TermsBox
PricingBlog
LoginGet Started
PricingBlogLogin
Get Started
  1. Home
  2. Blog
  3. Squarespace GDPR Cookie Banner Setup: Step-by-Step Tutorial
Cookie Policy

Squarespace GDPR Cookie Banner Setup: Step-by-Step Tutorial

A 2,000+ word tutorial to configure a GDPR-compliant cookie banner in Squarespace with consent controls, script blocking, and policy links.

TermsBox Team|February 20, 20259 min read

Squarespace sites often attract EU/UK visitors, so you must comply with GDPR cookie rules and state privacy laws like CPRA. A well-configured banner collects valid consent, blocks non-essential scripts until approval, and links to a detailed cookie policy. This tutorial walks through setup, includes comparison tables, and provides enforcement reminders to keep your site compliant.

Reuse your CTA banners and add links to the Cookie Policy Generator, Privacy Policy Generator, and Terms of Service Generator in the banner, footer, and key forms so your policies stay aligned.

Know the rules before configuring

GDPR and UK GDPR

Requires prior consent for analytics and marketing cookies. Consent must be granular, freely given, informed, and revocable. See GDPR.eu and ICO cookie guidance.

CPRA/CCPA

Gives Californians the right to opt out of sale or sharing. Honor Global Privacy Control signals and provide a Do Not Sell/Share link if you use advertising identifiers.

Platform expectations

Google Analytics and Meta Pixel require lawful use and disclosure. If you set advertising cookies without consent, you risk enforcement and account issues.

Plan your banner content

Categorize cookies

Classify essential, analytics, and advertising cookies. Only essential cookies should load before consent in the EU/UK.

Draft banner text

Keep it short: explain that you use cookies for performance, analytics, and ads (if applicable), with buttons for Accept and Preferences. Avoid dark patterns.

Link your policies

Link to your cookie policy and privacy policy. Use CTAs to your generators to keep the language consistent across legal pages.

Setup steps in Squarespace

Step 1: Enable and configure the banner

  1. Go to Settings > Cookies & Visitor Data.
  2. Toggle Enable Cookie Banner.
  3. Choose Require consent for EU/UK visitors to enforce opt-in.
  4. Set the Region to European Union (and United Kingdom if available) to display opt-in where required.
  5. Add concise text and include links to your cookie and privacy policies.

Step 2: Customize buttons and behavior

  • Use Accept and Preferences buttons. Provide a Reject option in the Preferences modal.
  • Choose a visible placement (bottom bar or modal). Ensure it does not hide key content.
  • Localize the text for your audience and avoid legal jargon.

Step 3: Block scripts until consent

  • Move analytics and advertising scripts into the code injection area with conditional loading based on consent.
  • Use a lightweight consent manager if you need granular category toggles.
  • Test that GA, Meta Pixel, and other tags do not fire before opt-in in the EU/UK.

Step 4: Add links and CTAs

  • Insert links to the Cookie Policy Generator and Privacy Policy Generator inside the banner text.
  • Repeat links in the footer, privacy policy, and landing pages to ensure visibility.

Step 5: Handle GPC and US opt-outs

  • If you use advertising cookies, honor Global Privacy Control signals and provide a Do Not Sell/Share link.
  • Document how your site responds to these signals for CPRA readiness; see oag.ca.gov/privacy/ccpa.

Cookie policy table example

Category Examples Purpose Legal basis Retention Controls
Essential Session ID, security Site performance and security Legitimate interests/contract Session to 12 months Not optional
Analytics GA4 Measure visits and usage Consent (EU/UK) Up to 13 months Banner preferences
Advertising Meta Pixel, ad IDs Ads and retargeting Consent (EU/UK), opt-out (CPRA) Vendor-defined Banner and GPC
Functional Player prefs Save media or layout settings Consent where required Varies Banner preferences

Common mistakes to avoid

Preloading non-essential scripts

Loading GA or pixels before consent violates GDPR. Block them until Accept is chosen.

Cookie Policy Generator

Create a cookie policy for GDPR compliance. Create yours in minutes with TermsBox.

Generate Now

No link to policies

Leaving out links to your cookie and privacy policies reduces transparency. Always include them in the banner and footer.

Ignoring revocation

Users must be able to change their choice. Provide a Manage cookies link in the footer to reopen preferences.

Incomplete disclosures

Not listing advertising partners or retention undermines trust. Update your cookie table when scripts change.

Not honoring GPC

CPRA enforcement emphasizes GPC. Ensure your banner respects the signal and document your response.

Enforcement reminders and guidance

  • Sephora (2022): $1.2M CPRA settlement for inadequate opt-outs and tracker disclosures (California AG press release).
  • IAB TCF enforcement (Belgian DPA, 2022): Highlighted accuracy of consent signals.
  • Meta (2023): about €1.2B GDPR fine for transfer issues (Reuters) reinforces the need for transparent data practices.

Implementation checklist

  • Enable the Squarespace banner and set Require consent for EU/UK visitors.
  • Add links to your cookie and privacy policies; include CTAs to generators.
  • Block analytics and advertising scripts until consent; test in EU/UK.
  • Provide a Do Not Sell/Share link and honor GPC if using ad identifiers.
  • Keep a cookie table updated with categories, purposes, partners, and retention.
  • Retest after adding scripts or changing templates; version your policy pages.

Example policy and banner language

Short banner message

“We use cookies to run the site, measure performance, and, with your consent, personalize ads. Choose Accept, Manage, or Decline. See our Cookie Policy for details.”

Policy clause

“Analytics and advertising cookies are disabled until you consent. You can change your choice anytime via the Manage Cookies link in our footer. We honor Global Privacy Control for opt-outs related to advertising identifiers.”

30-day rollout plan

  • Days 1-5: Inventory scripts, classify cookies, and note partner policies.
  • Days 6-10: Update cookie policy table, add retention ranges, and link partner pages.
  • Days 11-15: Configure banner Require consent for EU/UK; add Accept/Preferences buttons and a Manage link in the footer.
  • Days 16-20: Implement script blocking and test with EU/UK IPs; verify GA and pixels stay blocked until consent.
  • Days 21-25: Add Do Not Sell/Share link if using ad IDs; test GPC signals and document responses.
  • Days 26-30: QA links, publish policy updates, and schedule quarterly rescans.

Metrics and QA

  • Consent rate by device and region; changes after banner tweaks.
  • Load performance after script blocking to confirm no breakage.
  • Accuracy of cookie table versus real scans.
  • GPC detection logs and opt-out processing.
  • Policy link coverage in banner, footer, and landing pages.

Testing steps before launch

  • Use a private window with an EU IP to ensure the banner appears and scripts stay blocked until Accept.
  • Decline or manage preferences and confirm only essential cookies remain.
  • Reopen preferences from the footer to verify revocation works.
  • Test GPC with a browser extension and confirm the site responds with opt-out behavior for ad identifiers.
  • Check the cookie table against a fresh scan after installing any new Squarespace blocks or third-party embeds.

Support and communication

  • Add a short help article for visitors on how to change cookie preferences.
  • Train your team to answer questions about why the banner appears and how to opt out.
  • Keep a version history of your cookie policy and banner text to show transparency.

Case study style example

  • Issue: Site launched GA and Meta Pixel without blocking before consent; EU visitors saw cookies immediately.
  • Fix: Enabled Require consent, moved scripts into code injection with consent checks, and updated the cookie table with retention.
  • Result: Consent rate reached 72 percent; no non-essential cookies set before acceptance; reduced risk of CPRA/GDPR violations.

Quick reference for common scripts

  • GA4: Requires consent in EU/UK; set retention to 14 months; enable IP anonymization.
  • Meta Pixel: Block until consent; document purpose as advertising/retargeting; offer opt-out and honor GPC.
  • YouTube/Vimeo embeds: Use privacy-enhanced modes where possible; treat as non-essential and block until consent.

30/60/90 follow-up

  • 30 days: Re-scan cookies, confirm GPC handling, and ensure the Manage Cookies link remains visible.
  • 60 days: Review partner list and retention; update policy table; test banner performance on mobile and new templates.
  • 90 days: Run a full privacy review if you add new embeds or ad partners; refresh screenshots for documentation.

Extended audit checklist

  • Confirm essential vs. non-essential classification for every script and embed.
  • Validate banner text for clarity and readability at 320px width.
  • Check color contrast for accessibility and ensure buttons are keyboard accessible.
  • Ensure the Manage Cookies link is always visible in the footer.
  • Verify that localization works if you serve multiple languages.
  • Confirm that privacy and cookie policy pages include last-updated dates and match banner language.
  • Document how to re-trigger the banner for returning visitors when you materially change partners or purposes.

Glossary and resources

  • Essential cookies: Needed for site performance and security; do not require consent in EU/UK.
  • Non-essential cookies: Analytics, advertising, or functional enhancements; require consent in EU/UK.
  • GPC (Global Privacy Control): Browser signal that communicates a user’s opt-out preference; honor it for advertising identifiers in CPRA states.
  • Non-personalized ads: Ads that rely on contextual targeting rather than behavioral profiles and can be served when users decline personalization.
  • Read more: ICO cookies, GDPR.eu cookies, oag.ca.gov/privacy/ccpa.

Maintenance rhythm

  • Re-scan your site after adding new blocks, embeds, or third-party tools.
  • Update the cookie policy and banner text when partner lists, purposes, or retention periods change.
  • Keep screenshots of banner states and consent flows for documentation.
  • Re-test GPC and opt-out behavior monthly, especially after template or script updates.

Key takeaways

  • Classify cookies accurately and block non-essential scripts until consent for EU/UK visitors.
  • Provide clear links to your cookie and privacy policies in the banner and footer.
  • Honor GPC and offer Do Not Sell/Share choices if you use advertising identifiers.
  • Keep a change log and re-scan regularly to ensure your disclosures stay accurate.

Resources

  • Squarespace Cookies & Visitor Data settings documentation.
  • ICO cookie guidance for UK expectations.
  • GDPR.eu cookies for EU basics.
  • oag.ca.gov/privacy/ccpa for California opt-out requirements and signals.

Conclusion

A compliant Squarespace cookie banner pairs clear consent choices with accurate disclosures and script control. By classifying cookies, blocking non-essential tags until consent, and keeping your policies linked everywhere, you reduce regulatory risk and build visitor trust. Reuse your CTA banners and link to the Cookie Policy Generator, Privacy Policy Generator, and Terms of Service Generator to keep your entire legal stack synchronized as you optimize your site.

Related Tools

Cookie Policy Generator

Create a cookie policy for GDPR compliance

Privacy Policy Generator

Create a comprehensive privacy policy for your website or app

Terms of Service Generator

Create terms of service for your platform

Related Articles

Cookie Policy

CMP Cookie Guide: What It Is and Why You Need One

Learn what a CMP cookie is, how consent management platforms work, and how to implement cookie CMP compliance for GDPR and ePrivacy.

April 4, 202610 min read
Cookie Policy

Cookie Consent Banner: Complete Implementation Guide (2026)

Learn how to implement a cookie consent banner that meets GDPR, ePrivacy, and CCPA requirements. Covers design, script blocking, and compliance.

April 4, 202612 min read
Cookie Policy

Cookie Policy Banner: Setup Guide for Website Compliance

Learn how to set up a cookie policy banner that meets GDPR and ePrivacy requirements. Covers consent flows, design, and legal obligations.

April 4, 202610 min read

Ready to Create Your Legal Documents?

Generate professional privacy policies, terms of service, and more in minutes. Free to start, no credit card required.

View All Generators

On This Page

  • Know the rules before configuring
  • GDPR and UK GDPR
  • CPRA/CCPA
  • Platform expectations
  • Plan your banner content
  • Categorize cookies
  • Draft banner text
  • Link your policies
  • Setup steps in Squarespace
  • Step 1: Enable and configure the banner
  • Step 2: Customize buttons and behavior
  • Step 3: Block scripts until consent
  • Step 4: Add links and CTAs
  • Step 5: Handle GPC and US opt-outs
  • Cookie policy table example
  • Common mistakes to avoid
  • Preloading non-essential scripts
  • No link to policies
  • Ignoring revocation
  • Incomplete disclosures
  • Not honoring GPC
  • Enforcement reminders and guidance
  • Implementation checklist
  • Example policy and banner language
  • Short banner message
  • Policy clause
  • 30-day rollout plan
  • Metrics and QA
  • Testing steps before launch
  • Support and communication
  • Case study style example
  • Quick reference for common scripts
  • 30/60/90 follow-up
  • Extended audit checklist
  • Glossary and resources
  • Maintenance rhythm
  • Key takeaways
  • Resources
  • Conclusion
TermsBox

Scan your website, auto-generate legal documents, add a consent banner, and stay compliant. One platform for everything.

Product

  • Cookie Scanner
  • Consent Banner
  • Cookie Policy Generator
  • Pricing

Generators

  • Privacy Policy Generator
  • Terms and Conditions Generator
  • EULA Generator
  • Disclaimer Generator
  • Return and Refund Policy Generator

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service
  • Cookie Policy
GDPR
ePrivacy
CCPA
LGPD
Google Consent Mode v2
IAB TCF 2.2
© 2026 TermsBox. All rights reserved.