PrestaShop Cookie Consent and GDPR: The Complete Module Guide for Store Owners

Why PrestaShop Stores Need Proper Cookie Consent

If you operate a PrestaShop store that serves customers in the European Union, cookie consent is not optional — it is a legal requirement with real financial consequences. The GDPR, combined with the ePrivacy Directive, mandates that websites obtain informed, freely given consent before setting non-essential cookies. For e-commerce stores, this is particularly critical because the cookies involved directly affect your ability to track conversions, run retargeting campaigns, and measure marketing ROI.

PrestaShop powers over 300,000 online stores worldwide, many of which sell to EU customers. Yet a significant number of these stores either lack proper consent management entirely or rely on outdated solutions that do not meet current regulatory standards. With Google now requiring Consent Mode V2 for ad serving in the EEA, the gap between basic compliance and proper implementation has real revenue implications.

What Cookies Does PrestaShop Set by Default?

Before configuring consent, you need to understand what cookies your PrestaShop store already uses. A default PrestaShop installation sets several categories of cookies:

Essential Cookies (No Consent Required)

• PrestaShop session cookie: Maintains the user's session, shopping cart contents, and login state. This is strictly necessary for the store to function.
• CSRF tokens: Security cookies that protect form submissions from cross-site request forgery.
• Currency and language preferences: Store the user's selected currency and language for consistent browsing experience.

Analytics and Marketing Cookies (Consent Required)

• Google Analytics (GA4): If you have installed a Google Analytics module, it sets _ga, _ga_*, and related cookies for tracking user behavior, page views, and conversions.
• Google Ads remarketing: Conversion tracking and remarketing pixels set cookies for ad targeting and conversion measurement.
• Facebook Pixel: If installed, the Meta pixel sets _fbp and _fbc cookies for ad attribution and audience building.
• Third-party analytics modules: PrestaShop's marketplace includes dozens of analytics and marketing modules, each potentially setting its own cookies.

Payment Gateway Cookies

• PayPal, Stripe, Mollie, and others: Payment processors may set cookies for fraud detection and session management. These are generally classified as strictly necessary when they are required to complete a transaction, but some payment processors set additional analytics cookies that require consent.
• 3D Secure authentication: The 3D Secure flow used by many European card payments may set temporary cookies during the authentication process.

PrestaShop's Built-In Cookie Handling Limitations

PrestaShop includes a basic GDPR module (typically "Official GDPR Compliance" module) that provides some data privacy features. However, it has significant limitations when it comes to cookie consent:

• No Consent Mode V2 support: The built-in module does not send Google Consent Mode signals, which means your Google tags cannot leverage consent-aware behavior or conversion modeling.
• No TCF integration: There is no Transparency and Consent Framework support, which is required for programmatic advertising compliance in the EEA.
• Limited cookie blocking: The built-in approach often does not actually prevent third-party scripts from setting cookies before consent. It may display a banner, but the underlying scripts still fire.
• No geo-targeting: The same consent experience is shown to all visitors regardless of location. EU visitors and US visitors see the same banner, which is either overly restrictive for some or insufficiently compliant for others.
• Basic design options: The banner appearance is limited and may not match your store's branding, leading to a disconnected user experience.

Installing the FlexyConsent PrestaShop Addon

FlexyConsent offers a native PrestaShop addon that integrates directly into your store's back office. Here is how to install and configure it:

Step 1: Get the Addon

The FlexyConsent PrestaShop addon is available on the official PrestaShop Addons Marketplace. Purchase and download the module from the marketplace, then install it through your PrestaShop back office under Modules > Module Manager.

Step 2: Connect Your FlexyConsent Account

After installation, navigate to the module's configuration page in your PrestaShop back office. Enter your FlexyConsent Site ID, which you can find in your FlexyConsent dashboard. The addon will automatically connect to FlexyConsent's servers and pull your consent configuration.

Step 3: Configure Cookie Categories

In the FlexyConsent dashboard (not the PrestaShop back office), configure your cookie categories and purposes. Typical categories for a PrestaShop store include:

• Strictly Necessary: Session cookies, CSRF protection, cart functionality. These are enabled by default and cannot be rejected.
• Analytics: Google Analytics, Matomo, or other analytics platforms. Requires consent.
• Marketing: Google Ads, Facebook Pixel, retargeting scripts. Requires consent.
• Preferences: Language, currency, and display preferences beyond what is strictly necessary. May or may not require consent depending on your legal interpretation.

Step 4: Set Up Script Blocking

The FlexyConsent addon integrates with PrestaShop's hook system to control when third-party scripts load. Scripts associated with analytics and marketing categories are blocked until the user grants consent for that category. When consent is granted, the scripts load dynamically without requiring a page refresh.

For modules that inject scripts via PrestaShop hooks, the addon can intercept and conditionally load them. For scripts added directly to your theme templates, you may need to modify the script tags to use FlexyConsent's data attributes for conditional loading.

Back-Office Configuration

The FlexyConsent PrestaShop addon adds a configuration panel in your back office with these key settings:

• Site ID: Your unique FlexyConsent identifier that connects the addon to your dashboard configuration.
• Script position: Whether the FlexyConsent script loads in the <head> (recommended) or before the closing <body> tag.
• Auto-blocking mode: When enabled, the addon automatically detects and blocks known third-party scripts until consent is granted. When disabled, you manually specify which scripts to block.
• Consent wall option: For stores that require consent before browsing (less common in e-commerce), this option displays a full-page consent requirement.
• Cache compatibility: Settings to ensure the consent banner works correctly with PrestaShop's built-in cache and popular caching modules like PageCache or Varnish configurations.

Geo-Targeting for EU Customers

One of the most valuable features for PrestaShop stores is geo-targeted consent. Not all of your customers need the same consent experience:

• EU and UK customers: Full GDPR-compliant consent banner with opt-in model, TCF integration, and Consent Mode V2 signals. These customers must actively consent before non-essential cookies are set.
• US customers: Depending on their state, they may need a CCPA/CPRA-compliant notice with an opt-out mechanism, or no notice at all.
• Rest of world: A lighter notice or no banner, depending on applicable laws and your risk tolerance.

FlexyConsent handles this automatically through IP-based geo-detection. The correct consent experience is shown to each customer based on their location, without any manual configuration per region. This means your US customers are not unnecessarily slowed by EU-specific consent flows, while your EU customers receive full regulatory compliance.

Consent Mode V2 for PrestaShop Analytics

If you use Google Analytics 4 or Google Ads with your PrestaShop store, Consent Mode V2 is essential. Here is what it does for your store:

• Before consent: Google tags load in a restricted mode. They do not set cookies, do not collect user identifiers, and send only cookieless pings that Google uses for modeling.
• After consent is granted: Tags switch to full measurement mode with cookies, user IDs, and complete conversion tracking.
• After consent is denied: Tags remain in restricted mode for the duration of the session. Google uses the cookieless pings for modeled conversions and modeled reporting, partially recovering the analytics data you would otherwise lose entirely.

The practical benefit is significant: even when users reject analytics cookies, you still get modeled conversion data in your Google Ads and GA4 reports. Without Consent Mode V2, rejected consent means a complete data gap for that user. With it, Google's machine learning models can fill in approximately 70% of the missing data.

For a PrestaShop store running Google Ads campaigns targeting EU customers, this modeled data can mean the difference between accurate ROAS calculations and flying blind on a significant portion of your traffic.

Testing Your Implementation

After installing and configuring the FlexyConsent PrestaShop addon, verify the implementation with these checks:

• Clear all cookies and visit your store. The consent banner should appear before any Google Analytics or marketing cookies are set.
• Reject all cookies and check your browser's cookie storage. Only essential PrestaShop cookies (session, CSRF) should be present.
• Accept all cookies and verify that analytics and marketing scripts load and their cookies appear.
• Use Google Tag Assistant to confirm Consent Mode signals are being sent correctly — you should see consent default with denied states and consent update after the user's choice.
• Test from different regions using a VPN to verify geo-targeting shows the correct consent experience for EU vs. non-EU visitors.
• Test the checkout flow to ensure consent management does not interfere with payment processing, cart functionality, or order completion.

Store owner tip: Set up a monthly calendar reminder to test your consent implementation. PrestaShop module updates, theme changes, and new marketing integrations can all break consent flows without obvious symptoms. A quick 5-minute check each month can prevent compliance gaps from developing.

FlexyConsent's PrestaShop addon is available on the PrestaShop Addons Marketplace with plans starting from EUR 0 per month. The free plan includes Consent Mode V2, geo-targeting, and all the core compliance features your store needs to serve EU customers confidently.