Website privacy and tracking is often a major headache for many people deploying websites. The laws and regulations involved are crazy-complicated! Everyone seems to share a different opinion. So we made the MiniCookie stack. A single stack that does everything the average law-abiding website owner needs to proactively comply with GDPR, DSGVO, APEC-CBPR and CCPA.

A video in which we take a typical RapidWeaver website and make it fully complaint with privacy laws can be watched here. The same project file is available to download using this link and requires the Tungsten theme. The normal project file download (available from the button above) has also received an update recently, to include more examples for MiniCookie v2.

MiniCookie can offer you the following configurations:

  • Display a subtle yet stylish privacy popup message to new users landing on your website. Complete control over the style, positioning, content and links. Unlike the RapidWeaver privacy popup options, you can customise the name and expiry date of your user consent tracking cookie.
  • If you prefer continuing to use the RapidWeaver privacy popup (Settings > Privacy) then MiniCookie can radically restyle the message box and give it extra eye candy. Make it look more like an integral part of your website.
  • Assuming we want to stop content from other websites (like YouTube or Google Maps) showing until a user gives their consent to this content, we can set MiniCookie to Conditional Display mode and control what is loaded, based on the presence of a consent cookie. Or display alternative content in its place.
  • Simple buttons to go on your privacy policy page (or elsewhere) to extend the functions offered in the free CookieManager stack. Use buttons to create, modify or delete cookies and other offline storage items.
  • Display a table of cookies or offline storage items the website user has collected while browsing your website, with easy-to-use buttons for them to instantly delete any collected data.
  • Save form data automatically or using save / restore buttons.
  • Present a consent popup featuring different categories of services for users to opt-in or opt-out of, using checkboxes (preferred by more stringent German privacy laws).

MiniCookie builds on the success of our hugely popular Gateway and CookieManager stacks. This time around, it provides an 'all in one' solution towards gently prompting website users for consent, options for users to manage cookies and offline data easily themselves, plus methods to regulate what content is loaded based on opt-in or opt-out. Small, simple, unobtrusive and legally essential for nearly every modern website.

Full credit needs to go to Will for creating what I perceive as being the most comprehensive privacy plugin of any web software. The choice of features offered, the ease of setup and the quality GUI far exceeds anything else I have used. I certainly hope Will seriously considers making this into a Wordpress plugin.Christof

Brilliant support as always from Will. I got totally confused with all the scary legal stuff. Will offered to receive a copy of my site file to look at. A day later he had made the whole website compliant for us. He even made a video telling me what he had changed. How is that for service??!! Could not have done it without his help and expert advice. The popup is working great. I really like the little table you can add that shows all the cookies. The setting to save form data is great for our order page. I wish all stacks would come with such good support.Erik

Ever-tighter privacy laws continue to confuse many website owners. In summary, essential services or cookies your website needs in order to function (like a language switcher or shopping cart) don't strictly need consent from users; because these are covered by your existing privacy policy and are essential to the function of your website. Non-essential code and cookies (like analytics, visitor trackers, advertising, third-party social sharing buttons, media streaming or content being loaded from other websites) do require user consent before they are loaded.

And here's the problem with many existing addons that claim to conform with the legislation - they display big messages as the user loads the website, but these addons still allow potentially harmful code and tracking to continue loading in the background before the user has a chance to opt-in or opt-out. However you view it, this is not compliant with the legal requirements. Surprisingly, even the privacy popup feature in RapidWeaver 8 falls into this same trap.


We put a lot of faith in MiniCookie and already use on every page of this website. You may well have seen and dismissed the little message box if you've been here previously. Here is a button to reset and display the privacy popup again if you missed it:
Of course, we can use MiniCookie to set another named cookie, to confirm the visitor has seen or interacted with something:
Conditionally load page elements (like a YouTube video), depending on whether the user has granted their consent or not:
Sorry, the content you wanted to view here could not be displayed, because you have not given your consent yet. Please visit our privacy policy page to review your settings or click the button below to give consent.
Display a table of all the cookies a user has collected while browsing this website, with options to delete them:


As explained already, MiniCookie can be configured and used in several different ways. It is strongly recommended that you download the free demo version and the sample RapidWeaver 8 project file using the buttons at the top of this page. The project file contains several configurations of the stack and detailed information about how it all works. After you have read this through and played with the examples, you should have a better understanding of this very capable stack. You are also free to copy our MiniCookie examples over into your own websites to save time.

Please note that because this stack (like many others on the market) uses PHP, it will change your page extensions from .html to .php in the RapidWeaver Page Inspector. This is simply to inform the web server that there is PHP code in the page that needs to be processed server-side. Contrary to what some may wrongly say, pages with .php extensions are no slower to load or are bad for SEO. However if you have previously published pages with an old .html extension, you are required to login to your hosting account (via FTP) and manually delete these pages. Otherwise if pages with .html and .php extensions are published to the same location, the old .html will continue to display on your website.

What are the basics towards complying with cookie / privacy laws?

Firstly, don't panic! RapidWeaver websites made with conventional themes and stacks are easy to make compliant; compared with other publishing systems. For the simple reason that much of the content RapidWeaver generates is static and does not have dependencies on outside databases or third-party services that set cookies or track users.

However it's vitally important to remember that GDPR / DSVGO affects any website owner, regardless of where they are located. There is a common misconception that if you live in places like North America, you do not have to comply with this legislation and do things like privacy popups. However this is very incorrect, and all website owners are required to comply, irregardless of location or target audience.

The basic steps towards becoming GDPR / DSVGO compliant include the following:

  • Give website users clear, transparent and accurate information about what cookies, storage and other services your website uses. You normally present this information on a privacy policy page. This is where you also outline steps you are taking to protect user privacy.
  • Renew user consent at regular periods. The general consensus is that website users should renew their consent every 6 months. So set your privacy popup message to expire every 6 months or less. The default expiry time in MiniCookie is 28 days (40320 minutes).
  • Give all website users the ability to opt-in or opt-out , on all browsers and devices, on every page of the website. A subtle popup message (like the one MiniCookie presents) provides the method to opt-in, and buttons on your privacy policy page would allow the user to opt-out again.
  • Be certain that the website visitor gives their consent before any non-essential cookies, storage or other tracking begins. This is where you want to quarantine items like Google Analytics and YouTube embeds, so they are never loaded for someone that has not given their consent.
  • The bulk of the website should still function okay, without cookies and other services. If you do have to conditionally remove something from loading (like a YouTube video embed), then provide simple explanations about why the person cannot view that content and how they can rectify the problem (i.e. click a button to give consent).

MiniCookie can help you accomplish all of the above and a lot more. As always, simplicity is often the key towards maximum compliance. That is to mean, you should work to remove non-essential cookies and services when possible; especially if you do not actively use them any more. Keep the interface and language shown to your website users easy to understand. Refrain from bombarding website users with endless lists of cookie checkbox settings and huge quantities of techno-jargon! Keep the tone friendly.

If you require additional support with auditing your websites, consultation or setup of MiniCookie, please get in touch to discus your requirements.

Preventing MiniCookie getting blocked by "annoyance blockers"

MiniCookie is a legal requirement on many websites, however there are a growing number of services that work to blacklist and block MiniCookie. This has become a problem in web browsers like Brave and several ad-blockers. These typically work by trying to get the class or ID selectors of common consent popups, and adding them to their database. Each time a user visits a website (with a browser or extension to block consent popups), the page selectors are queried against these databases, and matching elements are blocked.

Beyond the problem of website users not seeing your consent popup, far greater problems exist. For example; quarantined content will remain hidden, with no explanation or buttons to explain why. Plus the list of cookies your website uses and options to delete them will vanish from your privacy policy page (an important GDPR requirement). Ironically many of these blockers will break websites and invade user privacy far-more than what a user might have been hoping to originally achieve!

Changing the IDs and class selector names of MiniCookie can help thwart the blacklists and ensure all the essential privacy and accessibility options for your website users remain clear and present, in a non-annoying fashion. You see, the blacklists can't systematically look to block content on every single website (the internet is too big for that). So if you are using MiniCookie customised to your website or business name, there is a good chance it'll continue to function fine.

Options to change ID and class selector names exist in the MiniCookie Advanced Settings (added as part of the 2.4.0 update). Please follow these instructions carefully.

This is the ID applied to the parent MiniCookie container and also forms part of the ID applied to all components used inside MiniCookie like the buttons, checkboxes and table. The default is mc [underscore] like this:


If you are encountering or concerned about MiniCookie getting blocked, change this ID selector name to something more relevant to your website or company. Like this:


Omitting common keyword phases like cookie, popup, consent or privacy is recommended, and may help your MiniCookie instance continue to work. ID names must always start with a letter (A to Z) and not contain spaces or any special characters. Numbers, hyphens and underscores are permitted after the first character. Letters can either be uppercase or lowercase. It's commonplace to type ID selector names in either lowercase, camel case or snake case. An ID name must be unique and not duplicate something already being used on the current page.

This only needs to be provided if you want to apply a class selector name to MiniCookie, to aid customising it with custom CSS code. Class selector names like mini_cookie_stack already exist in numerous blacklists like Fanboy's Annoyance List. Like with IDs, you would do well to choose a class selector name that does not include keywords like cookie, popup, consent or privacy. An example of a suitable class selector name would be this:


Class selector names cannot contain spaces or any special characters. Numbers, hyphens and underscores are permitted. Letters can either be uppercase or lowercase. It's commonplace to type class selector names in either hyphenated, lowercase, camel case or snake case format.