Adds close button to preferences panel, fixes Escape key consent preservation, hardens configuration output against JS optimization plugins, and adds automatic exclusions for LiteSpeed Cache, WP Rocket, and FlyingPress.<\/p>","1.9.2":"
Initial public release of COOKR CORE.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3554198,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3554198,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3554078,"resolution":"1544x500","location":"assets","locale":"","width":2081,"height":756},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3554078,"resolution":"772x250","location":"assets","locale":"","width":2203,"height":714}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.9.8","1.9.9"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3554110,"resolution":"1","location":"assets","locale":"","width":1200,"height":601},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3554110,"resolution":"2","location":"assets","locale":"","width":1200,"height":693},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3554110,"resolution":"3","location":"assets","locale":"","width":1200,"height":710},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3554110,"resolution":"4","location":"assets","locale":"","width":1200,"height":669},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3554110,"resolution":"5","location":"assets","locale":"","width":525,"height":828},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3554110,"resolution":"6","location":"assets","locale":"","width":525,"height":683},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3554110,"resolution":"7","location":"assets","locale":"","width":525,"height":853}},"screenshots":{"1":"Live banner preview \u2014 customise appearance and see changes instantly","2":"Consent banner \u2014 scripts blocked before the visitor decides","3":"Granular consent preferences \u2014 Analytics, Marketing, and External Media controlled separately","4":"Runtime Inspector \u2014 see exactly which scripts are blocked and which are released","5":"Consent settings \u2014 Auto-blocker, Google Consent Mode v2, and Runtime Inspector controls","6":"Built-in diagnostics \u2014 verify your GDPR configuration with one click","7":"Banner content editor \u2014 customise all text, buttons, and links"}},"plugin_section":[],"plugin_tags":[20011,20272,131785,234433,396],"plugin_category":[54],"plugin_contributors":[264974],"plugin_business_model":[],"class_list":["post-318207","plugin","type-plugin","status-publish","hentry","plugin_tags-consent","plugin_tags-cookie-banner","plugin_tags-gdpr","plugin_tags-google-consent-mode","plugin_tags-privacy","plugin_category-security-and-spam-protection","plugin_contributors-danjed","plugin_committers-danjed"],"banners":{"banner":"https:\/\/ps.w.org\/cookr-cookie-consent-script-blocking\/assets\/banner-772x250.png?rev=3554078","banner_2x":"https:\/\/ps.w.org\/cookr-cookie-consent-script-blocking\/assets\/banner-1544x500.png?rev=3554078","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/cookr-cookie-consent-script-blocking\/assets\/icon-128x128.png?rev=3554198","icon_2x":"https:\/\/ps.w.org\/cookr-cookie-consent-script-blocking\/assets\/icon-256x256.png?rev=3554198","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/cookr-cookie-consent-script-blocking\/assets\/screenshot-1.png?rev=3554110","caption":"Live banner preview \u2014 customise appearance and see changes instantly"},{"src":"https:\/\/ps.w.org\/cookr-cookie-consent-script-blocking\/assets\/screenshot-2.png?rev=3554110","caption":"Consent banner \u2014 scripts blocked before the visitor decides"},{"src":"https:\/\/ps.w.org\/cookr-cookie-consent-script-blocking\/assets\/screenshot-3.png?rev=3554110","caption":"Granular consent preferences \u2014 Analytics, Marketing, and External Media controlled separately"},{"src":"https:\/\/ps.w.org\/cookr-cookie-consent-script-blocking\/assets\/screenshot-4.png?rev=3554110","caption":"Runtime Inspector \u2014 see exactly which scripts are blocked and which are released"},{"src":"https:\/\/ps.w.org\/cookr-cookie-consent-script-blocking\/assets\/screenshot-5.png?rev=3554110","caption":"Consent settings \u2014 Auto-blocker, Google Consent Mode v2, and Runtime Inspector controls"},{"src":"https:\/\/ps.w.org\/cookr-cookie-consent-script-blocking\/assets\/screenshot-6.png?rev=3554110","caption":"Built-in diagnostics \u2014 verify your GDPR configuration with one click"},{"src":"https:\/\/ps.w.org\/cookr-cookie-consent-script-blocking\/assets\/screenshot-7.png?rev=3554110","caption":"Banner content editor \u2014 customise all text, buttons, and links"}],"raw_content":"\n
GDPR cookie consent with real script blocking.<\/p>\n\n
Block Google Analytics, Google Tag Manager, Meta Pixel, Hotjar, YouTube embeds, and other third-party services before they reach the browser.<\/p>\n\n
Unlike JavaScript-based consent tools, blocked scripts never reach the browser at all.<\/p>\n\n
Most cookie consent plugins display a banner and rely on JavaScript to stop tracking scripts. In many cases, those scripts can begin loading before the visitor has made a choice.<\/p>\n\n
COOKR takes a different approach.<\/p>\n\n
Scripts are blocked server-side before page delivery. Third-party services cannot execute until consent is explicitly granted. This helps website owners meet GDPR and TTDSG requirements more reliably.<\/p>\n\n
Avoids the client-side race conditions common to JavaScript-only consent tools. No script guessing. No \"hope it loads in time.\"<\/p>\n\n
Consent enforcement instead of consent theatre.<\/p>\n\n
\u2713 Server-side script blocking \u2014 blocked before the browser receives them\n\u2713 Google Consent Mode v2 support\n\u2713 No external consent cloud\n\u2713 No proxy infrastructure\n\u2713 No visitor data sent to third parties\n\u2713 Works entirely on your WordPress installation<\/p>\n\n
Built for site owners, agencies, and developers who want real GDPR cookie consent enforcement.<\/p>\n\n
COOKR CORE includes:<\/p>\n\n
window.cookrConsent<\/code>)<\/li>\n- Self-hosted operation \u2014 no external services required<\/li>\n<\/ul>\n\n
COOKR is designed for developers, agencies, and privacy-conscious site operators who want operational visibility into what actually executes at runtime.<\/p>\n\n
COOKR RADR<\/h3>\n\n
COOKR RADR extends CORE with additional privacy and diagnostics tools, including Privacy Radar (runtime detection and classification of third-party services), enforcement verification, and an expanded compatibility matrix.<\/p>\n\n
More information: https:\/\/cookr.riptight.com<\/p>\n\n
How It Works<\/h4>\n\n
COOKR intercepts scripts in the PHP output buffer using WP_HTML_Tag_Processor<\/code> before delivery to the browser. Matching script and iframe tags are neutralised server-side and restored only after the visitor grants consent.<\/p>\n\nThere is no client-side race condition because blocking happens before the browser receives the page.<\/p>\n\n
Auto-Blocker<\/h4>\n\n
Enable in Settings. Off by default.<\/p>\n\n
When enabled, COOKR rewrites matching script tags and iframe tags server-side \u2014 setting type=\"text\/plain\"<\/code> and preserving original attributes in data-cookr-*<\/code> attributes for restoration after consent.<\/p>\n\nTest after enabling when using WP Rocket, LiteSpeed Cache, NitroPack, or Cloudflare Rocket Loader.<\/p>\n\n
Runtime Inspector<\/h4>\n\n
The Runtime Inspector exposes third-party runtime activity directly in the browser \u2014 blocked scripts, restored services, iframe activity, detected domains.<\/p>\n\n
Enable in Settings. Append ?cookr_debug=1<\/code> to any frontend URL while logged in as administrator.<\/p>\n\nCSP-aware<\/h4>\n\n
COOKR supports strict Content Security Policies without requiring unsafe-inline<\/code>.<\/p>\n\nRestored scripts preserve CSP integrity via automatic nonce propagation. COOKR reads the nonce WordPress assigns to enqueued scripts at request time and passes it to restored scripts \u2014 no manual configuration required.<\/p>\n\n
Developer JS API<\/h4>\n\ncookrConsent.has('analytics')\ncookrConsent.require('marketing', callback)\ncookrConsent.whenConsented('analytics').then(fn)\ncookrConsent.on('consent' | 'change' | 'decline' | 'reset', handler)\ncookrConsent.off(event, handler)\ncookrConsent.getConsent()\ncookrConsent.getExpiry()\ncookrConsent.categories()\ncookrConsent.reset()\n<\/code><\/pre>\n\nConsent Categories<\/h4>\n\n\n- Necessary<\/strong> \u2014 Always active.<\/li>\n
- Analytics<\/strong> \u2014 GA, GTM, Matomo, Hotjar, Clarity, etc.<\/li>\n
- Marketing<\/strong> \u2014 Meta Pixel, Google Ads, TikTok, LinkedIn, etc.<\/li>\n
- External Media<\/strong> \u2014 YouTube, Vimeo, Google Maps, etc.<\/li>\n<\/ul>\n\n
Does COOKR require an external cloud service?<\/h4>\n\n
No. COOKR runs entirely on your WordPress installation.<\/p>\n\n
Does visitor consent data leave the server?<\/h4>\n\n
No. Consent data is stored locally on your site.<\/p>\n\n
Is the Auto-Blocker enabled by default?<\/h4>\n\n
No. Enable and test it after installation, particularly when using caching or JavaScript optimization plugins.<\/p>\n\n
Which services can be blocked?<\/h4>\n\n
Any third-party script or iframe matching configured domains. Examples: Google Tag Manager, Meta Pixel, YouTube embeds, TikTok Analytics.<\/p>\n\n
Does COOKR support Google Consent Mode v2?<\/h4>\n\n
Yes. Enable in settings when using GTM or GA4.<\/p>\n\n
How do I inspect runtime activity?<\/h4>\n\n
Enable the Runtime Inspector in settings and append ?cookr_debug=1<\/code> to any frontend URL while logged in as administrator.<\/p>\n\nDoes COOKR store personal data?<\/h4>\n\n
The consent log stores a hashed IP (not the raw IP address), consent choices, and a timestamp. The raw IP address is never stored.<\/p>\n\n
Is COOKR compatible with strict CSP?<\/h4>\n\n
Yes. COOKR automatically reads the nonce WordPress assigns to enqueued scripts and passes it to restored scripts, preserving compatibility with strict-dynamic<\/code> CSP policies. No manual configuration is required.<\/p>\n\nWill COOKR work with caching plugins such as LiteSpeed Cache, WP Rocket, or Cloudflare?<\/h4>\n\n
Yes, but always test after enabling script optimization features such as JavaScript combine, defer, delay, or Rocket Loader. COOKR performs script blocking server-side, but aggressive optimization plugins may alter script delivery and should be verified on your site.<\/p>\n\n
COOKR v1.9.9 adds automatic exclusion filters for LiteSpeed Cache, WP Rocket, and FlyingPress \u2014 COOKR registers itself as excluded from JS combination pipelines automatically. Autoptimize exclusions were already present in prior versions.<\/p>\n\n
Does COOKR require HTTPS?<\/h4>\n\n
Yes. COOKR requires HTTPS for consent state to persist correctly across page loads. Modern browsers restrict cookie behaviour on HTTP origins \u2014 on HTTP, the consent cookie may not persist, causing the banner to reappear on every page load. HTTPS is also a legal recommendation under GDPR for any site collecting consent.<\/p>\n\n
What WordPress version is required?<\/h4>\n\n
WordPress 6.2 or higher. COOKR uses WP_HTML_Tag_Processor<\/code> for safe, attribute-aware script rewriting, introduced in WP 6.2.<\/p>\n\nExternal Services<\/h3>\n\n
This plugin does not connect to any external service by default.<\/p>\n\n
The auto-blocker contains a built-in list of known third-party domains (such as googletagmanager.com, connect.facebook.net, maps.googleapis.com, etc.) that is used purely as a local reference to identify and block scripts before consent. No data is sent to these domains by this plugin \u2014 the list is pattern-matching data stored locally in the plugin code.<\/p>\n\n\n
1.9.9<\/h4>\n\n\n- Added close\/dismiss control to preferences panel without changing stored consent<\/li>\n
- Fixed Escape key behaviour \u2014 existing consent is not overwritten when closing preferences<\/li>\n
- Hardened COOKR configuration output against JavaScript optimization and combination plugins<\/li>\n
- Added automatic compatibility exclusions for LiteSpeed Cache, WP Rocket, and FlyingPress<\/li>\n<\/ul>\n\n
1.9.8<\/h4>\n\n\n- Fixed accent colour not persisting in admin preview after page reload<\/li>\n
- Fixed iframe placeholder elements not inheriting accent colour on frontend<\/li>\n
- Fixed runtime inspector debug URL visibility after enabling inspector<\/li>\n
- Text domain corrected to match plugin slug<\/li>\n
- Restored original runtime inspector debug panel (cookr-debug.js)<\/li>\n<\/ul>\n\n
1.9.7<\/h4>\n\n\n- Fixed PHP notice in auto-blocker iframe rewrite handling<\/li>\n
- Fixed blocked-status reporting for detected domains<\/li>\n
- Fixed consent log rate-limit bypass edge case<\/li>\n
- Fixed missing policy_version storage in consent records<\/li>\n
- Fixed remote signature update setting persistence<\/li>\n
- Fixed language switcher save-state detection<\/li>\n
- Added full-consent buffer shortcut optimization<\/li>\n<\/ul>\n\n
1.9.6<\/h4>\n\n\n- Compliance improvements for WP.org review<\/li>\n
- Removed generic CDN entries from auto-blocker allowlist<\/li>\n
- Export uses explicit allowlist for safe settings only<\/li>\n
- Build tooling improvements<\/li>\n<\/ul>\n\n
1.9.5<\/h4>\n\n\n- WordPress.org review and compliance-related improvements<\/li>\n
- Internal maintenance and review-related updates<\/li>\n<\/ul>\n\n
1.9.2<\/h4>\n\n\n- Initial public CORE release<\/li>\n
- 3\u00d73 visual position picker replaces dropdown<\/li>\n
- Accent colour now applies to banner icon and buttons in preview<\/li>\n
- Auto-Blocker wording updated \u2014 recommended framing, test-after-enable guidance<\/li>\n
- Runtime Inspector enabled by default<\/li>\n
- Preserve data on uninstall enabled by default<\/li>\n
- Consent log default retention reduced to 100 entries<\/li>\n<\/ul>\n\n
1.8.2<\/h4>\n\n\n- Added: Runtime Inspector \u2014 detects unknown third-party script and iframe domains at runtime<\/li>\n
- Added: Persistent findings stored per domain (first seen, last seen, page count)<\/li>\n
- Added: Runtime Inspector toggle with configurable auto-disable duration<\/li>\n<\/ul>\n\n
1.2.0<\/h4>\n\n\n- Added: Google Consent Mode v2<\/li>\n
- Added: debug inspector<\/li>\n
- Added: browser chrome preview in admin dashboard<\/li>\n<\/ul>\n\n
1.1.0<\/h4>\n\n\n- Plugin renamed from GDPR Cookie Consent to COOKR<\/li>\n
- Added: WP_HTML_Tag_Processor for safe, attribute-aware script rewriting<\/li>\n
- Added: CSP nonce propagation<\/li>\n<\/ul>\n\n
1.0.0<\/h4>\n\n\n- Initial release<\/li>\n<\/ul>","raw_excerpt":"GDPR cookie consent with server-side script blocking. Prevent Google Analytics, GTM, Meta Pixel and third-party embeds from loading before consent.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/vec.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/318207","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vec.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/vec.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/vec.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=318207"}],"author":[{"embeddable":true,"href":"https:\/\/vec.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/danjed"}],"wp:attachment":[{"href":"https:\/\/vec.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=318207"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/vec.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=318207"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/vec.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=318207"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/vec.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=318207"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/vec.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=318207"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/vec.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=318207"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}