Free Cookie Policy Template (GDPR and CCPA Ready)

Copy this free cookie policy template (GDPR and CCPA ready), plus a section by section fill guide and downloads in Google Doc, PDF, and Word.


by Riad Us Salehin • 5 July 2026


This free cookie policy template covers every section a compliant policy needs. It defines cookies, states why your site uses them, lists them in a table, and explains how visitors withdraw consent. Copy it directly, or download it as a Google Doc, PDF, or Word file.

Below: the full template with GDPR and CCPA versions, a walkthrough of what each section covers, and a step by step guide. Fill in every bracketed placeholder with your site's real cookie data.

Copy the template: [Copy to clipboard] Formats: Google Doc | PDF | Word (.docx) This starting template is not legal advice. Have a qualified professional review your finished policy before you publish it. Prefer a version that updates itself as your site changes? Consently can generate one from a live scan of your site.

The Cookie Policy Template (Copy, Paste, and Customize)

Here is a complete cookie policy template you can copy and adapt. Replace every value in [brackets] with your own site's information.

``` Cookie Policy

Effective Date: [Insert Date] Last Updated: [Insert Date]

This Cookie Policy explains how [Website Name] ("we," "us," or "our") uses cookies and similar technologies when you visit [Website URL].

  1. What Are Cookies?

Cookies are small text files that are placed on your device when you visit [Website Name]. They help the website function, remember your preferences, and provide information to the site owner.

  1. Why We Use Cookies

We use cookies to:

  • Keep the site secure and working
  • Remember your preferences
  • Measure how visitors use the site
  • Show relevant advertising

(Delete any purpose that does not apply to your site.)

  1. Types of Cookies We Use
  • Strictly Necessary / Essential: cannot be switched off; required for the

site to function.

  • Functional / Preferences: remember choices such as language or region.
  • Performance / Analytics: measure traffic and usage patterns.
  • Advertising / Marketing: deliver and measure relevant ads.
  • Social / Targeting: enable social sharing and cross-site tracking.
  • Unclassified: cookies not yet categorized.

(Delete any category your site does not use. Strictly Necessary almost always stays.)

  1. Cookie List

The table below lists the cookies active on this site. Replace the example rows with the results of your own cookie scan.

Cookie nameProvider / domainCategoryPurposeDuration
session_id[Website Name]Strictly NecessaryMaintains your login sessionSession
_gaGoogle AnalyticsAnalyticsDistinguishes unique visitors2 years
_fbpMetaAdvertisingTracks ad performance and retargeting3 months

(Example rows only. Replace with your own scan results before publishing.)

  1. First-Party and Third-Party Cookies (and Similar Technologies)

Some cookies are set by us (first-party) and some by third parties such as [Google Analytics], [Meta/Facebook Pixel], and [YouTube]. We also use similar technologies such as pixels, tags, web beacons, and SDKs.

  1. Cookie Duration

Session cookies are deleted when you close your browser. Persistent cookies remain on your device until they expire or you delete them. See the Duration column in Section 4 for each cookie's specific lifespan.

  1. How You Can Control or Withdraw Consent

You can accept, reject, or change your cookie preferences at any time via [our cookie banner / preference center link]. You can also manage cookies directly in your browser:

  • Chrome: [link to Chrome cookie settings]
  • Safari: [link to Safari cookie settings]
  • Firefox: [link to Firefox cookie settings]
  • Edge: [link to Edge cookie settings]

Rejecting cookies may limit some site functionality.

  1. Changes to This Cookie Policy

We may update this Cookie Policy from time to time. Any changes will be posted on this page with a revised "Last Updated" date.

Contact: [Your contact email] / [Your website URL] ```

GDPR Version (EU and UK Opt-In)

Use this version if your site serves visitors in the EU or UK. GDPR and the ePrivacy Directive require consent before non-essential cookies load, so Sections 2 and 7 shift to an opt-in frame.

Section 2 states that non-essential cookies (analytics, advertising, social) load only after the visitor consents, not before. Section 7 replaces the browser-only language with new wording.

By default, only strictly necessary cookies load when you first visit this site. You can review and accept, reject, or customize all other cookie categories through our preference center before they are set. You can withdraw consent at any time with the same control.

This wording reflects the ICO's cookie guidance. Consent must be freely given, specific, informed, and given through a clear positive action, never a pre-ticked box or continued browsing.

CCPA / US State Law Version (Opt-Out)

Use this version for a site serving US visitors, particularly California residents. CCPA and CPRA do not require prior consent for cookies. They require notice and an opt-out mechanism instead, so Sections 2 and 7 shift to an opt-out frame.

Section 2 adds a line about opt-out rights.

We do not require your consent before setting cookies. You have the right to opt out of the sale or sharing of your personal information collected through cookies.

Section 7 replaces the standard language with opt-out controls.

You can opt out of the sale or sharing of your personal information by clicking "Do Not Sell or Share My Personal Information" in our footer, using our Cookie Preferences Center, or enabling a Global Privacy Control (GPC) signal in your browser.

CPRA also requires separate opt-in consent before selling or sharing a minor's personal information.

Available Formats (Google Doc, PDF, Word, HTML)

Every format contains the same eight sections. Pick the format that fits how you edit and publish your legal pages.

FormatBest for
Copy and paste (above)Pasting straight into your CMS or page builder
Google DocMaking a copy and editing collaboratively before publishing
PDFSharing a reference version with a lawyer or teammate
Word (.docx)Dropping into an existing legal-documents folder
HTML snippetEmbedding directly into a static site or footer template

[Download Google Doc] [Download PDF] [Download Word .docx] [Copy HTML snippet]

A cookie policy is only one of the legal documents a website typically needs. You may also need a terms and conditions template alongside this one. A cookie policy is just one of several website legal pages most sites carry.

What's Inside This Cookie Policy Template

The template above has eight sections, each disclosing one part of how your site uses cookies. This breakdown lets you understand every section even before you open the copyable block.

  1. Header (Effective Date, Last Updated): every compliant cookie policy carries a current effective and last-updated date. A stale date signals to regulators and visitors that the policy has not kept pace with the site.
  2. What Are Cookies: a plain-language definition. This section rarely needs editing beyond the site name.
  3. Why We Use Cookies: the actual purposes your site's cookies serve. Delete any purpose (functionality, preferences, analytics, advertising) that does not apply.
  4. Types of Cookies We Use: the category list matching what a cookie scan returns, so your policy and your consent banner use the same category names.
  5. Cookie List: the site-specific inventory table (cookie name, provider, category, purpose, duration). This is the section a static template cannot fill in for you.
  6. First-Party and Third-Party Cookies: names the actual third parties setting cookies on your site, plus non-cookie trackers like pixels and SDKs.
  7. Cookie Duration: explains session versus persistent cookies and points back to the Duration column in Section 4.
  8. Controls, Changes, and Contact: how visitors withdraw consent, how you will disclose future changes, and how to reach you.

Who This Template Is For

This template fits a specific set of site owners, and it is not the right tool for every workflow.

  • Solo site owners and bloggers publishing on WordPress, Wix, or Squarespace who need a compliant policy without hiring a lawyer.
  • Small businesses running a marketing site with Google Analytics or a Meta Pixel installed.
  • Agencies and freelancers filling in policies for multiple client sites from the same starting document.
  • E-commerce stores on Shopify or WooCommerce running analytics, retargeting, and checkout-related cookies.
  • Anyone who just added their first analytics or ad-tracking script and needs a policy to match.

This template is not built for apps with no website or domain, since policy generation and hosting both assume a live site. It also cannot replace a full IAB TCF vendor-consent setup. Publishers running programmatic advertising need a consent management platform, not a static document.

How to Fill In This Cookie Policy Template

Filling in the template takes eight steps, one per section. The order matters: the Cookie List step needs information the earlier steps skip.

  1. Header: enter today's date as both the Effective Date and Last Updated date. Done when both fields show a real date, not a placeholder.
  2. What Are Cookies: replace [Website Name] with your site's name. This section is otherwise pre-written and rarely needs further editing.
  3. Why We Use Cookies: delete any bulleted purpose your site does not actually serve. Done when the list matches only the cookie categories you use.
  4. Types of Cookies We Use: delete categories your site does not set. Almost every site keeps Strictly Necessary; most keep Analytics.
  5. Cookie List (the step people get wrong): open your browser's developer tools (Application tab in Chrome) or run a cookie scanner across your live site. Record every cookie's name, provider, category, purpose, and expiry. Do not ship the example rows unchanged, and do not copy another website's cookie list: their cookies are not yours, and a mismatched list is the actual compliance failure regulators flag. Done when every row reflects a cookie your own scan found.
  6. First-Party and Third-Party Cookies: name each third party from your scan (Google Analytics, Meta Pixel, YouTube, and similar). Done when every third-party service in your Cookie List also appears here by name.
  7. Cookie Duration: no editing needed beyond confirming the Duration column in Section 4 is filled in.
  8. Controls, Changes, and Contact: link your live cookie banner or preference center if one exists, and fill in your contact email and site URL. Done when a visitor can click through to actually change their preferences.

Placeholder to source map:

  • [Website Name], [Website URL] → your site's public name and domain
  • Cookie name, provider, category, purpose, duration → a browser DevTools scan or a cookie scanner, never guesswork
  • Third-party names → the same scan, cross-referenced against your analytics and ad-tech installs
  • [Your contact email] → the inbox that should receive privacy questions

A template alone does not finish the job. You must know exactly what your site collects before any blank can be filled in correctly. That is why the Cookie List step comes last. For the full writing process behind every section, see how to write a cookie policy step by step. To see finished, filled-in examples, browse real cookie policy examples.

When You Need a Cookie Policy (and When a Template Is Not Enough)

You need a cookie policy if your site sets non-essential cookies, such as analytics, advertising, or social widgets. You also need one if your site serves visitors in a region with cookie-specific disclosure laws.

The UK Information Commissioner's Office sets three rules for any site using cookies. Tell visitors the cookies are there. Explain what they do and why. Get consent first. The one exception: cookies that are strictly necessary to provide a service the visitor requested. That exemption covers things like a shopping-cart session cookie or a login-security cookie. It does not cover analytics or advertising cookies, even ones site owners consider harmless.

A static template cannot keep your Cookie List current. The moment you add a new analytics tool, a chat widget, or an ad pixel, Section 4 goes out of date. An inaccurate cookie list, not clumsy wording, is what regulators and users actually flag as a compliance gap.

Two practical exceptions are worth naming honestly. A site with no analytics or advertising scripts, running only strictly necessary cookies, may not need a separate cookie policy under the ICO's exemption. A small site can also fold its cookie disclosure into its privacy policy instead of publishing a standalone document. GDPR and the ePrivacy Directive require the disclosure to exist somewhere accessible. They do not require it to be a separate page.

FAQs

Is this cookie policy template free?

Yes. The full template, every section, and every download format are free with no email required.

Can I just copy and paste a cookie policy template?

You can copy the structure, but you must replace every placeholder and the Cookie List with your own site's real cookies. Do not copy another website's finished policy verbatim. Their cookies and third parties are not yours, and a mismatched list is the actual violation regulators look for.

Is a cookie policy a legal requirement?

Yes, if your site uses non-essential cookies or serves visitors in the EU, UK, or a US state with a comprehensive privacy law. The ICO requires disclosure and consent for any cookie that is not strictly necessary. For the full legal breakdown, see what a cookie policy must legally include.

What is the difference between a cookie policy template and a cookie policy generator?

A template is a static document you fill in by hand. A generator scans your site, builds the cookie list automatically, and keeps it current as your site changes.

Do I need a separate cookie policy, or can I put it in my privacy policy?

Either is valid. Many sites keep a separate cookie policy and reference it from their privacy policy and consent banner. Smaller sites often fold cookie disclosure directly into the privacy policy instead.

Can I use this cookie policy template on WordPress, Shopify, or Wix?

Yes. It is plain text, so you can paste it into any platform's page editor or legal-pages section. This works regardless of which website builder or store platform you use.

How often do I need to update my cookie policy?

Update it whenever the cookies or third-party tools on your site change, and review it periodically even if nothing changes. Refresh the "Last Updated" date every time you edit it.

Is it "cookie policy" or "cookies policy"?

Both terms describe the same document. Pick one and use it consistently across your site.

Generate a Live Cookie Policy With Consently (When the Template Goes Stale)

A static template documents your cookies once. Consently scans your live site, builds the Cookie List automatically, and regenerates it as your site changes, so the policy never goes stale.

The manual template has three limitations. A live scan removes each one.

  • The Cookie List goes stale. A hand-filled table is accurate only on the day you write it. Every new tool, embed, or pixel you add afterward silently breaks it. Consently re-scans your site on setup, on a weekly schedule, and on demand, then regenerates the list automatically.
  • You have to hand-discover third parties and similar technologies. Finding every tracker, script, and iframe yourself means checking DevTools every time something changes. Consently's scanner detects cookies, trackers, scripts, and iframes for you and sorts them into categories automatically.
  • A document alone does not collect consent. The template gives you the words, but consent still has to be captured and kept in sync with what the policy says. Consently pairs the generated cookie policy with a consent banner, a preference center, and exportable consent logs, all from one dashboard.

Consently's cookie policy generator helps you produce a policy in minutes and keep it current. It is a compliance assistance tool, not a substitute for legal advice on your specific situation. Try Consently free and connect your site to see your own cookie list, generated from a real scan instead of a placeholder table.

AUTHOR

Riad Us Salehin is the content lead at Dorik. He is a passionate content creator who lets the work speak for itself. Focused on taking brands and causes to the next level.

Read More

Subscribe to Consently
Newsletter

Subscribe to our newsletter to stay updated with latest articles from our blog.

Built with ❤️ by the team @ Dorik.com 

GET IN TOUCH

Any questions? Feel free to chat with us or reach out to us at

For any queries:
support@consently.net

Follow us:


©2026 Dorik, Inc. All rights reserved.