Cookie consent tools: 10 popular solutions compared
Many websites are nothing without cookies:
Online shop systems or web analysis tools often depend on them in order to be able to recognize visitors.
However, the courts have also been dealing with cookies and their use for many years. Up to the highest instances such as the Federal Court of Justice (BGH) and the European Court of Justice (ECJ).
Because some types of cookies, such as tracking cookies from advertising networks, make it possible to track the behavior of users on the Internet.
In this post, I will introduce you to ten popular cookie consent tools that you can use to implement this on your website.
I will go into the advantages and disadvantages of all tools and explain what you need to look out for when using consent tools.
- 1. What are cookies?
- 1.1 What types of cookies are there?
- 2. What do I have to consider legally when using cookies on my website?
- 2.1 How do I find out what cookies my website sets?
- 2.2 When do I need a cookie consent tool? And is it possible without?
- 3. What does a good consent tool have to offer?
- 4. Consent Tools for WordPress
- 4.1 Real Cookie Banners
- 4.2 Borlabs Cookies
- 4.3 Compliance
- 4.4 GDPR Pixelmate
- 5. Consent tools for all websites
- 5.1 Cookie Yes
- 5.2 Usercentrics
- 5.3 Cookiebot
- 5.4 Osano
- 5.5 OneTrust
- 5.6 CCM19
- 6. Cloud providers vs. on-premises software
- data protection
- Hardware
- service and care
- Conflicts / Compatibility
- Costs
- 7. How must my cookie banner be designed to be legally secure?
- 8. Common mistakes when configuring consent tools
- Error 1: Cookie banner not activated
- Error 2: Not all cookies are correctly recorded by the tool
- Error 3: Cookies grouped incorrectly
- Error 4: Cookies are set before consent
- Error 5: Revocation not possible
- 9.FAQs
- Are there also free cookie consent tools?
- What is the best cookie consent tool for agencies?
- Which tools offer a free trial or demo?
- Which cookies are “strictly necessary”?
- What is the difference between a cookie consent tool, a consent management platform and a consent management provider?
- When do cookies from web analysis or statistical tools require consent?
- What is the Transparency & Consent Framework (TCF)?
1. What are cookies?
A cookie is a piece of data managed and stored by the browser. This record contains information such as the name of the cookie, its lifetime, its value and the domain to which the cookie relates.
A cookie allows a user to be recognized by a website or by a service installed on a website.
This can serve the following purposes:
- Advertising networks use cookies to track the surfing behavior of a user and to display targeted advertising based on this
- Cookies can be used to store login information on a website so that the user does not have to log in again the next time they visit
- Online shops use cookies to store the contents of shopping carts or recently viewed products
- Analysis tools (e.g. Matomo or Google Analytics) use cookies to recognize returning visitors
1.1 What types of cookies are there?
It is essential for you as a website operator to understand that there are different types of cookies.
“Strictly necessary cookies”, i.e. cookies that are crucial for the smooth operation of a website (e.g. shopping cart cookies for online shops), are unproblematic in terms of data protection. Marketing cookies, on the other hand, do not.
That means:
While you only have to point out the use of some cookies, with others you need the consent of the visitor before they are set.
Here is a brief overview of the different types of cookies:
- Strictly necessary cookies: All cookies without which the website would not be able to function
- Marketing cookies: Used, for example, by advertising networks such as AdSense
- Statistics cookies: Tools such as Matomo or Google Analytics use these to correctly measure visitors
2. What do I have to consider legally when using cookies on my website?
Many website operators are uncertain about how they can legally use cookies on their website.
The reason for this could be that the GDPR says nothing at all about cookies, the ePrivacy Regulation is still in the stars and courts have not yet defined a conclusive answer to many open questions.
A ruling by the Federal Court of Justice in May 2020 provided more clarity, Cookies for the purpose of market research and advertising require consent before they are set.
The TTDSG , which came into force in December 2021, formulates it even more clearly , which simply and poignantly stipulates in § 25 para. 1 that cookies and all comparable services require the (active) consent of a user:
(1) Storage of information in the end-user’s terminal equipment or access to information already stored in the terminal equipment shall only be permitted if the end-user has consented on the basis of clear and comprehensive information. The information of the end user and the consent must be given in accordance with Regulation (EU) 2016/679.
The only exceptions to this are technically necessary cookies and those that are only used to transmit messages via public networks.
This results in two important rules:
- No consent is required for technically necessary cookies, such as the cookie that sets a cookie plugin in WordPress or uses WooCommerce to operate the shopping cart. Nevertheless, you must inform visitors about the use of cookies.
- Tracking and advertising cookies, such as Google Analytics, may only be set if the user actively consents to their use. The visitor must therefore tick the box himself, a pre-filled selection field is not in the sense of the TTDSG.
2.1 How do I find out what cookies my website sets?
In order to be able to operate a website in a legally secure manner, it is now an important requirement to know and identify all cookies.
Easier said than done!
First of all, it is important to understand that the consent requirement under the TTDSG does not only apply to cookies, but also to cookie-like technologies, IP addresses or other tracking methods such as fingerprinting.
This means that technologies such as:
- Local Storage (modern applications read only by JavaScript tools)
- Session Storage (information limited to one tab)
- Tracking pixels (invisible graphics that allow the user to be clearly identified)
In order to create the most accurate list possible, you cannot avoid carefully analyzing every service, tool and plugin on your website.
Tools such as Webbkoll or the Chrome browser developer console can provide a first overview (accessible by right-clicking on a website and selecting Inspect > Application ):
Consent tools like Real Cookie Banner and the service scanner available there also do a great job.
2.2 When do I need a cookie consent tool? And is it possible without?
We have already sufficiently discussed which cookies require user consent and which do not.
From this, the answer to the question of when a cookie content tool becomes mandatory can also be easily derived:
As soon as you use cookies on your website that are not only technically necessary.
So if you use services like Google Analytics, Matomo, Hotjar, Adsense or the Facebook Pixel, you must not do without a consent tool in order not to violate the TTDSG that recently came into force and risk fines or warnings from competitors.
If in doubt, however, we would always advise you to use a consent management tool to avoid unpleasant surprises.
3. What does a good consent tool have to offer?
Fortunately, there are really mature and good solutions today that simplify the topic of cookie management even for inexperienced users.
Before we introduce you to some of these tools directly, we would first like to give you an overview of what makes a good cookie content tool and which functions you should definitely not do without:
- Cookie groups: In order to be able to obtain targeted consent from your visitors, the tool should group existing cookies (necessary, marketing, statistics, etc.).
- Scanner: Modern tools such as Real Cookie Banner have an integrated cookie or service scanner that helps to identify the cookies and services used
- Content Blocker: Blocks embedded content, such as YouTube videos or Google Maps, that can transmit personal data to users before their consent
- Statistics: In order to recognize how cookies are accepted by your visitors, the tool should also have sufficient statistics.
- Adaptability: Good tools can be 100% adapted to your ideas in terms of appearance and content.
4. Consent Tools for WordPress
In the following, we will introduce you to three popular cookie costing tools for WordPress in more detail, so that you can decide which solution suits you and your website best.
4.1 Real Cookie Banners
Real Cookie Banner is a plugin that hit the market at the end of 2020. It is currently the best consent tool for WordPress websites.
And there are many reasons for this:
The plugin is very beginner-friendly and offers a wide range of functions with many setting and customization options that many other software do not offer.
Above all, the service scanner that searches your website for services that may require consent must be mentioned with Real Cookie Banner:
In addition, over 150 templates make it much easier for you to add new services to the consent banner:
The design of the cookie banner can also be fully adapted to your wishes in the WordPress customizer and with a live preview:
Useful extras, such as information on youth protection or possible data processing in the USA, are also included in the Real Cookie Banner.
For whom is Real Cookie Banner the best solution?
Real Cookie Banner is currently the best solution for anyone running a WordPress website.
It is suitable for smaller WordPress blogs as well as for company websites, online shops or large online magazines with thousands of articles. Multi-sites and multilingual WordPress websites are also supported.
Advantages
- Free version available
- Service scanner semi-automatically searches for services that may require consent
- 150+ templates for services
- Very good content blocker with many customization options and preview images
- consent history
- Cookie groups are available and can be customized as required
- Flexible design adjustments with live preview and 20 design templates
- Note on the protection of minors and data processing in the USA can be activated
- Continuous development of the plugin
Disadvantages
- No split testing of the banner design possible
4.2 Borlabs Cookies
Borlab Cookies
Price (for one website): €39.00 net per year
Borlabs Cookie is probably the most popular cookie plugin
No wonder, because it works reliably, offers a modern banner design and a wide range of functions.
Like Real Cookie Banner, it offers a good content blocker that only loads content such as Google Maps, YouTube videos or Instagram posts after user consent.
The texts, buttons, position and colors of the cookie box can also be individually adapted to your wishes.
Unfortunately, when setting up Borlabs Cookie
Who is Borlabs Cookie the best solution for?
Borlabs Cookie is a reliable cookie consent tool with everything you need to collect consent on a WordPress website.
In most cases, however, you’d be better off with Real Cookie Banner as it’s easier to set up and offers more features.
However, due to the cheaper agency license, it can be a good alternative for anyone building or maintaining websites on behalf of clients.
Advantages
- Lots of setting options
- Very good content blocker
- consent history
- Cookie groups are available and can be customized as required
- Clear statistics
- Text and design adjustments to the cookie banner possible
- Script blocker for persistent services
Disadvantages
- Setup complicated for beginners
- Few templates for services and content blockers
- No cookie or service scanner
- No design templates for cookie banners
- No live preview of banner design changes
4.3 Compliance
Compliance is much more than a simple cookie plugin. Rather, it is a complete privacy suite.
This means: You not only receive a cookie banner, but also other functions such as an imprint and a data protection declaration. It is even possible to create general terms and conditions with this tool.
These basic functions are supplemented by many extras such as a cookie scanner, a consent history, extensive statistics and a split testing tool that you can use to try out which cookie banner is most accepted by your visitors.
The cookie banner itself can be customized in terms of appearance and content. Animations and ready-made templates are also available.
For whom is compliance the best solution?
Compliance is an all-in-one solution for everyone who wants to be on the safe side with the imprint and data protection declaration.
We would particularly recommend this tool to operators of international sites, since according to their own statements, compliance guarantees legal conformity in most countries.
Advantages
- Free version available (but very discounted)
- Imprint and data protection declaration are generated and checked
- Attractive cookie banner
- WordPress integration
- Integrated A/B testing and statistics
- Script blocker included
- Perfect for international sites
- Very good support
Disadvantages
- The range of functions can be a bit overwhelming for beginners
4.4 GDPR Pixelmate
GDPR Pixelmate impresses above all with its price-performance ratio.
On the other hand, the range of functions is somewhat slimmed down, which unfortunately cannot keep up with plugins such as Borlabs or Real Cookie Banner.
Integrating the Google Analytics and Facebook pixels is very simple, which are already prepared in the plugin and only need to be supplemented with your individual ID. All others have to be integrated in a somewhat more complex manner.
A script blocker is also available, but it doesn’t provide a nice preview image and only blocks YouTube, Vimeo, Google Maps and Twitter.
We like the statistics in the backend, which show very well how your visitors react to the banner and what the consent history looks like.
Another disadvantage is certainly the fact that the look of the cookie banner can hardly be individualized.
For whom is GDPR Pixelmate the best solution?
GDPR Pixelmate is ideal for sites that rarely set cookies and are looking for a quick and secure solution.
So if you don’t use any third-party tools apart from Google Analytics, then the WordPress plugin is certainly a great alternative.
However, if you use many third-party tools (especially in the areas of marketing, statistics, ads), we would advise you to use a more comprehensive tool.
Advantages
- Easy integration through WordPress plugin
- Common tools (e.g. Google Analytics) can be integrated via tracking ID
- Statistics in the backend
- content blocker
Disadvantages
- Hardly any adjustments to the design possible
- No cookie scanner
- Few templates for services
- Content blocker has limited functionality
- No consent history
5. Consent tools for all websites
Below you will find six consent tools that are not only suitable for WordPress websites, but also for other platforms such as Joomla!, Wix, Magento, Drupak or simple HTML websites.
In many cases, these tools also offer WordPress plugins, but are not limited to WordPress:
5.1 Cookie Yes
CookieYes is a small but fine cookie tool that can be used on many systems thanks to various integration options.
First of all, a good cookie scanner awaits you, which recognizes over 100,000+ cookies and automatically creates an entry for popular representatives.
In addition, this scanner automatically checks every month whether new cookies have been added. If this is the case, new cookies are automatically blocked until you have checked them. Incidentally, the same applies to third-party cookies that you have not yet added to the consent banner.
The banner itself can be adapted to your requirements down to the smallest detail. Visual adjustments are made using an intuitive live builder, which you can use immediately. Of course, grouping in cookie groups is also possible.
With the help of a “consent log”, the consent of your visitors can be traced and documented in a legally secure manner.
As an additional highlight, a data protection declaration generator awaits you, which creates an individual data protection declaration for your site based on a previously completed questionnaire.
For whom is CookieYes the best solution?
CookieYes works well for small to medium sized sites or blogs.
If you use WordPress, you should rather opt for Real Cookie Banner . Osano or Usercentrics are more suitable for larger websites or online shops.
Advantages
- Free version available
- WordPress plugin available
- Cookie scanner with 100,000+ database entries
- Banner with live builder
- Privacy Policy Generator
- consent history
Disadvantages
- Number of cookie scans depends on tariff
5.2 Usercentrics
Usercentrics is a cloud-based cookie consent management application with a wide range of functions.
The strength of the tool lies primarily in the flexible orientation of the visitors. Means: With Usercentrics, individual cookie banners can be displayed that depend on the region of a visitor.
This basic function is supplemented by numerous extras such as a cookie scanner or extensive analytics.
The setup is simple, since templates are integrated for most applications, which you only have to replace with individual parameters.
For whom is Usercentrics the best solution?
Usercentrics is aimed at international sites that, in addition to the GDPR, also have to comply with other laws such as the CCPA (California).
So we would really only recommend this tool to such site operators.
Beginners in particular will quickly be overwhelmed by the large range of functions.
Advantages
- Customizable for an international audience
- Cookie banner customizable
- Integrated templates for many applications
- Extensive analytics
- Very good support
Disadvantages
- high price
5.3 Cookiebot
Cookiebot is a modern consent management platform whose greatest strength lies in a very good and reliable cookie scanner.
The cookies used are not only identified, but also taken over directly and divided into groups.
On the other hand, we don’t like the script blocker that much. Although the functionality leaves nothing to be desired, the preview of a YouTube video, for example, is not really nice to look at. Borlabs Cookie, for example, delivers much nicer results.
The integration into WordPress is also not ideally solved.
Unfortunately, there is no plugin available here, but Cookiebot must be added to your website via a script. Conversely, this also means that the reliability of the cookie banner depends on external servers.
The good news: You can test Cookiebot for free up to a page size of 100 subpages. Admittedly, it is quickly achieved with WordPress, but still to be rated positively.
Who is Cookiebot the best solution for?
Cookiebot is ideal for smaller sites and it is not without reason that the creators (Usercentrics) recommend it for them.
In the small tariff, you can embed the tool on websites with up to 499 subpages for 12 euros.
Advantages
- Up to 100 subpages for free
- Very good cookie scanner
- Simple integration via a script
- Compatible with many different CMS
- Content blocker for YouTube videos, maps and co.
Disadvantages
- Premium tariffs comparatively expensive
- Script Blocker does not provide a nice preview
5.4 Osano
Osano is the most comprehensive consent management software that we examined in our test.
In addition to classic consent management, you can expect numerous professional functions such as monitoring of compliance documents, which are checked daily for changes.
This sounds very complex at first, but it is far from it. The tool is programmed in a very user-friendly way and provides you with a cookie scanner, among other things, which reliably recognizes cookies used and immediately blocks third-party providers. This ensures fast legal certainty.
Osano also provides you with a consent history that you can even search and export.
In addition, I really like the automatically generated data protection declaration.
For whom is Osano the best solution?
Osano is not the right consent software for smaller blogs, but is aimed at large, international sites and companies.
This is also reflected in the price: while Osano is completely free for up to 5,000 visitors per month, it costs 90.45 euros per month for more than 5,000 users.
Advantages
- Free plan up to 5,000 page views
- Cookie Scanner
- Professional features like compliance monitoring
- Cookie banner flexibly adaptable
- Very competent support
- Individually adaptable to visitor region
Disadvantages
- Very expensive
- A large range of functions can quickly overwhelm beginners
5.5 OneTrust
OneTrust is a complete data protection suite that has long since not only provided a cookie banner, but rather offers a holistic service.
In addition to a classic cookie scanner and cookie banner, the range of functions of the software also includes automated processing of requests for information or cross-channel consent and preferences.
The offer is rounded off by services such as an automated processing directory or benchmark analyses. However, the company has these services remunerated with significant additional costs.
For whom is OneTrust the best solution?
OneTrust is an absolute professional solution aimed at companies that collect a large amount of personal data.
As a blogger, you will not only be overwhelmed with the scope of this software, you will simply not need 90% of it.
Advantages
- Gigantic range of functions
- Privacy advocates at your fingertips
- Cookie Scanner
- Automated processing of requests for information
- Optional services can be booked individually
- Fast and competent support
Disadvantages
- Very expensive, especially optional services
- Hardly suitable for beginners
5.6 CCM19
CCM19 is a consent tool. We particularly like the fact that, in addition to a cloud version, there is also the option of installing CCM19 locally. This ensures even more data security.
Setting up the cookie tool is simple and will not pose any problems even for beginners: identification is carried out with the help of a cookie scanner, later adjustments are made using an intuitive drag-and-drop editor.
Of course, there is also a content blocker, and the tool also provides extensive statistics and a consent history.
For whom is CCM19 the best solution?
CCM19 is a classic cookie tool, very reminiscent of our Real Cookie Banner or Borlabs Cookie recommendations.
The advantage of CCM19 lies in the geo-targeting of the visitors, which can be used to display individual banners. This makes the tool ideal for international websites.
Advantages
- Free tariff up to 5,000 impressions / month
- Very good cookie scanner
- Integrated templates
- Extensive design adjustments possible (incl. CSS)
- Statistics and A/B testing
- geo targeting
Disadvantages
- With 7.90 euros per month in the smallest tariff very expensive
6. Cloud providers vs. on-premises software
I have tested both consent tools for you that are installed as local software, such as Real Cookie Banner or Borlabs Cookie, and cloud solutions.
Both have their advantages and disadvantages, which I would like to take a closer look at here:
data protection
When it comes to data protection, local software usually has the edge.
You are the “lord of the data” and do not pass it on to a third party. This transfer can cause problems, especially if the third-party provider is based outside the EU.
In addition, an AV contract is mandatory as soon as third-party processing takes place.
Hardware
Local software has minimum system requirements. However, these requirements are usually very low for WordPress plugins.
Nevertheless, these requirements are completely eliminated with cloud software.
service and care
Backups and updates are regular tasks in local installations. With cloud software, this work is carried out by the operator.
Conflicts / Compatibility
Not every plugin is necessarily fully compatible with your WordPress setup.
This means: A plugin can cause conflicts that, in the worst case, lead to server errors.
Since external software is usually integrated via scripts, these conflicts do not arise.
Costs
Cloud software automatically means additional costs for an operator, after all it requires maintenance and care and the hiring of employees who are specifically responsible for this.
These costs are gladly passed on to the customers, so that locally installed solutions are cheaper in most cases.
7. How must my cookie banner be designed to be legally secure?
When integrating a cookie banner, please note that the banners of many tools are not legally compliant in the standard configuration. ☝️
For example, you should make sure your banner includes:
- List of all cookies your website sets
- Revocation options (according to Art. 7 GDPR)
- Links to privacy policy and imprint
- Reference to GDPR youth protection regulations (according to Art. 8 GDPR)
- Notice of data processing in the USA (if applicable)
- Active consent to non-essential cookies
- Simply reject all non-essential cookies
8. Common mistakes when configuring consent tools
It doesn’t matter how good the consent tool is in use on your site unless you have configured it correctly.
That’s why I’ve put together five common mistakes when configuring consent tools below:
Error 1: Cookie banner not activated
With most tools, the cookie banner must be activated after configuration. Only then is it active and will be played.
The best way to check whether your cookie banner has been correctly configured and activated and whether all cookies have been correctly prevented is to open your website in a new private window.
You should also check which cookies are set if you only consent to essential cookies.
Error 2: Not all cookies are correctly recorded by the tool
Most modern tools today offer a scanner that automatically records most of the cookies or services that are set on your website and creates a corresponding entry.
Emphasis here on most . Because it often happens that tools do not recognize certain cookies or services.
It is therefore essential to check whether all have been correctly recognized and, if necessary, add any missing ones manually.
Error 3: Cookies grouped incorrectly
We find time and time again that services such as Google Analytics or AdSense can be found under “essential” or “strictly necessary” cookies.
This is simply wrong and illegal!
Make sure that this cookie group only contains cookies that are actually absolutely necessary for the operation of your website.
Error 4: Cookies are set before consent
Some consent tools make it possible to set cookies before consent and only deactivate them after an objection.
This entails a legal risk, especially with marketing cookies.
Error 5: Revocation not possible
Visitors to your site should be able to change and withdraw their consent.
Good consent tools offer corresponding shortcodes for this, which you can simply insert on your website or continue to display the banner in a reduced form on the website.
9.FAQs
Here I have compiled the answers to the most frequently asked questions about cookie consent tools:
Are there also free cookie consent tools?
Yes, there are some free cookie consent tools, particularly in the form of WordPress plugins.
However, I would advise against using them in most cases.
Free tools usually do not meet the complex legal data protection requirements and, if at all, are adapted to legal changes very slowly.
What is the best cookie consent tool for agencies?
Most cookie consent tools offer agency licenses. It is therefore not possible to say in general which is the best solution.
The customer base of an agency is crucial here:
Agencies that mainly manage WordPress websites are best advised to use Real Cookie Banner or Borlabs Cookie . The latter offers the cheaper agency license.
If the clientele includes international companies that are not based on WordPress, then a cloud tool like Osano makes more sense.
Which tools offer a free trial or demo?
You can get free trial versions of Real Cookie Banner, CCM19, Osano and CookieBot.
Which cookies are “strictly necessary”?
Which cookies are absolutely necessary for the operation of a website and which are not, is not 100% clear.
However, it can be assumed that the following cookies are included:
- Cookies to store cookie preferences
- Cookies to save font size or language selection
- Cookies to save the login status of a user
- Cookies to implement necessary security measures (e.g. defense against brute force attacks)
- Shopping cart cookies (cookies that are deleted when the browser is closed, e.g. to save a shopping cart)
- Cookies for load balancing (distributing the server load)
What is the difference between a cookie consent tool, a consent management platform and a consent management provider?
A cookie consent tool (CCT) requires a website visitor to agree which cookies may and may not be set. The selection is saved together with a user ID that enables recognition.
A consent management platform (CMP) offers you comprehensive functions for the legally secure use of cookies and also provides statistics, a detailed consent history and supports you with requests for information.
A consent management provider (CMP) also delivers legally compliant cookie banners, but also offers extensive functions.
When do cookies from web analysis or statistical tools require consent?
Simple answer: Always!
A visitor’s consent is required before these cookies are set.
What is the Transparency & Consent Framework (TCF)?
The IAB Europe Transparency & Consent Framework (TCF) serves to create a common basis for cooperation between publishers, advertisers and consent tool providers, which should help to achieve GDPR compliance faster.
For example, it standardizes how consent is stored and what a cookie banner must look like.