If you give consent on your website via the cookie banner, and the next time you visit or navigate your website, the cookie banner will be displayed again, your WordPress REST API or web server configuration is most likely not reachable or misconfigured. We show you how to solve the problem!
Preparation to find the cause
Before we start looking for the cause, we need to get an idea of what is going wrong in the first place.
First of all, please empty your website’s cache. This means page caches like WP Rocket, WP Super Cache, W3 Total Cache, Litespeed Cache or WP Optimize as well as object caches like Redis. If you also use a CDN cache like Cloudflare or Bunny.net, please empty it as well.
Afterwards, we proceed as follows for preperation (the following procedure works for Google Chrome browser and other Chromium browsers):
- Open your website as a logged-out user
- Open the developer tools by right-clicking somewhere on your website and choosing Inspect in the context menu (or directly via the
F12key) - Open the “Network” tab
- In the input field for “Filter” (top-left) enter
consent - Click on “Accept all” in the cookie banner
- A line with
consentshould be visible in the network traffic. Click on it and open more details. - There you will see more, different tabs, which will be discussed further in this article for every possible case.
Cause 1: REST API not accessible or incorrectly configured
The most common cause for a cookie banner popping up on every subpage is that your WordPress REST API is not accessible or is configured incorrectly. This can have several causes, for example if you use a (security) plugin that hides or even completely disables the REST API for (logged-out) users. We have provided an extra article for you for this problem, which you should definitely check out: WordPress REST API does not respond: What’s the problem?
Real Cookie Banner stores the decision made in the cookie banner in a cookie. We check whether the cookie path of cookie is valid for the used domain. To do this, we now open the “Cookies” tab of our network traffic and check whether a valid path is stored there.
We expect to see a path like / here. But as you can see in the example above, instead the cookie path contains a full URL. The reason is that a wrong URL is stored in your WordPress backend at Settings > General in the fields “WordPress Address (URL)” and “Site Address (URL)” (in the example, a double s for https). Please check if the specific URLs are the URLs of your website!
You don’t have a URL there, but a path other than /? This is typical that you have manually set the constant COOKIEPATH in your wp-config.php file. Please check if this setting really fits to path of the accessed website! If this is not the case, you can exclude this as the cause of the problem because the cookie path can also be configured differently by e.g. a multisite.
For each cookie, you can define how it is accessible. This is controlled via the so-called HttpOnly flag. Real Cookie Banner itself does not expect a HttpOnly cookie (since the cookie is read client-side via JavaScript), which means that no checkmark must be given in the HttpOnly column. If, as demonstrated by the screenshot above, you also have a checkmark set, you probably configured this manually for your server (you may have read a tutorial like how to harden your cookies). To solve the problem, you should check your .htaccess file for Apchache2 web servers or the NGINX config for NGINX web servers and contact your hosting provider!
Example of such a server configuration in a .htaccess file:
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
You don’t see any “Response cookies”, but only “Request cookies” in the place shown in the screenshot? This is because you are using a server configuration that discards all cookies. You should definitely consult your hosting provider and check together why this was configured this way. If this is a security issue, you should definitely exclude the Real Cookie Banner cookies (starting with real_cookie_banner) so that it is always returned.
If you haven’t explicitly reconfigured anything so that all cookies are discarded, a CDN may also be responsible for all cookies being deleted. Please check if disabling the CDN solves the problem, and if so, please contact your CDN provider!
Cause 5: Slow response time of your WordPress instance
Also, a common reason for a cookie banner popping up all the time is simply the response time of your WordPress installation. As you can see in the screenshot above, it can happen with slow-optimised WordPress installations that it takes several seconds to save a consent.
It is best to wait 15 seconds after the consent before navigating to the next page and check whether the cookie banner does not reappear afterwards. If this is the case, you need to optimise your WordPress installation accordingly.
To check whether the Real Cookie Banner is responsible for the long response time, please proceed as follows:
- Deactivate Real Cookie Banner Plugin (your data will be preserved!)
- Open the following URL of your website:
your-domain.com/wp-json - If the call also takes a correspondingly long time, you should urgently optimise your WordPress installation or check which plugin is responsible for this high response time – it is best to contact your technical contact here.