Frequently Asked Questions

Consenta blocks cookies, scripts, iframes and third-party domains — at three configurable levels. Level 1 blocks only known tracking cookies, Level 2 additionally blocks scripts and iframes, Level 3 blocks all third-party domains completely. All blocking happens client-side before the respective resource loads.

Yes. Consenta is fully GDPR-compliant: Opt-in before loading tracking scripts, granular selection per cookie category, equal buttons for accept and reject, proof of consent through consent logging and revocation at any time via the privacy widget. Automatic privacy policy text for WordPress integrated.

Yes. Consenta works entirely client-side. Cookie blocking and the consent dialog work independently of server-side caching. Compatible with WP Rocket, W3 Total Cache, LiteSpeed Cache, WP Super Cache and all other caching plugins.

Google Consent Mode v2 is fully supported. Consenta automatically sends the correct consent signals to Google Analytics 4, Google Ads and Google Tag Manager. All required parameters are supported: ad_storage, analytics_storage, ad_user_data and ad_personalization. No manual GTM configuration needed.

Consenta ships with 34 fully hand-curated languages — both for the frontend consent dialog and (as of 1.12.0) for the complete admin UI. Automatic language detection from browser language, WordPress locale or URL slug (/en/, /fr/, …). Compatible with WPML, Polylang, TranslatePress and WeGlot for multilingual websites. All texts individually customizable; bulk translation via MyMemory built into the Languages tab.

Optional — and when used, fully GDPR-compliant self-hosted. In the dialog editor you can pick from 160 curated Google fonts or specify any other font from the Google Fonts catalogue (1500+) by slug. On save, Consenta auto-downloads the woff2 files (latin + latin-ext) to wp-content/uploads/consenta-fonts/ and serves them exclusively from your domain — zero requests to fonts.googleapis.com on the frontend. Automatically satisfies the LG München 2022 ruling (3 EO 1361/21): no IP address transfer to Google, no consent requirement for the font delivery. The OFL/Apache-2.0 license file is stored alongside.

Yes, in the Agency tier. Manage cookie consent settings for all your WordPress sites centrally via the Multi-Site Dashboard. Remote statistics available via REST API. Ideal for agencies with multiple client projects.

Basic features like the consent dialog, cookie banner and privacy widget are free to use. Advanced features like IAB TCF 2.2, geolocation, consent logging, multi-language and custom CSS require a license (Starter, Pro or Agency).

In full consent mode, Consenta registers a Service Worker that checks all network requests (fetch, XHR, beacon) at the domain level. Requests to non-consented third-party domains are blocked with HTTP 451 — this catches requests that the MutationObserver cannot see.

Yes. The WooCommerce integration automatically blocks WC tracking scripts (analytics, marketing) until consent. Essential WooCommerce cookies (cart hash, session) are automatically declared as "Necessary". The consenta_woocommerce_cookies filter allows customization.

Yes. Consenta supports importing from CookieBot, OneTrust and Usercentrics via JSON file. Cookie categories are automatically mapped to Consenta purposes. You can find the import under System → Import from another CMP.

Yes — in fact four native Consenta blocks, all on block API v3 and bundled in the "Consenta" category in the block inserter: Cookie Declaration (table of all cookies with purpose filter and column selection), Consent Status (shows the visitor their current consent status), Conditional Content (shows/hides nested blocks depending on consent purpose) and the CMP Accept Button (standalone button to grant consent for a purpose or open the dialog — with full block toolbar for alignment, color and typography). Alternatively, the [consenta_cookies] and [consenta_consent_status] shortcodes are available.

Yes. Dialog, banner and widget are automatically mirrored for RTL languages (Arabic, Hebrew etc.). RTL detection uses the dir attribute of the HTML element.

Consenta can send real-time HTTP POST notifications to configured URLs when consent events occur. Supported events: consent.new, consent.update, consent.revoke and consent.optout. All payloads are HMAC-SHA256 signed (header: X-Consenta-Signature) so you can verify authenticity server-side. Webhooks are a Pro feature and are configured under Consenta → Settings → Webhooks.

In full-consent mode, Consenta blocks Notification.requestPermission, PushManager.subscribe, SyncManager.register and caches.open until consent is given. Once the visitor consents, all APIs are automatically restored. Cache entries with the prefixes consenta, wp- and workbox are exempt and are never blocked.

Since v1.7.0, Consenta uses HMAC-SHA256 with the WordPress AUTH_KEY for the consenta_auth cookie. The server cryptographically authenticates every consent cookie. Timing attacks are prevented by using hash_equals() for signature comparison.

HMAC-SHA256-signed consent cookies, SSRF protection (blocks private IPs and cloud metadata endpoints such as 169.254.169.254), token hashing at rest, rate limiting on REST API and AJAX, CSV formula injection protection, ABSPATH guards on all PHP files, WCAG contrast enforcement, and XSS hardening (no style attribute in consent text sanitization).

Download the ZIP file at consenta.io/account. In WordPress go to Plugins → Add New → Upload Plugin, select the ZIP file and install. Activate the plugin. Enter the license key under Consenta → Settings → License and activate. The cookie scan starts automatically.

Yes. All consent logs can be exported as CSV. Additionally, HTML reports with consent statistics are available: acceptance rate, rejection rate, most popular categories and device breakdown. Time range filters enable targeted evaluations.

Yes. Unlike Cookiebot, all data is stored locally in your WordPress database — no external service, no data transfer to third parties. Compared to Borlabs Cookie, Consenta offers Google Consent Mode v2, IAB TCF 2.2 and multi-site dashboard as integrated features.

Consenta stores a SHA-256 hash of the exact dialog texts shown to the visitor with every consent log. Together with the consent proof PDF export (under System), this meets the GDPR proof-of-consent requirement per Art. 7(1). The export contains summary, log table and certification.

The auto-scan checks your website automatically daily or weekly for new cookies, domains and scripts. For new findings, you optionally receive an email notification. Configurable under General → Automatic Scan.

Consenta detects the language automatically in this order: 1) URL prefix such as /en/, /fr/, /es/; 2) consenta_lang cookie (set when clicking a language switcher); 3) WordPress locale via determine_locale(); 4) German fallback. WPML and Polylang are additionally considered.

Yes. Under Consenta → Settings → Languages you find all 34 supported languages. Click "Edit" next to a language — 20 fields appear (title, description, buttons, categories, banner text). Changes are saved per-language only; untouched languages stay on the shipped default.

Yes. In the Languages tab you can pick a translation source in the top-right (default: German). Each field then shows the source text as a small grey line plus a 🌐 icon for single-field translation. The "Translate all from source" button at the bottom translates all non-customized fields with one click — via MyMemory, free and without API key.

Yes. In each entity tab (Cookies / Domains / Resources) you find a translation bar at the top with source dropdown, target dropdown (all 34 languages) and "🌐 Translate descriptions" button. One click translates all descriptions in that tab batch-wise and stores them multilingually as {de, en, fr, …} object. Already translated fields are skipped — you can click the button as often as you want.

Yes, even without API calls. Lifespans follow a fixed vocabulary ("2 Jahre", "30 Tage", "Session / 1 Jahr") and are regex-translated by the plugin into all 9 main languages. Example: "2 Jahre" → "2 years" (EN), "2 ans" (FR), "2 años" (ES), "2 anni" (IT), "2 jaar" (NL), "2 anos" (PT), "2 lat" (PL), "2 років" (UK). Works instantly, no configuration.

Yes. For the three long-text fields consent-text, banner-text and blocked-content-desc, a full TinyMCE editor is loaded when you expand a language — with a toolbar for bold/italic/lists/links and toggle to HTML view. Safe: only a whitelist of HTML tags (<a>, <strong>, <em>, <br>, <p>) is allowed through.

Cosmetic text edits (rephrasing button labels, fixing typos) since v1.8.0 no longer force all visitors to re-consent — the widget stays visible. Material changes are still captured in the audit trail: each consent log entry stores a SHA-256 hash of the dialog texts the visitor actually saw.

Yes. The translation source dropdown shows all 34 languages. If you're editing an Italian version and want to translate from a well-crafted English master, set the source to EN. The 🌐 icon and the bulk button will then use EN → IT as translation direction.

Anonymously the daily limit is around 5,000 chars; with your admin email (automatically sent by Consenta) it rises to around 50,000 chars/day. For a site with 20 fields × 5 target languages (100 field translations at ~30–200 chars each) that's plenty. Plus: translation results are cached 7 days (UI texts) / 30 days (cookie descriptions) as WP transients — re-runs cost nothing.

Yes. Since v1.11.0 the inline edit writes into the language slot matching your WordPress admin locale: as an English admin your text lands in the en slot, as a German admin in the de slot. The other languages survive the edit unchanged — no re-translation needed.

Starter: 1 website. Pro: 10 websites. Agency (subscription or Lifetime): unlimited websites.

After purchase you receive the license key by email. You can also find it at any time in your customer account at consenta.io/account.

Yes, anytime in your customer account (consenta.io/account). You only pay the difference for the remaining billing period. The upgrade is immediately active.

Credit card (Visa, Mastercard, Amex), PayPal, Google Pay, Apple Pay and bank transfer. Subscriptions renew automatically and can be cancelled anytime. Payment processing is handled securely by Paddle.com.

Yes. After purchase an invoice is automatically sent to your email. The invoice contains all necessary details for your accounting (incl. VAT, transaction ID, billing address).

Yes. 14-day money-back guarantee. Details can be found in our Terms & Conditions.