HMAC Consent Cookie | Consenta

HMAC-Signed Cookies: Tamper-Proof Consent

Cryptographically signed consent cookies prevent tampering and ensure the integrity of every consent.

Get started — from 3 €/mo Explore features

14-day money-back · Cancel anytime · GDPR-compliant · Local in WordPress

Consenta WordPress Cookie Consent Dashboard
FLASH SALE — NOCHFLASH SALE — --:--:-- Agency Lifetime — 149 € 499 € Agency Lifetime — 149 € 499 € Jetzt sichern →Get the deal →
HMAC
Signature
SHA-256
Hash
Crypto
Cryptographic
Safe
Secure

What is an HMAC-signed Consent Cookie?

An HMAC (Hash-based Message Authentication Code) is a cryptographic method that ensures data integrity. Consenta signs every consent cookie with an HMAC-SHA256 hash. If the cookie is tampered with in the browser — e.g. to unlock blocked categories — the server detects the invalid signature and discards the cookie. The user must consent again.

Features

HMAC Consent Cookie in Detail

HMAC-SHA256 signature

Every consent cookie is signed with HMAC-SHA256. The secret key is stored securely on the server — only it can create valid signatures.

Tamper detection

Any change to the cookie content invalidates the signature. Tampered cookies are immediately detected and discarded.

Server validation

On every page load, the server validates the HMAC signature of the consent cookie. Invalid cookies are not accepted.

Automatic renewal

When tampering is detected, the invalid cookie is deleted and the consent dialog is shown again.

No plain text

The consent data in the cookie cannot be manipulated in plain text. The HMAC signature protects against any alteration.

Cookie integrity

The cryptographic signature guarantees that the stored consent status exactly matches what the user selected.

How it works

HMAC Consent Cookie in 3 Steps

1

Automatically active

HMAC signing is active by default. You don't need to configure anything — every consent cookie is automatically signed.

2

Cookie is signed

When the user gives consent, the cookie is signed with an HMAC-SHA256 hash and stored.

3

Server validates

On every page load, the server checks the signature. If it is invalid, the consent dialog is shown again.

Pricing

Subscribe monthly or pay once.

🔥 FLASH SALE — --:--:--
Agency Lifetime — 499 € 149 €
All Agency features, unlimited sites, no further costs.
Get Lifetime
Monthly Yearly 3 months free
STARTER
Starter
3
/month
cancel monthly · 1 WordPress site
27
/year
2.25 €/mo · 3 months free
  • 1 WordPress site
  • Consent dialog & banner
  • Cookie & script blocking
  • Cookie scanner
  • Google Consent Mode v2
  • IAB TCF 2.0
  • GPC signal (Do Not Sell)
  • Live editor (colors, logo)
  • Import/export
  • Email support
Buy now

Cancel anytime

MOST POPULAR
Pro
6
/month
cancel monthly · 10 WordPress sites
54
/year
4.5 €/mo · 3 months free
  • 10 WordPress sites
  • Everything in Starter
  • Consent logging & CSV export
  • Geolocation
  • CCPA / CPRA (US opt-out)
  • Content blocker placeholders
  • Re-consent on change
  • 30+ languages
  • Custom CSS
  • Service worker blocking
  • Auto cache purge
  • Priority support
Buy now

Cancel anytime · 14-day money back

AGENCY & FREELANCER
Agency
12
/month
cancel monthly · unlimited sites
108
/year
9 €/mo · 3 months free
  • Unlimited WordPress sites
  • Everything in Pro
  • Multi-site central dashboard
  • REST API access
  • Branded reports
  • Custom consent texts
  • Dedicated support
  • + White-Label Addon from 20 €/month · available separately
Start Agency

Cancel anytime · 14-day money back

FAQ

Questions about the HMAC Consent Cookie

What is HMAC?
HMAC stands for Hash-based Message Authentication Code. It is a cryptographic method that combines a secret key with the data to produce a unique hash. Only those who know the key can create a valid hash.
Does HMAC make the cookie larger?
Minimally. The HMAC-SHA256 signature adds 64 characters (32 bytes hex-encoded) to the cookie. This is negligible and has no impact on performance.
Does HMAC affect performance?
No. The HMAC calculation takes less than one millisecond. The validation on every page load is not measurable in the total load time.
What happens on tampering?
If a cookie is tampered with, the HMAC signature no longer matches the content. The server detects this, discards the cookie and shows the consent dialog again. The user must give their consent anew.
Cookie Blocking Consent Dialog Cookie Banner Consent Widget Google Consent Mode v2 IAB TCF Cookie Scanner Consent Logs Geolocation Multi-Site White-Label A/B Testing Statistics Per-Service Consent WooCommerce WCAG 2.1 AA Auto-Scan Multi-Language REST API Consent Proof IP Anonymisation Gutenberg Block CMP Import Consent History Service Worker Blocking CCPA / CPRA CSV Export RTL Support WP Privacy Tools PDF Export GDPR Compliant All Features

Consent cookies. Tamper-proof.

HMAC-SHA256 · Tamper detection · Server validation · Automatic renewal · GDPR-compliant

Get started — from 3 €/mo All features

14-day money-back guarantee · Cancel anytime · Available in 30+ languages