Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
AddToAny Share Buttons is the official WordPress plugin for the AddToAny social sharing service, used on more than 600,000 WordPress sites worldwide. It exposes share buttons for Facebook, X, LinkedIn, WhatsApp, Telegram, Pinterest, Email and many other channels via a JavaScript snippet from static.addtoany.com. The plugin also offers a no JavaScript fallback that keeps share buttons functional without loading any third party script before the user clicks.
AddToAny Share Buttons is the official WordPress plugin for the AddToAny social sharing service operated by AddToAny LLC in the United States. It is one of the most installed sharing plugins on WordPress with more than 600,000 active installations. The plugin adds standard, floating or custom share buttons to posts, pages and custom post types, supporting Facebook, X, LinkedIn, WhatsApp, Telegram, Reddit, Pinterest, Email and many other destinations. Compared to the bare AddToAny snippet, the plugin offers WordPress specific integration: shortcode, widget, block, position controls and a no JavaScript mode.
In default mode, the plugin enqueues page.js from static.addtoany.com on every page where buttons are rendered. The script transmits the visitor IP, User Agent and current URL to AddToAny servers and may set a uvc counter cookie. The plugin can also load the icons SVG sprite from m.addtoany.com. In the no JavaScript mode, the plugin renders direct share links and does not load any AddToAny asset, so no transfer is triggered until the user actually clicks. When a user clicks a button, the destination social network is contacted exactly the same way as if the user had pasted the URL manually.
In default mode, the plugin loads a third party script automatically on every public page where buttons appear. This processing triggers Article 5(3) of the ePrivacy Directive and Article 6 of the GDPR. The IP transfer to the United States is covered by Chapter V GDPR. EU DPAs have consistently held that social sharing widgets are not strictly necessary, so prior consent is required. In no JavaScript mode the picture is different: no script loads before the user clicks, the buttons are static HTML links, and consent is generally not required to display them, although the user must still be informed.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Yes if you use the default JavaScript mode: block the plugin script behind your consent banner or only enqueue it after consent. In no JavaScript mode you can render the buttons by default, but the user should still be informed that clicking a button will load the corresponding social network. WordPress consent plugins such as Complianz, Cookiebot, Real Cookie Banner and CookieYes ship with built in blocking rules for AddToAny that handle this gracefully.
AddToAny LLC is based in the United States and processes data on US infrastructure. AddToAny is not currently listed on the EU US Data Privacy Framework, so transfers must rely on Standard Contractual Clauses or another Article 46 or 49 mechanism. The plugin documentation does not include an off the shelf data processing agreement, so site operators that want to keep using the default mode should request one from AddToAny or switch to the no JavaScript mode.
Enable the no JavaScript mode in the plugin settings if you do not want to manage consent, or pair the default mode with your consent management platform so that page.js is only loaded after the user accepts. Add an entry to your privacy policy describing AddToAny LLC and the social networks invoked. Use Real Cookie Banner, Complianz, Cookiebot or a similar CMP with a ready made AddToAny template. Audit your front end with a tool like webbkoll or HTTP Archive to confirm that no AddToAny script fires before consent.
Websites using AddToAny Share Buttons must obtain user consent under GDPR regulations.
DPIA considerations
Most blogs and editorial WordPress sites will not need a standalone DPIA for AddToAny Share Buttons. The integration must be recorded in the Article 30 register and the cookie banner. When the site uses the plugin together with Jetpack stats, Google Analytics and other social embeds, a wider DPIA covering all third party trackers is appropriate.
Sample consent text
We use the AddToAny Share Buttons plugin to let visitors share our posts. The default mode sends your IP address and page URL to AddToAny LLC in the United States. Do you accept?
Third-party domains contacted
static.addtoany.comm.addtoany.comaddtoany.comd26b395fwzu5fz.cloudfront.netfacebook.comtwitter.comlinkedin.comwa.mepinterest.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| uvc | third party | 5 years | Set by AddToAny to count unique visitors that load the share buttons script, only in default JavaScript mode. |
| __cf_bm | third party | 30 minutes | Cloudflare Bot Management session cookie set on AddToAny CDN domains to filter automated traffic. |
| cf_clearance | third party | 30 days | Cloudflare clearance cookie set after passing a bot challenge on AddToAny domains. |
AddToAny Share Buttons collects user analytics data — you legally need a consent banner. Try FlowConsent free.
In default mode the plugin enqueues page.js from static.addtoany.com, which can set a uvc counter cookie and triggers Cloudflare cookies (cf_clearance, __cf_bm) on the AddToAny CDN. In no JavaScript mode no AddToAny cookie is set at all because no AddToAny script is loaded.
Yes. The page.js script is a third party tag loaded automatically; it is not strictly necessary for the user to access the page and falls under Article 5(3) of the ePrivacy Directive. Block the plugin behind your consent manager or enqueue it only after consent.
Consent under Article 6(1)(a) GDPR and Article 5(3) ePrivacy in default mode. In no JavaScript mode you can rely on legitimate interest for displaying the static links, with consent required only when the user clicks and the destination network is contacted.
Yes in default mode (IP and URL go to AddToAny LLC in the US). In no JavaScript mode no transfer occurs until the user clicks, and then only the destination social network is contacted. Document the transfer in your privacy policy and reference SCC where applicable.
No, on a standalone basis. Document the integration in your record of processing. If the site embeds many third party widgets, include AddToAny in a broader DPIA covering social plugins and analytics.
Decide between default mode (with consent) and no JavaScript mode. Configure the matching cookie banner template (Complianz, Cookiebot, Real Cookie Banner all support AddToAny). Update the privacy policy with AddToAny LLC and the social networks invoked. Verify behaviour with a test browser without consent.
Static share URLs as plain HTML buttons (no script), the German Shariff plugin (self hosted), Sassy Social Share with no API mode, or simply native Web Share API on supported mobile browsers.
Add an entry under Social media or Marketing: provider (AddToAny LLC, USA), domains (static.addtoany.com, m.addtoany.com), cookies (uvc, Cloudflare cookies), purpose (display share buttons), transfer mechanism (SCC) and retention. Mention that the no JavaScript fallback is available.