AesirX CMP Guide: How to Generate a Cookie Declaration with AI
Writing a Cookie Declaration manually is time-consuming, prone to errors, and often out of sync with what your site actually does.
Unlike tools that rely on assumptions or fabricate AI-generated content, AesirX CMP builds a Cookie Declaration from real-time scan data – analyzing your website both before and after a user gives consent. That means it reflects what’s actually happening on your site, helping you meet requirements under hundreds of global privacy regulations.
AesirX AI Privacy Advisor saves you time, supports global privacy law alignment, and gives you a reliable foundation to edit and publish with confidence.
Follow this step-by-step guide to generate your Cookie Declaration draft automatically using the built-in AI tool. Just remember – reviewing and validating the content is a key step to staying compliant.
Step 1: Log In to the AesirX AI Privacy Advisor
- Log in to your website’s WordPress admin panel.
- Navigate to AesirX CMP in the left-hand menu.
- Click AI Privacy Advisor.
This page gives you access to configure tracking transparency through the Domain Categorization feature, and to generate AI privacy documentation, such as the Cookie Declaration, Privacy Policy, and Consent Request.
From here you can also enable 1-click AI Auto-Blocking and configure third-party and domain/path blocking to support privacy compliance.
Step 2: View Your AI Cookie Declaration
How to create a cookie declaration using AesirX CMP AI tool
What to do:
- Once you open the AI Privacy Advisor, scroll down to the Cookie Declaration section.
- Your Cookie Declaration text is already populated based on your site’s scan results.
- Go through the headed sections, read the draft carefully and update any language to reflect your actual data handling practices.
- Make sure it’s accurate, especially if your business has multiple domains, operates in specific sectors, or collects sensitive data.
Note: Some sections may include placeholder text depending on your site scan. Make sure to review and edit these before publishing your Cookie Declaration.
Here’s a breakdown of each section:
Step 3: Check the Introductory Statement
How to generate a cookie declaration with AI: Introductory Statement
This section appears at the top of the Cookie Declaration and serves two purposes:
- URL Scanned: Confirms which domain was scanned and analyzed by the AI Privacy Advisor, helping ensure the declaration reflects your actual setup. Always double-check that the correct domain was scanned, especially if your site includes multiple domains or subdomains.
- Introductory Statement: A short explanation of why cookies are used and how your site handles them.
This sets the context for users and helps meet legal expectations for transparency and clarity in cookie use.
What to do:
- Confirm the scanned domain is correct. If it’s not, use the Regenerate button.
- Edit the introductory text to reflect your tone and jurisdiction. You can reference laws like CCPA, PDPA, PDPD or others if your audience is region-specific.
- Make sure the statement aligns with the way you actually use cookies on your site.
Step 4: Review Strictly Necessary Cookies
Create cookie declarations automatically: Strictly Necessary Cookies
This section lists cookies that are required for your website to function correctly. While technically they are exempt from consent under most privacy laws, many websites mistakenly categorize non-essential cookies (e.g. tracking for A/B testing or preference storage) as “strictly necessary,” which can lead to non-compliance.
Example text:
These cookies are essential for the website's core functionality and do not require your consent. They enable basic functions like page navigation and access to secure areas of the website.
If any are detected, you’ll see default examples like:
| Cookie Name | Domain | Purpose | Duration | Provider |
| PHPSESSID | consent.demo.aesirx.io | Preserves user session state | Session | Internal |
What to do:
- Carefully check that each listed cookie is truly required for essential website functions. You should actively check and confirm:
- What each cookie actually does.
- Whether it qualifies as “strictly necessary” under laws like GDPR or ePrivacy Directive.
- Do not blindly trust automated labeling but review:
- Cookie names and behavior
- Purpose and legal basis
- When and how they're set (pre- or post-consent)
- Remove or re-categorize anything used for analytics, personalization, or optimization – these are not “strictly necessary” under most legal frameworks.
- Customize the description and provider name if the defaults don’t match your setup.
- If none are found, this section may be empty or show defaults for reference – delete what isn’t relevant before publishing.
Step 5: Review Analytics Cookies
Cookie consent declaration: Analytics Cookies
This section includes cookies used to collect anonymous statistics and usage data that help improve website performance. These cookies must obtain explicit user consent and must be technically blocked until that consent is given – a critical compliance requirement that should not be overlooked.
Example text:
Analytics cookies help us collect statistical information about visitors to our site and how they interact with it. This data allows us to make improvements and optimize performance. Your consent is needed for these cookies to be activated.
Detected examples may include:
| Cookie Name | Domain | Purpose | Duration | Provider |
| tk_or | aesirx.io | Tracks referring websites and monitors visitor interaction | 1825 days | Jetpack |
What to do:
- Review each analytics cookie detected by the scan and confirm it is used only after user consent.
- Update the purpose and provider fields if the default text doesn’t match your actual setup.
- Make sure these cookies are blocked until the user actively consents.
Step 6: Review Marketing Cookies
How to generate a cookie declaration with AI: Marketing Cookies
This section lists cookies used for advertising, behavioral profiling, or cross-site tracking – a category strictly regulated under GDPR and similar laws. These cookies always require explicit user consent before activation.
Example text:
These cookies are used to track visitors across websites and provide a personalized advertising experience. Consent is required to activate marketing cookies.\
You may see entries such as:
| Cookie Name | Domain | Purpose | Duration | Provider |
| tk_or | aesirx.io | Analyzes marketing effectiveness | Session | Jetpack |
What to do:
- Review each marketing cookie and verify it’s used for advertising or cross-site tracking purposes.
- Update the descriptions to accurately reflect how each cookie functions on your site.
- Ensure all listed cookies are technically blocked until the user gives active, informed consent – this is a non-negotiable compliance requirement.
- If your site doesn’t use marketing cookies (unlikely), delete this section from the declaration before publishing.
Step 7: Review Consent Requirement
AesirX AI Privacy Advisor: Review Consent Requirement
This section outlines the legal rules for activating cookies and reminds users that they have ongoing control over their consent preferences. It reinforces the difference between essential and non-essential cookies and explains how consent can be managed or withdrawn.
Example text:
Non-essential cookies, such as those for analytics and marketing, require your explicit consent to be activated.
You can manage your cookie preferences or withdraw consent at any time by accessing our [Cookie Settings] or consulting our [Privacy Policy].
This declaration ensures transparency regarding our cookie usage and is designed for easy updating and editing within your WordPress configuration to maintain compliance with data protection standards.
What to do:
- Make sure this section accurately reflects how your CMP is actually configured, including clear links to your consent settings and privacy policy.
- Confirm that users can easily update or withdraw their consent at any time, as required under GDPR and similar laws.
- Double-check that the linked pages (Cookie Settings, Privacy Policy) are accessible and up to date.
- Customize the text if your cookie management process differs. For example, if you use a separate dashboard or consent tool.
Step 8: Copy and Preview
What to do:
- It’s important to review and customize each cookie category, even if the declaration appears comprehensive initially.
- Then, click the copy icon to export the generated text. Review and edit it to reflect your actual data practices before adding it to your Cookie Declaration.
Step 9: Re-Generate If Tracking Changes
At the end of the Cookie Declaration section, you’ll see a Regenerate button.
What to do:
- It’s important to regularly re-scanning your site to capture any changes accurately.
- Make periodic checks as part of a documented compliance process, ideally at least quarterly and whenever major site changes occur.
- If you update your website by adding or removing tracking technologies like ad pixels, analytics scripts, or embedded media, or adding new tools, tags, or plugins, you should revisit the AesirX AI Privacy Advisor to check for any Cookie Declaration changes. Keeping it accurate isn’t a one-time task.
- Clicking Regenerate will run a fresh scan and update the Cookie Declaration to reflect the latest setup. It’s the easiest way to keep your documentation compliant over time.
- To make this easier, you can use AesirX Privacy Monitoring, which automatically scans your site on a regular schedule and flags any new scripts or trackers that could affect your compliance. This means your documentation stays up to date without relying on manual checks.
Done! Your Cookie Declaration Draft Is Ready
You’ve successfully generated a Cookie Declaration tailored to your site’s actual behavior using the AesirX Consent Management Platform AI tool. This draft supports alignment with major data protection laws by addressing key transparency and consent obligations.
Want to understand why this matters?
When considering how to create a cookie consent banner, read Tracking Before Consent: It’s the Business Model to learn how most banners fail to comply, and how real-time detection and regeneration closes that legal gap.
