| 开发者 |
interativus
sergioinglez |
|---|---|
| 更新时间 | 2026年7月13日 20:42 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
<script> tags are switched to type="text/plain" before the page reaches the browser, so nothing runs before consent.privatto folder to /wp-content/plugins/.No. Banner, blocking, consent records, and document generation all run on your own site. The only optional external call is the Groq API, used exclusively to refine free-text descriptions if you provide an API key.
The plugin buffers the full page output on template_redirect, injects Google Consent Mode v2 (all denied) right after <head>, and rewrites any <script> whose src or body matches the configured patterns. When the visitor consents, the allowed scripts are restored and executed.
In a dedicated table (wp_pvto_consents). Each decision records a UUID, action, categories, policy version, optional irreversible IP hash, country, user agent, URL, and UTC date/time. You can view it under Privatto → Logs and export it to CSV.
Yes. By default, uninstalling keeps the consent tables (they are your audit evidence) and only removes settings. To delete everything, define PVTO_DELETE_DATA as true in wp-config.php before removing the plugin.
%i identifier placeholder, input unslashing/sanitization, output escaping.