Quick Verdict: Shopify vs Wix Cookie Consent at a Glance
Choosing between Shopify and Wix for your online store means inheriting two very different consent architectures. Both platforms can reach full GDPR compliance, but the routes differ sharply in cost, flexibility, and technical effort.
| Feature | Shopify | Wix |
|---|---|---|
| Built-in cookie banner | No - requires a third-party app or custom code | Yes - Usercentrics-powered banner included free |
| Default consent categories | Analytics, marketing, preferences, sale of data | Essential, analytics, marketing, functional |
| Google Consent Mode v2 | Supported via Customer Privacy API and apps | Supported natively through Usercentrics integration |
| Cookie scanning | Not built in - relies on external tools | Automated monthly scans via Usercentrics |
| Script blocking before consent | Customer Privacy API + Web Pixels API | Automatic for Wix-managed scripts; Velo needed for custom code |
| Consent logging | Depends on chosen CMP app | Built-in consent log with export |
| Cost for basic compliance | Free (basic) to paid (full CMP app) | Free tier included with Usercentrics |
The table tells a clear story: Wix bundles more out of the box, while Shopify offers deeper customisation through its APIs. Which matters more depends on your technical comfort and budget.
How Shopify Handles Cookie Consent
Shopify does not ship a cookie banner. Instead, it provides two APIs that third-party apps and custom code can hook into: the Customer Privacy API and the Web Pixels API.
The Customer Privacy API acts as the consent layer. When a visitor interacts with a cookie banner provided by a third-party app, the app writes consent signals back to Shopify across four categories: analytics, marketing, preferences, and sale of data. Shopify's pixel manager then checks these signals before loading any tracking pixel. If a pixel declares that it requires marketing consent and the visitor has not granted it, the pixel simply does not fire.
This architecture is powerful but requires setup. Without a consent app installed, Shopify stores set cookies like _shopify_y (visitor tracking, two years), _shopify_s (session tracking, 30 minutes), and _shopify_sa_t (referrer tracking) without collecting consent first - a clear violation of Article 5(3) of the ePrivacy Directive for EU visitors.
For a full walkthrough of cookie consent on Shopify, including the types of Shopify cookies your store sets by default, see the dedicated guides.
Shopify's Script Control: The Pixels API
Shopify's Web Pixels API is the primary mechanism for conditionally loading scripts based on consent. Developers register pixels as "app pixels" or "custom pixels" and declare which consent categories they require. The pixel manager handles the rest: it reads the current consent state from the Customer Privacy API and only loads pixels whose requirements are met.
This is a clean separation of concerns. The consent tool collects choices, and the pixel manager enforces them. But it only works for scripts registered through the Pixels API. Older Shopify themes that inject scripts directly into theme.liquid bypass this system entirely, meaning those scripts fire regardless of consent status.
How Wix Handles Cookie Consent
Wix takes a more integrated approach. Every Wix site can activate a consent banner from the Privacy Centre in the site dashboard. Since 2024, this banner has been powered by a partnership with Usercentrics, replacing the older Wix-native cookie banner.
The built-in solution includes automated monthly cookie scans, support for up to 60 languages, and a consent log that records each visitor's choices with timestamps and IP addresses. Consent data can be exported directly from the dashboard, which is useful for demonstrating compliance during a regulator's inquiry.
Wix sites set a range of first-party cookies by default. Essential cookies include XSRF-TOKEN (fraud prevention, session), svSession (security, 12 months), SSR-caching (rendering performance, 24 hours), and _wixAB3 (site experiments, 6 months). These load without consent because they are strictly necessary for the site to function. When you add Wix Analytics, Google Analytics, or marketing integrations, additional cookie types appear that do require consent.
Wix Velo and Custom Script Handling
Wix's built-in banner handles Wix-managed scripts automatically - if a visitor declines analytics cookies, Wix Analytics stops collecting data. Custom scripts added through Wix Velo (the platform's development framework) need manual handling. Developers must check consent status via the Velo API before firing custom tracking code, similar to how Shopify developers use the Customer Privacy API.
For detailed setup instructions, the cookie consent for Wix guide covers both the built-in banner and third-party alternatives.
Google Consent Mode v2: Shopify vs Wix
Google Consent Mode v2 requires websites to pass granular consent signals to Google services, including the newer ad_user_data and ad_personalization parameters. Both platforms support it, but the implementation paths differ.
On Wix, the Usercentrics banner handles Consent Mode v2 signals automatically. When a visitor accepts or rejects cookie categories, the banner updates the relevant Google consent parameters in real time. No additional configuration is needed beyond activating the banner and connecting Google Analytics or Google Ads.
On Shopify, Consent Mode v2 support depends on the consent app you install. The Customer Privacy API passes consent signals that compatible apps translate into Google's consent parameters. Shopify's own documentation recommends using a consent management platform that explicitly supports Consent Mode v2 rather than attempting a manual implementation.
Both platforms can achieve full Consent Mode v2 compliance. Wix gets there with fewer steps; Shopify offers more granular control over how signals map to specific pixel behaviours.
GDPR and ePrivacy Compliance: Where Each Platform Falls Short
Neither platform is GDPR-compliant out of the box.
A fresh Shopify store with no consent app sets _shopify_y and _shopify_sa_t cookies on every visitor without asking. These are not strictly necessary for the store to function - they track visitor behaviour and referrer sources - so they require prior consent under Article 5(3) of the ePrivacy Directive and Article 6(1)(a) of the GDPR.
A fresh Wix site is closer to compliant because the Usercentrics banner is available at no cost, and essential-only cookies load before consent. But you must actually activate the banner. A Wix site with the banner turned off still drops fedops.logger.sessionId (12 months) and bSession (24 hours) cookies that could raise questions depending on their classification.
The CNIL's 2025 enforcement actions reinforce how seriously regulators treat these gaps. Fines for setting cookies before consent are no longer hypothetical - they are routine across the EU and UK. The e-commerce compliance guide covers the regulatory landscape in more detail.
Consent Storage and Proof
| Aspect | Shopify | Wix |
|---|---|---|
| Consent records | Stored by the CMP app you install | Built-in consent log in dashboard |
| Export format | Varies by app (CSV, API, dashboard) | CSV export from Wix dashboard |
| Proof of consent | Dependent on app's record-keeping | Timestamps, IP, accepted categories logged |
| Data retention | Set by CMP provider | Managed by Wix/Usercentrics |
| Cookie scanning | External tool required | Monthly automated scan included |
Flexibility, Cost, and Practical Differences
Shopify's approach suits merchants who want full control. The Pixels API, Checkout Extensibility, and deep theme customisation mean you can build a consent architecture tailored exactly to your stack. The trade-off is complexity: someone needs to configure it, test it, and maintain it as regulations shift.
Wix's approach suits site owners who want compliance without a development project. The Usercentrics integration handles scanning, banner display, consent logging, and Consent Mode v2 in a single toggle. The trade-off is flexibility: custom scripts require Velo knowledge, and the banner's design options are limited compared to standalone CMPs.
Cost is another factor. Shopify's free built-in privacy controls cover basic consent collection, but a full-featured CMP app typically costs between $5 and $50 per month depending on traffic. Wix includes the Usercentrics basic tier at no extra charge. For stores comparing Shopify against other platforms, the Shopify vs WooCommerce and Shopify vs Squarespace comparisons offer further context.
Which Platform Is Better for Cookie Compliance?
There is no universal winner. Wix makes basic compliance easier and cheaper for small sites. Shopify gives larger or more complex stores the tools to build a precise, scalable consent system. Both platforms can meet GDPR, CCPA, and ePrivacy requirements when properly configured.
If you run a simple online store with standard integrations (Google Analytics, Meta Pixel, basic email marketing), Wix's built-in banner will get you compliant faster. If you run a high-traffic Shopify store with custom pixels, server-side tagging, and multi-region requirements, the Customer Privacy API and a dedicated CMP give you the control you need. Kukie.io supports both platforms with detailed installation guides for Shopify and Wix.
Frequently Asked Questions
Does Wix have a free built-in cookie consent banner?
Yes. Wix offers a free Usercentrics-powered cookie banner through its Privacy Centre. It includes automated monthly cookie scanning, consent logging, and Google Consent Mode v2 support at no extra cost.
Does Shopify set cookies without consent by default?
Yes. A Shopify store without a consent app sets cookies like _shopify_y and _shopify_sa_t on all visitors. These track visitor behaviour and referrer data, which requires prior consent under the ePrivacy Directive and GDPR.
Do Shopify and Wix both support Google Consent Mode v2?
Both platforms support Google Consent Mode v2. Wix handles it natively through the Usercentrics banner. Shopify requires a compatible consent app that translates Customer Privacy API signals into Google's consent parameters.
Can I use a third-party CMP on Wix instead of the built-in banner?
Yes. Wix supports third-party consent management platforms installed via the Wix App Market or custom code through Wix Velo. This is useful if you need features beyond what the built-in Usercentrics banner provides.
Which platform is easier to make GDPR-compliant for a small online store?
Wix is generally easier for small stores because the free built-in banner handles cookie scanning, consent collection, and Consent Mode v2 without additional apps or configuration. Shopify requires installing and configuring a separate consent app.
How does Shopify's Customer Privacy API work with cookie consent?
The Customer Privacy API receives consent signals from a cookie banner app and passes them to Shopify's pixel manager. Pixels that require analytics or marketing consent only load after a visitor grants the relevant permission through the banner.
Take Control of Your Cookie Compliance
Whether you run your store on Shopify or Wix, proper cookie consent setup protects your visitors and keeps your business on the right side of privacy regulations. Kukie.io offers a free cookie scan that detects every cookie on your site and helps you categorise and manage them across both platforms.
