What cookies does CoreConsent set?

3 min read Updated July 2026

CoreConsent’s job is managing other services’ cookies — but like every consent tool, it needs a small amount of first-party storage of its own to remember each visitor’s choice. This article lists exactly what CoreConsent stores, when, and what to include in your site’s cookie policy.

CoreConsent sets at most two first-party cookies, and never sends any of this data off your site.

Name clearconsent by default — configurable under Settings → Developer options → Cookie / storage key name
Purpose Stores the visitor’s consent choices so the banner isn’t shown again and scripts obey the saved decision
Set when The visitor makes a choice on the consent banner (accept, decline, or per-category)
Expires Follows Cookie expiration (days) in Developer options — 365 days by default
Contents The consent state only (which categories/services were allowed). No identifiers, no personal data
Category Strictly necessary

Because it contains only the consent record itself, this cookie is generally treated as strictly necessary under GDPR/ePrivacy — storing a visitor’s consent decision doesn’t itself require consent. It should still be listed in your cookie policy (see below).

If Storage method is set to localStorage instead of Cookie, no consent cookie is set at all — the choice is kept in the browser’s localStorage under the same key.

The geo cache: cc_geo

Name cc_geo
Purpose Caches the resolved region behavior so the geo lookup doesn’t repeat on every page view
Set when Only if Geo-targeting is enabled, and only until the visitor makes a consent choice
Expires 24 hours
Contents A region behavior string (e.g. opt-in vs. opt-out) and a timestamp. No location coordinates, no IP address, no personal data
Category Strictly necessary / functional

If Geo-targeting is disabled, this cookie is never set — and CoreConsent automatically removes any leftover cc_geo cookie from returning visitors’ browsers.

You’re welcome to copy this into your site’s cookie policy table:

clearconsent — First-party, strictly necessary. Stores your cookie-consent choices for this website so we can respect them on future visits. Expires after 365 days. Set by the CoreConsent plugin; contains no personal data.

cc_geo (only if you use Geo-targeting) — First-party, strictly necessary. Temporarily remembers which regional consent rules apply to your visit. Expires after 24 hours. Contains no personal data.

Adjust the expiry if you’ve changed the defaults.

No. Third-party cookie scanners flag every cookie they find, including the one that stores consent itself — every consent plugin on the market triggers this. Neither cookie contains identifiers or personal data, and CoreConsent never transmits their contents anywhere. CoreConsent’s own site scanner excludes these cookies from results for the same reason.


This article describes how the plugin works and common regulatory treatment of consent-storage cookies; it isn’t legal advice. If you’re unsure how to classify cookies in your policy, check with your privacy counsel.

Was this article helpful?
Thanks for your feedback!

Related articles