Cookie consent website: how to do it right
Cookie consent website means the user gets a real choice before non-essential cookies are stored or read. For Norwegian businesses, this is especially important for analytics, marketing, tracking, third-party scripts and tools that collect personal data.
A cookie banner is not a formality. It is an agreement with the customer about what the website is allowed to do in the background. If the accept button is large and reject is hidden, it is not a good choice. If analytics starts before consent, the banner is only decoration.
At wevo, I do not build cookie consent to annoy the user. I build it to be tidy: clear language, equal choices, technical blocking before consent and as little tracking as necessary.
What does cookie consent website mean?
Cookie consent means that the user actively says yes to cookies or similar technology that is not strictly necessary for the website to work. The Norwegian Data Protection Authority writes about consent and cookies, and the main point is simple: consent must be voluntary, specific, informed and unambiguous. The customer must understand what she says yes to.
Think of Per, who runs a restaurant in Stavanger. He wants to know which pages people visit, and he may want to use advertising later. That is understandable. But the customer who only wants to see the menu should not be tracked for marketing before she has received a clear choice.
Which cookies require consent?
Strictly necessary cookies can often be used without consent because they are needed for the site to function. This can include login, security, cart-like functionality, language choice or technical load balancing. Analytics, advertising, heatmaps, remarketing, social media pixels and many third-party tools normally require consent before activation.
| Category | Example | Typical requirement |
|---|---|---|
| Necessary | Security, login, technical session. | Can often be used without consent. |
| Analytics | Visit measurement and behaviour statistics. | Normally requires consent. |
| Marketing | Ad pixels and remarketing. | Requires consent before activation. |
| Preferences | Choices that are not technically necessary. | Assess purpose and storage. |
What are the most common cookie banner mistakes?
The most common mistake is that the consent banner is shown, but tracking starts anyway. Then the business feels it has done something right, while the technology still does the wrong thing. The second common mistake is dark design: accept is clear, reject is hidden, and settings are written so nobody bothers reading.
- Analytics or pixels start before the user has chosen.
- The reject button is harder to find than the accept button.
- Categories are unclear or wrapped in heavy text.
- The user cannot change consent later.
- Cookies are not described in the privacy policy.
- New scripts are added without updating the consent setup.
A clinic in Trondheim can have a nice banner and still fail if Meta Pixel starts before choice. An accountant can have a tidy privacy policy and still lack technical blocking. Cookie consent must work in both text and code.
This often happens when tools are added little by little. First comes analytics. Then comes chat. Then comes an advertising pixel. In the end, nobody fully knows what loads when the page opens. Then consent must be cleaned up technically, not only written better.
What should you do before adding new scripts?
Before a new script is added, you should ask what it does, which data it collects, which decision it supports, and whether it requires consent. If the answer is unclear, the script should wait. A website often becomes faster, safer and tidier when it uses fewer tools with clearer purposes.
- Check the supplier documentation before adding the script.
- Assess whether the purpose is necessary for the business.
- Place the script in the correct consent category.
- Test that the script does not start before the right choice.
- Document the change in the privacy work.
How should a good cookie banner look?
A good banner is short, honest and balanced. The user should be able to accept, reject or customise without searching. The text should say what cookies are used for, not only that the site uses cookies. Settings should be divided into understandable categories. And the choice must be stored without nagging on every page.
- Accept and reject should be equally easy choices.
- Customise should open categories with clear language.
- Necessary cookies should be explained without mixing them with marketing.
- Consent must be possible to withdraw.
- Scripts must actually be blocked before yes.
How does cookie consent affect analytics and marketing?
When consent is done correctly, you get fewer measurements than if you track everyone. That is not a bug. It is the consequence of respecting choice. The business must therefore read analytics more soberly. Traffic can still show patterns, but you should combine data with forms, phone calls, Search Console and real customer conversations.
For many small businesses, this is healthy. You do not always need ten scripts to understand whether the website works. Often it is enough to know which pages get traffic, which forms send, which searches create impressions and which enquiries become customers.
How does wevo build cookie consent correctly?
I start by mapping which scripts the site uses. Analytics, ads, embedded maps, video, chat, forms and CRM must be assessed. Then they are grouped by purpose. Only when the purpose is clear can banner, technical blocking and privacy text be set up correctly.
This connects with GDPR website, business website security and website maintenance. The cookie setup must be maintained when new tools are added. Otherwise a tidy launch can become messy a few months later.
What should be checked before the cookie banner is published?
- Make a list of all scripts and cookies.
- Sort them into necessary, analytics, marketing and preferences.
- Check that non-essential scripts are blocked before consent.
- Make accept, reject and customise equally understandable.
- Add the ability to change choice later.
- Update the privacy policy with purposes and tools.
- Test in the browser before and after consent.
If the website is being built or cleaned up, cookie consent should be part of websites for businesses. It is easier to get right when technology, text and tools are planned together.
I like to keep this as small as possible. Not because data is unimportant, but because every extra script must be justified, tested and maintained. For small businesses, a cleaner website is often better than a site full of measurement nobody uses.
What is cookie consent on a website?
Cookie consent is the user's active yes to the website using non-essential cookies or similar tracking technology.
Does Google Analytics need consent?
Analytics tools normally require consent when they store or read information on the user's device and are used to analyse behaviour.
Can necessary cookies be used without consent?
Yes, strictly necessary cookies can often be used without consent when they are needed for the website to work technically or securely.
What is a common cookie banner mistake?
A common mistake is that tracking scripts start before the user has consented, even though the banner is shown on the page.
Want help with this? See how we work with websites.
Not sure where your website stands?
Run a free analysis and get an honest picture of speed, structure and things that could be stopping your customers.