Do I need a cookie banner on my website?
Cookie banners are annoying but, in most cases, legally required. Here's exactly when you need one, what it has to do, and how to set it up properly without ruining your site.
Quick answer
If your website sets any cookies other than strictly necessary ones (and almost all modern sites do — Google Analytics, embedded YouTube, social widgets, retargeting pixels), you need a cookie banner under UK GDPR, EU GDPR, and similar laws. The banner must let visitors choose to accept or reject non-essential cookies BEFORE those cookies are set. A simple compliant banner takes 15 minutes to add via a free tool. California (CCPA) has different rules — opt-out is enough rather than opt-in.
Step-by-step
- 1
What a cookie banner does (and what it doesn't)
A cookie banner appears the first time someone visits your site and asks for consent before non-essential cookies are set. Compliant banners in UK/EU jurisdictions must let visitors accept all, reject all, or customise (per-category consent). The reject option must be as easy to find as accept — 'Reject all' buttons hidden behind 'Manage preferences' are non-compliant and have been fined repeatedly. A cookie banner is NOT a privacy policy — they're two different things, both required (the banner is consent UI; the policy is the disclosure document).
- 2
When you legally need one
You need a cookie banner if your site sets any cookie that isn't strictly necessary for the site to function. 'Strictly necessary' is a narrow category — session cookies, shopping cart cookies, security cookies, login cookies. EVERYTHING else needs consent: Google Analytics, embedded YouTube, embedded Google Maps with user data, Facebook pixel, retargeting pixels, A/B testing tools, chat widgets, social share buttons that load before consent. Practical reality: if your site has any analytics or any embedded third-party content, you need a cookie banner. The list of websites that genuinely don't need one is very short.
- 3
What a compliant banner must do
Five requirements under UK/EU law. One: appear BEFORE any non-essential cookies are set. Two: clearly say what cookies you set and why. Three: give a real 'Reject all' option as easy as 'Accept all' — same visual prominence, same number of clicks. Four: let visitors change their mind later (a re-open link in the footer is standard). Five: record consent so you can prove you got it if challenged. A banner that auto-accepts on scroll or just says 'By using this site you agree' is NOT compliant and is the most commonly fined pattern.
- 4
How to add one in 15 minutes
Three practical options. One: use a free or low-cost cookie consent tool — Cookiebot, Termly, CookieYes, or Iubenda all have free tiers for small sites. Sign up, scan your site, paste a script into your site's head, configure the wording. Two: use a website builder that has cookie consent built in — Adviita generates a compliant banner automatically based on the cookies your site sets. Three: handcraft one if you have a developer, but you'll still need to maintain the cookie list and consent records. Path one or two is right for almost every small business.
- 5
Common mistakes that get you fined
Setting cookies before consent is given (the cookie banner appears but Google Analytics has already fired — this is the most common violation). 'Reject all' hidden under sub-menus while 'Accept all' is one click. Pre-ticked consent boxes. Banner that auto-disappears with no action recorded. Cookie policy that says you use X, Y, Z cookies but actually you use M, N, O. Not letting visitors withdraw consent as easily as they gave it. All of these are routinely fined in the UK and EU.
Tips & best practices
- ▸If your only non-essential cookie is Google Analytics, consider switching to a privacy-first analytics tool (Plausible, Fathom, or Adviita's built-in analytics) that doesn't require consent. You can remove the banner entirely.
- ▸Cookie banners hurt conversion. The fastest legitimate way to reduce their impact is to minimise the non-essential cookies you actually need — fewer trackers, fewer embeds, less complexity.
- ▸Test your site in incognito mode after setting up the banner. Open browser developer tools, go to Application > Cookies, and confirm NO non-essential cookies are set until you click 'Accept'.
Common questions
Do I need a cookie banner if I only have Google Analytics?
+−
Yes, in the UK/EU/most of Europe. Google Analytics sets non-essential cookies and is the single most common reason small business sites need a banner. Alternative: switch to a privacy-first analytics tool that doesn't require consent (Plausible, Fathom, Adviita's built-in analytics), and you can drop the banner entirely.
Do I need a cookie banner if I only serve US customers?
+−
Less strict requirements. CCPA (California) is opt-OUT — a 'Do Not Sell or Share My Personal Information' link in your footer is the minimum. Most other US states are similar. The catch: if EU or UK visitors might find your site (and most websites are findable globally), you should probably have a banner anyway.
Does Adviita generate a cookie banner automatically?
+−
Yes. Adviita's default analytics is privacy-first and doesn't require consent, but if you add any third-party tools that set cookies, a compliant cookie banner is generated automatically.
Are cookie banners actually enforced?
+−
Yes. The UK ICO, French CNIL, German DPAs, and others have issued substantial fines on small and large businesses for non-compliant banners. Most enforcement starts from a single visitor complaint, so it's effectively random — having a compliant banner is cheap insurance.