`/gvl/update`Download/refresh GVL from IABGET`/gvl/selected`Get selected vendor IDsPOST`/gvl/selected`Save selected vendor IDs### Languages [](#languages-1) MethodEndpointDescriptionGET/POST`/languages`Get/update language configuration--- Database -------- [](#database) Five custom tables (created on activation): TablePurpose`wp_faz_banners`Banner configuration and per-language content`wp_faz_cookies`Cookie definitions (name, category, description, domain, pattern)`wp_faz_cookie_categories`Cookie categories (necessary, functional, analytics, etc.)`wp_faz_consent_logs`Visitor consent records with IP hash`wp_faz_pageviews`Pageview and banner interaction eventsFrontend Events --------------- [](#frontend-events) JavaScript events fired on the `document` for third-party integration: EventWhenDetail`fazcookie_consent_update`User accepts/rejects/saves`{ accepted: ['slug', ...], rejected: ['slug', ...] }``fazcookie_banner_loaded`Banner is displayed--### Consent Cookie Format [](#consent-cookie-format) Cookie name: `fazcookie-consent` Value format: `consentid:{base64},consent:yes,action:yes,necessary:yes,functional:no,analytics:no,marketing:no,performance:no` WordPress Hooks --------------- [](#wordpress-hooks) ### Filters [](#filters) FilterDescription`faz_cookie_domain`Override the consent cookie domain`faz_allowed_html`Customize allowed HTML tags in banner`faz_current_language`Override detected language`faz_language_map`Add language code normalization mappings`faz_registered_admin_menus`Register additional admin menu items### Actions [](#actions) ActionDescription`faz_after_activate`After plugin activation/upgrade`faz_after_update_settings`After settings are saved`faz_after_update_cookie`After cookies are bulk-updated`faz_reinstall_tables`Trigger table recreation`faz_clear_cache`Trigger cache flush--- Changelog --------- [](#changelog) ### 1.7.2 [](#172) - **Per-service cookie shredding** — denied services now have their cookies deleted even when the parent category is consented - **Scanner 3-tier lookup** — integrates Open Cookie Database (1400+ entries) as fallback, drastically reducing "uncategorized" cookies - **Blocker templates create cookies** — applying a template now adds cookies to the DB, not just blocking rules - **French translation** — complete `fr_FR` locale with 579 translated strings (thanks @pascalminator) - **Cookie\_Database expanded** — 40 → 64 entries including `_GRECAPTCHA`, GA Classic, YouTube, Stripe, and more - **i18n fixes** — scanner uses default language, backend preserves all translation keys, shortcode category names use `localize_category_name()` - **18 new E2E tests** — comprehensive regression coverage for PRs #39, #41, #44 - **Scanner LiteSpeed/cache compatibility** — reads `data-src` and `data-litespeed-src`, server-side scan always merges, description enrichment from OCD - **Cache flush after scan** — fixes empty cookie table after scan on sites with object cache ### 1.7.1 [](#171) - **Admin performance** — 50-68% faster backend navigation (cache fix, N+1 query, REST preloading) - **User-configurable whitelist** for scripts/network requests with 11 default API patterns (fixes #40) - **Google Maps TypeError fix** — type guards on all DOM-facing blocking functions (fixes #35) - **ClassicPress compatibility** — Gutenberg guard, `wp_date` → `date_i18n` - **Banner type persistence** — fixed incorrect classic↔banner mapping in admin JS ### 1.7.0 [](#170) - **26 new features** — scheduled scanning, consent stats, cookie policy shortcode, geo-IP banner, visual placeholders, multisite, Gutenberg blocks (3), design presets (5), bot detection, GTM data layer, WP privacy tools, dashboard widget, cross-domain consent, cookie deletion, age protection, anti-ad-blocker, per-service consent, import/export, AMP consent, content blocker templates (10), WP-CLI commands, system status, TranslatePress/Weglot compat, unmatched vendor notification - **Category editor** — edit category names/descriptions from admin (fixes #38) - **Custom CSS** — banner custom CSS now saves and renders (fixes #37) - **Per-service consent** — individual service toggles override category consent - **Security** — import sanitization, CodeQL DOM XSS resolved, AMP guards, per-service cookie shredding, transactions with ROLLBACK - **34 new E2E tests** for all features + deep-flow coverage ### 1.6.1 [](#161) - **Security hardening** — GCM settings sanitisation (whitelist keys, validate values), pageview endpoint HMAC token, scanner SSRF prevention (block private IPs), filter data sanitisation, CSS injection fix - **Bug fixes** — switch fallthrough, null guards for CCPA/preference/readmore handlers, deprecated `event.which` → `event.key`, double DOM query fix, `.map()` → `.forEach()` cleanup ### 1.6.0 [](#160) - **WooCommerce compatibility** — auto-whitelists WooCommerce core + payment gateway scripts on checkout/cart pages - **Complete admin i18n** — all 387 admin UI strings wrapped in WordPress translation functions - **Italian translation** — complete `it_IT` (386 strings) with formal register and GDPR terminology - **Contextual help text** — `.faz-help` descriptions on all settings pages (fixes #27) - **Do Not Sell text colour picker** — dedicated colour control for CCPA opt-out link (fixes #34) - **Pageview tracking opt-in** — new toggle in Settings (default: off for compliance) - **Customize overlay fix** — removed nonce from public REST endpoints; stale nonces on cached pages caused 403 (fixes #35) - **Consent log integrity** — HMAC origin token prevents external spoofing - **Subdomain cookie sharing** — fixed for `.co.uk`, `.com.au`, `.co.jp` and 30+ multi-level TLDs - **PCRE fail-secure** — strips scripts on regex error instead of serving unblocked ### 1.5.2 [](#152) - **Security & mixed-content fixes** — auto-repair cached banner template on HTTPS, sanitise inline CSS values, harden URL parsing - **Plugin lifecycle E2E tests** — upgrade and fresh-install paths with full category verification ### 1.5.1 [](#151) - **Link color fix** — link colour picker now applies to all visible links including Cookie Policy/Read More link - **Brand logo 404** — moved `cookie.png` to `frontend/images/` with DB migration for existing installs ### 1.5.0 [](#150) - **Link text colour picker** — new colour control in Banner Colours tab - **E2E test suite for banner settings** — 21 Playwright tests covering all banner tabs ### 1.4.1 [](#141) - **ClassicPress polyfill fix** — WP 4.9 inline script compatibility ### 1.4.0 [](#140) - **5-layer script blocking** — WP hooks, content filters, output buffer, client-side interceptors, cookie shredding - **Known Providers database** — 147+ services with 500+ URL/script patterns - **Video/social embed placeholders** — YouTube, Vimeo, Facebook, Instagram, Twitter/X consent placeholders - **Custom blocking rules** — admin UI for user-defined patterns per category - **Network interception** — XHR, fetch, sendBeacon requests to blocked providers silently dropped ### 1.3.0 [](#130) - **Incremental cookie scans** — only re-scans modified pages - **Scan progress UI** — real-time progress bar with ETA - `advertisement` category renamed to `marketing` across the entire plugin ### 1.2.0 – 1.2.1 [](#120--121) - Dual-guardrail consent throttle, proxy header trust filter - CSV export fix, consent log "rejected" status fix - Security: prototype pollution guard, DOM XSS prevention - Playwright E2E test suite (11 tests), Composer/Packagist support ### 1.1.0 [](#110) - **IAB TCF v2.3** with Global Vendor List, vendor consent UI, TC String encoding - **GVL Admin Page** — browse, search, filter 1,100+ IAB vendors - Google Consent Mode v2, Microsoft UET/Clarity consent, local consent logging, cookie scanner ### 1.0.0 [](#100) - Initial release — fork of CookieYes v3.4.0, fully de-branded, cloud-free, all premium features unlocked Translations ------------ [](#translations) FAZ Cookie Manager is fully translatable. All admin and frontend strings use WordPress i18n functions (`__()`, `_e()`, `esc_html__()`) with the `faz-cookie-manager` text domain. **How to translate:** 1. Use the included `.pot` file at `languages/faz-cookie-manager.pot` as a template 2. Create a `.po` file for your language (e.g., `faz-cookie-manager-it_IT.po`) using [Poedit](https://poedit.net/) or any gettext editor 3. Compile it to `.mo` and place both files in the `languages/` folder 4. WordPress will automatically load the translation matching your site language The banner content (title, description, button labels) is configured separately in the admin UI under **Banner → Content** and supports per-language customisation via the **Languages** module. Author ------ [](#author) **Fabio D'Alessandro** -- [fabiodalez.it](https://fabiodalez.it/) Support the Project ------------------- [](#support-the-project) If FAZ Cookie Manager is useful to you, consider buying me a coffee. Your support helps fund IAB CMP registration and continued development. [![Buy Me A Coffee](https://camo.githubusercontent.com/8dcbe8f0177a0ecaad9868b00cb9d4b026ac45a550e0d2dd0dd1f94997a47db4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4275792532304d6525323041253230436f666665652d737570706f72742d79656c6c6f773f7374796c653d666f722d7468652d6261646765266c6f676f3d6275792d6d652d612d636f66666565)](https://buymeacoffee.com/fabiodalez) License ------- [](#license) GPL-3.0-or-later. See [LICENSE](LICENSE) for full text. Cookie definitions powered by [Open Cookie Database](https://github.com/jkwakman/Open-Cookie-Database) (Apache-2.0). ### Health Score 43 — FairBetter than 91% of packages Maintenance90 Actively maintained with recent releases Popularity18 Limited adoption so far Community14 Small or concentrated contributor base Maturity43 Maturing project, gaining track record Bus Factor1 Top contributor holds 99.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~1 days Total 18 Last Release 47d ago Major Versions v0.3.1 → v1.1.02026-03-04 ### Community Maintainers ![](https://www.gravatar.com/avatar/86f70c7df009efcc14efc749093837f97c0fe4e614cbf642d375a01e1253c536?d=identicon)[fabiodalez-dev](/maintainers/fabiodalez-dev) --- Top Contributors [![fabiodalez-dev](https://avatars.githubusercontent.com/u/226118159?v=4)](https://github.com/fabiodalez-dev "fabiodalez-dev (258 commits)")[![beatwiz](https://avatars.githubusercontent.com/u/8360167?v=4)](https://github.com/beatwiz "beatwiz (1 commits)")[![jgtorcal](https://avatars.githubusercontent.com/u/427244?v=4)](https://github.com/jgtorcal "jgtorcal (1 commits)") --- Tags ccpacookie-bannercookie-compliancecookie-consenteprivacygdprgoogle-consent-modegpl-3gpl3iab-tcfopen-sourcephpprivacyself-hostedwordpresswordpress-pluginwordpresscookiegdprprivacyconsentCCPAiab-tcf ### Embed Badge ![Health badge](/badges/fabiodalez-faz-cookie-manager/health.svg) ``` [![Health](https://phpackages.com/badges/fabiodalez-faz-cookie-manager/health.svg)](https://phpackages.com/packages/fabiodalez-faz-cookie-manager) ``` ### Alternatives [statikbe/laravel-cookie-consent Cookie consent modal for EU 213396.7k](/packages/statikbe-laravel-cookie-consent)[devrabiul/laravel-cookie-consent A GDPR-compliant cookie consent solution for Laravel applications with fully customizable cookie banners, granular consent control, and enterprise-grade compliance features. 17633.8k1](/packages/devrabiul-laravel-cookie-consent)[jfeltkamp/cookiesjsr COOKiES JSR is a consent management tool and provides UI and API to manage 3rd party services within the GDPR. 27807.9k](/packages/jfeltkamp-cookiesjsr)[martin-schenk/laravel-cookie-consent GDPR-compliant cookie consent system with minimal dependencies for Laravel 11 and 12 101.3k](/packages/martin-schenk-laravel-cookie-consent)[codingfreaks/cf-cookiemanager Manage cookies, scripts, and GDPR compliance on your Typo3 website with CodingFreaks Typo3 Cookie Manager. Customize cookie banners, streamline workflow, and enhance user experience. Ensure GDPR compliance and take control of cookie management with our Typo3 cookie management extension. Visit the official Typo3 Documentation page to learn more. 1625.8k](/packages/codingfreaks-cf-cookiemanager)[bramdeleeuw/cookieconsent GDPR compliant cookie bar and consent checker 1511.5k2](/packages/bramdeleeuw-cookieconsent) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)