|
Applies to: WordPress Plugin v3.1.0+ on stores running WooCommerce Covers WooCommerce core, Stripe, PayPal, and the most common marketing add-ons |
Overview
WooCommerce is a registered consumer of the WP Consent API. From Compliance by Hu-manity.co v3.1.0 onward, WooCommerce and most of its first-party extensions read the visitor’s banner choice automatically — you do not need to write any custom snippets to gate Stripe analytics, PayPal advertising features, or the WooCommerce-Pinterest pixel.
This article walks through what is gated automatically, what still needs your attention, and how to verify the integration on a live store.
What Is Gated Automatically
When Compliance v3.1.0+ is the active CMP and the WP Consent API plugin is installed, the following WooCommerce features self-gate based on the visitor’s consent:
| Feature | Required Consent Category |
|---|---|
WooCommerce order-tracking cookies (woocommerce_*) |
functional — always granted |
| Cart and session cookies | functional — always granted |
| WooCommerce admin tracking (anonymous usage) | statistics-anonymous |
| Stripe’s adaptive-acceptance analytics | statistics |
| Stripe’s fraud-prevention signals | functional — required for payments |
| PayPal Advanced advertising features | marketing |
| Google Listings & Ads (Enhanced Conversions) | marketing |
| Pinterest for WooCommerce pixel | marketing |
| TikTok for WooCommerce pixel | marketing |
Note: Cart, checkout, and session cookies are classed as strictly necessary under GDPR Recital 66 and CCPA. They are always granted and not gated by the banner choice. Gating them would break checkout for every visitor.
What Still Needs Your Attention
Pixel Manager for WooCommerce (third-party plugin)
Pixel Manager is a separately registered WP Consent API consumer. It gates Meta, Google Ads, TikTok, and Pinterest pixels for any WooCommerce event (view item, add to cart, purchase). It self-gates automatically — no setup needed beyond enabling it.
Custom tracking added through Google Tag Manager
If you fire GA4, Meta, or TikTok via GTM rather than through a WooCommerce extension, the WP Consent API path does not apply — those tags fire from GTM, not from WooCommerce’s PHP. Use Google Consent Mode v2 to gate them. See GTM / Tag Trigger Timing Troubleshooting.
Manual pixels pasted into functions.php or a theme footer
These are not gated by either the WP Consent API or GCM — they fire as soon as the HTML renders. Use autoblocking instead: wrap the script in the appropriate data-hu-category attribute, or move the pixel to GTM and gate it through Consent Mode.
Email marketing integrations (Klaviyo, Mailchimp for WooCommerce, etc.)
Order-confirmation emails and transactional flows are not gated — they have legitimate interest under GDPR Article 6(1)(f) once the visitor places an order. Pre-purchase marketing emails (newsletter signups, abandoned-cart sequences) require the marketing consent category. Most modern Klaviyo / Mailchimp WooCommerce integrations honour wp_has_consent('marketing') when the WP Consent API plugin is installed.
Configuration
You do not need to configure anything on the WooCommerce side. Compliance handles the WP Consent API registration and category mapping automatically when the integration is on (Configuration tab, default on).
If a specific WooCommerce extension exposes its own “Cookie consent” or “GDPR” section in WooCommerce → Settings, set it to Use a CMP or Automatic rather than Always allow.
Verifying on a Live Store
- Open the storefront in a fresh incognito session.
- Open the browser console (F12) and run
wp_has_consent('marketing')— it should returnfalsebefore any banner choice. - Browse to a product page. In the Network tab, filter by “pinterest”, “tiktok”, or “facebook” depending on the pixels you have configured. You should see no outbound requests to those domains.
- Add an item to the cart. The
woocommerce_*session cookies should be set (functional / always-on) — cart functionality must work pre-consent. - Accept marketing in the Compliance banner. Re-check the Network tab — pixels should now fire on the next event (page view, add to cart, etc.).
- Visit
WooCommerce → Status → Logsand select the consent-related log if present (some extensions log the consent state they observed).
Common Issues
Stripe is asking customers to enable cookies even though Compliance is active
Stripe’s fraud-prevention scripts require functional / strictly-necessary cookies, which Compliance always grants. The message usually means a third-party cookie is being blocked by the browser (Safari ITP, Firefox ETP) rather than by Compliance. Check Stripe’s Stripe.js setup guide for the recommended SameSite / iframe configuration.
Pinterest / TikTok / Meta pixels stay blocked after the visitor consents
- Confirm the visitor selected a level that grants marketing (typically Personalized or Accept All). At Site Optimization (Balanced), marketing stays denied.
- Confirm the WP Consent API plugin is installed and active.
- If you are using Pixel Manager for WooCommerce, open its Status tab and check the consent log — it shows the CMP state it observed for the last visitor.
- If you use Google Tag Manager to fire the pixel instead of the WooCommerce extension, the WP Consent API path does not apply — check Google Consent Mode setup instead.
I have a US visitor with GPC enabled but they completed checkout
Expected. GPC forces marketing to deny — that gates advertising pixels and personalization. It does not block checkout or order processing, both of which run on functional / strictly-necessary cookies. The order will complete normally; only the post-purchase pixels and marketing-list adds will be suppressed.
WooCommerce Subscriptions renewal emails are firing without consent
Renewal emails are transactional — they have legitimate interest under GDPR Article 6(1)(f) once the customer has an active subscription. They are not blocked by the marketing-consent toggle and should not be.
Related Articles
- WP Consent API Integration
- GTM / Tag Trigger Timing Troubleshooting
- Autoblocking Not Working — Troubleshooting
- Third-Party Cookie Disclosure