{"id":294634,"date":"2026-07-02T12:51:58","date_gmt":"2026-07-02T12:51:58","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/cookie-scout\/"},"modified":"2026-07-02T12:51:25","modified_gmt":"2026-07-02T12:51:25","slug":"cookie-scout","status":"publish","type":"plugin","link":"https:\/\/az.wordpress.org\/plugins\/cookie-scout\/","author":23472484,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.16","stable_tag":"1.0.16","tested":"7.0","requires":"6.0","requires_php":"8.1","requires_plugins":null,"header_name":"Cookie Scout","header_author":"Cookie Scout","header_description":"Cookie banner med Google Consent Mode v2, lokal ops\u00e6tning og script-blokering.","assets_banners_color":"","last_updated":"2026-07-02 12:51:25","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/cookiescout.io","rating":0,"author_block_rating":0,"active_installs":0,"downloads":30,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.16":{"tag":"1.0.16","author":"cookiescout","date":"2026-07-02 12:51:25"}},"upgrade_notice":[],"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.16"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[223629,20272,389,131785,23295],"plugin_category":[],"plugin_contributors":[269879],"plugin_business_model":[],"class_list":["post-294634","plugin","type-plugin","status-publish","hentry","plugin_tags-consent-mode","plugin_tags-cookie-banner","plugin_tags-cookies","plugin_tags-gdpr","plugin_tags-gtm","plugin_contributors-cookiescout","plugin_committers-cookiescout"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/cookie-scout.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Cookie Scout helps you display a cookie banner, store consent and control scripts. The plugin can be used locally without an account. Advanced features can be enabled separately.<\/p>\n\n<h3>External services<\/h3>\n\n<p>This plugin communicates with third-party services only when a feature explicitly needs it, or when an administrator has turned that feature on. Below is what is used, why, what data is involved, and when it runs.<\/p>\n\n<h4>Cookie Scout API (dashboard.cookiescout.io)<\/h4>\n\n<ul>\n<li><strong>What it is:<\/strong> The Cookie Scout account and configuration service.<\/li>\n<li><strong>What it is used for:<\/strong> Optional connected mode: authenticating the site owner, loading banner and policy configuration, blocking rules, categories, and (when enabled) recording consent events from the banner to your Cookie Scout account.<\/li>\n<li><strong>What data is sent:<\/strong> API requests may include your site URL, authentication token after you connect, banner or policy fields you save from the settings screens, and consent payloads (consent identifier, category choices, banner version reference, page URL, and language) when the visitor consents and connected mode is active.<\/li>\n<li><strong>When it is sent:<\/strong> Only when a site administrator has connected the plugin to a Cookie Scout account and performs actions that require the service, or when visitors submit consent while that connected mode is active.<\/li>\n<li><strong>Provider:<\/strong> Cookie Scout \u2014 <a href=\"https:\/\/cookiescout.io\">Website<\/a> \u2014 <a href=\"https:\/\/dashboard.cookiescout.io\">Account dashboard<\/a> \u2014 <a href=\"https:\/\/cookiescout.io\/terms.html\">Terms of use<\/a> \u2014 <a href=\"https:\/\/cookiescout.io\/privacy.html\">Privacy policy<\/a><\/li>\n<\/ul>\n\n<h4>Google Tag Manager and Google Tag (googletagmanager.com)<\/h4>\n\n<ul>\n<li><strong>What it is:<\/strong> Google\u2019s tag hosting and execution platform.<\/li>\n<li><strong>What it is used for:<\/strong> If an administrator enters a valid Google Tag Manager container ID (format <code>GTM-\u2026<\/code>) in the plugin settings, the plugin can load Google Tag Manager on the public site in line with the selected Consent Mode behaviour (standard vs advanced). The browser may then load additional tags configured in that container.<\/li>\n<li><strong>What data is sent:<\/strong> The plugin requests Google\u2019s <code>gtm.js<\/code> (and the GTM noscript iframe when applicable) from Google. Any further requests, cookies, or personal data depend entirely on what the administrator has configured inside Google Tag Manager and the tags fired from it\u2014not on this plugin\u2019s code paths beyond loading GTM when allowed by consent settings.<\/li>\n<li><strong>When it is sent:<\/strong> When GTM is configured in settings and, depending on mode, when consent allows statistics or marketing storage, or when advanced Consent Mode is enabled as described in the plugin UI.<\/li>\n<li><strong>Provider:<\/strong> Google Ireland Limited \/ Google LLC \u2014 <a href=\"https:\/\/marketingplatform.google.com\/about\/analytics\/tag-manager\/use-policy\/\">Google Tag Manager terms<\/a> \u2014 <a href=\"https:\/\/policies.google.com\/privacy\">Google privacy policy<\/a><\/li>\n<\/ul>\n\n<h4>Google Fonts (fonts.googleapis.com \/ fonts.gstatic.com)<\/h4>\n\n<ul>\n<li><strong>What it is:<\/strong> Google\u2019s font delivery network.<\/li>\n<li><strong>What it is used for:<\/strong> If an administrator selects one of the listed Google fonts for the cookie policy \/ cookie list appearance, the visitor\u2019s browser loads the corresponding stylesheet (and font files) from Google.<\/li>\n<li><strong>What data is sent:<\/strong> Standard web requests as defined by Google (typically IP address and technical headers as part of loading CSS\/font assets).<\/li>\n<li><strong>When it is sent:<\/strong> Only when a Google font is chosen in settings and a page that outputs the policy or list shortcodes is viewed.<\/li>\n<li><strong>Provider:<\/strong> Google \u2014 <a href=\"https:\/\/developers.google.com\/fonts\/faq\/privacy\">Google Fonts privacy FAQ<\/a> \u2014 <a href=\"https:\/\/policies.google.com\/privacy\">Google privacy policy<\/a><\/li>\n<\/ul>\n\n<h4>Stripe (checkout.stripe.com)<\/h4>\n\n<ul>\n<li><strong>What it is:<\/strong> Payment processing for Cookie Scout plans, when you use connected checkout from the plugin.<\/li>\n<li><strong>What it is used for:<\/strong> Redirecting the administrator to Stripe Checkout when purchasing or upgrading through the Cookie Scout service.<\/li>\n<li><strong>What data is sent:<\/strong> Handled by Cookie Scout\u2019s checkout API and Stripe according to their flows; this plugin only redirects the administrator to the checkout URL returned by the service.<\/li>\n<li><strong>When it is sent:<\/strong> Only when an administrator starts checkout from the plugin while using connected mode.<\/li>\n<li><strong>Provider:<\/strong> Stripe \u2014 <a href=\"https:\/\/stripe.com\/legal\">Stripe legal \/ privacy<\/a><\/li>\n<\/ul>\n\n<h4>Front-end requests to your own site (scanner \/ GTM detection)<\/h4>\n\n<ul>\n<li><strong>What it is:<\/strong> The plugin may request your site\u2019s public HTML using <code>wp_remote_get()<\/code> (for example the basic scanner in admin, or optional detection of an existing GTM snippet).<\/li>\n<li><strong>What it is used for:<\/strong> Analysing HTML your site already outputs; the plugin does not substitute remote CDNs for its own assets through these requests.<\/li>\n<li><strong>What data is sent:<\/strong> A normal HTTP GET to your <code>home_url()<\/code> as seen by the server (user-agent identifies the plugin).<\/li>\n<li><strong>When it is sent:<\/strong> Only when an administrator triggers the relevant tool in wp-admin.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin to \/wp-content\/plugins\/<\/li>\n<li>Activate the plugin in WordPress<\/li>\n<li>Go to Cookie Scout in the admin and complete the quick setup<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20the%20plugin%20require%20an%20account%3F\"><h3>Does the plugin require an account?<\/h3><\/dt>\n<dd><p>No, the plugin can be used locally without an account.<\/p><\/dd>\n<dt id=\"are%20there%20advanced%20features%3F\"><h3>Are there advanced features?<\/h3><\/dt>\n<dd><p>Yes, advanced features can be enabled separately.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.16<\/h4>\n\n<ul>\n<li>Sikkerhed: connect-flow kr\u00e6ver nu nonce-bekr\u00e6ftelse f\u00f8r API-token gemmes; consent JSON saniteres og valideres felt for felt f\u00f8r API-kald.<\/li>\n<\/ul>\n\n<h4>1.0.15<\/h4>\n\n<ul>\n<li>Plugin Check: rettet GTM-notice escaping, sticky form-felter med nonce-verifikation, User-Agent sanitization og Google Fonts enqueue-version.<\/li>\n<\/ul>\n\n<h4>1.0.14<\/h4>\n\n<ul>\n<li>Plugin Check: Tested up to WordPress 7.0; i18n translators-kommentarer rettet; fjernet load_plugin_textdomain; PHPCS-justeringer for templates, adgangskoder og admin GET-flows.<\/li>\n<\/ul>\n\n<h4>1.0.13<\/h4>\n\n<ul>\n<li>Script-blokering: tilf\u00f8jede faste fallback-regler for betalingsscripts (inkl. ePay\/Bambora\/Worldline-dom\u00e6ner) som kategoriseres som n\u00f8dvendige, s\u00e5 checkout kan fungere ved afviste valgfrie cookies.<\/li>\n<\/ul>\n\n<h4>1.0.12<\/h4>\n\n<ul>\n<li>Kompatibilitet: fjernede PHP 8 <code>match<\/code> i settings-template og erstattede med switch, s\u00e5 parse-fejl p\u00e5 \u00e6ldre PHP undg\u00e5s.<\/li>\n<\/ul>\n\n<h4>1.0.11<\/h4>\n\n<ul>\n<li>Banner: st\u00f8rre cookie-ikon i den flydende gen\u00e5bningsknap og CSS der modst\u00e5r temaers <code>button<\/code>\/<code>svg<\/code>-skalering; lidt mere plads til banner-logo.<\/li>\n<\/ul>\n\n<h4>1.0.10<\/h4>\n\n<ul>\n<li>Script-blokering: GTM-genkendelse d\u00e6kker nu server-side \/ hosted <code>gtm.js<\/code> (fx eget dom\u00e6ne med <code>?id=GTM-\u2026<\/code> eller Stape-vertikaler), s\u00e5 samme consent-regler som for googletagmanager.com GTM g\u00e6lder og scripts undg\u00e5r forkert \u201cukendt\u201d-blokering.<\/li>\n<\/ul>\n\n<h4>1.0.9<\/h4>\n\n<ul>\n<li>Script-blokering: ved genindl\u00e6sning med gyldigt samtykke i localStorage anvendes det nu p\u00e5 DOM (iframe-placeholders og blokerede scripts), s\u00e5 fx YouTube vises uden at skulle acceptere igen.<\/li>\n<\/ul>\n\n<h4>1.0.8<\/h4>\n\n<ul>\n<li>Script-blokering: spring server-side buffer over n\u00e5r User-Agent indeholder <code>CookieScoutRemoteScan\/1<\/code> (backend Playwright-scanner og wp_remote_get i plugin), s\u00e5 scanning ser eksekverbare tags i HTML.<\/li>\n<\/ul>\n\n<h4>1.0.7<\/h4>\n\n<ul>\n<li>Banner: planl\u00e6g boot med DOMContentLoaded + kort polling, s\u00e5 init ikke springes over hvis markup kommer efter script (undg\u00e5r \u201cd\u00f8d\u201d frontend ved visse temaer\/cache).<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li>Banner: boot k\u00f8rer ogs\u00e5 hvis DOM allerede er klar (undg\u00e5r skjult banner n\u00e5r script indl\u00e6ses sent) \u2014 vigtigt for GTM\/script-blokering og for eksterne scans.<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Banner: ensartet bund-padding i cookie-indstillingspanelet (matcher sider\/top).<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>dataLayer: udsender ogs\u00e5 <code>cookie_consent_update<\/code> (Cookiebot-kompatibelt) ved samtykke, s\u00e5 eksisterende GTM-triggere kan genbruges.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Correct Cookie Scout terms\/privacy URLs in readme; shortcode return hardening (esc_html__, wp_kses_post); safe shutdown flush for script-blocker output buffer.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Stricter escaping (admin UI, banner colours\/position), check_ajax_referer on privileged AJAX, hex colour validation, connect-code format check, domain-list documentation, removed inline onclick confirm in favour of enqueued admin JS.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Hardened AJAX and checkout return URLs (nonces), improved script loading and output escaping for consent\/blocker\/GTM, removed frontend \u201cPowered by\u201d credit, admin settings scripts enqueued properly, readme external services documentation.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>First public release<\/li>\n<\/ul>","raw_excerpt":"Cookie banner with local setup, script blocking and optional advanced features.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/294634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=294634"}],"author":[{"embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/cookiescout"}],"wp:attachment":[{"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=294634"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=294634"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=294634"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=294634"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=294634"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/az.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=294634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}