California Cookie Banner Requirements
Everything you need to know about implementing a cookie consent banner that complies with California's California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA).
Does California Require a Cookie Banner?
Recommended but not strictly required. While the CCPA/CPRA does not explicitly mandate a cookie consent banner, displaying one is considered best practice and helps demonstrate compliance with the law's transparency requirements.
What Your Cookie Banner Must Include
Clear disclosure of cookie use
Explain that your site uses cookies and similar tracking technologies, and for what purposes.
Category-level consent options
Allow users to accept or decline cookies by category: essential, analytics, marketing, and functional.
Opt-out mechanism
Users must have a clear way to opt out of non-essential cookies and targeted advertising.
Link to your privacy policy
The banner should link to a full privacy policy that covers cookie usage, data categories, and consumer rights under the CCPA/CPRA.
Honor Global Privacy Control (GPC)
The CCPA/CPRA requires your banner to detect and honor GPC browser signals as a valid opt-out request.
Understanding the Opt-out Consent Model
Under an opt-out model, non-essential cookies may be set by default, but you must clearly inform users and provide an easy way to opt out.
Your banner should prominently display options to decline non-essential cookies and honor the user's choice immediately.
Even in an opt-out model, transparency is key — your banner must clearly explain what cookies are being used and why.
How to Set Up with LegalBanner
- 1
Add your site to LegalBanner
Sign up for free and enter your website domain in the dashboard.
- 2
Set consent mode to "Opt-out"
In Settings > Consent Mode, select "Opt-out" to match California's requirements.
- 3
Install the script tag
Paste the one-line snippet into your site's <head>. The cookie banner appears automatically with the correct consent flow.
- 4
Run a cookie scan
Use the built-in scanner to identify all cookies and trackers on your site. LegalBanner auto-categorizes them.
- 5
Verify compliance
Check the consent log to confirm that consent choices are being recorded and cookies are blocked until consent is given (or until the user opts out).
Set up CCPA/CPRA compliance in 5 minutes
LegalBanner handles California privacy requirements automatically — cookie banner, opt-out links, and GPC support included.
Frequently Asked Questions
Is a cookie banner legally required in California?
While not explicitly required by the CCPA/CPRA, a cookie consent banner is strongly recommended as a best practice for transparency and to demonstrate good-faith compliance efforts.
What consent model does California use?
California uses an opt-out consent model. You may set cookies by default but must offer a clear opt-out mechanism.
Do I need to honor GPC signals for my cookie banner in California?
Yes. The CCPA/CPRA requires that websites honor Global Privacy Control (GPC) signals. When a user's browser sends a GPC signal, your cookie banner should automatically apply opt-out preferences.
Can I use a single cookie banner for all US states?
Yes. A well-configured cookie banner can satisfy multiple state laws simultaneously. The key is to configure it for the strictest applicable standard. LegalBanner automatically adjusts consent flows based on the visitor's location.