Running an Odoo website puts powerful e-commerce, CRM, and content tools at your fingertips — but it also means you're collecting visitor data, setting cookies, and processing personal information the moment someone lands on your site. That makes GDPR, ePrivacy, and CCPA compliance not optional, but mandatory — and regulators are actively issuing fines to businesses that treat privacy as an afterthought.
Many Odoo website owners discover this the hard way. They assume the platform handles compliance automatically, or they enable Odoo's built-in cookie bar and consider the job done. The problem: Odoo's native cookie bar — while a useful starting point — does not meet the full requirements of the EU's GDPR and ePrivacy Directive. It lacks granular consent categorisation, prior-consent third-party script blocking, and documented consent records that a regulatory audit would demand.
The cleaner path is to integrate a dedicated consent management platform (CMP) directly into your Odoo website. Secure Privacy is built for exactly this: it delivers a fully compliant cookie consent banner, automatic cookie scanning, prior-consent script blocking, a verifiable consent log, and support for GDPR, CCPA/CPRA, LGPD, and ePrivacy — all injectable into any Odoo site in minutes via a single script.
In this guide you will learn how Odoo 19 handles privacy natively, where those built-in tools fall short, and how to install Secure Privacy on your Odoo website site-wide — no developer required.
Who Is This Guide For?
This guide is for:
Odoo website owners and administrators who need to display a compliant cookie consent banner and meet privacy regulations such as GDPR, CCPA, or ePrivacy.
Odoo e-commerce operators running shops that serve visitors from the EU, UK, or California.
Businesses evaluating their Odoo privacy setup and wondering whether Odoo's native tools are sufficient.
Developers or IT administrators looking for the recommended method to inject a third-party script site-wide in Odoo 19.
You will need access to Odoo Studio (available on Odoo Enterprise and Odoo Online Standard plans and above) and a Secure Privacy account with your installation script ready.
Odoo 19's Built-In Privacy Options — and Their Limitations
Odoo 19 ships with a native Cookies Bar that provides a baseline privacy layer for your website. Understanding what it does — and what it doesn't — is essential before deciding how to implement full compliance.
What Odoo 19's Native Cookie Bar Does
To enable it, go to Website → Configuration → Settings → Tracking & SEO and toggle on Cookies Bar. When active, Odoo will:
Display a consent banner to first-time visitors.
Block embedded third-party services (social media, video players, Google services) by default until the visitor consents.
Create a
/cookie-policypage listing default cookies and their purposes.Support Google Consent Mode v2, allowing GA4 and Google Ads signals to function in a consent-aware mode.
Where Odoo's Native Cookie Bar Falls Short
For many Odoo websites, the native cookie bar alone is not enough to satisfy GDPR and ePrivacy requirements. Odoo's own user community has raised several documented gaps:
No verifiable consent log — GDPR requires you to prove that a specific visitor consented, at what time, and to what. Odoo does not store an auditable consent record per visitor.
Limited granular categories — advanced marketing or analytics setups require fine-grained consent categories beyond Odoo's defaults.
Third-party script blocking is partial — only services explicitly listed are blocked; custom tracking tags added via Odoo Studio or external integrations may fire without consent.
No multi-regulation support — Odoo's banner is EU-oriented; it does not automatically adapt its logic for CCPA (US), LGPD (Brazil), or other regional frameworks.
No cookie auto-scan — you must manually maintain the cookie policy page as your site's tech stack changes.
If your Odoo website operates in multiple markets or runs any marketing or advertising technology, a dedicated CMP is the appropriate solution.
Why a Dedicated Cookie Consent Platform Goes Further
A dedicated consent management platform (CMP) like Secure Privacy is purpose-built for regulatory compliance in a way that a general-purpose platform's built-in feature cannot match. Key advantages:
Automatic cookie scanning — Secure Privacy continuously scans your Odoo website and auto-populates the cookie declaration, so your consent banner always reflects what your site actually sets.
Prior-consent script blocking — marketing pixels, analytics tags, and third-party scripts are blocked from executing until the visitor grants consent, not just flagged.
Documented consent records — every consent event is logged with a timestamp, visitor identifier, and consent version, giving you the audit trail GDPR Article 7 demands.
Multi-regulation logic — a single implementation handles GDPR, CCPA/CPRA, ePrivacy, LGPD, and more, adapting the banner display to the visitor's detected jurisdiction.
Google Consent Mode v2 integration — Secure Privacy signals consent state to Google's advertising and analytics stack, protecting your ad attribution while staying compliant.
Prerequisites
An active Odoo account with Odoo Studio access (Odoo Enterprise or Odoo Online Standard plan and above).
A Secure Privacy account with a domain configured and your cookie consent installation script ready. (Create a free account at secureprivacy.ai if you don't have one yet.)
Administrator or website editor permissions within your Odoo instance.
How to Install Secure Privacy on Your Odoo 19 Website
The method below uses Odoo Studio's Custom Code section — the recommended no-code route for pasting a site-wide JavaScript script in Odoo 19. The script is injected across every page of your website automatically.
Step 1 — Log In to Odoo and Open Studio
Log in to your Odoo account. From the main menu, navigate to the Apps page and select Studio.
Navigate to the Apps page and open Odoo Studio.
Step 2 — Open the Website Widget Inside Odoo Studio
Inside Odoo Studio, locate and open the Website widget. This is the module that controls your Odoo website's settings and code injection.
Open the Website widget in Odoo Studio to access site-wide settings.
Step 3 — Navigate to Configuration > Websites
In the top navigation bar of the Website widget, click Configuration and select Websites from the dropdown.
Select Websites from the Configuration menu in Odoo Studio.
Step 4 — Select Your Odoo Website
You will see a list of all websites configured in your Odoo instance. Select the website where you want to install the Secure Privacy cookie consent banner.
Select the correct Odoo website from the list.
Step 5 — Paste the Secure Privacy Script into Custom Code and Save
Scroll down to the Custom Code section. Paste your Secure Privacy cookie consent installation script into the field, then click Upload to save.
Paste the Secure Privacy installation script into the Custom Code field, then click Upload.
🎉 Done! Secure Privacy is now installed on your Odoo website. The cookie consent banner will display to visitors according to your Secure Privacy account settings — across every page, site-wide.
What Happens After Installation
Once the script is live, Secure Privacy automatically:
Scans your Odoo website for cookies and third-party trackers and populates your cookie declaration.
Displays the consent banner to new visitors and returning visitors whose consent has expired.
Blocks non-essential scripts from firing until the visitor grants consent for the relevant category.
Logs each consent event with a timestamp, banner version, and visitor token — creating your GDPR audit trail.
Signals consent to Google via Google Consent Mode v2, so your GA4 and Google Ads data remains compliant and as complete as possible.
You can verify the banner is active by opening your Odoo website in a private/incognito browser window (logged out of Odoo) — the consent prompt should appear on the first page load.
Troubleshooting — Common Issues & Fixes
Custom Code Section Is Not Visible in Odoo Studio
Make sure you have the required Odoo Studio permissions and that your Odoo plan includes Studio access. Some Odoo themes do not expose the Custom Code field by default — contact your theme provider or check your Odoo subscription level. If Studio is not available on your plan, a developer can inject the script site-wide via a custom Odoo module that inherits the website.layout QWeb template.
Cookie Consent Script Is Not Executing
Double-check that the Secure Privacy installation script is correctly pasted and saved in the Custom Code section. Clear your browser cache and reload. Always test in a private/incognito window while logged out of Odoo — Odoo suppresses some scripts for authenticated admin users.
Cookie Banner Is Not Showing on the Website
Log in to your Secure Privacy account and verify that cookie consent is enabled for your domain. Confirm the domain URL in your Secure Privacy settings exactly matches your Odoo website URL — including whether it uses www or not.
Script Installed But Banner Appears on Some Pages Only
The Custom Code section in Odoo Studio injects the script globally across your website. If the banner is missing on specific pages, check whether those pages use a different template or theme layout that may not inherit the main website.layout. Contact Secure Privacy support if the issue persists.
Frequently Asked Questions
Does Odoo 19 have a built-in cookie consent banner?
Yes. Odoo 19 includes a native Cookies Bar (found at Website → Configuration → Settings → Tracking & SEO → Cookies Bar) with Google Consent Mode v2 support. However, the native bar has documented compliance gaps — it does not maintain a verifiable per-visitor consent log, does not auto-scan for new cookies, and does not adapt its consent logic to multiple regional frameworks (CCPA, LGPD, etc.). A dedicated CMP like Secure Privacy closes those gaps.
How do I add a cookie consent script to my Odoo website site-wide?
The recommended no-code method is via Odoo Studio: go to Apps → Studio → Website widget → Configuration → Websites → select your site → scroll to the Custom Code section → paste your script → click Upload. The script is then injected across every page automatically.
Is Odoo GDPR compliant out of the box?
Odoo provides a foundation — a native cookie bar, a cookie policy page, and Google Consent Mode v2 signals — but full GDPR compliance requires a verifiable consent log, prior-consent script blocking for all trackers, and documented data processing records. These are not fully covered by Odoo out of the box, which is why many operators integrate a dedicated CMP.
Do I need Odoo Studio to add a cookie consent banner?
Odoo Studio is the recommended no-code route. It requires an Odoo Studio licence (included in Odoo Enterprise and higher Online plans). Alternatively, a developer can inject scripts via a custom Odoo module that inherits the website.layout QWeb template — but this requires development access and server-side deployment.
Does Secure Privacy support Odoo's multi-website setup?
Yes. Repeat the installation steps for each website in your Odoo instance. Each site will need its own Secure Privacy installation script configured for its specific domain in your Secure Privacy account.
Will adding the Secure Privacy script slow down my Odoo website?
No. The Secure Privacy cookie consent script is lightweight and loads asynchronously, so it does not block page rendering or negatively impact your site's performance or Core Web Vitals scores.
Which privacy regulations apply to my Odoo website?
If you serve visitors from the EU or UK, GDPR and the ePrivacy Directive apply. For California visitors, CCPA/CPRA applies. For Brazilian visitors, LGPD applies. Most Odoo e-commerce and SaaS websites serve visitors from multiple regions and therefore need to comply with several frameworks simultaneously — which is where a multi-regulation CMP like Secure Privacy is essential.