Docs
← Back to site

GDPR Geo-Detection

3 min readUpdated April 20, 2026

WP Smart Consent includes built-in geo-detection so the checkbox state can be adjusted automatically based on where a visitor is located. The most common use case is pre-checking the checkbox for visitors outside GDPR-covered countries while leaving it unchecked — and therefore compliant — for visitors inside the EU.

How Country Detection Works#

Country detection follows a priority chain. The first available signal wins:

  1. Cloudflare — reads the CF-IPCountry request header, set automatically on all requests passing through Cloudflare
  2. Bunny.net — reads the CDN-RequestCountryCode header, available on all Bunny.net-proxied requests
  3. WooCommerce Geolocation — uses WooCommerce’s built-in geolocation API if active on the site
  4. wpsc_geo cookie — reads a cookie set on a prior uncached page load where one of the above signals was available

The CDN header options (Cloudflare and Bunny.net) are the fastest because they require no additional requests or database lookups — the country is already embedded in the incoming request.

Handling CDN-Cached Pages#

On a CDN-cached page load, PHP never runs — which means the server-side detection chain above never fires. WP Smart Consent handles this with two mechanisms:

The wpsc_geo cookie — on any uncached request where a country is detected, PHP sets this cookie. On subsequent cached loads, JavaScript reads it immediately and sets the checkbox state client-side with no visible delay.

AJAX fallback — on a visitor’s very first cached page load, before the cookie exists, a lightweight background request fires to the wpsc_geo_detect endpoint. That endpoint always bypasses CDN cache, runs the full server-side detection chain, sets the cookie, and returns the country as JSON. JavaScript then corrects the checkbox state without a page reload. On every visit after that, the cookie handles it with no extra requests.

CDN Configuration Note#

If you’re running a CDN in front of your site, do not configure your CDN to vary its cache based on the wpsc_geo cookie. The HTML delivered to all visitors is identical — WP Smart Consent intentionally handles per-country variation in JavaScript rather than serving different cached responses. Varying on the cookie would multiply your cache buckets without any benefit.

Enabling Geo-Detection#

Geo-detection is toggled from the Settings tab in the WP Smart Consent dashboard. Once enabled it works automatically — no API keys, no third-party geo service, and no additional plugins required beyond whatever CDN you’re already using.

Disclaimer: The GDPR geo-detection feature is a practical tool to help apply different checkbox defaults based on a visitor’s detected country. It is not a legal compliance solution and should not be treated as one. Country detection based on CDN headers or IP geolocation is not guaranteed to be accurate in all cases, and GDPR compliance depends on far more than checkbox state — including your privacy policy, data processing agreements, and overall data handling practices. If your site is subject to GDPR or similar regulations, consult a qualified legal professional about your specific obligations.

This website uses cookies to enhance your browsing experience and ensure the site functions properly. By continuing to use this site, you acknowledge and accept our use of cookies.

Accept All Accept Required Only