Cookie Shield is a robust, privacy-first cookie consent plugin for WordPress. It blocks third-party cookies and scripts before they fire — not after — using a synchronous inline script injected at the very top of `<head>`. This means cookies from Google Analytics, Facebook, YouTube, and others are never set until the visitor explicitly grants consent.
Multiprofile Compliance
Cookie Shield supports three compliance profiles to serve visitors worldwide:
EU Profile (GDPR) — Opt-in consent model. Scripts are blocked until the visitor explicitly consents. Full five-category consent banner with Accept All, Reject All, and Manage Preferences.
US Profile (CCPA/CPRA) — Opt-out consent model. Scripts are allowed by default. Visitors can opt out via “Do Not Sell or Share My Personal Information”. Honors Global Privacy Control (GPC) signals automatically.
Custom Profile — Fully configurable for other markets. All settings are adjustable.
Core Features (Free)
Consent Banner — clean, accessible banner with Accept All, Reject All, and granular Manage Preferences options
Five Consent Categories — Necessary, Functional, Analytics, Marketing, and Third Party
Synchronous Cookie Blocker — blocks `<script src>` and `<iframe src>` elements in `<head>` at priority 1, with a MutationObserver for dynamically injected elements
CCPA/CPRA Compliance — opt-out consent model with “Do Not Sell or Share” button, symmetric controls, and opt-out confirmation
Global Privacy Control (GPC) — automatically honors browser GPC signals for CCPA compliance
Cookie Registry — maintain a full catalogue of cookies with category, provider, purpose, and expiry information
Consent Logging — every consent choice recorded with session token (no IP addresses — GDPR compliant), user agent, and per-category choices
Multilanguage — all visitor-facing strings editable per locale; auto-detects WPML and Polylang
GTM DataLayer Bridge — pushes `cs_consent_update` events to `window.dataLayer`
Microsoft UET Consent Mode — outputs `window.uetq` consent defaults before the UET tag fires
Reopen Shortcode — `` places a button anywhere to reopen the banner
DNS Shortcode — `` places a “Do Not Sell or Share” link anywhere
Light and Dark themes — bottom bar, top bar, or centred modal positions
Single Profile Mode — select EU, US, or Custom as your active compliance profile
Reverse Proxy Support — configurable IP header for servers behind load balancers, Cloudflare, or CDN
Pro Features (requires license)
Multiprofile with Geolocation — automatically display the correct consent profile based on visitor geolocation (EU visitors see GDPR banner, US visitors see CCPA notice, others see Custom)
Google Consent Mode v2 — synchronous GCM defaults in `<head>` before GA4 or GTM fires
Archive Consent Logs — soft-archive records older than 90 days
Export Consent Logs — download the full audit trail as CSV
Inline Shortcodes — `[cookie_shield_banner]` and `[cookie_shield_preferences]`
Privacy
Cookie Shield does not collect or transmit personal data. The consent log stores a hashed session token (not reversible to an identity), browser user agent, and consent choices. No visitor data is sent to third-party servers by default.
