All posts
·7 min read

How to add a cookie banner to Shopify (no code, no theme edits)

The cleanest way to add a GDPR/CCPA-compliant cookie banner to your Shopify store — without editing your theme, pasting snippets into Liquid files, or hiring a developer.

shopifyhow-tocookie-banner

If you've Googled "how to add a cookie banner to Shopify," you've probably seen guides that tell you to paste a <script> tag into theme.liquid. Don't. Those instructions are five years out of date — Shopify has had theme app extensions since 2021, which let an app inject a banner into your storefront without ever touching your theme code.

This guide walks through the modern way: a five-minute install, no theme edits, and an instant-rollback path if you change your mind.

Why you should not edit theme.liquid

The old way to add anything to a Shopify store was to open the theme editor, click "Edit code," and paste a <script> into theme.liquid. This works, but it's a bad idea for cookie banners specifically:

  • Theme updates wipe it. If you switch themes or update Dawn to a new version, your snippet is gone — and your store is now non-compliant with no warning.
  • It's hard to disable. Removing the script means re-editing the file. If the banner has a bug, you can't just toggle it off.
  • It loads at the wrong time. Snippets typically load after head_content, which means GA4 may have fired before the banner blocks it.
  • It doesn't survive theme migrations. Hydrogen, Pages stores, headless setups — none of them respect theme.liquid edits.

Theme app extensions solve all four. They're enabled per-theme, can be toggled with one click, and inject early enough to actually block scripts before they leak.

The modern way: a theme app extension

A theme app extension is a Shopify-managed integration point. The app developer ships a Liquid block, you flip a toggle in the theme editor, and Shopify renders the block on every page — typically in <head> for early-loading content like cookie banners.

Three benefits:

  1. One-click on/off. Toggle in theme editor → save. No code.
  2. Survives theme switches. When you change themes, you re-enable the embed in the new theme — same block, same config.
  3. Loads early enough to actually work. Theme app extensions can render in <head> so the banner script intercepts trackers before they fire.

We'll use Consentico as the example since it's free for stores under 5,000 banner views/month, but the same flow applies to any Shopify-native CMP (CookieYes, Pandectes, etc.).

Step 1: Install the app

  1. Go to the Shopify App Store and search "Consentico" (or whichever CMP you've chosen).
  2. Click Add app.
  3. Approve the requested permissions when Shopify prompts.

For Consentico, the only scope requested is read_themes — needed to detect whether the banner app embed is enabled in your active theme.

Step 2: Pick your compliance posture

The app's onboarding will ask which region you sell to. The relevant choices:

  • EU/UK/EEA — strict opt-in, default-deny, granular categories.
  • California — opt-out, "Do Not Sell or Share" link, GPC handling.
  • Worldwide — combination of both with geo-targeting.
  • United States — minimal banner, just the CCPA link if applicable.

Pick the option that matches your customer base. You can change it later.

Step 3: Enable the theme app embed

This is the only step where you touch your theme — and you don't write code. You just flip a toggle.

In the Consentico onboarding flow, click the Open theme editor button. Shopify opens the theme editor with the Consentico app embed pre-selected. You'll see a small panel on the right with a toggle labelled "Cookie banner."

  1. Flip it on.
  2. Click Save in the top-right.

That's it. The banner is now live on every page of your storefront.

If you ever want to remove it: open the theme editor → app embeds → toggle off → save. Total time: 10 seconds.

Step 4: Test in incognito

Compliance theatre is when you say the banner works without testing it. Open your store in an incognito window:

  1. The banner should appear within ~500ms of page load.
  2. Open DevTools → Network → filter "google-analytics" or "facebook." There should be no requests to those domains until you click "Accept" or "Save preferences."
  3. Click "Accept" — now you should see the GA4 / Pixel / etc. requests fire.
  4. Open DevTools → Application → Cookies. Confirm the consent cookie was set (consentico_consent or similar).
  5. Reload the page. The banner should not reappear.

If any of those checks fail — most commonly, GA4 firing before consent — the banner is mis-installed and you're not compliant. Re-check that the app embed is enabled and saved.

Shopify stores typically have 15–40 different cookies and trackers running, depending on which apps you've installed. The only way to know what your store actually does is to scan it.

A scanner like Consentico's:

  1. Opens your homepage, product pages, cart, and checkout in a headless browser.
  2. Records every cookie set and every script loaded.
  3. Categorises each (essential / analytics / marketing).
  4. Flags any tracker that loaded before consent (a leak).
  5. Generates a per-cookie disclosure that automatically appears in your banner's preferences modal.

Run the scan from the Consentico dashboard → "Scan my store." Takes 30–90 seconds for most stores.

The scan output is the document you'd hand a regulator if asked "what data does your store collect." It's also free intel on whether any newly-installed app started leaking trackers without you knowing.

What if I'm on a custom theme or Hydrogen?

Custom theme: theme app extensions work with any theme as long as it supports app embeds — every officially-supported theme since 2022 does. Older themes or heavily-forked custom builds may not. Test by going to Theme Editor → App embeds — if the section exists, you're fine. If it doesn't, you may need to add {{ content_for_header }} properly to your theme's theme.liquid (a one-line edit a developer can do in 10 minutes).

Hydrogen / headless: theme app extensions don't apply because there's no theme. Instead, you'll embed a small JS package in your root component. For Consentico that's:

npm install @consentico/web

import { ConsentBanner } from "@consentico/web";

export default function App() {
  return (
    <>
      <ConsentBanner shopDomain="your-store.myshopify.com" />
      {/* rest of your app */}
    </>
  );
}

The banner is rendered into a portal, default-denies before any tracker fires, and syncs consent state to window.Shopify.customerPrivacy if Shopify's Customer Privacy API is exposed.

Common mistakes (and how to avoid them)

Forgetting to save after enabling the embed. Shopify's theme editor doesn't auto-save. If you flip the toggle and close the tab without clicking Save, nothing happens.

Banner shows but trackers still fire. Almost always means the embed is enabled in a different theme than your published one. Theme editor → make sure you're editing the live theme, not a draft.

Banner doesn't appear on the checkout page. Checkout pages are sandboxed by Shopify; cookie banners can only run on storefront and customer-account pages. This is fine — the cookies you'd want to set on checkout (for cart persistence) are essential and don't require consent.

Banner is too aggressive — bouncing visitors. This usually means it's launching a full-screen modal instead of a footer/corner banner. Switch to "Bar" or "Floating" layout in the customisation panel.

Banner is invisible on dark themes. Default colours assume a light background. Customise the banner colours in the app's settings to match — Consentico's customise screen previews the change live.

Why I'd skip the "code snippet" CMPs

Apps that ask you to paste a <script> snippet into theme.liquid are working off pre-2021 Shopify infrastructure. They work, but you inherit all the problems above (theme updates, late loading, hard rollback). For a Shopify-specific use case, pick a Shopify-native app instead.

The shortlist of Shopify-native cookie banner apps:

  • Consentico — built specifically for Shopify, GCM v2 native, free under 5k views/month.
  • Pandectes GDPR Compliance — Shopify-native, more expensive at higher tiers.
  • CookieYes — multi-platform but has a Shopify app embed (decent).

Apps to avoid:

  • Anything that says "paste this code into your theme."
  • Anything without a free tier (you can't validate it works on your store before paying).
  • Anything that doesn't mention Google Consent Mode v2 (it's table-stakes since 2024).

Summary

Adding a cookie banner to Shopify in 2026 is a five-minute, zero-code job:

  1. Install a Shopify-native CMP from the App Store.
  2. Pick your region in onboarding.
  3. Toggle the app embed on in the theme editor.
  4. Test in incognito.
  5. Run a scan.

That's it. No theme.liquid edits, no developer time, no theme-update fragility.

Install Consentico to do this now — free for new stores, takes about as long as reading this post.

Related reading