Skip to main content
C
CookieBeam
Back to Guides
Compliance12 min read

Wix Cookie Consent & GDPR: How to Make Your Wix Site Compliant in 2026

A practical guide to GDPR cookie compliance on Wix. Covers the built-in banner's limitations, adding a third-party CMP, Google Consent Mode v2, Velo consent APIs, and checkout consent for Wix Stores and Bookings.

Wix powers millions of websites, from portfolios to full e-commerce stores. If yours serves visitors in the European Economic Area or the UK, you need valid cookie consent before setting non-essential cookies.

The problem: Wix's built-in consent tools cover the basics but leave gaps that can trip you up during an audit or cost you conversions in Google Ads. This guide walks through what Wix gives you out of the box, where it falls short, and how to fill those gaps with a third-party CMP. We'll cover integration steps, the Velo consent API, Google Consent Mode v2, and pitfalls around Wix Stores, Bookings, and embedded widgets.

What Wix's Built-In Cookie Banner Actually Does (and Doesn't)

Wix offers a native cookie banner through the Privacy Center (under Settings > Privacy & Cookies). In recent years, Wix partnered with Usercentrics to power this banner, which gives it automatic cookie scanning and support for Google Consent Mode v2 when enabled. That's a step up from the old "Cookie Alert" widget, which simply showed a notification without blocking anything.

Still, the built-in banner has real limitations:

  • No IAB TCF support. If you run programmatic advertising or work with ad networks that require IAB Transparency & Consent Framework (TCF 2.2) signals, the native banner doesn't generate them. Publishers who need TCF strings for their ad stack will need a third-party CMP. For background on why this matters, see our guide to TCF for publishers.
  • Limited script blocking for custom code. The built-in banner manages cookies from Wix's own apps. But scripts you've added through Settings > Custom Code or Velo are not automatically blocked before consent. They fire on page load regardless.
  • Basic design options. You get limited control over the banner's appearance. For sites where brand consistency or banner design best practices matter, the customization options can feel restrictive.
  • No granular consent logging for audits. Wix stores a consent cookie on the visitor's browser but doesn't give you a server-side consent log with timestamps and per-purpose choices. If a regulator asks you to prove consent, you'll need something more robust. See our GDPR cookie compliance checklist for what auditors look for.
  • Limited regional adaptation. The banner shows the same behavior to all visitors. If you want opt-in for EEA visitors and opt-out for US visitors (as the different privacy laws require), you need a CMP with geolocation-based rules.

For a simple blog with only Wix-native analytics, the built-in banner may be enough. But once you add Google Ads tags, Meta pixels, chat widgets, or any third-party marketing scripts, you're likely operating outside what it can enforce.

Adding a Third-Party CMP to Your Wix Site

If the built-in banner doesn't cover your needs, the next step is integrating a dedicated consent management platform (CMP). There are two main approaches on Wix:

Option 1: The Wix App Market

Wix's App Market includes several CMP apps that install through the standard app flow and integrate with Wix's consent policy system. The upside is simplicity. The downside is that you're limited to what the app exposes and how well it hooks into Wix's internals.

Option 2: Custom Code Injection

For CMPs that aren't in the App Market, you can inject the CMP's script via Settings > Custom Code in the Wix dashboard. This is how you'd add CookieBeam or any CMP that provides a JavaScript snippet. Steps:

  1. Go to your Wix Dashboard > Settings > Custom Code.
  2. Click Add Code and paste your CMP's script tag in the Head section.
  3. Set loading to All pages and placement to Load code on each new page.
  4. Save and publish.

This approach gives you full control over your CMP's behavior. The CMP script loads in the page head, intercepts non-essential scripts before they fire, and manages consent collection independently of Wix's native system.

Important: Coordinate with Wix's Native Banner

If you're using a third-party CMP, disable Wix's built-in cookie banner to avoid showing two consent prompts. Go to Settings > Privacy & Cookies and turn off the native banner. Your third-party CMP takes over consent collection entirely.

Wix's Consent Policy API and How It Interacts with External CMPs

Under the hood, Wix has a consent policy system that its own apps respect. Every visitor has a consent policy object that tracks which cookie categories they've allowed: essential, functional, analytics, and advertising. Wix's first-party apps (Stores, Bookings, Analytics, etc.) check this policy before setting their cookies.

If you're using Velo (Wix's development platform), you can interact with this system through the consentPolicy API in the wix-window-frontend module:

  • consentPolicy.getCurrentConsentPolicy() returns the visitor's current consent state as an object with boolean flags for each category.
  • The consentPolicyChanged event fires whenever the visitor updates their consent, letting you react in real time.

This matters because of a potential disconnect: your external CMP manages consent and blocks scripts, but Wix's own apps only look at the Wix consent policy object. If your CMP collects consent but doesn't update Wix's internal policy, Wix-native apps might continue setting cookies the visitor declined.

The cleanest solution is a CMP that syncs with Wix's consent policy API so both systems respect the same decisions. Some App Market CMPs do this natively. For CMPs added via Custom Code, you may need a Velo snippet that listens for your CMP's consent event and updates the Wix consent policy to keep them in sync.

Google Consent Mode v2 on Wix: Why It Matters and How to Set It Up

Since March 2024, Google has required Consent Mode v2 for any site that runs Google Ads to EEA users. Without it, you lose remarketing audiences, conversion measurement degrades, and your campaigns effectively go blind in the EU. This isn't optional for advertisers. For the full background, see our guides on Google Consent Mode v2 and whether Consent Mode v2 is mandatory.

Consent Mode v2 introduced two additional consent signals beyond the original version: ad_user_data and ad_personalization. These tell Google whether the user has consented to their data being sent to Google for advertising and whether personalized ads are allowed. Your CMP needs to send all four signals: analytics_storage, ad_storage, ad_user_data, and ad_personalization.

How It Works on Wix

If you're using Wix's native banner (the Usercentrics-powered one), enabling it also enables basic Consent Mode support. Google tags on your site will receive default denied states on page load and update to granted when the visitor accepts.

However, if you're using a third-party CMP, you're responsible for firing the correct gtag('consent', 'default', {...}) and gtag('consent', 'update', {...}) calls. A well-built CMP handles this automatically: it sets denied defaults before any Google tags load, then updates the consent state when the visitor interacts with the banner. This is what CookieBeam does out of the box.

Verifying Consent Mode Is Working

After setup, open Chrome DevTools > Network and filter for requests to google-analytics.com or googleads.g.doubleclick.net. Look for the gcs parameter: G100 means analytics and ads denied, G111 means both granted. Check that gcd includes the ad_user_data and ad_personalization signals. If these are missing, Google treats all your EEA traffic as unconsented, which means no conversion data and degraded Smart Bidding. Our Consent Mode v2 troubleshooting guide covers common failure patterns.

Common Wix Consent Pitfalls: Velo Apps, Widgets, and Iframes

Even with a solid CMP in place, Wix sites have some consent blind spots that catch people off guard.

Velo Custom Code Setting Cookies

If you've written Velo code that sets cookies directly (using document.cookie or the Wix Storage API), your CMP won't know about those cookies unless you've explicitly gated them behind a consent check. The fix: wrap any cookie-setting code in a check against the consent state. Use consentPolicy.getCurrentConsentPolicy() to verify the relevant category is allowed before writing the cookie, and listen for consentPolicyChanged to clean up if the visitor later withdraws consent.

Third-Party Widgets and Embeds

Wix makes it easy to embed YouTube videos, Google Maps, social feeds, and chat widgets. Each can set cookies the moment it loads, before consent. The compliant approach: defer loading embeds until the visitor grants consent for the relevant category. Some CMPs replace embeds with a placeholder until consent is given. Without that, you'll need Velo code that checks consent state before rendering the embed.

Iframe Consent Propagation

Consent given on the parent page doesn't automatically propagate to iframes. The iframe runs in its own browsing context and may set cookies independently. For first-party iframes, you can share consent state via postMessage. For third-party iframes, you depend on the provider's own consent handling and should document this in your cookie policy.

Wix Apps from the App Market

Third-party Wix apps installed from the App Market may also set cookies. These apps should respect Wix's consent policy system, but not all of them do consistently. After installing any new app, run a cookie scan to identify what cookies it sets and whether they fire before consent. If an app sets marketing cookies without waiting for consent, that's a compliance issue you're responsible for as the site owner.

Wix Stores, Bookings, and Checkout Consent

If you're running Wix Stores or Wix Bookings, there's an extra layer of consent to think about at checkout.

Essential Cookies in E-Commerce

Wix's e-commerce functionality sets cookies that are genuinely necessary for the site to work: session cookies for the cart, authentication tokens, currency preferences. These are "strictly necessary" under GDPR and don't require consent. Your CMP should categorize them accordingly and never block them. If essential cookies get blocked, your checkout breaks.

Marketing Cookies at Checkout

Marketing and analytics scripts that fire during checkout (Meta pixel, Google Ads conversion tags) still need consent before they execute. The checkout page is no exception to cookie consent rules. You can't skip consent collection at checkout just because it might reduce your conversion tracking.

Checkout Policy Checkbox

Wix Stores lets you add a policy checkbox to the checkout form. This is separate from cookie consent: it covers terms, privacy policies, or marketing communications. Cookie consent happens at the banner level, before any page-specific interaction. They serve different legal bases and should remain separate.

Bookings-Specific Considerations

Wix Bookings collects personal data as part of the booking flow. The lawful basis for processing that data is typically "performance of a contract" (GDPR Article 6(1)(b)), not consent. But analytics or marketing cookies tracking the booking journey still need cookie consent. You don't need cookie consent to process a booking, but you do need it for the scripts that observe the flow.

How CookieBeam Integrates with Wix

CookieBeam is designed to work with any website, including Wix sites, through a simple script injection. Here's how to set it up:

Step 1: Add the CookieBeam Script

  1. Log into your CookieBeam dashboard and copy your banner script tag.
  2. In your Wix Dashboard, go to Settings > Custom Code.
  3. Click Add Code, paste the CookieBeam script, and select Head as the placement.
  4. Choose All pages and Load code on each new page.
  5. Save and publish your site.

Step 2: Disable the Native Banner

Go to Settings > Privacy & Cookies and turn off Wix's built-in cookie banner. Running two banners simultaneously confuses visitors and creates conflicting consent states.

Step 3: Run a Cookie Scan

CookieBeam's auto-scanner crawls your Wix site, identifies every cookie and tracker, and categorizes them automatically. It catches cookies from Wix-native apps, third-party widgets, Custom Code scripts, and embedded content. The scanner runs periodically, so new cookies from newly installed apps show up without manual intervention. See our guide on how cookie scanners detect cookies.

Step 4: Consent Mode v2 (Automatic)

CookieBeam sends Google Consent Mode v2 signals automatically. It fires denied defaults on page load and updates to granted when the visitor accepts. All four signals (analytics_storage, ad_storage, ad_user_data, ad_personalization) are handled out of the box.

Step 5: Verify and Monitor

After installation, verify that:

  • The CookieBeam banner appears on all pages.
  • Non-essential scripts are blocked until consent (check with DevTools).
  • Google Consent Mode signals fire correctly (check the gcs parameter).
  • Wix Stores checkout still works normally (essential cookies aren't blocked).

CookieBeam also provides consent analytics so you can monitor opt-in rates, see which categories visitors accept or decline, and track how consent affects your GA4 reporting.

Putting It Together: A Compliance Checklist for Wix Sites

Here's a summary of what a fully compliant Wix site needs in 2026:

  1. A CMP that blocks scripts before consent. Whether it's the built-in banner or a third-party solution, non-essential cookies must not fire before the visitor opts in. This is the most common failure point.
  2. Google Consent Mode v2 signals. If you use any Google marketing or analytics products, ensure all four consent signals are being sent. Verify with DevTools or Google's Tag Assistant.
  3. A complete cookie inventory. Know every cookie your site sets, including those from Wix apps, embeds, and custom code. Automated scanning catches what manual audits miss.
  4. Consent records. Store server-side proof of when and how each visitor consented. This is your defense if a regulator asks for evidence.
  5. Withdrawal mechanism. A persistent link or button that lets visitors reopen the banner and change their preferences at any time.
  6. Checkout-appropriate handling. Essential cookies work without consent. Marketing/analytics scripts at checkout still require consent. The checkout policy checkbox is not a substitute for cookie consent.
  7. Embed and iframe management. Third-party embeds that set cookies are deferred until consent. Document any third-party iframes in your cookie policy.

Wix's managed environment gives you less low-level control than a self-hosted site, so you need a CMP that works within those constraints while still blocking scripts effectively. The key is to verify, not assume: scan your site, check DevTools, and confirm consent is actually being enforced, not just displayed. For the full regulatory requirements, start with what GDPR is and work through the GDPR cookie compliance checklist.

Back to all guides
Wix Cookie Consent & GDPR 2026: Complete Compliance Guide | CookieBeam | CookieBeam