Cookie Consent Banner Generator

You just launched a side project and realized you need a cookie banner for GDPR compliance. Your options: pay $9/month for a SaaS consent platform, spend a day building one from scratch, or paste some random snippet from Stack Overflow and hope it’s actually compliant. None of those are great when you just want a working banner that matches your site’s colors and handles the legal basics correctly.

Why This Generator (Not CookieBot, Osano, or DIY)

CookieBot, OneTrust, and Osano charge $10-40/month for hosted consent management. That makes sense for enterprise sites tracking consent across millions of users. For a personal project, portfolio, or small business site, a self-hosted banner is simpler, cheaper, and eliminates a third-party dependency.

The problem with DIY is getting the compliance details right: GDPR requires opt-in before cookies fire, CCPA requires an opt-out mechanism, and both need a way for users to change their mind later. This generator handles those requirements — it produces a self-contained HTML/CSS/JS snippet with category-based consent, localStorage persistence, and a cookieConsentUpdated event your analytics scripts can listen to. No external dependencies, no monthly fee, no third-party server receiving your visitors’ consent data.

What Is a Cookie Consent Banner?

A cookie consent banner (also called a cookie notice, cookie popup, or cookie bar) is a user interface element that informs website visitors about the use of cookies and requests their consent before non-essential cookies are set. Cookie consent banners are required by privacy laws such as the EU’s GDPR (General Data Protection Regulation), the ePrivacy Directive, and are strongly recommended under California’s CCPA (California Consumer Privacy Act).

Without a consent mechanism, websites that use analytics, advertising, or personalization cookies may be in violation of applicable privacy law — with potential fines of up to €20 million or 4% of global annual turnover under GDPR.

How to Use This Tool

1. Choose a position — select bottom bar, top bar, bottom-left popup, or bottom-right popup.
2. Set compliance mode — GDPR (opt-in, EU), CCPA (opt-out, California), or both.
3. Add your privacy policy URL — required for GDPR compliance; linked from the banner message.
4. Customize colors — set background, text, accept button, and reject button colors using the color pickers.
5. Edit text content — write your own banner message and button labels.
6. Configure categories — choose which cookie categories (Analytics, Marketing, Functional) are enabled by default in the preferences modal.
7. Set consent duration — how many days to remember the user’s choice (365 days is standard).
8. Copy the snippet — paste the HTML+CSS+JS output just before the </body> tag on every page.

All processing happens entirely in your browser. No data is sent to any server.

Understanding Cookie Categories

Necessary Cookies

Strictly required for the website to function. Session management, security tokens (CSRF), load balancing, and authentication cookies fall into this category. These cannot be turned off and do not require consent under GDPR — they are exempt from the opt-in requirement because the site cannot function without them.

Functional Cookies

Remember user preferences and choices to improve the experience. Examples include language selection, region, dark/light mode preference, and video player settings. These require consent under GDPR but are generally considered low-risk.

Analytics Cookies

Measure how visitors use the website. Examples include Google Analytics, Hotjar, and Mixpanel. These cookies collect anonymized data about page views, session duration, bounce rate, and user journeys. Analytics cookies require opt-in consent under GDPR.

Marketing Cookies

Track users across websites to serve targeted advertisements. Examples include Google Ads, Facebook Pixel, and LinkedIn Insight Tag. These are the most privacy-sensitive category and require explicit opt-in consent under GDPR.

GDPR vs CCPA: Key Differences

If your website serves users from both the EU and California, implement the stricter GDPR model globally: require opt-in by default, and add the CCPA opt-out notice.

Embedding the Banner

The generated snippet is a self-contained block of HTML, CSS, and JavaScript. To deploy it:

1. Paste just before </body> on every page of your website. Most CMS platforms have a “footer code” or “body end” injection field in settings.
2. Block cookies until consent — the snippet itself does not block analytics or marketing scripts. You must load those scripts conditionally. Listen to the cookieConsentUpdated custom DOM event:

document.addEventListener('cookieConsentUpdated', function(e) {
  var consent = e.detail;
  if (consent.analytics) {
    // Load Google Analytics / Hotjar
  }
  if (consent.marketing) {
    // Load Facebook Pixel / Google Ads
  }
});

3. Check existing consent on page load — to avoid loading tracking scripts before consent is confirmed:

var consent = JSON.parse(localStorage.getItem('ccb_consent') || 'null');
if (consent && consent.analytics) {
  // Load analytics
}

Consent Storage

The generated banner stores consent in localStorage (not cookies) under the key ccb_consent. The expiry is stored under ccb_consent_expiry as a Unix timestamp in milliseconds.

• Reading consent: JSON.parse(localStorage.getItem('ccb_consent')) returns an object like { necessary: true, analytics: true, marketing: false, functional: true } or null if no consent was recorded.
• Expiry: After the configured number of days, the stored consent is cleared and the banner will reappear.
• Events: Each user action fires a cookieConsentUpdated CustomEvent on document with event.detail set to the consent object.

GDPR Compliance Checklist

A compliant GDPR cookie consent implementation requires:

• Banner appears before any non-essential cookies are set
• No pre-ticked checkboxes for optional categories
• Rejecting is as easy as accepting (Reject All button is equally prominent)
• Users can change their mind at any time (provide a “Cookie Preferences” link in your footer)
• Banner includes a link to your Privacy Policy
• Record of consent is kept (timestamp, categories accepted, IP anonymized if possible)
• Consent is time-limited (re-ask after 12 months is standard practice)
• No dark patterns — do not make rejecting harder than accepting

Frequently Asked Questions

Does a cookie consent banner also cover GDPR tracking consent? Yes, if properly implemented. GDPR consent for cookies and tracking pixels (Google Analytics, Facebook Pixel) must be obtained before those scripts execute. Use the cookieConsentUpdated event or read localStorage at page load to conditionally load tracking scripts.

Do I need a cookie consent banner for a static site with no tracking? If your site only uses strictly necessary cookies (session cookies, CSRF tokens) and no third-party analytics or advertising scripts, you may not need a consent banner. However, if you embed YouTube videos, use Google Analytics, or include any social sharing widgets, those may set cookies and require consent.

How do I update the banner after deployment? Simply regenerate the snippet with your updated settings and replace the old snippet in your HTML. Since consent is stored in localStorage, existing users will keep their consent until it expires.

Is localStorage consent storage GDPR-compliant? Yes. GDPR and the ePrivacy Directive regulate “cookies and similar tracking technologies” — but the storage mechanism for the consent record itself is not covered. Storing the consent record in localStorage is a common and accepted practice, and is often preferable to using a cookie for the consent record (which would itself require consent).