Which Cookie Consent plugins are slowest?

WordPress Mobile Speed


There are no affiliate links on PagePipe.

Your browser stores cookies. They enable a site to ‘remember’ little bits of information between pages or visits.

Cookies personalize the web experience. Some cookies collect data across many websites, creating ‘behavioral profiles’ of people. These profiles influence what content or advertisements to show you. Requiring websites to get consent gives web visitors more control over online privacy. In theory.

Cookies are nothing new. Because they always work in the background users weren’t aware of their existence. They are text files of data that identify:

  • you as a user
  • your IP address
  • gender and age

Websites collect this information. They use it to create inferences about their user base and track them with retargeting ads.

BuiltWith says 29.3 million websites use Google Analytics. That is 8.4 percent of the 348 million websites tracked in its database. Google Analytics uses cookies.

Facebook Pixel is a mega technology. It’s used by at least 5,004,384 websites on the Internet. It also uses cookies.

Because of Facebook and Google, average people are more aware of their personal data. And its ease of accessibility.

In 2018, the European Union enforced the General Data Protection Regulation (GDPR) over websites. Now when we load a website, we are often asked to allow cookies, deny cookies, or adjust cookie settings.

This is annoying and an impediment to a good user experience.

According to the GDPR, end-user consent should be valid, freely given, specific, informed, and active. The lack of enforcement of obtaining lawful consents is a huge challenge. Or should we say an impossible challenge?

The Big Tech corporations, i.e. Google, Amazon, Facebook, Apple, and Microsoft (GAFAM), use methods, raising doubts about the lawfulness of the acquired consent.

Cookie Consent is a popup screen-lock. It’s locked until you press a button indicating you accept cookies. Tracking cookies are then placed in your browser cache.


What happens if you don’t accept cookies? If you refuse to accept cookies, websites don’t allow you access to their content. Simple. But lame.

Cookie Consent is a negative barrier to a good user experience. They’re intrusive and ugly. Cluttering screens. They also slow down your website. Some plugins are worse than others. We’ll tell you which those are.

Who needs GDPR Compliance? Here’s what other technology blogs claim:

  • If you run a WordPress website and EU visitors can access it, your site needs to be GDPR compliant.
  • If you take advantage of using a cookie, or other tracking integrations like Facebook pixels or Google Analytics, etc.
  • If you use forms like Contact 7 to collect users’ data, you need GDPR compliance.
  • If you use MailChimp or other addons to save users’ data, you need this GDPR compliance support.
  • If you use any communication service like live chat or support help desk for your site visitors.

So everyone and his dog thinks you need cookie compliance.

Do you have to put a cookie warning on your website?

There are no specific federal US-based laws when it comes to Cookies. Some state laws.

Where can you find out more about the EU and UK laws about cookies?

You’ll find details about EU and UK regulations like the Cookie Law on the European Commission’s site. And the UK’s PECR on the Information Commissioner’s Office site.



Many plugin authors got on the GDPR/Cookie Consent gravy train. The result: The introduction of over 44 plugins. Do they help site owners “comply” with Government-imposed regulations? There are many WordPress cookie plugins available. They provide very intrusive modal popups or are often too complex to configure.

How to know that you need GDPR Compliance?

  • If you have visitors from the EU or potential to have visitors from the EU.
  • If you use browser cookies or tracking pixels for analytical purposes
  • If you use any drip marketing strategy like MailChimp or other third-party plugins to save users’ data
  • If you use Live chat services to communicate with your website visitors
  • If you use forms like Contact 7 to collect users’ data, you need GDPR compliance.
  • If you want to enhance the authenticity, authority, and general trustworthiness.
  • If you use any of these services, you need cookie consent:
    online CRM systems (HubSpot, Salesforce, SAP, Zoho, etc…)
  • inside online email marketing services (GetResponse, Mailchimp, ActiveCampaign, etc…)
  • inside online support systems (Zendesk, Freshdesk, etc…)
  • other SAAS services

Uh? Why didn’t they just say “every website on the entire planet?”

The Really Bad News:




Weasel Words plugin creators use:

  • We cannot guarantee any conformity with the law, which only a lawyer can do.
  • We are not attorneys.
  • We are not liable for any content, code, or other errors or omissions, or inaccuracies.
  • This plugin provides no warranties or guarantees.
  • Nothing in this plugin, therefore, shall be considered legal advice, and no attorney-client relationship is established.
  • Please note that in some cases, depending on your legislation, further actions may be required to make your WordPress website compliant with the law.
  • The use of this plugin does not, by itself, ensure compliance with legal requirements related to cookies.
  • Implementing this plugin will NOT automatically make your website in compliance with the EU cookie law.
  • This plugin can only help you to meet compliance requirements. You are the one who is responsible for making sure all the compliance requirements are met.

They have to be kidding. So what good are these cookie-consent plugins anyway?

Many WordPress cookie consent plugins make boastful claims:

  • Easiest or simple
  • Most Effective
  • Popular
  • Most compliant with privacy laws
  • well-supported
  • 100% free
  • light, elegant and powerful
  • avoid legal risks
  • mature and trusted

Few of these are true or provable facts.

These plugins are supposed to help us comply with data privacy laws and regulations like the following:

  • GDPR: The General Data Protection Regulation (European Union)
  • General Data Protection Regulation (GDPR) is a European regulation to strengthen and unify the data protection of EU citizens.
  • PIPEDA: The Personal Information Protection and Electronic Documents Act (Canada)
  • The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations in Canada.
  • CCPA: The California Consumer Privacy Act (California, United States)
  • The California Consumer Privacy Act (CCPA) is a bill intended to enhance privacy rights and consumer protection for residents of California, United States.
  • AAP: Australia’s Privacy Principles (Australia)
  • Australian Privacy Principles (APPs) establish standards for the collection and handling of personal information.
  • LGPD: The Brazilian General Data Protection Law (Brazil)
  • The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”) is a new legal framework for the use of personal data processed on or related to individuals in Brazil, regardless of where the data processor is located.
  • DSGVO, CNIL, PECR, DPA, and other cookie law, data protection, and privacy regulations
  • Cookie plugins only partially implement the legal requirements or advised behavior. That means you still bear a risk. Without a serious look at the law, you won’t know until you get a warning in your mailbox. But will you get a scary email? We don’t think so. We’ll explain why soon.


“Any businesses operating online and within the areas of the European Union or European Economic Area must comply with these rules or face severe penalties.” That is the threat. Is it enforced? Does “the law” have teeth?

From May 25, 2018, all companies with EU citizens as customers who are visiting their website, regardless of the location of the company itself, need to abide by the GDPR rules when handling their personal data.

They have to be joking.

There are 255 million active websites on the internet. The rest are parked domains – like over a billion empty sites.

How many have WordPress cookie consent plugins installed: 692,540 sites.

That is less than half a percent. About a quarter of 1 percent of active sites. Insignificant compliance.

Information covered by GDPR includes names, user IDs, emails, addresses, contact details, web analytics, IP address, cookies, and other special categories of data (e.g., sensitive, genetic, health, gender, biometric).

Fines of up to $20 million or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater, can be applied if not following their dogmatic rules.

Everyone who does internet business in Europe is liable. And at risk even with a fancy cookie consent plugin.

Absolutely ludicrous and unenforceable for most websites. There isn’t a police force or judiciary big enough to make this happen. The only thing that will guarantee compliance is fear.

So who is getting nailed by the huge threatening fines?

Since its start, GDPR has issued only 800 fines.

Here are the worst fines – and only two fines – for cookie consent violation:

1. Amazon — €746 million ($877 million). Did they pay? Not yet. The Washington Post says Amazon “rejects the findings and plans to appeal.” Amazon’s company valuation is $1.7 trillion.

2. Google – €50 million ($56.6 million) They appealed. France got the money. How much is Google’s net worth? 1 Trillion dollars. Do you think they even blinked at that fine? It was a digital tax.

No other fines imposed had to do with cookie consent laws. All others were over data breaches – crummy security that leaked consumers’ personal information to bad guys. GDPR covers a lot more than mere cookie consent.

But for Amazon and Google, they had targets on their backs. These got hit by government-imposed digital taxes.

How many billions are you worth? Are you a target for fines? Seriously?

Do you need to comply and ruin your web pages? Think about it. Most have decided it has no teeth for small and medium-sized businesses. It’s odd. They’re the ones most motivated to install these lame cookie consent plugins. Fear is a great motivator.

What are the worst cookie-consent plugins for speed? The ones that will most slowdown your website globally (every page and post).

The worst slug is WordPress Real Cookie Banner. Almost 200 milliseconds. That is 10 percent of the performance budget.

Here are the speeds of all others compared and ranked from slowest at the top to fastest at the bottom:

Plugin ms Active
WordPress Real Cookie Banner 194.40 40000
Surbma 66.00 1000
easy Cookie Consent 44.90 10
GDPR Cookie Consent by Supsystic 39.40 500
CookieFox 28.80 20
GDPR Cookie Compliance 24.20 200000
WP AutoTerms 15.40 100000
EU Cookies Bar for WordPress 14.50 2000
Zone Cookie 13.80 10
GDPR Compliance & Cookie Consent 13.50 30000
PureDevs GDPR compliance 13.40 10
WP GDPR Cookie Notice 12.50 700
DW GDPR 12.40 20
GDPR Cookie Notice 11.80 200
Ultimate GDPR Consent 9.90 40
Simple Cookie Control 8.90 300
Cookie Notice & Consent Banner forGDPR & CCPA Compliance 8.10 2000
Cookie Consent for GDPR/CCPA 7.40 100
Termly 6.50 200000
Responsive Cookie Consent 6.50 3000
CookieHub 6.50 700
GDPR Tools 6.30 700
MyCookie 6.30 40
GDPR Cookie Banner 6.30 10
GTM Cookie Consent 5.80 10
Better GDPR 5.60 10
Divi Cookie Consent for GDPR 5.20 1000
GDPR & CCPA Cookie Consent 5.00 3000
Awesome GDPR Compliant Cookie Consent and Notice.060 4.90 300
Simple Cookie Notice 4.50 300
TRUENDO 4.00 100
Hayona Cookie Consent 3.50 100
Total GDPR Compliance Lite 2.90 100
kjrocker Cookie Consent 2.80 10
EU Cookie Law for GDPR/CCPA 2.60 100000
CookiePro 2.40 2000
WP Cookie 2.30 20
Implied Cookie Consent 1.60 400
Zestard Cookie Consent 1.60 10
WP Cookie Consent 1.40 100
GDPR Cookies pro 0.80 700
Cookie Maestro 0.80 10
CookieConsent.io 0.60 10
GDPR CCPA Compliance Support fail 3000
Total installed 692540

Our recommendation for fastest speed and best UX:

Don’t use any Cookie Consent plugin – unless you make as much money as Google or Amazon.

Do this cookie test process:

“Right-click on the website and click on Inspect. This will open up the Chrome developer console. From the developer console, go to the Applications tab, and then expand the Cookies dropdown under the Storage section. Under Cookies, you can see the domains from which the cookies are being used on the website.”

Sebastian Thalhammer wrote:

Your summary is quite spot on: Don’t use any Cookie Consent plugin – unless you make as much money as Google or Amazon.

Which is certainly something I’ll agree with. My experience as a digital strategist is however, that clients are full of half-knowledge on the topic and insist on having those things up and running. I tried to convince them otherwise in the past but soon started to realize that this isn’t a fight I want to fight (unpaid). 

I’ll advice them on the downsides and usually that’s about it. 



Steve Teare
performance engineer
January 2022


PagePipe Site Tuning Services for Speed

Instead of band-aid approaches, we drill down to the root cause of your slow site. This is origin optimization. Also known as site tuning. To do this, we analyze site components:

  • Hosting
  • Theme
  • Plugins
  • Scripts and third-party services.
  • Images and media library.
  • We minimize globally loading plugin effects.

Find out more details about Site TuningGet Speed!