To add a cookie banner, scan your site for cookies, then choose a consent tool or your platform's native option. Customize the banner, and install it so it blocks non-essential cookies before consent, then publish and test it.
This works on any platform and takes most site owners under an hour. Below: the full seven-step process, the mistakes that make a banner decorative instead of compliant, and how to set one up with Consently.
How Do You Add a Cookie Banner to a Website? (Quick Answer)
Adding a working cookie banner takes seven steps, in this order.
- Scan your site to find every cookie and tracker it sets.
- Choose a native platform banner or a consent script, depending on your site.
- Customize the banner's copy, buttons, and consent model.
- Install the banner so it blocks cookies before consent, not after.
- Connect the banner to Google Analytics and your other tags.
- Link a cookie policy and start logging every consent choice.
- Publish, test in incognito, and re-scan on a schedule.
A tool that drops a script into your site's <head> blocks Google Analytics until consent. This is the fastest path for most HTML, WordPress, and Webflow sites.
Do You Actually Need a Cookie Banner?
You need a cookie banner if your site sets non-essential cookies, such as analytics or advertising cookies, and gets EU or UK visitors. You likely need one, or at least an opt-out link, if you serve California or other CCPA-covered traffic, even without tracking cookies.
You might not need a full consent banner if your site uses only strictly necessary cookies: login sessions, shopping carts, or security tokens. The same is true if you switch to a cookieless analytics tool that never sets tracking cookies. See when cookie consent is required for the exact triggers.
- You likely need one if: you run Google Analytics, ad pixels, embedded YouTube or Vimeo videos, live chat widgets, or any third-party script that sets a cookie, and you serve EU, UK, or California visitors.
- You might not need one if: your site sets only strictly necessary cookies, or you run a cookieless analytics tool instead of Google Analytics.
A banner is one piece of the full cookie-compliance process; the rest covers which laws apply to your specific traffic and business.
What You Need Before You Start
Most people underestimate one thing: you need admin access to your site's <head> code, or a platform setting that lets you insert a script there. Without that access, no consent tool can install.
- Roles: the site owner or whoever can edit the site's code or theme settings.
- Time: 30 to 60 minutes for a single-site setup, assuming you already know roughly what cookies you run.
- Inputs: a rough idea of which trackers you use (Google Analytics, ad pixels, chat widgets), a cookie policy and privacy policy or a plan to generate one, and your brand colors for banner styling.
- Tools: a consent tool or CMP, or your website builder's built-in privacy settings if your platform has one.
Step 1: Scan Your Site to See Which Cookies and Trackers You Set
Most sites set more third-party cookies than the owner realizes. Run a cookie scan, or list every script and embed on your site manually, before you touch the banner itself.
Embedded videos, analytics scripts, ad pixels, chat widgets, and social share buttons each set their own cookies, often without the site owner adding them deliberately. A manual list misses the ones buried in theme files or third-party plugins.
💡 A tool like Consently scans your whole site automatically on setup, then re-scans weekly so new embeds do not slip through unnoticed.
Done: you have a full list of the cookies, trackers, scripts, and iframes your site actually sets, categorized as essential or non-essential.
Step 2: Choose How You Will Add the Banner (Native Tool vs Consent Script)
Your website platform decides which route makes sense. Platforms with a built-in banner toggle work differently from platforms where you install a separate consent script. That difference affects whether your banner actually blocks anything.
| Route | Setup effort | Blocks trackers before consent? | Customization |
|---|---|---|---|
| Native platform banner | Lowest (a toggle in settings) | Often no; frequently notice-only | Limited to platform options |
| Consent script | Low (one script in the head) | Yes, when the script is built to block | Full: colors, copy, consent model, languages |
Platforms With a Built-In Banner (Squarespace, Wix, Shopify, Weebly)
These platforms include a cookie banner toggle in their privacy or store settings. The built-in banner is often notice-only. It displays and records a click, but does not reliably block third-party scripts and iframes until the visitor consents.
For Shopify, see the full guide to making a Shopify store compliant. For Wix, follow the step-by-step for adding a banner in Wix. For Squarespace, follow the Squarespace walkthrough.
Platforms Where You Install a Consent Script (WordPress, Webflow, Custom HTML)
On these platforms, you add a one-line script or plugin that displays the banner and blocks other scripts until the visitor consents. A consent script, for example Consently's one line in your site's <head>, gets a blocking banner live fast. You never hand-code the consent logic yourself.
For WordPress, follow the WordPress guide. For Webflow, see the Webflow setup.
Step 3: Customize the Banner and Its Consent Options
Customize six things before you publish: the copy, the buttons, the visual style, the consent model, the language, and accessibility. Skipping the consent model is the most common compliance mistake at this step.
Write plain-language copy that states what cookies you use and links to your policy. Make Reject as easy to click as Accept. Match the banner's position and colors to your site's brand. Set the consent model to opt-in for EU and UK visitors and opt-out for US visitors, since GDPR and CCPA require different defaults. Add languages if you serve visitors outside your primary market. Keep the banner readable, with enough color contrast, so it does not block critical navigation.
Consently gives you built-in layouts, custom colors and fonts, custom CSS, and a live preview, so you see changes before they go live. It also includes a preference center for granular category control. Geotargeted opt-in and opt-out templates in 35 languages show EU and US visitors the right model automatically, without you building two banners.
See what a cookie banner is for its full anatomy and every possible display element.
Done: your banner shows the right copy, the right consent model per region, and Reject sits as prominently as Accept.
Step 4: Install the Banner So It Blocks Cookies Before Consent
A banner that appears but does not block is decoration, not compliance. Place your consent script or tag first in your <head>, before Google Analytics, Google Tag Manager, ad pixels, and any embed. Nothing should load until the visitor makes a choice.
I have tested banners where reject all still left dozens of trackers running. The scripts had already loaded and fired before the banner even finished rendering. The damage happens in the seconds before the visitor reads the popup, not after they click reject. The fix is not a better-looking banner. It is a script that actively blocks non-essential cookies, scripts, and iframes until consent. A banner that just displays a message on top of a tracking page does not fix it.
Getting the load order right takes a few reliable steps.
- Place the consent script as the first line inside
<head>, before any other script tag. - Route every tracking script (GA, ad pixels, embeds) through the consent tool instead of loading them directly.
- Confirm in your browser's network tab that no third-party request fires before you click Accept.
Done right, a consent tool routed through Google Tag Manager will not load tracking scripts until the visitor presses accept. Consently's script auto-blocks non-essential scripts and iframes until consent, including embeds from YouTube, Facebook, Google Maps, and similar platforms. You never have to hand-write the blocking logic yourself.
For the deep mechanics of what "blocking" actually means at the script level, see block cookies before consent. If you route tags through GTM, see set it up through Google Tag Manager.
Done: you open your site in an incognito window, and no analytics, ad, or embed request fires in the network tab until you click Accept.
Step 5: Connect the Banner to Google Analytics and Your Other Tags
Without Consent Mode wiring, Google Analytics either keeps tracking visitors who rejected cookies or stops measuring entirely once you add a blocking banner. Wire your banner to Google Consent Mode v2 so Analytics and Ads respect the visitor's choice instead of breaking or ignoring it.
Consent Mode v2 passes four signals to Google: ad_storage, analytics_storage, ad_user_data, and ad_personalization. Google adjusts what it measures and models based on which of these the visitor grants. If you route tags through Google Tag Manager, wire the consent signals there so every tag responds consistently.
Consently sets Consent Mode v2 automatically on every site, with defaults and updates handled for you, so you never hand-write gtag('consent', ...) code. See how Google Consent Mode works for what each signal actually controls.
Done: Analytics and Ads show consent-aware data instead of either full tracking or a blank dashboard.
Step 6: Link a Cookie Policy and Record Every Consent Choice
A banner that collects consent but keeps no record leaves you exposed if a regulator or a visitor ever asks for proof. Your banner must link to a cookie policy, and you need a stored log of who consented, when, and to what.
Write or generate a cookie policy that lists the categories of cookies you set and why. Link it directly from the banner's text or a "Learn more" link, never buried elsewhere on the site. Then confirm your consent tool logs each choice with a timestamp so you can produce evidence on request.
Consently's cookie policy generator builds the linked policy your banner needs. Its consent logs store every choice with a timestamp and country, exportable whenever you need proof. See what a cookie policy must contain for the required sections.
Done: your banner links to a live cookie policy, and you can export a consent log entry for any visitor who asks.
Step 7: Publish, Test, and Re-Scan on a Schedule
Publishing is not the last step. Test the banner in an incognito window immediately after launch. Then re-scan your site on a recurring schedule, because new embeds add new cookies without warning.
Open your site in a private or incognito browser window. Click Accept and confirm tracking scripts fire. Reload, click Reject instead, and confirm the same scripts stay blocked. Click Manage and confirm each category toggles independently.
- Test Accept: trackers load, banner does not reappear.
- Test Reject: trackers stay blocked, banner does not reappear.
- Test Manage: each category toggles on its own.
- Re-scan monthly: new plugins, embeds, and ad tags add cookies you did not add on purpose.
Consently re-scans your site weekly and keeps a history of every past scan, so you catch new trackers without remembering to check manually.
Common Cookie Banner Mistakes to Avoid
The single most damaging mistake is a banner that displays but does not block. Trackers fire regardless of what the visitor clicks, which defeats the entire purpose of the banner.
- Banner shows but does not block scripts. Data collects before consent, which is non-compliant under GDPR and ePrivacy. Fix: load the consent script first and use a tool that auto-blocks by default, not one that only displays a message.
- Reject is hidden or harder to find than Accept. This makes consent invalid under GDPR, since Reject must be as easy to select as Accept. Fix: give both buttons equal size and equal visual weight.
- Relying only on the platform's built-in notice-only banner. Third-party trackers keep firing even after the visitor rejects. Fix: add a real consent script that actively blocks, not just a notice.
- No cookie policy linked and no consent record kept. A banner that collects consent but logs nothing leaves you exposed in an audit or a complaint. Fix: link a policy from the banner and keep exportable consent logs.
- Set-and-forget banners that never get re-scanned. A significant share of sites do not have their banners properly maintained, because new embeds and plugins quietly add unblocked cookies over time. Fix: re-scan monthly, not just at setup.
How Consently Adds Your Cookie Banner in One Script
Add your site to Consently, then customize the banner in your brand colors. Set the right opt-in or opt-out model per region, and copy one script into your site's <head>.
From there, Consently scans your site for cookies and trackers, then blocks non-essential scripts and iframes until the visitor consents. It signals Google Consent Mode v2 automatically and records every consent choice with a timestamp and country. It also generates the linked cookie policy your banner points to. Banners render in 35 languages, follow WCAG 2.2 AA accessibility practices, and the preference center gives visitors granular control by category.
Consently's cookie policy generator and consent logs are compliance assistance tools, not a legal guarantee. Explicit consent only, with no implied or scroll-based consent, keeps the setup aligned with GDPR's stricter standard. Note also what it does not do: it does not detect Global Privacy Control signals, and it is scoped to websites, not native mobile apps.
FAQs
How do I add a cookie banner to my website for free?
Several tools and platform-native options include a free tier, usually with a page-view cap, a branding requirement, or a limited feature set. Consently's free 14-day trial gives full feature access before you commit to a paid plan.
How long does it take to add a cookie banner?
Most site owners get a working banner live in under an hour, once they know roughly what cookies their site sets. Scanning first shortens the rest of the setup because you are not guessing at what to configure.
Do I need a cookie banner if I only use Google Analytics?
Yes, if Google Analytics sets cookies and you get visitors from the EU or UK, since GDPR requires consent before non-essential cookies load. You can also switch to a cookieless analytics tool that never sets tracking cookies and skip the banner entirely. See consent for Google Analytics for the exact setup.
Can I add a cookie banner without any code?
Yes. Native-toggle platforms let you enable a banner from settings with no code. Most consent scripts install with a single paste into your site's <head>, no custom coding required.
Does my platform's built-in cookie banner actually block trackers?
Often, no. Many native banners are notice-only: they display and record a choice, but do not stop third-party scripts from loading before or after that choice. Check your platform's documentation, or add a consent script that blocks by default.
What happens if I don't have a cookie banner?
If your site sets non-essential cookies and serves EU or UK visitors, running without valid consent breaches GDPR and ePrivacy rules. Regulators can issue fines, and visitors can complain. In the US, missing a required opt-out link can also trigger CCPA enforcement.
How do I add a cookie banner to a plain HTML website?
Paste your consent tool's script tag into your site's <head>, before any other script. On a plain HTML site, this is often the single easiest way to add a compliant, blocking banner without writing your own consent logic.
Why do trackers still fire after a visitor clicks "reject"?
Usually the tracking scripts loaded and started running before the banner appeared. Or they were never wired to the consent tool's blocking rules in the first place. The fix is placing the consent script first in <head> and routing every tracker through it.
Do I need a cookie policy as well as a banner?
Yes. The banner collects the consent choice; the cookie policy explains what cookies you use and why, and the banner should link directly to it.
Ready to get your cookie banner live? Consently adds it with one script in your site's head. It scans your site for cookies, blocks non-essential scripts and iframes until the visitor chooses, and signals Google Consent Mode v2. It also records every consent choice and generates the linked cookie policy. Start a free 14-day trial with Consently's cookie banner builder, no credit card required, and have a working banner live today.

