To track data according to the data privacy regulations like GDPR in Magento you need to tell customers explicitly about the cookies you collect and give them the right to reject them. That's what Magento 2 cookie restriction mode is used for.

This guide explains what cookie restriction mode is and how to enable it in Magento.

Magento cookie restriction mode is a built-in privacy feature that displays a cookie consent notice on the frontend, informing visitors about cookie usage and obtaining their consent. When cookie restriction mode is enabled, Magento shows a banner with the Allow Cookies button.

Once visitors press this button and allow you to collect cookies, Magento lets them continue browsing your website. This way, you stay both transparent about data collection with your customers and compliant with privacy regulations.

magento cookie consent default notice

To enable Magento cookie restriction mode, go to Stores > Settings > Configurations > General > Web, open the Default Cookie Settings section, and set Cookie Restriction Mode option to Yes.

Even though the Cookie Restriction Mode option enables cookie collection, you still need to configure cookies in Magento to define their lifetime, policy, limits and other settings.

Let's go through each step by step.

The default cookie settings contain several options that define how Magento should manage cookies. So the first step is to configure them according to your store requirements.

  • Cookie Lifetime defines how long the cookies will be stored on a user's device. The default value is 3600 seconds (1 hour). This means that when a visitor comes back to your store within one hour, they can continue their previous session.
  • Cookie Path controls which URLs cookies are valid for. To show it on all pages, just leave a slash (/) here.
  • Cookie Domain specifies the domain or subdomain cookies belong to. If you need the cookies to be shared across multiple subdomains, enter the corresponding domain here preceded by the full stop, e.g., ".domain.com".
  • Use HTTP Only reduces the risk of client-side attacks by making cookies invisible to other programming languages. So choose Yes to restrict them from having access to the cookie files.
default magento 2 cookie consent settings

Once you've configured the default cookie settings, enable Magento Cookie Restriction Mode by pressing Yes in the corresponding field.

enable magento cookie restriction mode

Now click the Save Config button, flush the cache, and check the result on the storefront.

Default Magento cookie notice doesn't offer full compatibility with modern privacy regulations. It doesn't provide the required detailed information about the collected cookies or let visitors choose which cookies to approve and which to decline.

Use Magefan  Magento 2 Cookie Consent extension to optimise cookie restriction mode in Magento. It allows you to create a compliant cookie banner, categorize cookies, add new cookies and give visitors details and options to edit their cookie preferences.

magento cookie settings on frontend

Example of a cookie consent list in the Magefan Cookie Consent Banner that visitors can review and customise cookies

In a nutshell, Magento cookie restriction mode is a simple method to inform visitors about cookie usage and get their consent.

Yet, to comply with privacy regulations such as GDPR, you will need to enable Magento cookie notice that has both — Accept and Reject —options and give details about cookies and cookie groups you have.