內容簡介
CookieBoxs 是一款 WordPress 外掛,幫助網站擁有者管理訪客的同意偏好,並配置符合 GDPR/CCPA 的整合。它提供自動化的腳本阻擋和 cookie 清理功能,並支援多種整合選項,確保網站遵循隱私法規。
【主要功能】
• 支援 Google Consent Mode v2
• 自動腳本阻擋與 cookie 清理
• 超過 25 種內建整合
• 嵌入媒體與地圖的內容阻擋
• 11 種介面語言
• 同意日誌記錄功能
外掛標籤
開發者團隊
② 後台搜尋「CookieBoxs – GDPR/CCPA Cookie Consent & Google Consent Mode v2」→ 直接安裝(推薦)
原文外掛簡介
CookieBoxs is a cookie consent plugin for WordPress that helps site owners manage visitor consent preferences and configure consent-aware integrations.
Free features include:
Google Consent Mode v2 support
Automatic script blocker and cookie cleaner
25+ built-in integrations
Content blockers for embedded media and maps
11 interface languages
Region presets
Consent logging in WordPress
Floating settings badge
Self-hosted plugin files
Optional PRO features include two-phase Cookie Scanner (server + browser-based detection), geo-targeting, additional templates, cookie declaration, consent analytics, branding options, custom CSS, and CSV export.
Documentation: cookieboxs.com
Source Code
All JavaScript and CSS files included in this plugin are human-readable and not minified or compiled. No build tools (npm, webpack, composer) are required to work with this plugin’s source code. All plugin-authored JavaScript and CSS is written directly and included as-is.
Third-party libraries and embed snippets:
assets/js/chart.min.js — Chart.js library (MIT License). Source code and unminified version available at: https://github.com/chartjs/Chart.js
assets/js/cookieboxs-consent-mode.js — Contains standard third-party integration embed snippets (e.g., Google Tag Manager, Meta Pixel, TikTok Pixel, Microsoft Clarity, Hotjar, LiveChat, Intercom, etc.). These are the official JavaScript snippets provided by each service for website embedding, written in their standard compact form. Each snippet includes a source URL comment pointing to the official documentation. A full list of source URLs is also available in the file header comments. The surrounding plugin logic (consent state management, Google Consent Mode v2 setup, custom script injection) is authored by this plugin and is fully human-readable.
Official documentation URLs for all embedded third-party snippets:
Google Tag Manager: https://developers.google.com/tag-platform/tag-manager/web
Meta Pixel: https://developers.facebook.com/docs/meta-pixel/get-started
TikTok Pixel: https://ads.tiktok.com/help/article/get-started-pixel
Microsoft Clarity: https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-setup
Hotjar: https://help.hotjar.com/hc/en-us/articles/115011639927
Heap Analytics: https://developers.heap.io/docs/web
Mixpanel: https://docs.mixpanel.com/docs/tracking-methods/sdks/javascript
PostHog: https://posthog.com/docs/libraries/js
LinkedIn Insight Tag: https://learn.microsoft.com/en-us/linkedin/marketing/integrations/ads-reporting/insight-tag
Pinterest Tag: https://help.pinterest.com/en/business/article/install-the-pinterest-tag
Snapchat Pixel: https://businesshelp.snapchat.com/s/article/snap-pixel-about
Twitter/X Pixel: https://business.x.com/en/help/campaign-measurement-and-analytics/conversion-tracking-for-websites
Microsoft Advertising UET: https://help.ads.microsoft.com/apex/index/3/en/56682
LiveChat: https://developers.livechat.com/docs/getting-started/installing-livechat
Crisp: https://docs.crisp.chat/guides/chatbox-sdks/web-sdk/
Tawk.to: https://help.tawk.to/article/adding-a-tawk-to-widget-to-your-website
Intercom: https://developers.intercom.com/installing-intercom/web/installation
Yandex Metrica: https://yandex.com/support/metrica/code/counter-initialize.html
Matomo: https://developer.matomo.org/guides/tracking-javascript-guide
Privacy Policy
CookieBoxs does not send visitor consent records to the plugin author’s servers.
Consent records are stored in the WordPress database. Optional third-party integrations that you configure, such as analytics, advertising, chat, or embedded media services, connect directly from the visitor’s browser to those third-party providers after the relevant consent conditions are met.
Admin-only connections used for plugin news, optional deactivation feedback, or optional license validation are described below.
External Services
This plugin uses external services only for user-configured integrations. Third-party integrations are optional, disabled by default, and only activated when the site administrator enables and configures them. The plugin does not offload any of its own assets (JavaScript, CSS, images) to external servers — all plugin files are included locally.
Plugin services
VisionSolutions API – plugin news and updates: used in the admin area only; sends plugin version, WordPress version, and site language when an administrator opens the settings page. Provider: VisionSolutions, https://visionsolutions.pl
Terms of use: https://visionsolutions.pl/regulamin/
Privacy policy: https://visionsolutions.pl/polityka-prywatnosci/
VisionSolutions API – deactivation feedback (optional): sends selected reason, optional comment, site URL, WordPress version, and PHP version only if an administrator submits feedback during deactivation. Provider: VisionSolutions
Terms of use: https://visionsolutions.pl/regulamin/
Privacy policy: https://visionsolutions.pl/polityka-prywatnosci/
VisionSolutions API – PRO license validation (optional): sends license key, site domain, and plugin version on activation and periodic validation. Provider: VisionSolutions
Terms of use: https://visionsolutions.pl/regulamin/
Privacy policy: https://visionsolutions.pl/polityka-prywatnosci/
ipapi.co geolocation API (optional, PRO): used only when geo-targeting is enabled and fallback geolocation is needed; sends visitor IP address. Provider: ipapi
Terms of use: https://ipapi.co/terms/
Privacy policy: https://ipapi.co/privacy/
Cookie Scanner (admin-initiated, PRO): two-phase scan. Phase 1 (server): sends requests from your server to your own website pages to detect cookies and tracking scripts from HTML. Phase 2 (browser): loads the scanned page in a hidden iframe within the administrator’s browser to detect cookies set by JavaScript (e.g. pixels loaded via Google Tag Manager). All scanning happens locally — no external provider is contacted.
Optional integrations (services)
These are third-party services that the site administrator can optionally enable. When enabled, the plugin loads the official embed snippet provided by each service, which connects the visitor’s browser directly to that service provider. These are service integrations, not offloaded plugin assets. Each integration is disabled by default and only activates when the administrator provides their account ID.
Google Tag Manager – tag management service; may load on page view and use Consent Mode signals. Loaded from: www.googletagmanager.com. Provider: Google LLC.
Terms of use: https://marketingplatform.google.com/about/analytics/terms/us/
Privacy policy: https://policies.google.com/privacy
Google Analytics 4 – analytics service; loaded from www.googletagmanager.com/gtag/js via wp_enqueue_script. Provider: Google LLC.
Terms of use: https://marketingplatform.google.com/about/analytics/terms/us/
Privacy policy: https://policies.google.com/privacy
Google Ads – conversion tracking and remarketing service; loaded from www.googletagmanager.com/gtag/js via wp_enqueue_script. Provider: Google LLC.
Terms of use: https://ads.google.com/intl/en/home/terms/
Privacy policy: https://policies.google.com/privacy
Meta Pixel – advertising measurement service; loaded from connect.facebook.net. Provider: Meta Platforms, Inc.
Terms of use: https://www.facebook.com/legal/terms
Privacy policy: https://www.facebook.com/privacy/policy/
TikTok Pixel – advertising measurement service; loaded from analytics.tiktok.com. Provider: TikTok Inc. / ByteDance Ltd.
Terms of use: https://ads.tiktok.com/i18n/official/policy/business-products-terms
Privacy policy: https://www.tiktok.com/legal/privacy-policy
Microsoft Clarity – session analytics and heatmaps service; loaded from www.clarity.ms. Provider: Microsoft Corporation.
Terms of use: https://clarity.microsoft.com/terms
Privacy policy: https://privacy.microsoft.com/en-us/privacystatement
Hotjar – heatmaps, recordings, and feedback service; loaded from static.hotjar.com. Provider: Hotjar Ltd.
Terms of use: https://www.hotjar.com/legal/policies/terms-of-service/
Privacy policy: https://www.hotjar.com/legal/policies/privacy/
Matomo – analytics service; loaded from the site administrator’s configured Matomo instance URL. Provider: InnoCraft Ltd. or the site owner’s Matomo host.
Terms of use: https://matomo.org/matomo-cloud-terms-of-service/
Privacy policy: https://matomo.org/matomo-cloud-privacy-policy/
Yandex Metrica – analytics service; loaded from mc.yandex.ru. Provider: Yandex LLC.
Terms of use: https://yandex.com/legal/metrica_termsofuse/
Privacy policy: https://yandex.com/legal/confidential/
Heap Analytics – analytics service; loaded from cdn.heapanalytics.com. Provider: Heap Inc.
Terms of use: https://heap.io/legal/heap-terms-of-service
Privacy policy: https://heap.io/legal/privacy
Mixpanel – analytics service; loaded from cdn.mxpnl.com. Provider: Mixpanel, Inc.
Terms of use: https://mixpanel.com/legal/terms-of-use/
Privacy policy: https://mixpanel.com/legal/privacy-policy/
PostHog – analytics and feature flags service; loaded from the site administrator’s configured PostHog host. Provider: PostHog, Inc.
Terms of use: https://posthog.com/terms
Privacy policy: https://posthog.com/privacy
LinkedIn Insight Tag – advertising measurement service; loaded from snap.licdn.com. Provider: LinkedIn Corporation.
Terms of use: https://www.linkedin.com/legal/l/li-marketing-terms
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Pinterest Tag – advertising measurement service; loaded from s.pinimg.com. Provider: Pinterest, Inc.
Terms of use: https://policy.pinterest.com/en/terms-of-service
Privacy policy: https://policy.pinterest.com/en/privacy-policy
Snapchat Pixel – advertising measurement service; loaded from sc-static.net. Provider: Snap Inc.
Terms of use: https://snap.com/en-US/terms
Privacy policy: https://snap.com/en-US/privacy/privacy-policy
Twitter/X Pixel – advertising measurement service; loaded from static.ads-twitter.com. Provider: X Corp.
Terms of use: https://twitter.com/en/tos
Privacy policy: https://twitter.com/en/privacy
Microsoft Advertising UET – conversion tracking service; loaded from bat.bing.com. Provider: Microsoft Corporation.
Terms of use: https://about.ads.microsoft.com/en-us/policies/legal
Privacy policy: https://privacy.microsoft.com/en-us/privacystatement
Intercom – customer messaging service; loaded from widget.intercom.io and api-iam.intercom.io. Provider: Intercom, Inc.
Terms of use: https://www.intercom.com/legal/terms-and-policies
Privacy policy: https://www.intercom.com/legal/privacy
LiveChat – support chat service; loaded from cdn.livechatinc.com. Provider: LiveChat, Inc.
Terms of use: https://www.livechat.com/legal/terms-of-service/
Privacy policy: https://www.livechat.com/legal/privacy-policy/
Crisp – customer messaging and chat service; loaded from client.crisp.chat. Provider: Crisp IM SAS.
Terms of use: https://crisp.chat/en/terms/
Privacy policy: https://crisp.chat/en/privacy/
Tawk.to – support chat service; loaded from embed.tawk.to. Provider: Tawk.to Ltd.
Terms of use: https://www.tawk.to/legal/terms-of-service/
Privacy policy: https://www.tawk.to/legal/privacy-policy/
Script blocker safe domains
The automatic script blocker does not block scripts from essential service domains (payment gateways, CAPTCHAs, translation). These domains are whitelisted so the script blocker does not interfere with site-critical functionality provided by other plugins or themes. The CookieBoxs plugin itself does not load any files from these domains — they are only whitelisted to prevent breakage:
Stripe – payment processing service; loaded by other plugins from js.stripe.com and checkout.stripe.com. Provider: Stripe, Inc.
Terms of use: https://stripe.com/legal/ssa
Privacy policy: https://stripe.com/privacy
PayPal – payment processing service; loaded by other plugins from www.paypal.com and www.paypalobjects.com. Provider: PayPal Holdings, Inc.
Terms of use: https://www.paypal.com/us/legalhub/useragreement-full
Privacy policy: https://www.paypal.com/us/legalhub/privacy-full
Google reCAPTCHA – spam protection service; loaded by other plugins from recaptcha.net. Provider: Google LLC.
Terms of use: https://policies.google.com/terms
Privacy policy: https://policies.google.com/privacy
hCaptcha – spam protection service; loaded by other plugins from js.hcaptcha.com. Provider: Intuition Machines, Inc.
Terms of use: https://www.hcaptcha.com/terms
Privacy policy: https://www.hcaptcha.com/privacy
Cloudflare Turnstile – bot protection service; loaded by other plugins from challenges.cloudflare.com. Provider: Cloudflare, Inc.
Terms of use: https://www.cloudflare.com/terms/
Privacy policy: https://www.cloudflare.com/privacypolicy/
Google Translate – translation service widget; loaded by other plugins from translate.google.com and translate.googleapis.com. Provider: Google LLC.
Terms of use: https://policies.google.com/terms
Privacy policy: https://policies.google.com/privacy
Content blockers
Content blockers are an optional feature that replaces embedded third-party media (YouTube, Vimeo, Google Maps) with a placeholder until the visitor grants consent. When consent is given, the embed loads normally from the service provider.
YouTube – video embeds can be blocked until consent; loaded from www.youtube.com and www.youtube-nocookie.com. Provider: Google LLC.
Terms of use: https://www.youtube.com/t/terms
Privacy policy: https://policies.google.com/privacy
Vimeo – video embeds can be blocked until consent; loaded from player.vimeo.com and vimeo.com. Provider: Vimeo, Inc.
Terms of use: https://vimeo.com/terms
Privacy policy: https://vimeo.com/privacy
Google Maps – map embeds can be blocked until consent; loaded from www.google.com/maps and maps.googleapis.com. Provider: Google LLC.
Terms of use: https://cloud.google.com/maps-platform/terms
Privacy policy: https://policies.google.com/privacy
