Skip to main content

GDPR & Cookie Consent

Integrate Pixel Plus with your store's cookie consent banner so the Facebook pixel only fires after a visitor has explicitly agreed to tracking.

note

Available since v2.3

Overview

If your store operates under GDPR or similar privacy regulations, you need to hold the Facebook pixel back until a visitor actively accepts cookies. Pixel Plus has a built-in consent integration that handles this without relying on a third-party blocker to strip script tags from your pages.

The integration works by telling Pixel Plus exactly how your consent banner signals acceptance. On every page load, the module checks for that signal — either a cookie (the most common approach) or a localStorage variable (used by some modern consent platforms). If the signal is present and valid, pixel events fire normally. If not, all browser events are paused.

The key advantage over external blockers is reliability. Modules that block Pixel Plus by removing script tags can accidentally strip JavaScript needed for other features, break the Back Office panel, and prevent the Conversion API from functioning even for staff. The built-in integration leaves all module code in place and simply pauses the event queue in the visitor's browser.

CAPI is not controlled by this panel

The browser pixel is what this panel controls. The server-side Conversion API is not automatically blocked here — consult your legal counsel if your compliance requirements include blocking CAPI as well.

Configuration

  1. Go to Modules > Module Manager > Pixel Plus for Facebook > Configure.
  2. Locate the GDPR & Cookies Consent panel.
  3. Enable Block the script?.
  4. Set GDPR Block Mode to Cookies.
  5. Open your storefront in a private/incognito window and accept cookies. Open browser DevTools (F12) > Application > Cookies and find the cookie your consent banner sets.
  6. Enter its exact name in Add the cookie name to look for (names are case-sensitive — copy-paste from DevTools).
  7. If the cookie must contain a specific value to mean "accepted" (for example 1, true, or marketing), enter it in Specific Cookie Value?. Leave blank to treat any non-empty cookie value as consent.
  8. If the cookie is set directly by your browser (not wrapped inside the PrestaShop cookie object), switch Is an External Cookie? to External. Most third-party consent banners set external cookies.
  9. If your banner reloads the page after the visitor accepts, leave Page reloads after the consent? enabled (the default). If your banner activates the pixel without a reload, disable this option and enter the CSS selector for your banner's accept button in Selector for the Cookies Button.
  10. Click Save.
  11. Test in incognito: the pixel should not fire before consent and should fire (or resume after reload) once you accept.
  1. Follow steps 1–4 above, but set GDPR Block Mode to Local Storage.
  2. In browser DevTools > Application > Local Storage, find the variable your consent platform writes.
  3. Enter the path to the consent value in Variable path to look for. Use >> as a separator for nested objects — for example, if localStorage contains a consent object with a marketing property, enter consent >> marketing.
  4. Enter the exact value that signals acceptance (for example true) in Expected Value/s.
  5. Click Save and test as above.

Configuration fields reference

FieldValuesDefaultDescription
Block the script?Enabled / DisabledDisabledMaster switch. When enabled, all browser pixel events are paused until the configured consent signal is detected.
GDPR Block ModeCookies / Local StorageCookiesWhich mechanism your consent banner uses to record consent. If you are unsure, start with Cookies.
Add the cookie name to look forTextExact name of the consent cookie (case-sensitive). Required when Block Mode is Cookies.
Specific Cookie Value?TextThe value the cookie must contain to be treated as consent given. Separate multiple accepted values with `
Is an External Cookie?Enabled / DisabledDisabledEnable when the consent cookie is set directly by a third-party banner (not inside the PrestaShop cookie object).
Variable path to look forTextPath to the consent flag in localStorage, using >> for nested keys. Required when Block Mode is Local Storage.
Expected Value/sTextThe value that signals consent has been granted (for example true). Required when Block Mode is Local Storage.
Page reloads after the consent?Enabled / DisabledEnabledEnable if your consent banner reloads the page when the visitor accepts. Disable if it activates without a reload, then provide the button selector below.
Selector for the Cookies ButtonCSS selectorOnly required when the page does not reload after consent. CSS selector for the accept button on your banner (for example .consent-banner .accept-btn).
warning

If you enable Block the script? but leave the cookie name (or localStorage path) blank, Pixel Plus will block all pixel events for every visitor. The Back Office will display a warning until you finish the configuration or disable the feature.

How It Works

On every page load, the module reads the configured consent signal from the visitor's browser:

  • Cookie mode: The module checks whether the named cookie exists (via the PrestaShop cookie object for internal cookies, or directly from $_COOKIE for external ones). If a specific value was configured, the cookie content must contain that value. Multiple values separated by ||| are checked one by one — a match on any of them grants consent.
  • localStorage mode: Because localStorage is not readable on the server, the module injects a small JavaScript snippet that reads the configured variable path and, if the expected value is found, calls back to your store to set a server-side session cookie (fctp_localstorage_consent). On the next page load, the server reads that session cookie to determine consent.

When consent is detected, pixel events fire normally. When it is not detected, all browser-side pixel events are suppressed.

After the visitor accepts

Page reloads (standard flow): After the visitor clicks the consent banner's accept button, the page reloads. On the fresh load, the module finds the consent cookie and fires all events for that page normally.

No page reload: When Page reloads after the consent? is disabled, the module attaches a click listener to the CSS selector you specify. When that element is clicked, pixelConsent(true) is called: it calls fbq('consent', 'grant') immediately to activate the Facebook pixel in the visitor's browser session, and makes an AJAX call to update the server-side consent state so subsequent server-side checks are consistent.

The doNotConsentToPixel JavaScript variable

Setting window.doNotConsentToPixel = true in your own JavaScript will block all pixel events regardless of the cookie or localStorage state. This is useful for custom integrations — for example, if you manage consent through your own code and want direct control over when events fire.

When Is an External Cookie? is enabled, a "click here" link appears next to the field. Clicking it generates a short-lived token and prints all current storefront cookies (excluding sensitive session values) directly in the Back Office. This helps you identify the exact cookie name and value written by your consent banner without needing to open DevTools.

Usage Examples

Example: Axeptio consent banner Axeptio sets an external cookie named axeptio_cookies containing a JSON string with accepted categories. Set Add the cookie name to look for to axeptio_cookies, enable Is an External Cookie?, and leave Specific Cookie Value? blank (any non-empty cookie value is treated as accepted). Axeptio reloads the page after acceptance by default, so leave Page reloads after the consent? enabled.

Example: Custom banner without a page reload Your designer built a custom consent overlay that slides out when the visitor clicks "I Accept", without triggering a page reload. Disable Page reloads after the consent? and set Selector for the Cookies Button to the CSS selector of that button — for example #consent-overlay .btn-accept. Pixel Plus attaches a click listener and activates the pixel the moment the visitor accepts.

Example: Multiple accepted values in one cookie Your consent cookie holds a pipe-separated string like necessary|analytics|marketing. You want the pixel to fire only if marketing is present. Enter marketing in Specific Cookie Value?. The module checks whether that string appears anywhere inside the cookie value and grants consent if it does.

Example: localStorage with Didomi Didomi stores consent in a didomi_token localStorage variable. Set GDPR Block Mode to Local Storage, Variable path to look for to didomi_token >> user >> status >> consent >> analytics >> enabled, and Expected Value/s to true. Pixel Plus reads this path on each page load and activates the pixel once the value resolves to true.

Important Notes

  • CAPI is not blocked by this panel. The Conversion API fires from your server and is unaffected by the browser consent settings here. If your legal requirements include blocking CAPI, a custom implementation is needed.
  • No server-side consent memory. The module re-reads the consent signal on every page load. It does not store a long-term "this visitor has consented" record on the server beyond the current session. If the consent cookie expires, the next page load will block the pixel again.
  • Configuration is per-shop. In multi-shop setups, each shop can have its own consent cookie name, mode, and related fields. There is no global override for the GDPR settings.
  • Misconfigured blocking blocks everyone. If Block the script? is on but the cookie name (or localStorage path) is empty, every visitor is blocked. The Back Office shows a warning — resolve it before the site goes live.
  • Multiple pixel IDs. If you run multiple pixel IDs (via the multi-pixel feature), the consent state applies to all of them equally. You cannot consent to one pixel while blocking another through this panel.
  • External cookie lookup. When Is an External Cookie? is enabled, the module reads from the raw browser $_COOKIE superglobal. The value comparison is URL-decoded — both the raw value and its URL-encoded form are checked to handle banners that encode special characters.

Troubleshooting

ProblemSolution
Pixel fires before consent is givenConfirm Block the script? is saved as enabled. Check the cookie name is exact — copy-paste from DevTools (Application > Cookies). Cookie names are case-sensitive.
Pixel never fires after acceptingUse the cookie inspector link in the GDPR panel to print all active storefront cookies. Verify the name and value match exactly what you have entered. Also confirm whether the cookie is internal (PrestaShop) or external.
All visitors are blocked after enablingThe Cookie name field is blank or incorrect. The Back Office warning confirms this. Temporarily disable Block the script?, fix the cookie name, then re-enable.
Pixel fires on acceptance but not on the next pageThe consent cookie expires before the visitor navigates to the next page. Check the cookie's expiry in DevTools > Application > Cookies. This is a consent banner configuration issue, not a Pixel Plus issue.
localStorage mode works on the first page but not on subsequent onesThe fctp_localstorage_consent session cookie that Pixel Plus sets may be expiring with the browser session. This is expected — localStorage consent is re-validated on each new browser session.
No-reload mode: pixel doesn't activate after clicking acceptVerify your CSS selector targets the correct element. Open DevTools and run document.querySelector('.your-selector') in the console to confirm it finds the button.
Does configuring this panel make my store fully GDPR-compliant?

The module provides the technical mechanism to block the pixel until consent is detected. Full GDPR compliance also depends on your consent banner's design, how consent is recorded and renewed, and your privacy policy. Consult your legal counsel for a complete compliance review.

Why shouldn't I just use a third-party module that blocks Pixel Plus entirely?

External blockers that remove Pixel Plus script tags from the page can interfere with Back Office features and break the Conversion API — which fires from your server regardless of browser scripts. The built-in consent integration pauses only the browser event queue and leaves everything else intact, making it both more reliable and less likely to cause side effects.

Does blocking the browser pixel also block the Conversion API?

No. CAPI fires from your server based on order and customer events and is unaffected by the browser consent panel. If your legal requirements include blocking CAPI for visitors who decline cookies, that requires a separate server-side implementation.

What does the doNotConsentToPixel JavaScript variable do?

Setting window.doNotConsentToPixel = true in your own JavaScript suppresses all browser pixel events, regardless of the cookie or localStorage state configured in the Back Office. It is an escape hatch for custom integrations where you need to manage consent logic outside of Pixel Plus.

What is the cookie inspector tool and when should I use it?

When Is an External Cookie? is enabled, a link appears next to the field that generates a short-lived security token and prints your storefront's active cookies directly in the Back Office (excluding sensitive session fields). Use it when you do not know the exact name or value of the cookie your consent banner sets — it saves you from switching between the Back Office and DevTools.

Can I require multiple cookie values — for example, consent to both analytics and marketing?

The ||| separator in Specific Cookie Value? matches any of the listed values, not all of them. For an AND condition (all values must be present), you would need to use a single combined value that your consent banner writes, or handle the logic through the doNotConsentToPixel JavaScript variable in your theme.

My consent banner supports the IAB TCF standard. Does Pixel Plus integrate with that?

Pixel Plus does not have a built-in TCF integration. You can bridge it by configuring your TCF-compatible banner to write a standard cookie or localStorage variable when consent is granted, then pointing Pixel Plus at that signal.