menu
Oro Documentation: Find everything you need to use and develop your OroCommerce, OroCRM, and OroPlatform application
Result in:
close
  • Back to Oro Inc
  • Users
    • Solution ArchitectureLearn about the OroCommerce architecture, integration points, and the infrastructure to implement it.
    • Concept GuidesGet contextual references to detailed feature descriptions based on your business use case.
    • Back-OfficeExplore the key features and learn to automate workflows, create reporting and much more.
    • Commerce StorefrontIntroduction to OroCommerce default storefront navigation, interaction, and browsing.
    • IntegrationsExplore OroCommerce's pre-built and custom integration options.
    • GlossaryNavigate OroCommerce terms easily with our comprehensive glossary guide.
    Up for a challenge? Validate your skills and earn the Oro Certificate!
    • Learn More
  • Developers
    • Backend Developer GuideComprehensive documentation on installing, customizing, and maintaining Oro applications efficiently.
    • Frontend Developer GuideLearn to efficiently customize Oro apps appearance both on the Storefront and in the Back-office.
    • Oro Bundles & ComponentsExplore Oro Config Component and core bundle implementation for non-standard customizations.
    • Web Services API GuideIntegrate Oro functionality into third-party systems with REST API guide.
    • Community GuideLearn about the best ways to contribute to Oro applications, and engage with the Oro community.
    Up for a challenge? Validate your skills and earn the Oro Certificate!
    • Learn More
  • Cloud Administrators
    • ArchitectureUncover OroCloud's architecture with illustrative diagrams for deeper understanding.
    • Environment TypesUnderstand OroCommerce environment types for tailored deployment options and configurations.
    • SecurityDiscover OroCloud network diagram and Oro's comprehensive security protocols.
    • MonitoringEnsure service continuity and proactive resource management with OroCloud monitoring tools.
    • OnboardingStreamline your Oro application deployment with our comprehensive onboarding process guide.
    • VPN ConnectionLearn how to connect OroCloud VPN across different operating systems.
    • MaintenanceExplore the tools to manage maintenance tasks within your OroCloud environment.
    • SupportDiscover Oro's support process for Oro authorized partners and Enterprise customers.
    Up for a challenge? Validate your skills and earn the Oro Certificate!
    • Learn More
  • OroCommerce
  • OroHive
  • Documentation >
  • Users >
  • Concept Guides >
  • Administration >
  • Consent Management Concept Guide >
  • Cookie Consent in OroCommerce: Guidance for Merchants
  • User Documentation
    • Solution Architecture
      • Concepts
      • Integration Points
      • Cloud and Infrastructure
    • Concept Guides
      • Business Models
        • Marketplace
        • B2C Website
        • Multiple Websites
      • Catalog and Promotions
        • Master Catalog Management
        • Inventory and Warehouse Management
        • Product Management
          • Product Kits
        • Price Management
        • Promotion Management
        • Search Functions
      • Content Management
        • Web Catalog
        • Landing Page
        • Content Blocks
        • Content Widgets
        • WYSIWYG Editor
      • Customers and Sales
        • Customer Management
        • RFQ and Quote Management
        • Order Management
      • Administration
        • Localization and Translation
          • Translate Content
          • Translate Product Attribute Options
          • Translate Labels, Options, and Messages
        • Customer Permissions
        • Guest Functions
        • Payment Configuration
        • Shipping Configuration
        • Tax Management
        • Storefront and Back-Office Menu Management
        • Checkout Configuration
        • Consent Management
          • Cookie Consent Guidance
          • Add a Consent Landing Page to a Web Catalog
          • Localize Consents
          • Reports with Accepted Consents
        • Data Import
        • Identity Management
      • AI and Automation
      • Field Sales App
    • Back-Office
      • Getting Started
        • Application Authentication
          • Log In/Out
          • Restore Password
          • Troubleshoot Login Issues
        • User Menu
          • My User
            • Add OAuth Applications
          • My Configuration
          • My Emails
          • My Calendar
        • Navigation
          • Navigation Basics
          • Record Tables (Grids)
          • Shortcuts
          • Company Structure and Organization Selector
          • Pinbar
          • User Menu
          • Extended Menu
          • Sidebar Panel
          • Flash Notifications
          • Dialog Windows
        • Information Management
          • Create a Record
          • Manage Records
            • View Records
            • Edit Records
            • Delete Records
          • Import Records
          • Export Records
          • Add Notes
          • Create and View Comments
          • Add Attachments
        • E-Commerce Accessibility
      • Dashboard
        • Dashboards
        • Widgets
          • Lead Statistics
          • Opportunity Statistics
          • Average Lifetime Sales
          • Campaign Leads
          • Campaigns by Close Revenue
          • Forecast
          • Leads List
          • Opportunities by Lead Source
          • Opportunities by Status
          • Opportunities List
          • Opportunity Generating Campaigns
          • Quick Launchpad
          • Recent Calls
          • Recent Emails
          • Recently Accessed Account
          • Recently Accessed Contacts
          • Today’s Calendar
          • Sales Orders Volume
          • Sales Orders Number
          • AI Smart Order
      • Customers
        • Accounts
          • Create an Account
          • Manage Accounts
          • Merge Accounts
          • Import Accounts
          • Export Accounts
        • Contacts
          • Export Contacts
          • Import Contacts
        • Customers
          • Create a Customer
          • Create an Address
          • Export Customers
          • Import Customers
          • Configure Price List per Customer
          • Add All Products Page to Storefront Menus per Customer
          • Customize Storefront Menus per Customer
          • Configure Settings per Customer
            • Routing
            • AI Smart Agent
            • Warehouses
            • Search History
            • Product Data Export
            • Sales
        • Customer Groups
          • Configure Price List per Customer Group
          • Add All Products Page to Storefront Menus per Customer Group
          • Customize Storefront Menus per Customer Group
          • Configure Settings per Customer Group
            • Routing
            • AI Smart Agent
            • Warehouses
            • Search History
            • Product Data Export
            • Sales
        • Customer Users
          • Export Customer User Details
          • Import Customer User Details
        • Customer User Roles
        • Business Customers
          • Export Business Customers
          • Import Business Customers
        • Customer User Login Attempts
        • Customer User OAuth Applications
      • Sales
        • Leads
          • Create a Lead
          • Manage Leads
          • Qualify a Lead
          • Import Leads
          • Export Leads
        • Opportunities
          • Create an Opportunity
          • Manage Opportunities
          • Import an Opportunity
          • Export an Opportunity
          • Manage Opportunity Workflow
          • Multi-Currency Opportunities
        • Shopping Lists
        • Request for Quote (RFQ)
          • View a Request for Quote Details
          • View Requests for Quote Summary
          • Manage RFQs
          • Use RFQ Workflows
        • Quotes
          • Create a Quote
            • Create a Quote From Scratch
            • Create a Quote on Customer Request
          • Manage Quotes
          • Send a Guest Quote
          • Use Quotes Workflows
            • Simple Quote Management: Steps and Transitions
            • Quote Management with Approvals: Steps and Transitions
            • Basic Quote Lifecycle Management (When Workflows Are Disabled)
          • Assign a Shipping Method to a Quote
        • Orders
          • Create an Order
          • Import External Orders in JSON Format
          • View Order Details
          • Manage Orders
          • Move an Order Through Its Lifecycle
          • Add a Shipping Tracking Number to the Order
          • View Order Internal Statuses
        • Invoices
        • Price Lists
          • Create a Price List
          • Duplicate a Price List
          • Export Prices from the Price List
          • Import Prices Into the Price List
          • Add a Product Price Manually
          • Generate a Product Price Automatically
          • Use Autocomplete
          • Schedule Price Adjustments
          • Manage Prices in Multiple Currencies
        • Payment Terms
        • Sales Territories
        • Seller Registration Requests
        • Price Calculation Details
        • Recurring Orders
      • Products
        • Master Catalog
          • Import Master Catalog Categories Information
          • Export Master Catalog Categories Information
        • Products
          • Create a Simple Product
          • Create a Configurable Product
          • Create a Product Kit
          • Manage Product Visibility
          • Manage Product Grids
            • View Product Details
            • Edit a Product
            • Manage Product Pricing
            • Manage Inventory
          • Manage Product Units
          • Import Product Information
          • Export Product Information
        • Product Families
          • Create a New Product Family
          • Manage Product Attributes in Product Families
        • Product Attributes
          • Import Product Attributes
        • Product Brands
        • Price Attributes
      • Marketing
        • Marketing Lists
        • Email Campaigns
          • Send an Email Campaign via Mailchimp
          • Send Email Campaign via Dotdigital
          • Manage Dotdigital Data Fields and Mappings
        • Marketing Campaigns
        • Promotions
          • Promotions
            • Create Promotions
            • Add Conditions to Promotions
            • Add Expressions to Promotions
            • Manage Discounts in Orders
            • Calculate Order Total in Promotions
            • Review the FAQs
          • Coupons
            • Manage Coupons in Orders
            • Create a Sample Coupon
            • Export Coupons
            • Import Coupons
        • Tracking Websites
        • Web Catalogs
          • Create a Web Catalog
          • Edit a Web Catalog Content Tree
            • Set Up the Homepage, First Level Menu, and Sub Menus
            • Configure Content Variants for the Content Node
            • Customize Web Catalog Contents for Localization, Customer, Customer Group, or Website
            • Preview Web Catalog
          • Build a Custom Web Catalog From Scratch (Example)
          • Use Web Catalog Nodes as Root Nodes (Example)
        • Landing Pages
        • Content Templates
        • Content Blocks
        • Customer Login Pages
        • Content Widgets
        • Digital Assets
        • Search
      • Taxes
        • Product Tax Codes
          • Create a Product Tax Code
          • View Product Tax Code Details
          • Link a Tax Code to a Product
        • Customer Tax Codes
          • Create a Customer Tax Code
          • View Customer Tax Code Details
          • Link a Tax Code to a Customer or Customer Group
        • Taxes (Tax Rates)
          • Create a Tax Rate
          • View and Filter Tax Rates
          • Export Tax Rates
          • Import Taxes Rates
        • Tax Rules
          • Create a Tax Rule
          • View and Filter Tax Rules
          • Export Tax Rules
          • Import Tax Rules
        • Tax Jurisdictions
          • Create a Tax Jurisdiction
          • View and Filter Tax Jurisdictions
      • Inventory
        • Warehouses
        • Manage Inventory Levels
        • Export Inventory Levels and Statuses
        • Import Inventory Levels and Statuses
      • Activities
        • Conversations
        • Emails
          • OroConnector Add-on for Google Workspace
          • OroConnector Add-in for Microsoft 365
        • Tasks
          • Create a Task
          • Manage Tasks
        • Calls
        • Contact Requests
        • Cases
        • Calendar Events
          • Add a Calendar Event
          • Manage Calendar Events
      • Reports and Segments
        • Reports
          • Use System Reports
            • Accounts Reports
            • Leads Reports
            • Opportunities Reports
            • Best Selling Products Report
            • Search (Terms) Report
          • Use Custom Reports
        • Segments
        • Filters
      • System
        • Configuration
          • System Configuration
            • General Setup
            • Integrations
            • Websites
          • CRM Configuration
            • Sales Pipeline
          • Commerce Configuration
            • Customer
            • Guests
            • Catalog
            • Design
            • Product
            • Inventory
            • Sales
            • Taxation
            • Payment
            • Contacts
            • Search
            • Orders
            • Shipping
            • Marketplace
          • Marketing Configuration
            • General Setup
          • Configuration Quick Search
        • User Management
          • Users
            • Create a User
            • Manage Users
            • Configure User System Settings
          • Roles and Permissions
            • Entity and System Capabilities
            • Configure User Roles
            • Field Level Permissions
          • User Groups
          • Business Units
          • Organizations
            • Create an Organization
            • Manage Organizations
            • Add All Products Page to Storefront Menus per Organization
            • Customize Menus per Organization
            • Configure Organization System Settings
            • Organization Types
          • Login Attempts
          • OAuth Applications
        • Theme Configuration
        • Contact Reasons
        • Contact Groups
        • Emails
          • Templates
          • Notification Rules
        • Integrations
          • Manage Integrations: Payment Method Integration
            • Check/Money Order
            • Payment Terms
            • OroPay
            • PayPal
            • Authorize.Net
            • InfinitePay
            • Ingenico
            • Stripe
          • Manage Integrations: Shipping Method Integration
            • Flat Rate Shipping
            • Fixed Product Shipping Cost
            • UPS
            • FedEx
            • DPD
          • AI Integrations
          • OpenId Connect
          • OpenAPI Specifications
          • Google Tag Manager Integration
          • Dotdigital Integration
            • Configure Dotdigital Integration
            • Configure Single Sign-on
          • Mailchimp Integration
          • Zendesk Integration
          • LDAP Integration
          • Embedded Forms
          • Webhooks
        • Channels
        • Jobs
        • Data Audit
        • Scheduled Tasks
        • Entities
          • Manage Entities
          • Create Entity Fields
            • Basic Entity Field Properties
            • Advanced Entity Field Properties
            • Type-Related Entity Field Properties
            • Examples of Creating Custom Entity Fields
          • Manage Entity Fields
        • Tags Management
          • Tags
          • Taxonomies
        • Menus
        • Storefront Menus
          • Change a Storefront Menu
          • Add All Products Page to Storefront Menus Globally
        • System Calendars
        • Shipping Rules
          • Expression Language for Shipping and Payment Rules
        • Payment Rules
        • Workflows
          • System Workflows
            • Checkout Workflow
            • Alternative Checkout Workflow
            • Single Page Checkout Workflow
            • Quote Workflows
            • RFQ Management Flow Workflow
            • RFQ Submission Flow Workflow
            • Task Flow
            • Unqualified Sales Lead Workflow
            • Contact Request Workflow
            • Seller Registration Request Workflow
            • Seller Product Approval Workflow
            • Conversations Workflow
          • Custom Workflows
          • Workflow Steps, Transitions, and Attributes
        • Processes
        • System Information
        • Consent Management
        • Websites
          • Configure Website System Settings
            • System Configuration
            • Commerce Configuration
          • Create a Website
          • Manage a Website
          • Configure Price Lists per Website
          • Add All Products Page to Storefront Menus per Website
          • Customize Storefront Menus per Website
        • Localization
          • Languages
          • Translations
          • Localizations
        • Alerts
    • Commerce Storefront
      • Navigation and UI
        • General Layout
        • Common Controls
      • Register and Log In
        • Create Account
        • Log In
        • Forgot Password
      • My Account
        • Dashboard
        • My Profile
        • Address Book
        • Users
        • Roles
        • Shopping Lists
          • Shopping Lists for Registered Users
          • Shopping Lists for Guest Users
        • Requests for Quote
          • Create an RFQ
          • Create a Guest RFQ
        • Order History
        • Previously Purchased Products
        • Recurring Orders
        • Invoices
        • Quotes
        • Saved Search
        • Manage Payment Profiles (Authorize.Net Customer Profiles)
      • Conversations
      • Orders
        • Create an Order
        • Order via Matrix Form
        • Order a Kit
        • Re-Order Products
      • Quotes
        • Accept a Quote
        • Send Guest Quotes
      • Quick Order Form
      • Checkout
        • Multi Page Checkout
        • Single Page Checkout
        • Guest Checkout
        • Promotions at Checkout
      • Cookie Consent Banner
    • Integrations
      • Pre-Built
        • Payment Integrations
          • OroPay
          • Stripe
          • Paypal
          • Authorize
          • CyberSource
          • InfinitePay
          • Ingenico
        • Shipping Integrations
          • DPD
          • UPS
          • Fedex
        • ERP
          • SAP (B1 and ECC)
          • Epicor Prophet
          • Oracle JD Edwards
          • Eclipse
          • MDS
          • Sage X3
        • Marketing
          • HubSpot
          • Mailchimp
          • Dotdigital
          • Google Analytics
        • PIM
          • Akeneo
        • CRM & Marketplace
          • OroCRM
          • OroMarketplace
          • Salesforce
        • Customer Support
          • Twilio
          • Zendesk
        • AI
          • Google Retail
          • AI Content Generation
        • E-Procurement
          • Greenwing Punchout
        • Reporting and Business Intelligence
          • Integration with Google Looker Studio
          • Integration with Microsoft Power BI Dashboard
          • Tableau Integration
        • More
          • GS1
          • Avatax
          • Hawksearch
          • Marello
      • Custom
        • Oro API
        • Import and Export
        • OroIntegrationBundle
    • Glossary
Version:
7.0 (latest)
  • 5.1
  • 6.0
  • 6.1
  • 7.0 (latest)
  • 7.1 (dev)
  • Contents
    • Strictly Necessary Cookies (Default Behavior)
      • Native Cookie Consent Banner
    • Tracking, Marketing, and Analytics Cookies
    • Approaches to Collecting Cookie Consent
      • A. Specialized CMP with Google Tag Manager (recommended)
      • B. Specialized CMP without Google Tag Manager
      • C. Native OroCommerce or Custom Banner
    • Summary & Decision Guide

Cookie Consent in OroCommerce: Guidance for Merchants 

This document explains how OroCommerce handles cookies out-of-the-box, how additional tracking, marketing, and analytics cookies are typically introduced into a storefront, and what options merchants have for collecting and managing visitor cookie consent.

Important

This is general implementation guidance, not legal advice. Whether a given setup meets your obligations under GDPR, the ePrivacy Directive, UK GDPR/PECR, U.S. state privacy laws such as the CCPA/CPRA and VCDPA, Brazilian LGPD, or similar privacy, electronic communications, and online tracking laws depends on your business, your audience’s location, and the specific third-party services you use. Consult your legal/privacy team to confirm your consent approach before going live.

Strictly Necessary Cookies (Default Behavior) 

Out-of-the-box, with no external integrations enabled, OroCommerce uses only strictly necessary cookies that are required for the application to function (session handling, authentication, “remember me,” and CSRF protection). It does not set advertising, analytics, or other tracking cookies on its own.

In the storefront, the relevant strictly necessary cookies are:

Cookie

Purpose

OROSFID

Stores the storefront session for a logged-in customer user

OROSFRM

Stores the “remember me” token for a customer user

customer_visitor

Stores session data for a non-logged-in (guest) visitor

_csrf / https-_csrf

Holds the CSRF token used to protect requests

The back-office equivalents (BAPID, BAPRM, _csrf) apply to admin users rather than storefront visitors.

Full technical details and configuration options, including HttpOnly, Secure, SameSite, and cookie names, are documented in Configure Cookies.

Because these cookies are strictly necessary, most privacy regimes do not require opt-in consent for them - but they do generally require that visitors be informed of their use.

Native Cookie Consent Banner 

To satisfy that “inform the visitor” requirement, OroCommerce ships with a simple, built-in cookie consent banner (the CookieConsentBannerBundle). It:

  • displays a configurable message telling visitors that cookies are used,

  • provides a “Yes, Accept” button that records the visitor’s acknowledgment and stops the banner from reappearing during navigation, and

  • provides a configurable secondary button (by default “Cookie Policy”) linking to a CMS page where you describe your cookie usage.

For more information, see Cookie Consent Banner.

This native banner is a notice-and-acknowledge banner. It informs visitors and records acceptance. It does not, by itself, present granular category choices (e.g., separate toggles for analytics vs. marketing) or conditionally block third-party scripts based on those choices. For a default install that uses only strictly necessary cookies, that is usually sufficient.

Tracking, Marketing, and Analytics Cookies 

The situation changes as soon as you add third-party services. These typically introduce non-essential cookies (analytics, advertising, personalization) into the storefront in one of two ways:

  1. Via the Google Tag Manager (GTM) integration. OroCommerce includes a built-in GTM integration. Once enabled, you manage third-party “tags” (essentially tracking scripts) inside GTM, including Google’s own products such as Google Analytics and Google Ads, as well as many non-Google platforms.

    For configuration details, see Configure Google Tag Manager Integration in the Back-Office.

  2. By inserting third-party JavaScript directly into the storefront (not through GTM). This means placing the JS snippet or markup supplied by a marketing/analytics/ad platform directly into the frontend, for example through theme/template customization or a content block.

In both cases, the moment you introduce these services you are adding non-essential cookies, which in many jurisdictions require prior, informed, opt-in consent before they may be set. The default notice-and-acknowledge banner is generally not sufficient on its own for this scenario, because it neither captures granular consent nor gates the scripts on it. You will need one of the approaches below.

Approaches to Collecting Cookie Consent 

There are three practical approaches. A specialized Consent Management Platform (CMP) is the recommended approach in most cases, whether or not you use GTM.

A. Specialized CMP with Google Tag Manager (recommended) 

If you use the GTM integration, pair it with a dedicated CMP. When working through GTM, choose one of the 40+ solutions in Google's CMP Partner Program, which are built and certified to work natively with GTM and Google Consent Mode.

Benefits of a specialized CMP:

  • Automatic cookie scanning, detection, and categorization. The CMP scans your site, discovers the cookies and trackers actually in use, and sorts them into standard categories (strictly necessary, functional, analytics, marketing, etc.), so your banner stays accurate as your tag stack changes.

  • Ready-made legal templates for different use cases. Pre-built, regularly updated consent notices and configurations aligned to GDPR, ePrivacy, CCPA/CPRA, and other frameworks, reducing the need to draft consent text from scratch.

  • Geolocation-based variations. The consent experience adapts to where the visitor is. For example, opt-in banners for EU visitors and opt-out/notice for other regions, so you can serve a global audience with one configuration.

  • Built-in localization. Out-of-the-box translations of the banner and preference center into many languages, matching your storefront’s localizations.

  • Native GTM integration (Consent Mode). Tags managed in GTM can be configured to fire only after the matching consent category is granted, with Google Consent Mode signals handled automatically. This gives you reliable, centralized control over which scripts run, without custom code.

The combination of GTM for tag management plus a partner CMP for consent is the cleanest path to granular, region-aware, maintainable consent.

B. Specialized CMP without Google Tag Manager 

If you are not using GTM, a specialized CMP is still the recommended approach. The same solutions listed above generally also operate in a “direct” mode without GTM: the CMP script is added directly to the storefront and manages/blocks the relevant third-party scripts itself. You keep nearly all the benefits from option A, such as automatic scanning and categorization, legal templates, geolocation variations, and localization, with the exception of the GTM-specific Consent Mode wiring. This is the right choice when you inject third-party JavaScript directly rather than through GTM.

C. Native OroCommerce or Custom Banner 

As an alternative, you can extend the built-in OroCommerce native banner, or build your own custom one, to collect consent for additional cookie categories and use that signal to control which third-party scripts are embedded. In this approach you customize the banner to present category choices and add the logic so that a given third-party script is loaded only when its category has been accepted.

Consider this option when:

  • you have a small, stable set of third-party services,

  • you want to avoid adding a separate CMP vendor, and

  • you have development resources to build and maintain the categorization and script-gating logic over time.

Trade-offs versus a CMP: you take on responsibility for keeping cookie categorization accurate, for the legal wording, for any geolocation logic, for translations, and for correctly blocking/unblocking scripts. These are exactly the things a specialized CMP automates, which is why a CMP is generally preferred once you go beyond strictly necessary cookies.

Summary & Decision Guide 

Your Situation

Recommended Approach

Default install, only strictly necessary cookies

Native OroCommerce banner (notice + policy link) is generally sufficient

Adding third-party tags via GTM

A - Specialized CMP from Google’s CMP Partner Program, integrated with GTM Consent Mode

Adding third-party scripts directly (no GTM)

B - Specialized CMP in direct mode

Few, stable third-party services, legal and development teams available for the initial implementation and ongoing maintenance, prefer no extra vendors

C - Customize the native banner or build your own custom banner to capture categories and gate scripts

In all cases, once you introduce non-essential cookies, make sure your chosen mechanism actually prevents those cookies/scripts from loading until the matching consent is given, and confirm the approach with your legal/privacy advisors.

Get the latest Oro News

  • OroCommerce
Compliances
  • Compliances
  • pci-dssfooter1SOCfooter1

About Us

  • About us
  • Partners
  • Events
  • Careers
  • Bug Bounty

Certifications

  • PCI DSS
  • SOC2

Services

  • Oro Services
  • Training

More Resources

  • Guides & Reports
  • Documentation
  • OroCommerce Blog

Compliances

pci-dssfooter1 SOCfooter1

Follow Oro

Oro GitHub Oro linkedin Oro twitter Oro Youtube
© 2024 Oro, Inc. All Rights Reserved
Terms & Conditions Privacy Policy Data Protection Framework Certification

Follow Oro

Oro GitHub Oro linkedin Oro twitter Oro Youtube
Back to top