Skip to main content

Fix Guides

How to Fix a Missing Cookie Policy & Consent Banner

Disclose your cookies and collect valid consent where the law requires it.

Quick fix

To fix a missing cookie policy, publish a page listing the cookies you set (name, purpose, duration, first/third-party) and — where laws like the EU ePrivacy Directive apply — add a consent banner that blocks non-essential cookies until the visitor agrees. Link the policy in your footer and re-scan.

A cookie policy explains what cookies your site uses and why; a consent banner collects permission before non-essential cookies load. Missing either is a common compliance gap for sites using analytics, ads or embeds. Fixing it clears the finding and keeps you compliant with ePrivacy/GDPR.

Check your website

See how your site handles how to fix a missing cookie policy & consent banner — free, no account needed.

Business impact

Regulators in the EU and UK actively enforce cookie consent, and non-compliant banners have drawn fines. Beyond the legal risk, a clear cookie notice reassures visitors and is expected by ad and analytics platforms. Getting consent right also improves the quality of your consent-mode analytics data.

Why this happens

The scanner flags "Cookie Policy Missing" when no cookie policy link is detected. Two related obligations: (1) a cookie policy page disclosing each cookie, and (2) prior consent for non-essential cookies (analytics, ads, marketing) under the ePrivacy Directive. Strictly necessary cookies do not need consent. A compliant banner must let users refuse as easily as accept and must not drop non-essential cookies before consent.

How to confirm the issue

Manually: open DevTools → Application → Cookies before interacting with any banner. If analytics/ad cookies are already set, your consent gating is not working. Check the footer for a cookie policy link.

With Plexa Trust: look for "Cookie Policy Missing" in scan results and re-scan after publishing the policy.

Step-by-step fix

  1. Audit the cookies your site sets (DevTools → Application → Cookies) and categorise them.

  2. Create a cookie policy page listing each cookie: name, purpose, duration, first/third-party.

  3. Add a consent management platform (CMP) or banner that blocks non-essential cookies until consent.

  4. Ensure "Reject" is as easy as "Accept" and record consent.

  5. Link the cookie policy in your footer and from the banner.

  6. Re-scan to confirm "Cookie Policy Missing" clears.

Platform-specific fixes

WordPress

  1. Install a consent plugin (e.g. Complianz, CookieYes, or Really Simple SSL's consent module).

  2. Run its cookie scan to auto-generate the policy and banner.

  3. Enable script blocking so analytics/ads wait for consent; add the policy page to your footer.

Shopify

  1. Use Shopify's built-in customer privacy/consent settings (Settings → Customer privacy).

  2. Enable the cookie banner and configure regions where consent is required.

  3. Add a cookie policy page under Settings → Policies or as a content page linked in the footer.

Google Analytics / Ads (Consent Mode)

  1. Implement Google Consent Mode v2 so tags respect consent state.

  2. Connect a certified CMP that signals consent to Google tags.

  3. Verify tags do not fire before consent using Tag Assistant.

Custom / static site

  1. Integrate a CMP (Cookiebot, Osano, Termly, etc.) via a script snippet.

  2. Gate analytics/ad scripts behind the consent callback.

  3. Publish a cookie policy page and link it site-wide.

How to verify the fix

  • Block non-essential cookies until consent — do not just show a notice.

  • Make Reject as prominent and easy as Accept.

  • Keep the cookie list current with a periodic re-scan of your own cookies.

  • Re-scan with Plexa Trust and confirm "Cookie Policy Missing" is cleared.

Common mistakes

  • Dropping analytics/ad cookies before the user consents.

  • A banner with only an "Accept" button and no easy reject.

  • A cookie policy that does not match the cookies you actually set.

  • Treating a cookie policy as a substitute for consent (they are separate obligations).

Frequently asked questions

Do I need both a policy and a banner?

Often yes. The policy discloses your cookies; the banner collects consent for non-essential ones where ePrivacy/GDPR applies.

Which cookies need consent?

Non-essential ones — analytics, advertising, marketing, some embeds. Strictly necessary cookies (e.g. login, cart) do not.

Is a cookie policy the same as a privacy policy?

No. They overlap but serve different purposes. Many sites keep a dedicated cookie policy and reference it from the privacy policy.

Do I need consent if I only use Google Analytics?

In the EU/UK, yes — analytics cookies are non-essential, so consent is required before they load.

What is Consent Mode v2?

A Google framework where tags adjust behaviour based on the user's consent choices, required for EEA traffic in Google Ads/Analytics.

Can I use a free banner?

Yes, many CMPs have free tiers. The key is that it actually blocks non-essential cookies until consent and offers an easy reject.

Does this apply to US visitors?

US state laws (e.g. CPRA) focus more on opt-out and "Do Not Sell/Share". Requirements differ from the EU consent model.

How do I confirm the fix?

Verify no non-essential cookies set before consent (DevTools), the policy is linked, and Plexa Trust no longer reports "Cookie Policy Missing".

Think you've fixed it?

Run a free scan to verify the issue is resolved. Upgrade to Pro on Plexa Trust for the full audit, monitoring alerts, and score history.

Verify with a free scan

Upgrade to Pro for monitoring