Integrations

Cookie consent and privacy

Add a GDPR/CCPA-compliant cookie banner to your PageFork site and control how tracking scripts load.

If visitors from the EU, UK, or California can reach your site, most tracking scripts (GA4, Meta Pixel, chat widgets, session replay) need a cookie-consent banner before they run. PageFork doesn’t ship a banner of its own — the right pattern is a small third-party consent manager.

This page is practical guidance, not legal advice. If compliance matters for your business, consult a lawyer.

Do I need a banner?

Probably yes, if you add any of these:

  • Google Analytics, Hotjar, Clarity, PostHog (with session replay).
  • Meta Pixel, LinkedIn Insight, TikTok Pixel, Google Ads tags.
  • Chat widgets like Intercom, Drift, HubSpot Chat.
  • Embeds that load third-party cookies (YouTube default mode, many social embeds).

Probably no, if your tracking is limited to:

  • Plausible, Fathom, Simple Analytics (cookieless by design).
  • Google Analytics with IP anonymization and regional restrictions (gray area — check current guidance for your region).
  • No tracking at all.

All of these ship as a drop-in JavaScript snippet. Paste into PageFork the same way as any other integration.

CookieYes

Free tier covers small sites. Supports GDPR, CCPA, LGPD.

Add CookieYes consent banner to every page. Site ID: abc123.

Cookiebot

Enterprise-ready, auto-scans your site for cookies and classifies them.

Add Cookiebot to every page. CBID: abc-123-def.

Termly

Good all-in-one (banner + privacy policy + terms generator).

Add Termly to every page. Website UUID: abc123.

Osano

Mid-market, heavy on compliance features.

Add Osano consent banner. Site ID: abc-123.

Quantcast Choice

IAB TCF 2 compliant; usually overkill for a small site.

Klaro!

Open-source, free, self-configured.

Add the Klaro! consent banner to every page. Manage these services:
Google Analytics, Meta Pixel, Intercom.

Most managers support two styles:

  • Automatic blocking — the manager’s script is loaded first, and it intercepts and blocks other scripts until the visitor accepts. You mark your tracking scripts with a special type attribute (or add them via the manager’s UI).
  • Consent mode — Google’s standard. Scripts load but only send “allowed” pings. Works with GA4, Meta, Microsoft Clarity via their consent APIs.

Tell the AI which one your manager uses:

Wire Cookiebot to automatically block GA4, Meta Pixel, and Intercom
until the visitor accepts analytics and marketing cookies.
Wire GA4 with Google Consent Mode v2, default denied, update when
Cookiebot fires consent.

Categorization

Consent managers group cookies into categories. A typical setup:

  • Strictly necessary — session, CSRF, consent state. Always on, no toggle.
  • Functional — language preference, theme. Optional.
  • Analytics — GA4, Plausible (if you treat it as analytics), Hotjar, Clarity. Gated.
  • Marketing — Meta Pixel, TikTok Pixel, ad retargeting. Gated.

Your manager’s dashboard is where you assign each script to a category.

Privacy policy and terms

A banner is only half the picture. You also need:

  • A Privacy Policy page describing what you collect and why.
  • A Terms of Service page (for most commercial sites).
  • A Cookie Policy (some jurisdictions require it separately from the Privacy Policy).

Tools like Termly, iubenda, and FreePrivacyPolicy.com generate these. Paste the output into a PageFork page or link out to the vendor-hosted version.

Create a /privacy page with this policy text:

(paste the generated policy here)

DNT (Do Not Track) and GPC

Some regions require you to honor the Global Privacy Control signal (a browser-level header that says “I don’t want to be tracked”). Most consent managers support GPC out of the box — enable it in their dashboard.

Testing

After adding a banner:

  1. Open the published site in a private/incognito window so no existing consent is cached.
  2. Verify the banner appears on first load.
  3. Click Reject all — then check devtools → Network for pings to GA4, Meta, etc. There should be none (or only “default denied” consent pings).
  4. Click Accept all — the pings should now fire.
  5. Verify the consent persists across pages but resets after clearing cookies.

Scripts the banner should never block

Some things should always run — otherwise the site breaks:

  • Your own form submission logic (PageFork forms are first-party and essential).
  • Payment-provider scripts on checkout pages (Stripe, Paddle, etc.).
  • Security / anti-abuse scripts like reCAPTCHA when used for security rather than tracking.

Put these in the “strictly necessary” category.

Consent managers provide a small “cookie settings” link or floating icon that lets visitors change their mind. Add it to the footer:

Add a "Cookie settings" link in the footer that opens the Cookiebot
preference center.
  • GDPR (EU/EEA, UK) — requires opt-in consent before non-essential cookies. Banners must offer an equally easy “reject” option.
  • CCPA / CPRA (California) — requires a “Do Not Sell or Share My Personal Information” link if you do any targeted advertising.
  • LGPD (Brazil) — similar to GDPR.
  • ePrivacy Directive — older EU law, still relevant, focused on cookies specifically.
  • PECR (UK) — similar to ePrivacy.

When in doubt, pick the strictest applicable law and design for it.

Next

Previous Payment links and checkout Next Credits explained