Full Guidelines On Cookie Restriction Mode In Magento 2

What is Cookie Restriction Mode in Magento 2?

Cookie Restriction Mode in Magento 2 platform web store is a mode that prevents your web store from collecting cookies data of customers, so full-featured operations cannot be enabled. In this mode, your visitors have to confirm that your website needs cookies to allow full-featured operations.

How to enable Cookie Restriction Mode in Magento 2?

In Cookie Restriction Mode, your web store will display a notification to alert customers that cookies are required for full-featured operations. The position of the notification depends on your theme. For more information, the notification links to the privacy policy and encourages customers to click the Allow button to grant access. After cookies are enabled, the notification disappears.

If you edit privacy policy URL, you have to create a custom URL rewrite to redirect traffic to the new URL key.

Cookie Restriction Notice In Footer
Cookie Restriction Notice In Footer

Follow these steps to enable Cookie Restriction Mode

In the backend, click Stores. Under Settings, click Configuration.

Under General on the left, click Web. Open the Default Cookie Settings tab, follow these steps:

Default Cookie Settings cookie restriction mode magento 2
Default Cookie Settings

In the Cookie Lifetime field, enter the seconds you want.

In the Cookie Path, input the path to make cookies available to folders.

In the Cookie Domain, enter the subdomain name to make the cookies available to a subdomain.

Use HTTP Only is set to “Yes” to prevent JavaScript from access to cookies.

Set Cookie Restriction Mode to “Yes”

Click Save Config after completed.

Don’t forget to clear the cache in Cache Management link and update private policy to describe the information that your online store collects from customers, and how it is used.

Above is a full guideline on Cookie Restriction Mode in Magento 2 and how to enable it in admin system. We hope that you can understand how the Cookie Restriction Mode works and how to control it in Magento 2 Basic Configuration. Leave a comment if you have any question, and subscribe Magestandard to get a notification on the next article.

Try These 2 Methods To Use Cookies Features In Magento 2 Web Store

What are cookies?

Cookies are saved files on the computer of the visitor to your site; it’s a temporary saving place for data. To personalize customer’s experience, information that is saved in cookies is used to link customers to their shopping carts, count traffic patterns, and enhance the effectiveness of the promotions. To follow requirements of legislation in many countries regarding the use of cookies and to obtain customer consent, Magento suggests store owners a selection of these two methods :

Method 1: Implied Consent

In this method, customers have a clear understanding that cookies are an essential part of online store operations, and by visiting your web store, have indirectly granted permission to use them. The reason for taking implied consent is to provide enough information for a customer to make an informed decision. The web store will make a pop-up message at the top of first-page customers visit, explains how cookies are used, include a link to the privacy policy of web store. In the privacy policy page, store owners should tell what kind of information that your online store collects, and how is it used.

Method 2: Expressed Consent

In cookie restriction mode, the operating of your online store requires customers to confirm their approval of any cookies can be saved to their devices. Without access granted, many store features will not allow. For example, if Google Analytics is available in your store, it can be activated only after the customer has granted permission to use cookies.

Above is an article about cookies in Magento 2 and two solutions to obtain customer consent. We hope that you can consider the best method for your web store, provide the best experience for customers and completely protect customers information. If you have any question, feel free to leave a comment. Share the article if you think it is useful, and subscribe Magestandard to read more guidelines. In these next posts, we will describe Cookie Restriction Mode and Cookie Reference.

How to Edit Your Privacy Policy in Magento 2

What is Privacy Policy?

A Privacy Policy in Magento 2 is a document that describes the policy of merchant for handling customer information. In Magento 2 default, your store displays a sample form of privacy policy and it can be updated with your information. In your privacy policy, you should describe the type of information that you must collect from customers, and how it is used. The cookies files of the computers that visit your store, and additional cookies that are associated with third-party extensions should be included in the list too.

In this article, we will describe how to edit your privacy policy in Magento 2. To modify your Privacy Policy, follow these steps:

Firstly, in Admin sidebar, click Content. Under Element tab, click Page.

In the table grid, find Privacy Policy section. In Action column, choose Edit in Select.

Open the Content tab, edit the content following your requirements.

magento 2 privacy policy content

If you need to change URL key of privacy policy page, you have to create a custom URL rewrite to redirect traffic to the new URL key. Without this step, the footer privacy policy link will get error 404, and customers can not reach your privacy policy page.

Click Save page after completed the edit.

Above is a description of the privacy policy in Magento 2, and tutorial on how to edit privacy policy of your Magento 2 web store. We hope that you can create your privacy policy and respect the privacy of customers data to make the e-commerce world safer and better. If you have any question, feel free to leave a comment. If you think this article is useful, don’t forget to share it. And remember to subscribe Magestandard to read more Magento guidelines. In the next post, we will describe the Cookie Law Compliance for Magento 2 web store.


Some Important Compliance You Must Remember In Magento 2 Basic Configuration

  1. Industry Compliance

In Magento Open Source, you have to follow a range of privacy security capabilities that satisfy legal requirements and industry guidelines for online merchants. Depending on your location, some are commanded by the Payment Card Industry (PCI), and other are restricted by law.

  • Legal Requirements
  • Industry Guidelines
  • Best Practices

In this article, we will provide you some information about PCI Compliance, and the importance of setting up techniques to secure payment data.

  1. PCI Compliance Guidelines

A checklist of prerequisites that allows payment by credit card online has been built up by The Payment Card Industry (PCI). Any merchants who can access customer credit card data must meet the following guidelines to maintaining a secure server environment:

PCI Requirements

  • Install and keep up a Firewall configuration to protect cardholder information.
  • For system passwords and other security parameters, don’t use vendor-supplied defaults.
  • Secure saved cardholder information.
  • Transmission of cardholder information across open, public networks must be encrypted.
  • Antivirus software must be install and regularly update .
  • Develop and keep up secure systems and applications.
  • Right to access to cardholder information must be restrict by business need to know.
  • Assign a unique ID to each person with computer access.
  • Physical access to cardholder data must be restricted.
  • All access to network resources and cardholder information must be tracked and monitored.
  • Security systems and processes must be tested regularly.
  • Maintain a policy that addresses information security.

When your business becomes larger, you may need to save an annual compliance report file. PCI reporting prerequisites increment in extent to merchant level. The annual compliance report is required for businesses that process more than 20000 credit card transactions per year.


A Complete Guide of Scope Quick Reference in Magento 2


Admin The same Admin controls all websites, stores, and store views in Magento installation.
Default Config Unless being overwritten at a lower level, otherwise, the global default configuration settings are used through the store hierarchy.
Catalog The database of products, available throughout the installation
Product Prices Store administrator can configure product prices to be applied at either a global level or website.
Product Configurations In Configurable Products, some attributes are used as options must have a global scope.
Customers In Magento default installation, each website can have a separate set of customers account, or share the same with other websites. Store Administrators can configure customer accounts to apply at a global level or website
Domain Store administrators can set up different websites as subdomains of the primary domain, or dedicated domains with other IP addresses.
Customers In Magento default installation, each website can have a separate set of customers account, or share the same with other websites. Store Administrators can configure customer accounts to apply at a global level or website
Currency Store owners can assign to each website a different base currency. All transactions are processed using the base currency,
Products At the website level, store owners can assign individual products to the hierarchy. All the products in the catalog and in the website where they are available are listed with the products grid.
Product Prices Store owners can configure product prices to apply at either a global level or website
Payment Methods Store owners can configure payment methods at the website level, and configure title and instructions for each store view.
Checkout Although admin can configure some display options for each store view, the checkout process is still taking place at the website level. The checkout configuration is the same in all stores that associated with a website.
Root Category Root category is assigned at the store level of each catalog.
Subcategories Store admin can assign the subcategories to the store view level
Locale Store admin can assign each store view to a different locale. For each store view, most of Admin interface, the display currency, and measurement units are unique to the locale
Languages For each store view, every content including product descriptions can be translated into other languages.
Display Currency Although the base currency is being used in all transactions, each store view can use a different currency.