MailerLite Landing Pages and Cookie Compliance
MailerLite is a popular email marketing platform that lets you build landing pages, websites, and sign-up forms without writing code. Those pages do set cookies, and if your visitors are in the EU, UK, Brazil, or several other jurisdictions, you likely need their consent before non-essential cookies fire.
MailerLite's own documentation states that its landing pages place only essential cookies by default. That is partly true - session and functionality cookies load without issue. But the moment you add Google Analytics, a Meta Pixel, or any third-party tracking script, the picture changes entirely.
The ePrivacy Directive (Article 5(3)) requires prior consent before storing or accessing information on a user's device, unless the cookie is strictly necessary. The GDPR reinforces this by setting a high bar for what counts as valid consent: freely given, specific, informed, and unambiguous.
Which Cookies Does MailerLite Set?
Understanding the cookies on your MailerLite landing page is the first step toward compliance. MailerLite itself sets a small number of cookies and localStorage entries.
The ml_guid localStorage item identifies users who submit MailerLite surveys and tracks their responses. Pop-up forms use a separate cookie to remember whether a visitor has already seen a particular pop-up, preventing it from reappearing based on your display frequency settings.
| Cookie / Storage | Type | Purpose | Consent Needed? |
|---|---|---|---|
ml_guid | localStorage | Identifies survey respondents | Depends on use |
| Pop-up display cookie | First-party | Tracks whether pop-up was shown | Likely functional |
_ga / _ga_* | Third-party (Google) | Google Analytics tracking | Yes |
_fbp | Third-party (Meta) | Facebook Pixel tracking | Yes |
_gcl_au | Third-party (Google) | Google Ads conversion linking | Yes |
The bottom three rows are common additions. If you have pasted a Google Analytics or Facebook Pixel snippet into your MailerLite page, those scripts will drop analytics and marketing cookies the instant a visitor arrives - unless you block them until consent is given.
When Is a Cookie Banner Required on MailerLite Pages?
If your landing page sets only strictly necessary cookies, a banner may not be legally required. MailerLite's default notification bar reflects this by omitting a "Reject all" button.
The obligation changes when you add any non-essential tracking. Under the GDPR, EU-based visitors must give opt-in consent before analytics or advertising cookies load. The UK GDPR and PECR mirror this requirement. Brazil's LGPD and Canada's PIPEDA also require transparency and, in many cases, prior consent for tracking technologies.
Even in the United States, California's CCPA/CPRA requires a clear opt-out mechanism if cookies are used for cross-context behavioural advertising. Other US states are following suit.
MailerLite's Built-in Notification Bar
MailerLite offers a basic notification bar for its websites and landing pages. This bar informs visitors that the site uses cookies, but it does not provide granular category-based consent controls. There is no mechanism to block scripts before consent, no Google Consent Mode integration, and no way to record consent proof in a format that satisfies DPA audit requirements.
For a simple page with zero third-party scripts, the built-in bar may suffice. For anything more, you need a proper consent management tool.
How to Add a Cookie Banner to MailerLite Landing Pages
MailerLite provides two methods for injecting custom code into your pages: the Custom Code block within the page editor and the Header and Page Code injection in page settings. Both can be used to load a cookie consent script.
Method 1: Header Code Injection
Open your landing page in the MailerLite editor. Click Edit settings, then navigate to the Analytics and custom code section. Paste your cookie banner script into the header code field. This ensures the consent script loads before any other third-party tags, which is critical for blocking cookies prior to consent.
Method 2: Custom Code Block
Drag a Custom Code block onto your page layout and paste the script there. This approach works but has a drawback: the code loads inline with the page content rather than in the document head, which may cause a brief delay before the banner appears.
For step-by-step screenshots and code snippets, see the MailerLite installation guide in the Help Centre.
Plan Requirements
Custom code injection on MailerLite requires the Advanced plan (or higher). If you are on the Free or Growing Business plan, the header code injection option is not available. Check your MailerLite subscription before proceeding.
Blocking Scripts Until Consent Is Given
Adding a cookie banner is only half the job. The banner must actually prevent non-essential cookies from loading until the visitor makes a choice. A banner that merely displays a notice while cookies fire in the background does not satisfy GDPR requirements.
A proper consent tool rewrites third-party script tags so they do not execute until the visitor opts in. When using Kukie.io, the auto-blocking feature handles this automatically - it detects known tracking scripts and holds them until the appropriate consent category is granted. This removes the need to manually edit each script tag on your MailerLite page.
If you also use Google Tag Manager to manage tags on your landing page, you can pair your consent tool with GTM's consent-aware triggers to ensure tags only fire after opt-in.
Scanning Your MailerLite Page for Cookies
Before publishing, run a cookie scan on your landing page URL. A scan identifies every cookie and tracker present, including ones you may not have added intentionally. Third-party embeds, fonts loaded from external CDNs, and even MailerLite's own analytics can introduce cookies you did not expect.
Regular scanning matters because MailerLite pages can change over time. A new form widget, an updated tracking pixel, or a platform update could introduce fresh cookies. Scheduling periodic scans keeps your consent records accurate.
Compliance Across Multiple Regions
MailerLite landing pages often serve a global audience - email subscribers clicking through from campaigns sent worldwide. A single "cookie notice" banner is rarely enough.
Geo-targeted consent rules let you show different banner behaviours depending on the visitor's location. EU visitors see an opt-in banner (GDPR). California visitors see an opt-out notice (CCPA). Visitors from unregulated regions may see no banner at all. Kukie.io's geo-detection and region rules handle this without requiring separate landing pages for each audience.
| Region | Regulation | Consent Model | Key Requirement |
|---|---|---|---|
| EU / EEA | GDPR + ePrivacy | Opt-in | Prior consent before non-essential cookies |
| United Kingdom | UK GDPR + PECR | Opt-in | Clear, affirmative action required |
| California | CCPA / CPRA | Opt-out | Do Not Sell/Share link required |
| Brazil | LGPD | Opt-in (recommended) | Transparent purpose disclosure |
| Canada | PIPEDA | Opt-in or opt-out | Meaningful consent, sensitivity-based |
Common Mistakes with MailerLite Cookie Banners
Relying solely on MailerLite's built-in notification bar when third-party scripts are present is the most frequent error. The bar was not designed to function as a consent management platform.
Another mistake is adding a cookie banner script inside the page body rather than the header. If analytics tags load from the header while the consent script loads lower in the DOM, cookies will fire before the banner has a chance to block them.
Forgetting to test after publishing is also common. MailerLite assigns a unique subdomain (e.g., yourname.subscribepage.com) or allows a custom domain. Cookie behaviour can differ between preview mode and the live URL, so always verify on the published page using your browser's developer tools or a cookie scanner.
Frequently Asked Questions
Does MailerLite set cookies on landing pages by default?
MailerLite sets a small number of functional cookies and localStorage items, such as ml_guid for survey tracking. It does not set analytics or marketing cookies unless you add third-party scripts like Google Analytics or the Meta Pixel.
Do I need a cookie banner if I only use MailerLite's built-in features?
If your page sets only strictly necessary cookies, a full consent banner may not be legally required. A brief cookie notice is still good practice for transparency. The moment you add any non-essential tracking, a proper consent mechanism becomes mandatory under GDPR and ePrivacy rules.
Can I add a cookie banner on MailerLite's free plan?
Custom code injection, which is needed to load a third-party cookie banner script, requires MailerLite's Advanced plan or higher. The free plan does not support header code injection or custom code blocks.
How do I block Google Analytics cookies until consent on MailerLite?
Place your consent management script in the header code injection area so it loads before the Google Analytics tag. A consent tool with auto-blocking will prevent the _ga cookie from being set until the visitor opts in to the analytics category.
Does MailerLite's notification bar comply with GDPR?
MailerLite's built-in notification bar provides a basic cookie notice but lacks granular consent controls, script blocking, and consent logging. For pages with third-party tracking, it does not meet GDPR requirements on its own.
Can I use a custom domain with a cookie banner on MailerLite?
Yes. Whether your landing page uses a MailerLite subdomain or a custom domain, the cookie banner script works the same way. Make sure you scan the final published URL, as cookie behaviour may vary between domains.
Take Control of Your Cookie Compliance
If you are not sure which cookies your MailerLite landing pages set, start with a free scan. Kukie.io detects, categorises, and helps you manage every cookie - so your visitors get a clear choice, and you stay on the right side of the law.
