Why Cookie Consent Matters on a Wix Website
Every Wix website sets cookies from the moment it loads. Some are strictly necessary for the site to function - session tokens, security cookies, login persistence. Others track visitor behaviour for analytics or advertising purposes.
Under Article 5(3) of the ePrivacy Directive and the GDPR, you must obtain informed consent before placing non-essential cookies on a visitor's device. This applies to any Wix site that receives traffic from the European Economic Area or the United Kingdom. Other regulations, including the LGPD in Brazil and the PIPEDA in Canada, impose similar requirements.
Enforcement is real. In 2025, France's CNIL fined SHEIN 150 million euros for placing cookies before users gave permission and for presenting banners that failed to explain how data was used. The UK's ICO launched a cookie compliance crackdown in 2025, specifically targeting sites that use dark patterns to make rejecting cookies harder than accepting them.
Wix site owners are not exempt from these rules simply because they use a hosted platform.
Cookies That Wix Sets by Default
Wix places a range of cookies on every site it hosts. Understanding what gets set - and when - is the first step toward compliance.
| Cookie Name | Purpose | Type | Duration |
|---|---|---|---|
svSession | Identifies unique visitors and tracks sessions | Essential / Analytics | 5 years |
XSRF-TOKEN | Prevents cross-site request forgery attacks | Essential | Session |
hs | Security cookie for login verification | Essential | Session |
TSxxxxxxxx | Security and anti-fraud detection | Essential | Session |
_wixAB3 | A/B testing for Wix platform features | Functional | 6 months |
_wix_browser_sess | Temporary session identifier | Essential | Session |
These are just the platform-level cookies. The moment you add Google Analytics, the Meta Pixel, a live chat widget, or any Wix App Market integration, the cookie count grows. Cookies like _ga, _fbp, and _gcl_au are non-essential and require consent before they fire.
Limitations of the Wix Built-in Cookie Banner
Wix previously offered its own cookie banner solution. That original banner is no longer available for new sites, and Wix now directs users toward a partnership with a third-party consent provider instead.
Regardless of which built-in option you use, there are documented limitations that affect compliance:
Incomplete script blocking - Wix cannot guarantee that the built-in banner blocks all non-essential cookies from third-party elements, custom code, or external widgets. If a script fires before consent is recorded, you have a compliance gap.
Limited banner customisation - Positioning is restricted to top or bottom placement. The free version supports only one additional language translation.
No granular category control - Visitors may not be able to choose between analytics and marketing cookies individually, which the EDPB guidelines on consent specify as a requirement for valid, specific consent.
No automated cookie scanning - The built-in solution does not automatically detect and categorise cookies on your site. You are responsible for maintaining an accurate cookie inventory manually.
For a simple blog with no third-party integrations, the built-in banner might suffice. For any site running analytics, advertising pixels, or e-commerce tracking, these limitations create real compliance risks.
Third-party Tracking and Why It Complicates Consent
Most Wix sites do not run on Wix cookies alone. The typical setup includes at least two or three third-party services, each bringing its own cookies.
Google Analytics 4 sets _ga and _ga_XXXXXXX cookies with a default duration of two years. The Meta Pixel drops _fbp for ad attribution. If you use Google Consent Mode v2, additional cookieless pings may still be sent, but the cookies themselves still require consent.
The challenge on Wix is that these scripts often load through the Wix App Market or through custom code injected via the site header. A compliant cookie banner must be able to block these scripts until consent is given - and unblock them once the visitor opts in. If your banner cannot control script execution at this level, you are likely placing cookies before consent, which is exactly the violation CNIL penalised in its 2025 enforcement actions.
How to Add an External CMP to Your Wix Site
Adding a dedicated consent management platform to Wix involves injecting a script into your site's header. The process is straightforward:
Open your Wix dashboard and go to Settings.
Select Custom Code (under the Advanced section).
Click Add Code and paste your CMP script snippet.
Set the placement to Head and choose All pages.
Set the code to load on Each new session.
Kukie.io provides a detailed walkthrough for this process in the Wix installation guide.
Once the script is in place, the CMP handles cookie detection, banner display, consent recording, and script blocking. A proper CMP will scan your site to identify every cookie and categorise them automatically, removing the guesswork that comes with manual cookie audits.
What to Look for in a CMP for Wix
Not every consent tool works well with Wix's architecture. When evaluating options, prioritise these capabilities:
Prior blocking - The CMP must prevent non-essential scripts from executing before consent. A banner that merely informs visitors about cookies without blocking them does not satisfy GDPR requirements.
Automated scanning - Regular scans detect new cookies added by Wix updates, app installations, or code changes. Manual tracking is unreliable.
Geo-detection - Different regions have different rules. EU visitors need opt-in consent; California visitors under the CCPA need an opt-out mechanism. A geo-aware banner serves the correct experience automatically.
Google Consent Mode v2 - If you run Google Ads or GA4, your CMP should send consent signals to Google through Consent Mode v2. Without this, your ad measurement data may be incomplete.
Consent logging - You need a timestamped record of each visitor's consent choice. If a data protection authority ever audits your site, proof of consent is your primary defence.
Common Compliance Mistakes on Wix Sites
Certain errors appear repeatedly on Wix websites. Avoiding them will put you ahead of most site owners.
Pre-ticked consent boxes. The EDPB has confirmed that pre-ticked boxes do not constitute valid consent. If your banner defaults to "accept all" without a genuine choice, it fails the consent test.
No reject option at the first layer. The CNIL and ICO both require that refusing cookies is as easy as accepting them. A banner with a prominent "Accept" button and a buried "Manage preferences" link is a dark pattern - and regulators are actively fining for it.
Cookies firing before the banner loads. If your Wix site loads Google Analytics or the Meta Pixel through the App Market before your consent banner initialises, every page view is a potential violation. The banner must load first and block everything else until consent is obtained.
Ignoring cookie duration. The svSession cookie persists for five years. While Wix classifies it as essential, some DPAs may question whether a five-year cookie duration is proportionate. Document your justification.
Wix Cookie Compliance Compared to Other Platforms
Wix is not alone in having consent management gaps. Other website builders face similar challenges, but the specifics differ.
| Platform | Built-in Banner | Script Blocking | Cookie Scanning | External CMP Support |
|---|---|---|---|---|
| Wix | Yes (limited) | Partial | No | Yes (custom code) |
| Shopify | No | Via API | No | Yes (theme code) |
| Squarespace | Basic | No | No | Yes (code injection) |
| WordPress | Via plugins | Plugin-dependent | Plugin-dependent | Yes (plugin or code) |
| Webflow | No | No | No | Yes (custom code) |
The common thread: hosted platforms provide convenience but rarely offer complete consent management out of the box. A dedicated CMP fills the gap regardless of which builder you use.
Frequently Asked Questions
Does Wix automatically handle cookie consent for GDPR?
Wix provides a basic cookie banner option, but it does not guarantee full GDPR compliance. The built-in banner cannot block all third-party cookies, and it lacks automated scanning and granular category controls. You are responsible for ensuring your site meets all regulatory requirements.
What cookies does a Wix website set by default?
Wix sets several platform-level cookies including svSession for visitor identification, XSRF-TOKEN for security, and hs for login verification. Additional cookies appear when you install apps from the Wix App Market or add custom tracking code.
Can I use an external cookie consent tool on Wix?
Yes. You can add an external CMP to your Wix site by pasting its script into the Custom Code section of your Wix dashboard. The script should be placed in the head of all pages to ensure it loads before any other tracking scripts.
Do I need cookie consent if my Wix site only has UK visitors?
Yes. The UK GDPR and PECR require consent for non-essential cookies regardless of whether the site owner is based in the UK. The rules mirror EU requirements closely, and the ICO has been actively enforcing cookie compliance since 2025.
How do I block Google Analytics cookies on Wix until consent is given?
A dedicated consent management platform can block the Google Analytics script from executing until the visitor provides consent. This is done through prior blocking, where the CMP intercepts script loading. The built-in Wix banner may not reliably block GA cookies from third-party integrations.
Is the Wix cookie banner free?
Wix offers a basic consent banner at no additional cost, though it has limited customisation and language support. The free version supports only one additional language and lacks advanced features like automated scanning or granular consent categories.
Take Control of Your Cookie Compliance
If you are not sure which cookies your Wix site sets, start with a free scan. Kukie.io detects, categorises, and helps you manage every cookie - so your visitors get a clear choice, and you stay on the right side of the law.
