Our best Shopware plugins for GDPR and cookies
Three plugins — and a trap that native management hides.
Shopware has cookie management — but it signals nothing to Google. And a banner that doesn't block documents your breach instead of preventing it.
Sound familiar?
Native management that signals nothing
It handles groups locally. Consent Mode v2 is a transmission. Not the same thing.
A banner that blocks nothing
It displays while GTM is already firing. It prevents nothing — it records.
Refusing harder than accepting
Bright Accept button, grey link beside it. Both exist — and it's still a breach.
No trace of anything
Without a stored record, your answer in an audit is a claim.
Our selection, ranked
Every module below is built, maintained and supported by our team. The ranking reflects what we would install first on a client store.
-
DataFirefly Cookie Consent — GDPR/CNIL & Google Consent Mode v2 for Shopware 6
The foundation — it must block and transmitNo script before the click, refusing as easy as accepting, Consent Mode v2 actually transmitted to Google, proof retained.
GDPR cookie consent banner for Shopware 6.6 and 6.7 with native Google Consent Mode v2 (7 signals injected with priority 1 in the head),…
€69.00 View the module -
Google Tag Manager for Shopware — GTM, GA4 e-commerce, Consent Mode v2 & Enhanced Conversions
Where Consent Mode actually arrivesGTM and Consent Mode v2 together. A container that fires without consent is a container that incriminates you.
Complete Shopware 6.7 plugin for modern e-commerce measurement: Google Tag Manager container, GA4 Enhanced Ecommerce, Consent Mode v2 integrated with the native cookie banner,…
€69.00 View the module -
DataFirefly Server-Side — Shopware conversion tracking (free)
Consent that holds to the serverServer-side that only sends what was allowed — even when the event fires later.
The free Shopware plugin for the DataFirefly Server-Side Tracking service: your purchase conversion sent server-to-server, HMAC-signed, consent-aware, and compatible with our DataFirefly Cookie Consent…
€0.00 View the module
Side-by-side comparison
| Module | Best for | Price | Rating | Link |
|---|---|---|---|---|
| DataFirefly Cookie Consent — GDPR/CNIL & Google Consent Mode v2 for Shopware 6 | The foundation — it must block and transmit | €69.00 | — | |
| Google Tag Manager for Shopware — GTM, GA4 e-commerce, Consent Mode v2 & Enhanced Conversions | Where Consent Mode actually arrives | €69.00 | — | |
| DataFirefly Server-Side — Shopware conversion tracking (free) | Consent that holds to the server | €0.00 | — |
On Shopware, cookie management exists — but it signals nothing
That’s the trap everyone misses. Shopware has native cookie management: groups, categories, a clean banner. But it manages locally and transmits nothing to Google. Consent Mode v2 isn’t a checkbox — it’s a wiring job.
A banner that blocks nothing is an exhibit for the prosecution
If your GTM is already firing while the banner is on screen, the banner documents your breach rather than preventing it. And it documents it well: you knew the rule.
And the three rules that actually get sanctioned
No tracker before consent. Refusing as easy as accepting. The proof, stored. Everything else is cosmetic — those three decide the fine.
How to choose
The trap Shopware stores miss
Shopware has native cookie management — and that's exactly what lulls you. It handles groups locally; it signals nothing to Google. Consent Mode v2 isn't a backend checkbox, it's a transmission. Without it: correct interface, incomplete advertising data.
Then the three rules that actually get sanctioned
- No tracker before consent. A block, not a display.
- Refusing as easy as accepting. Same level, same visibility, same clicks.
- The proof. Who chose what, and when — stored, not asserted.
And consent has to hold to the server
If you track server-side, the visitor's decision has to travel there too. An event that fires without consent fires unlawfully — just more reliably.
What these plugins don't cover
Your privacy policy, your records of processing, your contracts. That's exactly what a regulator opens first — and no plugin replaces it. Saying otherwise would be dishonest.
What you gain
Consent that actually blocks
No script fires before the click. Native management handles groups — it doesn't always truly block.
Refusing as easy as accepting
Refusing as visible and as fast as accepting. One of the most sanctioned rules in Europe.
Consent Mode v2, actually wired
Consent Mode v2 is a transmission to Google, not a local checkbox. Without it you lose attribution.
The part Shopware doesn't do
Native management handles groups. It signals nothing to Google. Not the same thing.
Provable, not asserted
In an audit you must show who chose what, and when. Without proof, your answer is a claim.
Consent that holds to the server
What the visitor allowed is respected — even when the event fires server-side later.
From install to results
-
Understand what Shopware doesn't do
Native management handles groups. It transmits nothing to Google.
-
Block before the click
If GTM runs while the banner shows, the banner is the evidence.
-
Make refusing just as easy
Same level, same visibility, same clicks. One of the most sanctioned rules.
-
Actually transmit Consent Mode v2
A backend checkbox isn't a transmission. Wire it.
-
Store the record
Without proof, your answer in an audit is a claim.
“We'd enabled native cookie management and felt compliant. In the audit our GTM was already running while the banner was still on screen — and Consent Mode was never transmitted to Google. Two problems in one.”
Frequently asked questions
Isn't Shopware's native cookie management enough?
No, and that's the most common mistake. Native management handles cookie groups — locally, and correctly. But it transmits nothing to Google. Consent Mode v2 is a wiring job: what the visitor chose has to reach the tag. Otherwise you have a clean interface and incomplete data anyway.
What's wrong with a banner that only displays?
A banner that blocks nothing documents your breach instead of preventing it. It proves you knew the rule. If your GTM is already running while the banner shows, the banner is the evidence.
Does refusing really have to be as easy as accepting?
Yes, and it's one of the most sanctioned rules. Same level, same visibility, same number of clicks. A bright Accept button next to a grey Settings link is a breach, even if both technically exist.
What does Consent Mode v2 have to do with my banner?
Consent Mode v2 is the transmission of consent to Google. Without it you lose attribution and reach — and Shopware's native management doesn't send it on its own. One is the interface, the other is the wiring.
Why store proof of consent?
It shows the moment someone asks what happened on 14 March. Without a stored record of consent, your answer is a claim. With one, it's an answer.
Do these plugins make me GDPR-compliant?
No, and claiming otherwise would be dishonest. These plugins cover the technical side: consent, blocking, transmission, proof. Your privacy policy, your records of processing and your processor contracts aren't included — and those are exactly what a regulator looks at first.
Where do I start?
With blocking and Consent Mode. A banner that truly blocks and transmits consent to Google covers the most urgent part. Server-side tracking that respects the decision comes after — it closes the last gap.
This need on other platforms
Not sure which one fits your store?
Tell us your context — we answer with a straight recommendation, not a sales pitch.