An often asked question is if Complianz GDPR/CCPA works with caching. Users ask this because a lot of plugins depend on server-side PHP scripts to handle consent. If a user has given consent, the PHP unlocks some content. An example of this is plugins that use shortcodes to wrap content that requires consent. If you use shortcodes, it won’t work with hard page caching, as the user will get a cached version of the page. It is arbitrary which version of the page the user will see. You’ll have to set each of these pages to “do not cache this page” to make this work.
Because of these limitations, we use a different approach (although the shortcode method is also possible). Complianz will block everything serverside: in PHP, everything that needs to be blocked gets blocked. When the user loads the page, our cookie blocker javascript will run in the user’s browser, and can dynamically unlock those scripts/cookies/content on consent.
This way, each user will get the same HTML, which can be cached. The script runs clientside, and can dynamically unlock everything.
To get back to the initial question: because of this approach, Complianz works well with all major caching plugins. But even so, there are some limitations you should be aware of.
Minification and concatenation by caching plugins
In most cases, scripts that track user data are loaded from a third party domain. E.g. Facebook, YouTube, etc. But there are some plugins that load these third-party scripts through a local script loaded over your own domain. If that happens you need to block this script as well. But, if your caching plugin minifies the script, and concatenates it with other scripts, the filename may not be recognizable anymore for Complianz. For example, we ship an integration with a Facebook Feed plugin, which includes the script “cff-scripts.min.js”. Complianz will block this script, based on this filename. But if the filename is changed to “cached-0292023423.min.js”, the script won’t be found.
There are two solutions to this.
- You can ask the plugin developer to conform to the WP Consent API we developed, which will soon become WordPress core. Then the integration will work out of the box.
- Exclude this script from the minification/concatenation.
Geo IP and A/B testing (premium only)
Also for A/B testing and Geo IP, we use a client-side approach. An ajax call checks back with the server for the region. This way you can hard page cache all you want, the user gets the correct banner.
