To fix a missing cookie policy, publish a page listing the cookies you set (name, purpose, duration, first/third-party) and — where laws like the EU ePrivacy Directive apply — add a consent banner that blocks non-essential cookies until the visitor agrees. Link the policy in your footer and re-scan.
A cookie policy explains what cookies your site uses and why; a consent banner collects permission before non-essential cookies load. Missing either is a common compliance gap for sites using analytics, ads or embeds. Fixing it clears the finding and keeps you compliant with ePrivacy/GDPR.
Check your website
See how your site handles how to fix a missing cookie policy & consent banner — free, no account needed.
Business impact
Regulators in the EU and UK actively enforce cookie consent, and non-compliant banners have drawn fines. Beyond the legal risk, a clear cookie notice reassures visitors and is expected by ad and analytics platforms. Getting consent right also improves the quality of your consent-mode analytics data.
Why this happens
The scanner flags "Cookie Policy Missing" when no cookie policy link is detected. Two related obligations: (1) a cookie policy page disclosing each cookie, and (2) prior consent for non-essential cookies (analytics, ads, marketing) under the ePrivacy Directive. Strictly necessary cookies do not need consent. A compliant banner must let users refuse as easily as accept and must not drop non-essential cookies before consent.
How to confirm the issue
Manually: open DevTools → Application → Cookies before interacting with any banner. If analytics/ad cookies are already set, your consent gating is not working. Check the footer for a cookie policy link.
With Plexa Trust: look for "Cookie Policy Missing" in scan results and re-scan after publishing the policy.
Step-by-step fix
Audit the cookies your site sets (DevTools → Application → Cookies) and categorise them.
Create a cookie policy page listing each cookie: name, purpose, duration, first/third-party.
Add a consent management platform (CMP) or banner that blocks non-essential cookies until consent.
Ensure "Reject" is as easy as "Accept" and record consent.
Link the cookie policy in your footer and from the banner.
Re-scan to confirm "Cookie Policy Missing" clears.
Platform-specific fixes
WordPress
Install a consent plugin (e.g. Complianz, CookieYes, or Really Simple SSL's consent module).
Run its cookie scan to auto-generate the policy and banner.
Enable script blocking so analytics/ads wait for consent; add the policy page to your footer.
Shopify
Use Shopify's built-in customer privacy/consent settings (Settings → Customer privacy).
Enable the cookie banner and configure regions where consent is required.
Add a cookie policy page under Settings → Policies or as a content page linked in the footer.
Google Analytics / Ads (Consent Mode)
Implement Google Consent Mode v2 so tags respect consent state.
Connect a certified CMP that signals consent to Google tags.
Verify tags do not fire before consent using Tag Assistant.
Custom / static site
Integrate a CMP (Cookiebot, Osano, Termly, etc.) via a script snippet.
Gate analytics/ad scripts behind the consent callback.
Publish a cookie policy page and link it site-wide.
How to verify the fix
Block non-essential cookies until consent — do not just show a notice.
Make Reject as prominent and easy as Accept.
Keep the cookie list current with a periodic re-scan of your own cookies.
Re-scan with Plexa Trust and confirm "Cookie Policy Missing" is cleared.
Common mistakes
Dropping analytics/ad cookies before the user consents.
A banner with only an "Accept" button and no easy reject.
A cookie policy that does not match the cookies you actually set.
Treating a cookie policy as a substitute for consent (they are separate obligations).
Frequently asked questions
Do I need both a policy and a banner?
Often yes. The policy discloses your cookies; the banner collects consent for non-essential ones where ePrivacy/GDPR applies.
Which cookies need consent?
Non-essential ones — analytics, advertising, marketing, some embeds. Strictly necessary cookies (e.g. login, cart) do not.
Is a cookie policy the same as a privacy policy?
No. They overlap but serve different purposes. Many sites keep a dedicated cookie policy and reference it from the privacy policy.
Do I need consent if I only use Google Analytics?
In the EU/UK, yes — analytics cookies are non-essential, so consent is required before they load.
What is Consent Mode v2?
A Google framework where tags adjust behaviour based on the user's consent choices, required for EEA traffic in Google Ads/Analytics.
Can I use a free banner?
Yes, many CMPs have free tiers. The key is that it actually blocks non-essential cookies until consent and offers an easy reject.
Does this apply to US visitors?
US state laws (e.g. CPRA) focus more on opt-out and "Do Not Sell/Share". Requirements differ from the EU consent model.
How do I confirm the fix?
Verify no non-essential cookies set before consent (DevTools), the policy is linked, and Plexa Trust no longer reports "Cookie Policy Missing".
Think you've fixed it?
Run a free scan to verify the issue is resolved. Upgrade to Pro on Plexa Trust for the full audit, monitoring alerts, and score history.
Verify with a free scan