With so much attention on cookie consent for legal compliance, it's easy to overlook the wording on your cookie banner (i.e., the cookie text). Yet, it matters more than you may realize.

Having well-written cookie text not only supports compliance with privacy laws but tells visitors you have nothing to hide, which can help build trust and credibility.

This article explains how to phrase your cookie text in a way that's both legally effective and fosters a positive interaction with your website visitors.

Let's get into it.

What are Cookies?

Cookies (also called web or HTTP cookies) are small text files stored on users' browsers by websites they visit. They're typically used to:

  • Remember users' preferences (like language selection)
  • Personalize browsing experience
  • Improve website performance

It's worth noting that some cookies can monitor users' activities and track them across the web, which raises privacy concerns.

Cookie text is the wording on a cookie consent notice banner/pop-up that informs visitors about the use of cookies. It's usually the first thing users see when visiting a website.

The cookie text shouldn't be confused with a Cookies Policy, which is a more comprehensive account of the cookies being used.

In practice, cookie text concisely summarizes the following details:

  • Why you use cookies: Do you use cookies for basic site functions, personalized content, improved user experience, or all of the above?
  • Who places the cookies: Is it just your website, or are third-party trackers also involved?
  • How cookie data is used: Will you analyze user preferences or share data with advertisers, or both?
  • What controls users have: Can users accept, reject, and customize their cookie preferences?
  • How users can get more information: Do you include links to your Privacy Policy and/or Cookies Policy?

A run-of-the-mill cookie text could read as follows:


We and selected third parties use cookies and similar technologies to enhance your experience. These cookies help us analyze site traffic, improve functionality, and personalize content and ads based on your interests.

By clicking 'Accept All,' you agree to the use of all cookies. If you prefer more control, click 'Customize Settings' to manage your preferences. For more details, check our [Privacy Policy] and [Cookie Policy]. Your privacy matters to us."

Here's an example of comprehensive cookie text that addresses all key elements above:

The Guardian Cookie Consent Banner with sections highlighted

The most important reason you need a cookie text is to comply with the transparency requirements of privacy laws.

Cookies are primarily used to gather data about website visitors. And while some cookies collect purely statistical insights, others collect personal information (e.g., username, location data, IP address) that can identify users.

Once personal information is involved, privacy laws come into play, and they set out distinct rules for handling data responsibly - including how to disclose cookie usage.

Some of the more prominent laws are as follows:

  • The EU's General Data Protection Regulation (GDPR)
  • California's Consumer Privacy Act (CCPA/CPRA)
  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Australia's Privacy Act of 1988
  • Brazil's Lei Geral de Proteção de Dados (LGPD)

Beyond legal compliance, having well-written cookie text can help build trust and contribute to your website's credibility. It's your chance to create a positive first impression and set the stage for a smooth online experience.

There's no concrete set of legal requirements when it comes to cookie text. However, there are consent and transparency requirements for cookies themselves that ultimately impact the cookie text.

We won't go deep into the consent aspect in this article. For in-depth guidance, check out our articles here: Cookie Consent FAQ and Cookie Consent Examples

If you use cookies, you'll need to disclose this under virtually every privacy law. The specifics of these disclosures vary across laws, which means you should tailor your cookie text to your specific region(s).

To illustrate, let's look at the cookie text requirements under two major legal jurisdictions.

If you have users in the European Union (EU) and the European Economic Area (EEA), your cookie text must factor in the requirements of the GDPR and the EU Cookie Law.

Neither law addresses cookie texts directly, but they do spell out how to handle cookies and disclose their use to website visitors.

In short, the GDPR and the EU Cookie Law set the following rules for cookies (and, by extension, the cookie text):

  • Clearly state that your website uses cookies and explain why
  • Obtain active consent (e.g., ticking an empty checkbox) before placing cookies on users' devices
  • Don't place cookies on users' devices without their consent (excluding strictly necessary cookies)
  • Allow users to change their preferences and withdraw their consent as easily as they gave it
  • Include links to your Privacy Policy and/or Cookies Policy where practical
  • Keep proof of users' consent choices
  • Renew cookie consent at least once every six months (depending on region-specific guidelines)

Here's how Bumble presents its cookie text to EU users, including all relevant details as required:

Bumble Cookie Consent Notice for EU users

The CCPA (CPRA) uses an opt-out consent system. This means consent isn't necessary for cookies under California's law (with some exceptions). And the cookie text requirements reflect this.

One important thing to note under the CCPA (CPRA) is that using third-party cookies may constitute a sale of personal information. For this reason, a valid cookie notice banner (and cookie text) should meet the following requirements:

  • Inform users about cookies, their source, and their purpose
  • Obtain active consent for third-party cookies as a precautionary measure
  • Allow users to opt out of cookies that sell information via a "Do Not Sell My Personal Information" link
  • Link to a Privacy Policy and/or Cookie Policy where practical

Here's Bumble's cookie banner once again, but for California users this time. Note how Bumble changes its cookie text completely to focus on the sale or sharing of personal information:

Bumble Cookie Notice for California users

Now that we've seen why you should pay keen attention to your cookie text, let's go over some best practices to observe when drafting one.

For the best results, your cookie text needs to balance legal obligations with user experience.

This means including relevant details required by applicable laws while optimizing language, style, and presentation for user-friendliness.

The key elements of a winning cookie text are as follows:

  • Use a simple but descriptive heading
  • Be transparent
  • Use language that's easy to understand
  • Offer users options for controlling or changing settings
  • Link to Privacy Policy and/or Cookies Policy

Let's look at each in more detail.

Provide a simple and descriptive heading

Though optional, it's a good idea to start your cookie text with a heading that clearly communicates the purpose to visitors. Avoid legalese and jargon to make it easily understandable.

For instance, "We Use Cookies for a Better Experience" is clear and descriptive.

Here's how Spotify writes it heading in its cookie consent banner:

Spotify Cookie Consent Banner with heading section highlighted

Your cookie text should be a transparent but concise summary of the cookies you use and their functions. You can then provide more information in your preference center and Cookies Policy.

In terms of their purposes, cookies typically fall into one of the following categories:

  • Strictly Necessary Cookies: These cookies are essential for your website to function properly.
  • Functionality Cookies: These cookies help remember users' choices (e.g. language preferences, location, etc.).
  • Performance Cookies: These cookies collect anonymous data about how visitors use your website (e.g., page views and click-through rates) to improve performance.
  • Marketing Cookies: These cookies collect information about users' browsing habits to target them with relevant ads (e.g., Google AdWords/AdSense).

Here's how EY concisely highlights its cookie categories in its consent banner, including a link to customize cookies:

EY Cookie Consent Banner with cookie categories and customize option highlighted

Once users click the customize cookies link, they're directed to EY's cookie settings page, where they can get more information about cookie categories and choose their preferences:

EY cookie settings page with checkboxes for cookie categories highlighted

In its Cookie Policy, EY further clarifies the types of cookies it uses and what they do:

EY Cookie Policy: What types of cookies do we use clause - Updated

Use plain, relatable language

Your audience may or may not be tech-savvy, so it's best to use language that resonates with all visitors.

Talk to your visitors like you would a friend explaining something important. Short sentences, plain language, and relatable expressions are best practices for effective outcomes.

Here's a good example of a plainly written cookie text from McKinsey & Company:

McKinsey and Company Cookie Consent Banner

Include clear user control options

Depending on applicable laws, your cookie text should include clear choices for users to either accept or reject cookies.

You may also consider offering granular choices to let users decide which specific cookie types they're comfortable with. Though not explicitly required by law, it's considered a best practice to give users an extra layer of control.

In practice, granular options are offered through links labeled "Manage Cookies," "Customize Cookies," or similar anchor texts that lead to a cookie preference center.

Here's how user control options can look from Deloitte:

Deloitte Cookie Consent Banner

And here's how granular options can look, from Adidas:

Adidas Cookie Tracking Preference Center

Your cookie consent notice banner/pop-up can only take in so much information. To explain your complete cookie practices (as privacy laws require), your banner must include direct links to your Privacy Policy and/or Cookie Policy.

Here's how Etsy links to its Cookie Policy in its cookie consent banner:

Etsy Cookie Consent Notice with Cookie Policy link highlighted

For more practical guidance, let's take a look at additional examples of valid cookie texts from various websites.

QuillBot uses a simple cookie consent notice that clarifies its cookie types and includes equally prominent accept and reject buttons. The notice also offers customization options and includes a link to the Cookies Policy for more information:

Quillbot Cookie Consent Notice

HubSpot uses a more concise cookie text to explain its practices, providing clear user control options and a link to its Cookie Policy for more information:

HubSpot Cookie Consent Notice

LinkBuilder takes a unique approach by offering granular choices right on its cookie consent notice alongside other key elements of a valid cookie text:

LinkBuilder Cookie Consent Notice

LEGO provides a lengthy cookie text, including its practices, user control options, and links to both its Cookie Policy and Privacy Policy:

LEGO Cookie Consent Notice

Below, we answer some of the most frequently asked questions about cookie texts.

Cookie text is the language on your cookie notice banner, explaining to visitors that your website uses cookies. It matters because it's your first line of communication about your practices and your chance to build trust with users while supporting legal compliance.

Privacy laws don't explicitly require a cookie text. However, having a well-written one can support your compliance with these laws, particularly when it comes to transparency obligations.

Use plain, easily understandable language to explain why you need cookies, what cookie categories you use, and how visitors can manage their preferences.

This way, you remain transparent (as privacy laws require) while ensuring a positive, user-centric experience for your audience.

If you use cookies, not having valid cookie text could expose you to legal issues and hurt your credibility. Users may feel their privacy is being invaded, leading to a negative perception of your website.


A cookie consent notice banner/pop-up tells users about your website's use of cookies, but are you nailing the message? That's the goal of cookie text.

Your cookie text shouldn't be an afterthought. It not only supports legal compliance but can help create a positive first impression on your website visitors.

While there's no one-size-fits-all approach for cookie text, effective and legally compliant cookie text should include the following elements:

  • A simple and descriptive heading
  • Plain, relatable language
  • A transparent explanation of your cookie practices
  • Clear options for users to accept, decline, or customize cookie preferences
  • A link to your Privacy Policy and/or Cookie Policy for more information

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy