BigCommerce Consent Integration
BigCommerce Setup
If you use a BigCommerce (Stencil-hosted) storefront, you should update your store configuration to enable 3rd party consent management tools (like ours) by following these steps:
-
Add the TrueVault CMP script via Settings > Scripts > Create a Script, placing it in the
<head>with the consent category set to Essential so that it always loads regardless of the current consent state. -
If needed, hide BigCommerce's built-in cookie banner by adding the following CSS to your theme (or by editing your theme stylesheet directly):
#consent-manager-update-banner, #consent-manager {
display: none;
visibility: hidden;
}
Setup
Our Consent Management Platform (CMP) automatically communicates with your BigCommerce storefront to convey a consumer's consent signals to BigCommerce. These consent signals flow down to any scripts installed through BigCommerce's Script Manager as well as BigCommerce's built-in analytics and tracking integrations (Meta Pixel, Google Analytics, etc.) that are classified under a given consent category.
The CMP detects BigCommerce storefronts by checking for window.BCData, which is set on all Stencil-hosted pages. When a consumer's consent changes, the CMP calls the BigCommerce Storefront Consent API (POST /api/storefront/consent) with the updated categories.
If you are using Google Tag Manager in addition to BigCommerce, be sure to review our gide on setting up consent categories in Google Tag Manager if there are scripts that need to be consent controlled loading from GTM.
Consent Category Mapping
BigCommerce defines three non-essential consent categories. The CMP maps its internal consent settings to BigCommerce's numeric category IDs as follows:
| CMP Consent Setting | BigCommerce Category | ID |
|---|---|---|
| Analytics | Analytics | 1 |
| Personalization | Functional (Personalization and Optional Functions) | 2 |
| Advertising or Targeted Advertising | Targeting / Advertising | 3 |
Essential cookies are always allowed by BigCommerce and are not part of the consent API payload.
BigCommerce's Functional category covers enhanced functionality like certain videos, live chat, and other optional on-page features. This is mapped to our banner's "Personalization" setting, as these functions tend to use user data for catered, non-essential experiences. Review how your installed apps are categorized in BigCommerce to make sure the mapping fits your expectations.
Opt-Out Signals
The CMP always sends the current consent signals to BigCommerce, regardless of whether the visitor is viewing an interactive consent banner, an informational banner, or no banner at all. This means that consumer opt-outs via US Privacy (USP) and Global Privacy Control (GPC) signals are respected for BigCommerce scripts in all regions — not just regions where the interactive banner is shown.
When a consumer is opted out via USP or GPC, the CMP sends deny: [3] (Targeting / Advertising) to BigCommerce regardless of what the visitor has otherwise chosen for Advertising consent.
Testing
To verify that consent signals are flowing to BigCommerce, you can inspect the bc_consent cookie in your browser's developer tools. This cookie is set and maintained by BigCommerce and reflects the current consent state that BigCommerce will apply to its Script Manager scripts and built-in integrations.
-
Open your browser's developer tools and navigate to the Application (Chrome) or Storage (Firefox) tab.
-
Find the
bc_consentcookie under your storefront's cookies. -
The cookie value will be URL-encoded JSON of the form:
{"allow":[1,2,3],"deny":[]}where the numeric IDs correspond to the categories listed above.
-
Interact with the TrueVault consent banner (accept, reject, or change preferences). The
bc_consentcookie should update to reflect your selections.
You can also observe the API calls the CMP makes to BigCommerce by filtering the Network tab for requests to /api/storefront/consent. Each consent change from the CMP will trigger a POST to this endpoint with the new allow and deny arrays.
Some BigCommerce scripts are loaded once per page and do not re-evaluate their consent state without a reload. If you change your consent preferences after the page loads, you may need to refresh the page to see the full effect on scripts that were previously blocked or allowed.
Headless / Catalyst Storefronts
BigCommerce's Catalyst framework and other headless storefronts that use the GraphQL Storefront API are not currently supported by this integration.
The BigCommerce Storefront Consent API (POST /api/storefront/consent) is only available on Stencil-hosted pages — it relies on same-origin cookies and is not callable from a headless storefront hosted on a different domain. BigCommerce's GraphQL Storefront API does not currently expose a mutation for setting cookie consent preferences.
Catalyst itself handles consent client-side using a third-party library (c15t). At this time, we do not integrate with Catalyst's consent mechanism.
If you are using a headless storefront and want to use our CMP, you may need to implement a custom integration that listens for consent changes from the CMP and conveys them to your storefront's scripts and analytics in a way that fits your architecture. Review our article on the Consent Changed event for more details on how to listen for consent changes.