Framer is a popular choice for design-led marketing sites, and it does ship a cookie banner component. The catch: that component is basic and tied to Google Tag Manager, so it doesn't give you granular categories, automatic script scanning, or control over non-Google tools. For a site that runs a chat widget, a Meta Pixel, or embedded video, it isn't enough on its own.
The bar is real. In September 2025 the CNIL fined SHEIN 150 million euros partly for setting advertising cookies before any choice and continuing after "Reject all" (CNIL). A banner that tracks on page load is the exact failure to avoid.
Framer's built-in cookie banner
Framer offers a native cookie banner component you can drop onto the canvas, covered in the Framer Academy lesson and its GDPR and cookies help article. It provides accept/reject controls wired to Google Tag Manager. If your site uses only Google services and you're fine with a single accept/reject choice, it can be a workable minimum. What it doesn't do: block arbitrary third-party scripts, offer per-category consent, scan for new cookies, or keep an audit trail.
Because the component leans on GTM to gate tags, it only actually blocks the tags you route through your GTM container with Consent Mode configured. Anything you added outside GTM (a pixel pasted straight into custom code, an embedded widget) is untouched, and it fires regardless. That gap is the usual reason a Framer site that "has a cookie banner" still fails a check.
Where custom code goes in Framer
To add a full CMP, use Framer's custom code, available on paid plans under Site settings › General › Custom code. There are two head slots:
- Start of <head>, the earliest injection point.
- End of <head>, which runs a little later, still before the body.
Put the CMP loader in the head so it initializes before any analytics or marketing tag. The banner has to intercept trackers before they set cookies. If a tag runs first, the banner is just decoration:
<!-- Site settings > Custom code > End of <head> -->
<script async src="https://cdn.cookiebeam.com/banner/YOUR_BANNER_ID/default/loader.js"></script>The one mistake that makes a Framer banner fake
The most common error is adding an analytics or pixel tag above (or independently of) the consent script, so tracking starts the instant the page loads. If your GA4 tag drops _ga before the visitor clicks Accept, you're not compliant, no matter how good the banner looks.
The fix is to route every tag through the consent gate: load GTM through the CMP, keep Consent Mode defaults denied, and let the banner release tags only on acceptance. Don't paste raw pixels straight into Framer's custom code alongside the banner.
Consent Mode v2
If you advertise with Google or measure with GA4, Consent Mode v2 has been required for EEA and UK traffic since March 2024. Set defaults to denied before GTM loads, then let the CMP push the update:
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('consent', 'default', {
ad_storage: 'denied',
analytics_storage: 'denied',
ad_user_data: 'denied',
ad_personalization: 'denied',
wait_for_update: 500,
});
</script>See our GTM Consent Mode setup guide for the full container wiring, and Consent Mode v2 troubleshooting if tags misbehave.
What to gate on a Framer site
Framer sites commonly pull in tools that set non-essential cookies, and every one of them has to wait for consent:
- Framer's own analytics and any Google Analytics you add: analytics category.
- Marketing pixels (Meta, LinkedIn, X) added via custom code: marketing category.
- Embedded video, maps, and third-party fonts, which can set cookies or log IP addresses on load.
- Chat widgets and forms, which frequently drop functional and analytics cookies immediately.
Because Framer renders a fast, script-driven site, it's easy to scatter these across different custom-code slots and lose track of them. Funnel everything through one consent gate, GTM behind the CMP, so nothing slips past the banner.
Link a cookie policy and keep it current
Your banner should link to a cookie policy that lists the cookies in use with their purpose, duration, and the third parties involved. On Framer, add a dedicated policy page and link it from the banner and the footer. That list has to stay accurate as you add tools, which is tedious to maintain by hand. A CMP that scans your published site and updates the policy automatically removes the chore and cuts the risk of an out-of-date disclosure during an audit.
One banner, the right behavior per region
A Framer site usually serves a global audience, and the rules differ by location: the EU and UK require opt-in before non-essential cookies, while several US states expect an opt-out and require honoring the GPC signal. Hard-code one behavior for everyone and you either annoy US visitors or leave yourself non-compliant in the EU. A geo-aware CMP shows the correct banner per visitor from a single install. See one banner, global compliance.
Test it like a regulator would
- Load the published site in a clean private window and inspect cookies before interacting. Only necessary cookies should be present.
- Click Reject and confirm no analytics or marketing cookies appear and no tracking requests fire.
- Accept and confirm tags now load and Consent Mode reads granted.
- Add a footer "Cookie settings" link so visitors can change their mind.
A CMP such as CookieBeam covers the parts Framer's native component doesn't: prior blocking of unknown scripts, granular categories, and a timestamped consent log, installed as a single line of custom code. Finish with the banner accessibility guide so the banner works for every visitor.