Docs → CORA Compliance
Core Features
CORA Compliance
Region-aware cookie consent, Google Consent Mode V2 integration, and automated WCAG accessibility auditing — all in one plugin.
On this page
Overview
CORA Compliance handles two distinct responsibilities:
- Cookie consent — a customizable banner that applies the correct legal rules based on visitor location, fully integrated with Google Consent Mode V2
- Accessibility auditing — continuous WCAG scanning via a Cloudflare Worker, with results stored and surfaced in the CORA admin
Both features use Cloudflare Workers for edge-side processing, keeping performance impact on WordPress minimal.
Cookie consent banner
Supports three display modes: Bar (horizontal strip), Floating box (corner card), or Modal (centered overlay).
Cookies are organized into four categories:
- Necessary — always active, cannot be declined
- Analytics — e.g. GA4
- Functional — enhanced features and personalization
- Marketing — advertising and campaign tracking
Visitor consent is stored in a versioned cookie for 365 days. A persistent floating icon lets visitors update preferences at any time after dismissing the banner.
Geolocation & regional rules
A Cloudflare Worker detects visitor country, region, and city at the edge — before the request reaches WordPress — and passes that data to the consent system with no meaningful latency.
Three consent behaviors:
- Opt-in (GDPR regions) — all optional cookies blocked until explicit acceptance. Applied to 30+ GDPR countries automatically.
- Opt-out (US privacy states) — cookies allowed by default, visitor can opt out. Applied to CA, VA, CO, CT, and 9 other US states.
- Notice-only — informational banner, no blocking. Applied to all other regions.
Developers can simulate any region using a cookie override in test mode. See Cloudflare Worker settings to enable test mode.
Google Consent Mode V2
CORA Compliance integrates with Google Consent Mode V2 so GA4 and GTM automatically respect visitor consent choices.
Cookie categories map to GCM signals:
analytics_storage→ Analytics categoryad_storage,ad_user_data,ad_personalization→ Marketing categoryfunctionality_storage,personalization_storage→ Functional category
Detailed consent events are also pushed to window.dataLayer for custom GTM triggers.
Accessibility auditing
A second Cloudflare Worker runs WCAG audits against your site’s published pages using axe-core. Results are stored in a custom database table and displayed in the CORA admin.
- Supports WCAG 2.0, 2.1, and 2.2
- Conformance levels: A, AA, and AAA
- Weighted accessibility score based on violation severity
- Audit history stored for trend tracking
Cloudflare Worker setup
- Go to CORA → Compliance Settings → Cloudflare
- Enter your Cloudflare Account ID and a scoped API Token (Workers:Edit permission required)
- Click Deploy Geolocation Worker
- Click Deploy Accessibility Worker
- Use test mode to verify geolocation detection is working correctly
⚠️ Use a scoped API token — never your global Cloudflare API key.
Frontend API
CORA Compliance exposes window.CoraConsent on every page:
CoraConsent.acceptAll()— accept all cookie categoriesCoraConsent.rejectAll()— reject all optional categoriesCoraConsent.showPreferences()— open the preferences modalCoraConsent.hasConsent(category)— returns true if the visitor has consented to the given categoryCoraConsent.getGeo()— returns visitor’s detected country, region, and city
Settings reference
All settings are under CORA → Compliance Settings, organized into subtabs:
- Cloudflare — API credentials, Worker deployment and status
- Regional Rules — override default behavior per country or region
- Banner — display mode, position, colors, and copy
- Cookie Categories — add, rename, or remove categories
- Accessibility — WCAG level, scan schedule, score weighting
Requirements
- WordPress 6.4+
- PHP 8.1+ with strict types
- Cloudflare account with Workers enabled
