外掛標籤
開發者團隊
② 後台搜尋「CookieRay – Cookie Banner for Cookie Consent (GDPR/CCPA Compliant)」→ 直接安裝(推薦)
原文外掛簡介
CookieRay is a cookie consent and privacy tooling plugin for WordPress. It stores data on your hosting account and runs in your environment. There is no external SaaS dashboard for site operation.
CookieRay helps website owners manage cookie consent settings for GDPR, CCPA, ePrivacy, and other privacy-related requirements. Legal compliance depends on your website setup, third-party tools, region, and how the plugin is configured.
CookieRay provides a visitor-facing consent experience, configurable script blocking, cookie discovery from your site, detailed consent records, and a setup dashboard to help you manage cookie consent records and support privacy-related workflows.
Cookie consent banner
A customizable consent surface with card and bar layouts, live preview in the admin, and nine placement positions. Visitors can Accept All, Decline All, or open a Preferences modal to choose which categories to allow (Necessary, Analytical, Functional, and Marketing). Banner text, colors, buttons, and fonts are editable without writing code.
Script blocking
Choose Log Only recording or Strict blocking in Settings. In Strict mode, CookieRay delays known tracking scripts until the visitor agrees to categories that match those trackers. Common patterns for services such as Google Analytics, Meta Pixel, Hotjar, HubSpot, TikTok Pixel, and many others are included out of the box.
Google Consent Mode v2
When enabled, CookieRay outputs consent state in the visitor’s browser for Google tags (such as GA4, Google Ads, or Google Tag Manager) that you have already placed on your site. Google Consent Mode v2 lets Google tags adjust their behavior based on visitor consent choices while supporting privacy-conscious measurement modes when consent is withheld.
CookieRay itself does not open separate server-side uploads of visitor payloads to Google; instead it surfaces JavaScript so tags you load can read consent signaling. Behavior of those downstream tags depends on how you configured Google products.
Further reading: Google’s Consent Mode documentation (linked under External Services).
Cookie scanner
Run a cookie scan from the WordPress admin to detect cookies surfaced on responses from your own site.
When an administrator starts a scan, CookieRay queues work on your server and uses the WordPress HTTP API to request public URLs belonging to your site domain (for example the homepage, published content URLs, WooCommerce storefront pages where applicable, and related routes depending on plugins). Cookie names surfaced in responses can be merged with your inventory for categorization alongside the plugin’s bundled tracking-cookie reference data.
CookieRay also runs deeper script-discovery passes that analyze HTML fetched from a bounded set of URLs (the embeddable deep scan inspects up to 50 URLs on the same domain, chosen from the XML sitemap when available or from the home page plus recent posts and pages). Scan coverage still depends on plugins, caches, authenticated-only flows, and what responses your site serves to CookieRay’s unauthenticated crawler.
There is no recurring unattended scan timetable built into CookieRay. You start scans from CookieRay screens (background processing completes those runs without another manual click).
Cookie inventory
View, edit, and categorize cookies discovered on your site. Assign cookies to Necessary, Analytical, Functional, or Marketing categories. Bulk-categorize or delete entries. Custom cookies can be added manually, with regex pattern support where appropriate.
Consent logs
Consent events can be logged with identifiers, statuses, granted categories, page URL, banner version, and timestamp fields available for review. Entries are searchable and filterable in the admin. You can export records as CSV, and export individual receipts as PDF for your record-keeping process.
Dashboard
See a summarized score guided by configurable checks (blocking mode, categorized cookies, policy link usage, consent expiry and scan recency reminders, whether Google Consent Mode output is enabled, and related items). Use it as onboarding guidance alongside your legal or compliance review.
Scan history
Review past scans: timing, URLs covered, counts, and summaries of results to track changes over time.
Settings
Configure consent behavior (Log Only vs Strict blocking), consent expiry, consent log retention, Google Consent Mode v2 toggle, optional data portability export flows, and related options. Banner and behavior settings are stored through WordPress options alongside plugin metadata.
Privacy and data handling
CookieRay does not send usage data, telemetry, or visitor payloads to CookieRay-operated servers. Consent logs and inventories stay in your site’s database unless you export them elsewhere.
Third-party trackers you integrate yourself (such as Google Analytics, Google Ads, Google Tag Manager, Meta Pixel, marketing pixels, embedded chat widgets, and similar vendors) may still collect information according to their own tags, configurations, vendor accounts, regions, and published policies, even when CookieRay delays or respects categories for scripts it recognizes.
A WordPress Cron task deletes consent records older than the retention period configured in Settings, whenever WordPress Cron runs normally on your host.
Source Code
The complete unminified source files are included inside this plugin in the src/ directory. No external repository is required to read or modify the source.
Admin interface source: src/admin/ compiles to build/admin.js and build/admin.css
Frontend banner source: src/frontend/ compiles to build/frontend.js and build/frontend.css
Build tool: Vite (Node.js 18+). To regenerate compiled assets: npm install && npm run build
External Services
CookieRay does not send analytics, telemetry, or visitor data to CookieRay-operated servers.
1. Same-site cookie scanner
When an administrator runs a cookie scan, CookieRay uses the WordPress HTTP API (wp_remote_get) to fetch public URLs belonging to the same WordPress site — for example the homepage, published post URLs, WooCommerce storefront pages, and sitemap entries.
What is sent: Standard HTTP GET requests to your own site’s public URLs.
When: Only when an administrator triggers a scan from CookieRay admin screens.
Who receives the requests: Your own web server. No data is sent to CookieRay or any third party.
Source file: includes/class-scanner.php
2. Google Consent Mode v2 (optional, admin-enabled)
When enabled in Settings, CookieRay outputs JavaScript on visitor pages that signals consent state to Google tags you have independently installed (e.g. GA4, Google Ads, Google Tag Manager). CookieRay does not make server-side HTTP calls to Google.
What is sent: Browser-side consent signals read by locally loaded Google tags you control.
When: When Consent Mode is enabled in CookieRay Settings and visitors load pages that include your Google tags.
Who receives downstream data: Google, per your Google account and tag configuration.
Google Privacy Policy: https://policies.google.com/privacy
Google Terms of Service: https://policies.google.com/terms
Google Consent Mode documentation: https://support.google.com/analytics/answer/9976101
Cookie detection dictionary — local data only, no network calls
The PHP scanner (includes/class-scanner.php) and the frontend bundle (build/frontend.js) contain a built-in lookup table that maps known provider domain strings — including Cloudflare, Google Analytics, Facebook (connect.facebook.net), Intercom, HubSpot, LinkedIn, Twitter, and others — to consent categories (Necessary, Analytical, Functional, Marketing).
This lookup table is static data stored inside the plugin files. CookieRay does not connect to, send data to, or call any API at Cloudflare, Facebook, Intercom, or any other provider listed in that table. The domain strings are used only for local string-matching against cookie names and script URLs detected on your own site during a scan.
Bundled Libraries
This plugin ships the following third-party JavaScript libraries as local files (no CDN calls):
jsPDF v4.2.1 — Client-side PDF generation, used to produce consent receipt PDFs when an administrator downloads a receipt from the Consent Logs screen.
License: MIT | Repository: https://github.com/parallax/jsPDF
File: assets/js/jspdf.min.js
React v18 — UI framework for the admin interface, bundled into build/admin.js.
License: MIT | Repository: https://github.com/facebook/react
Mantine v7 — Component library for the admin interface, bundled into build/admin.js.
License: MIT | Repository: https://github.com/mantinedev/mantine
Tabler Icons React v3 — Icon set for the admin interface, bundled into build/admin.js.
License: MIT | Repository: https://github.com/tabler/tabler-icons
Fonts
The admin UI bundles the Inter and Manrope typefaces from build/fonts/. Both are distributed under the SIL Open Font License v1.1 (OFL-1.1), which is GPL-compatible. Full attribution and license text: build/fonts/LICENSE.md.
