Blog
A website with no cookie banner: it can be done, and it is better
The cookie banner has become a reflex, but it is almost always the symptom of technical choices, not a legal obligation. Here is how to build a site that does not need one, and why that is an advantage.
Almost every website you open greets you with a box asking you to accept cookies. It has become automatic on both sides: people publish one because everyone does, and visitors click «accept» without reading. Yet in most cases that banner is the symptom of a technical choice, not an obligation that falls from the sky.
Why the banner exists
The rule is simpler than it is usually made to sound. Prior consent is required when a site places tools on the user’s device that are not strictly necessary to make the page work: profiling cookies, statistics that identify the individual visitor, third-party scripts that follow a person from one site to the next.
Technical cookies, the ones that are indispensable to deliver what the user asked for, do not require consent. The catch is that most banners are not caused by technical cookies. They are caused by a cookie-based analytics tool, by fonts loaded from a third-party CDN, by an embedded map, a video, a «like» button. Each of those brings third-party tracking with it, and that is what forces the banner.
What «cookieless» means
A cookieless site deals with the problem at the source: instead of asking permission to track, it does not track. In practice that means making a few deliberate choices while building it.
- Fonts hosted on your own domain, not pulled from an external service. Same visual result, no data leaving towards third parties.
- No cookie-based analytics. If you need the numbers, you use tools that measure in aggregate and anonymous form, without identifying the individual visitor.
- No embedded third-party components such as maps, videos or social widgets loaded from other domains. Where they are genuinely needed, you pick alternatives that do not track.
- Anti-spam protection on the form without profiling systems: a hidden field and a rate limit on requests are enough.
Once the third-party trackers are gone, nothing is left that requires consent. And without that, the banner has no reason to exist.
One thing is still required: the privacy notice
It is easy to mix up two separate things here. Removing the banner does not remove every obligation. As soon as a site processes personal data, and a contact form or the ordinary server logs with IP addresses are enough, a privacy notice is due: who the data controller is, what data is collected, for what purpose, and for how long it is kept. The notice stays, the banner goes. They are two different things, often treated as one out of habit.
Why it pays off, beyond the law
Giving up third-party tracking is not only a way to avoid the banner. It is a better site.
- Faster. Every third-party script is one more request, often to a distant server. Removing them makes pages lighter and improves load times, which also weigh on search ranking.
- More respectful. The user has nothing to decide, because there is nothing to grant. Whoever arrives meets the content, not a box to dismiss.
- More secure. Every external component is one more door that someone else controls. Fewer third parties means less exposed surface and fewer things that can break or be compromised.
- Easier to run. No consent management platform to configure, update and hope it works.
In practice
This very site is built that way: no non-technical cookies, no third-party scripts, fonts served from the domain. The security policy declared by the server makes it explicit, because it only allows resources to come from the site itself.
# Everything originates and stays on the domain, nothing to third parties
Content-Security-Policy: default-src 'self'; connect-src 'self'
# And no tracking cookie in the response:
Set-Cookie: (none)It is not the right answer for every project: there are cases where a third-party service is genuinely needed, and then consent has to be asked for and handled properly. But for a brochure site, a portal or an internal tool, starting without trackers is almost always possible. And when it is possible, it is the right choice: for the visitor, for the law, and for whoever has to maintain the site over time.