Docs
← Back to site

GDPR Geo-Detection

3 min readUpdated June 20, 2026

WP Smart Consent includes built-in geo-detection so the checkbox state can be adjusted automatically based on where a visitor is located. The most common use case is pre-checking the checkbox for visitors outside GDPR-covered countries while leaving it unchecked for visitors inside the EU. You can also target specific US states and block certain countries from seeing the checkbox entirely.

The Geo Rules Tab

All geo configuration lives in the Geo Rules tab of the dashboard. It has three sections:

Pre-checked countries — visitors from these countries will see the checkbox ticked by default. Typically used for non-EU countries where opt-in pre-selection is acceptable.

Blocked countries — visitors from these countries will not see the checkbox at all. The opt-in is silently skipped and no data is forwarded.

US states — fine-grained control for US visitors. Select individual states where unchecked behaviour should apply, independent of the country-level rule.

Choosing a Geo Provider

The Geo Rules tab also has a Provider sub-tab where you select how country and state are detected. There are five options:

CDN headers only — reads geo headers already set by your CDN: CF-IPCountry (Cloudflare), CDN-RequestCountryCode (Bunny.net), CloudFront-Viewer-Country (CloudFront), X-Country-Code (Fastly), and equivalents for Akamai and KeyCDN. Zero latency, zero API call, zero cost. US state detection is not available in this mode, except on CloudFront which also sends CloudFront-Viewer-Country-Region.

CDN headers + freeipapi.com fallback — CDN header for country when present. Falls back to freeipapi.com on cache misses and always fetches US state via freeipapi. Free tier available, optional paid key.

CDN headers + IP2Location.io fallback — same pattern but uses IP2Location.io for the fallback and state lookup. Higher accuracy, paid key required.

freeipapi.com only — full country and state detection on every request via freeipapi.com. Best choice if you are not behind a CDN. Free tier: 60 requests per minute. Optional paid key for higher limits.

IP2Location.io only — highest accuracy, includes city and postal code. Paid key required.

Handling CDN-Cached Pages

On a CDN-cached page load PHP never runs, so server-side detection never fires. WP Smart Consent handles this with two mechanisms.

The wpsc_geo cookie is set on any uncached request where a country is detected. On subsequent cached loads, JavaScript reads it immediately and applies the correct checkbox state client-side with no visible delay.

On a visitor’s very first cached page load, before the cookie exists, a lightweight background request fires to the wpsc_geo_detect endpoint. That endpoint bypasses CDN cache, runs the full server-side detection chain, sets the cookie, and returns the country as JSON. JavaScript then corrects the checkbox state without a page reload.

CDN Configuration Note

Do not configure your CDN to vary its cache on the wpsc_geo cookie. The HTML delivered to all visitors is identical — WP Smart Consent handles per-country variation in JavaScript rather than serving different cached responses. Varying on the cookie would multiply your cache buckets with no benefit.

No WooCommerce Required

Geo-detection works independently of WooCommerce. No MaxMind database, no WooCommerce Geolocation API, and no additional plugins are required beyond whatever CDN you’re already using.

Disclaimer: The geo-detection feature is a practical tool to apply different checkbox defaults based on a visitor’s detected location. It is not a legal compliance solution. Country and state detection via CDN headers or IP geolocation is not guaranteed to be accurate in all cases, and GDPR compliance depends on far more than checkbox state. Consult a qualified legal professional about your specific obligations.

This website uses cookies to enhance your browsing experience and ensure the site functions properly. By continuing to use this site, you acknowledge and accept our use of cookies.

Accept All Accept Required Only