Does GDPR require a reject button as prominent as accept?

Yes. Under GDPR and EDPB guidance, refusing non-essential cookies must be as easy as accepting them. A banner with a bold 'Accept all' but only a buried 'Manage preferences' link is widely considered non-compliant, so this tool generates an explicit reject-optional label.

Can I rely on essential cookies without consent?

Strictly necessary cookies — for login, security, and basic functionality — do not require consent under the ePrivacy Directive. The banner copy here is for the optional categories such as analytics, marketing, and personalisation, which do require an affirmative opt-in.

What should the consent message actually say?

It should state that the site uses cookies, name the categories in plain language, explain the purpose briefly, and link to a cookie or privacy policy. Pre-ticked boxes and implied consent from continued browsing are not valid under GDPR.

Does this make my site legally compliant?

No. The copy helps you write clear, honest banner text, but compliance also depends on actually blocking non-essential cookies until consent, honouring withdrawal, and keeping records. Treat the output as a drafting aid, not legal advice.

Is anything I type uploaded?

No. The banner copy is assembled in your browser from your inputs. Nothing is sent to a server, so you can draft text for an unreleased site privately.

Cookie Consent Banner Copy Builder

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

The Cookie Consent Banner Copy Builder writes the short, careful text a cookie banner needs to be both clear to users and defensible under GDPR. A compliant banner is more than a single “Accept” button: it has to name the cookie categories, explain the purpose, link to a policy, and offer a reject option that is just as easy to click as accept. This tool drafts every one of those strings from a few inputs.

How it works

You supply your site name and select which cookie categories you actually use — analytics, marketing, personalisation, or functional. The builder assembles a consent message that names those categories honestly, then generates four button and link labels: Accept all, Reject optional, Manage preferences, and a short policy-link prompt. The reject label is always rendered as a real, equally weighted action rather than a buried link, reflecting the EDPB requirement that refusing be as easy as accepting. The wording avoids dark-pattern phrasing like “Accept to continue” that pressures users into consent.

Tips and notes

Block before consent. Copy alone is not compliance — your site must not set non-essential cookies until the user opts in, and must let them withdraw consent later.
Name the categories. Generic “We use cookies” text is weaker than naming analytics and marketing explicitly; honesty about purpose is part of valid consent.
Keep accept and reject equal. Give both buttons the same visual weight. A bold accept beside a faint reject is the most common compliance failure regulators cite.