Cookie Policy Page Generator
Draft or refine a cookie policy and inventory that matches real cookies, consent posture, and GDPR/CCPA expectations before you ship or scale traffic.
Overview
Cookie Policy Page Generator is an agent skill most often used in Ship (also Validate, Launch) that produces compliant, inventory-backed cookie policy page content for solo-built sites and SaaS products.
Install
npx skills add https://github.com/kostja94/marketing-skills --skill cookie-policy-page-generatorWhat is this skill?
- Triggers on cookie policy, GDPR cookies, consent banner, and tracking cookie requests
- Initial assessment: real cookie inventory, notice vs consent, jurisdiction, product category
- GA4 cookie table pattern: `_ga`, purpose, duration, opt-out guidance
- Pairs with legal-page-generator for broader legal page work
- Versioned skill metadata (1.1.0) with structured section flow
- Skill metadata version 1.1.0
- Structured GA4 cookie table pattern with duration and opt-out column
Adoption & trust: 798 installs on skills.sh; 586 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You need a cookie policy but do not have an accurate list of cookies, consent rules, or jurisdiction-specific wording.
Who is it for?
Indie SaaS and ecommerce founders shipping to EU or California users who use analytics or session cookies.
Skip if: Teams that already have counsel-approved legal packs and only need a designer to format static PDFs.
When should I use this skill?
User wants to create or optimize a cookie policy page or mentions cookie policy, cookies, cookie consent, GDPR cookies, cookie banner, cookie notice, tracking cookies, or cookie settings.
What do I get? / Deliverables
You receive structured policy sections and inventory patterns you can paste into your site, aligned to notice vs consent and regional rules, ready to pair with a live banner implementation.
- Cookie policy page sections with inventory tables
- Notice vs consent guidance for your stack
- Opt-out and settings language aligned to listed cookies
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Legal and consent pages are often finalized pre-release; security/compliance is the canonical shelf for cookie transparency, though the same work supports launch-ready sites. Cookie policies sit with privacy, tracking, and regulatory compliance—not generic marketing copy alone.
Where it fits
Add a cookie section to a pre-launch landing page before paid traffic hits analytics tags.
Complete compliance copy before production deploy with session and CSRF cookies documented.
Update policy after enabling ad or affiliate pixels that introduce new tracking cookies.
How it compares
Focused generator for cookie transparency pages, not a full privacy program or MCP analytics connector.
Common Questions / FAQ
Who is cookie-policy-page-generator for?
Solo builders and small teams who own marketing or product sites and must publish an honest cookie policy without a legal department on retainer.
When should I use cookie-policy-page-generator?
Use it in Ship before release when hardening compliance, in Validate when drafting a landing site, and at Launch when adding analytics or ad tags that introduce new cookies.
Is cookie-policy-page-generator safe to install?
Check the Security Audits panel on this Prism page; the skill generates text only but you should still verify accuracy against your live cookie scan and local law.
SKILL.md
READMESKILL.md - Cookie Policy Page Generator
# Pages: Cookie Policy Guides cookie policy page content for transparency and regulatory compliance. Often presented as a standalone page or as part of the Privacy Policy. **When invoking**: On **first use**, if helpful, open with 1–2 sentences on what this skill covers and why it matters, then provide the main output. On **subsequent use** or when the user asks to skip, go directly to the main output. ## Initial Assessment Identify: 1. **Cookie inventory**: List every cookie the site actually sets — check `_ga`, `_ga_*`, session cookies, CSRF tokens, preference cookies, ad cookies 2. **Consent requirement**: Does the site need a notice or a consent banner? See §Notice vs Consent 3. **Jurisdiction**: GDPR/ePrivacy (EU), CCPA (California), other regions 4. **Product category**: Free anonymous, freemium, SaaS, e-commerce — affects which cookies exist --- ## Cookie Inventory: Common Patterns ### Google Analytics 4 (GA4) | Cookie | Type | Purpose | Duration | How to Opt Out | |--------|------|---------|----------|----------------| | `_ga` | Analytics | Distinguishes users; used for aggregate usage measurement | 2 years | [GA opt-out browser add-on](https://tools.google.com/dlpage/gaoptout), block third-party cookies, or enable Do Not Track | | `_ga_<container-id>` | Analytics | Persists session state; used with `_ga` for session-level metrics | 2 years | Same as `_ga` | **Disclosure requirement**: If the site uses Google Analytics, the cookie policy MUST list these cookies. GA ToS §7 requires posted privacy/cookie notice. ### Functional / Session Cookies | Cookie | Type | Purpose | Duration | How to Opt Out | |--------|------|---------|----------|----------------| | Session ID | Essential | Maintains user session across page loads | Session (deleted on browser close) | Required for service; cannot be disabled | | CSRF Token | Essential | Prevents cross-site request forgery attacks | Session | Required for security; cannot be disabled | | Fair-use quota | Functional | Counts daily usage for rate limiting | 24 hours | Clear browser data; resets on next visit | | Language preference | Functional | Remembers user's language choice | 30 days – 1 year | Clear browser data | | Dark mode / theme | Functional | Remembers display preference | 30 days – 1 year | Clear browser data | ### Advertising / Tracking Cookies (If Applicable) | Cookie | Type | Purpose | Duration | How to Opt Out | |--------|------|---------|----------|----------------| | `_fbp` | Marketing | Meta/Facebook pixel — tracks ad conversions | 90 days | [Meta ad preferences](https://www.facebook.com/ads/preferences) or block third-party cookies | | `_gcl_au` | Marketing | Google Ads conversion linker | 90 days | Block third-party cookies | | `_rdt_uuid` | Marketing | Reddit Ads conversion tracking | 90 days | Block third-party cookies | --- ## Notice vs Consent — Critical Distinction This is the most common compliance confusion. Determining which mechanism is needed depends on cookie type: ### Cookie Notice (Informational) **When to use**: Site uses only **strictly necessary** and **analytics** cookies (no advertising, no tracking, no third-party marketing cookies). **What it is**: A banner or page section stating "We use cookies for [analytics/functionality]. By continuing, you accept this." No accept/reject toggle needed. **Sufficient for**: GA4 analytics only, session cookies, CSRF tokens, functional preference cookies. ### Cookie Consent Banner (Interactive) **When to use**: Site uses **any** of: advertising cookies, third-party tracking cookies, social media pixels, or cookies that share data