Shopify Native Consent
Shopify includes a basic cookie consent banner in all stores. It can be enabled through your theme settings, but has significant limitations.
Enabling the Native Banner
- 1Access Theme Settings
Go to Online Store → Themes → Customise → Theme settings → Cookie banner.
- 2Enable the Banner
Toggle on the cookie banner and customise the text. Select which regions should see the banner.
- 3Configure Tracking
Ensure your tracking scripts use Shopify's Customer Privacy API to respect consent preferences.
Native Banner Limitations
Shopify's native banner is basic. It doesn't provide granular category controls, detailed cookie information, or comprehensive consent logging. For full compliance, most merchants need a third-party solution.
Cookie Consent Apps
Third-party consent management platforms (CMPs) provide more robust compliance features. Here are the most popular options for Shopify.
Pandectes GDPR Compliance
The most popular GDPR app on Shopify. Includes cookie scanning, consent logging, geo-targeting, and automatic script blocking.
Best for: UK and EU focused stores wanting comprehensive compliance
Cookiebot
Enterprise-grade CMP with automatic cookie scanning and categorisation. Integrates with Shopify via app or manual installation.
Best for: Larger stores with complex tracking setups
OneTrust
Enterprise solution offering cookie consent alongside broader privacy compliance. Requires manual implementation on Shopify.
Best for: Enterprise stores with existing OneTrust contracts
Consentmo
Shopify-native app with GDPR, CCPA, and LGPD compliance. Good balance of features and ease of use.
Best for: Stores selling to multiple regions with different privacy laws
Implementation Guide
Proper implementation ensures your tracking scripts respect user consent. Here's how to set it up correctly.
Step 1: Audit Your Cookies
Before implementing consent, understand what cookies your store sets. Most consent apps include scanning features, or use browser developer tools to see active cookies.
Step 2: Categorise Cookies
Group cookies into categories (Essential, Analytics, Marketing, Functional). This allows users to make informed choices about what to accept.
Step 3: Implement Conditional Loading
Configure tracking scripts to only load after consent is given. Modern CMPs handle this automatically, but you may need to modify custom scripts.
Google Tag Manager Integration
If using GTM, configure consent mode to work with your CMP. This ensures Google tags respect consent signals and use consent-aware cookieless measurement when consent is denied.
Step 4: Configure the Banner
- •Write clear, jargon-free explanations of each cookie category
- •Make "Reject All" as prominent as "Accept All"
- •Link to your full cookie policy with detailed information
- •Ensure the banner is accessible (keyboard navigation, screen readers)
Testing Your Setup
After implementation, thoroughly test that consent preferences are respected.
Test accepting all cookies
Verify all tracking fires correctly. Check that data appears in Google Analytics, Facebook Events Manager, etc.
Test rejecting all cookies
Verify no tracking cookies are set. Use browser dev tools to check cookies and network requests.
Test partial consent
Accept analytics but reject marketing. Verify only the appropriate scripts fire.
Test consent withdrawal
After accepting, use the preference centre to withdraw consent. Verify cookies are cleared and tracking stops.
Common Mistakes
Avoid these frequent errors when implementing cookie consent.
Pre-ticked consent boxes
Consent checkboxes must be unticked by default. Pre-selected consent is not valid under GDPR.
Hidden reject option
Making "Accept" a large button while hiding "Reject" in small text is manipulative and non-compliant.
Firing scripts before consent
Some implementations show the banner but fire tracking immediately. Scripts must wait for explicit consent.
No way to change preferences
Users must be able to change their consent at any time. Include a link to reopen the preference centre in your footer.
