How to Add Legal Pages and Compliance
Overview
Add legally required pages and consent features in Magento 2 to build customer trust, reduce compliance risk, and prevent checkout friction. This how-to guides you to create Privacy Policy and Terms of Service pages, enable checkout terms acceptance, and configure cookie consent for regional regulations.
Clear legal pages and consent improve trust signals and reduce support tickets about data rights. Making store policies explicit at checkout can reduce disputes and chargebacks. Improved trust and transparency can lift checkout conversion by reducing hesitation while lowering compliance risk.
Quick mapping: regulation to actions
| Regulation | In Magento | Outside Magento |
|---|---|---|
| GDPR/LGPD/UK GDPR | Publish Privacy Policy; enable checkout terms; enable cookie banner | Use CMP/Tag Manager to gate third-party scripts |
| ePrivacy/Cookie laws | Display consent banner before setting non-essential cookies | Gate analytics/ads until consent via CMP/Tag Manager |
| CCPA/CPRA (California) | Add "Do Not Sell or Share" page and link | Footer link on all pages; reference GPC if supported |
| DACH (Germany/Austria/Switzerland) | Add Impressum/Legal Notice page | Keep Returns/Revocation info accessible |
Non-compliance Warning
Non-compliance can be costly: GDPR/UK GDPR fines can reach up to 4% of global annual turnover; CCPA/CPRA penalties can be up to $7,500 per intentional violation.
Scope map (what you configure where)
- Global: Create CMS Pages and Checkout Agreements once, then assign to specific Store Views.
- Website: Enable Terms & Conditions; enable Cookie Restriction Mode; configure website-specific cookie settings.
- Store View: Assign localized CMS pages and agreements; manage translated content.
- Theme: Widgets are bound to a specific Design Theme.
Prerequisites
Before you begin, make sure you have:
Admin Panel Access
With permissions to manage Content, Stores Configuration, and Widgets
Legal-Reviewed Content
Privacy Policy, Terms, Cookie Policy, and regional pages
Theme Knowledge
Active theme and footer containers (or developer access)
CMP Access (Optional)
Consent Management Platform or Tag Manager settings
Legal Note
This guide is for technical setup only and is not legal advice. Work with your legal counsel to determine required disclosures and consent mechanisms for your jurisdictions.
What You'll Accomplish
By following this guide, you will:
- Create compliant legal pages (Privacy Policy, Terms and Conditions, optional Cookie/Do Not Sell pages)
- Require Terms acceptance at checkout and add legal links to your footer
- Enable cookie consent (Cookie Restriction Mode) per website
Step-by-Step Instructions
Plan scope and gather content
Decide which store views and regions need distinct policies. Confirm which websites will require cookie consent and checkout terms.
Gather approved text for:
- Privacy Policy
- Terms and Conditions (you may label the CMS page "Terms of Service" for branding)
- Regional pages (e.g., Cookie Policy, Do Not Sell or Share My Personal Information)
Create the Privacy Policy page
- 1. In Admin, go to Content › Elements › Pages › Add New Page.
- 2. Set Page Title: Privacy Policy. Set URL Key: privacy-policy.
- 3. Choose the correct Store View(s); for multi-language, create one page per store view with translated content and URL Key.
- 4. Set Status: Enabled.
-
5.
In Content, paste your Privacy Policy. Include essentials:
- What data you collect, purposes, and lawful basis
- Cookies/trackers used and how to manage preferences
- Data sharing, retention, and international transfers
- Data subject rights and how to submit requests
- Your company name, address, and contact information
- 6. Save.
Create the Terms and Conditions page
- 1. Go to Content › Elements › Pages › Add New Page.
- 2. Set Page Title: Terms and Conditions. URL Key: terms-of-service.
- 3. Assign the correct Store View(s); create localized variants as needed.
- 4. Status: Enabled.
-
5.
Add your Terms content. Include essentials:
- Order, payment, and billing terms; shipping and delivery expectations
- Returns, refunds, cancellations, and warranties
- Limitation of liability and dispute resolution
- Governing law and contact information
- 6. Save.
Optional: Create Cookie Policy and Do Not Sell pages
For regions that require them: repeat the CMS page process to add a Cookie Policy (URL Key: cookie-policy) and a Do Not Sell or Share My Personal Information page (URL Key: do-not-sell-or-share).
Include mechanisms (form or instructions) for submitting data requests/opt-outs, if applicable.
Tip (US sites)
Test placing "Your Privacy Choices" in the header utility bar to increase visibility and reduce support inquiries; keep footer links as the baseline.
Enable and configure checkout Terms and Conditions
Scope Summary
The 'Enable Terms and Conditions' setting is per Website. Checkout Agreements are global records that you assign to specific Store Views. Create one agreement per language/content variant.
- 1. Go to Stores › Configuration › Sales › Checkout.
- 2. Expand Checkout Options and set Enable Terms and Conditions: Yes. Save Config.
- 3. Go to Stores › Settings › Terms and Conditions › Add New Condition.
- 4. Fill Name (e.g., Checkout Terms) and Checkbox Text. Set Status: Enabled.
- 5. Assign Store Views. In Content, paste the full terms text. Set Show Content As: Text or HTML.
- 6. Save. If you have multiple websites, repeat configuration for each set of Store Views.
Add footer links using a CMS Page Link widget
- 1. Go to Content › Elements › Widgets › Add Widget.
- 2. Type: CMS Page Link. Design Theme: select your active theme. Continue.
- 3. Set Widget Title (e.g., Privacy Policy Link). Assign to Store Views.
- 4. Under Layout Updates, set Display On: All Pages. For Container, choose 'Footer Links'.
- 5. In Layout Updates, set Sort Order to control link sequence.
- 6. In Widget Options, select the CMS Page and set Anchor Text.
- 7. Save. Then go to System › Tools › Cache Management, Select All › Actions: Refresh, and Submit.
Note: When switching themes, widgets do not migrate automatically. Create new widgets for the new theme and disable the old ones.
Alternative: Add links via a footer CMS static block
If your theme uses a footer CMS block:
- 1. Go to Content › Elements › Blocks and locate the footer block.
- 2. Edit the block for the correct Store View and add HTML links.
- 3. Save, then refresh caches.
Example HTML:
<ul class="footer-links">
<li><a href="{{store url='privacy-policy'}}">Privacy Policy</a></li>
<li><a href="{{store url='terms-of-service'}}">Terms and Conditions</a></li>
<li><a href="{{store url='cookie-policy'}}">Cookie Policy</a></li>
<li><a href="{{store url='do-not-sell-or-share'}}">Do Not Sell or Share</a></li>
</ul>Enable cookie consent (Cookie Restriction Mode)
Important
Magento's Cookie Restriction Mode shows a basic banner and controls Magento's own cookie behavior only. It does not block third-party scripts (e.g., GA/GA4, Meta Pixel). Use a CMP or tag manager consent conditions to block non-essential scripts until consent.
- 1. Go to Stores › Configuration › General › Web.
- 2. Expand Default Cookie Settings.
- 3. Set Cookie Restriction Mode: Yes.
- 4. Save Config. Then refresh caches.
- 5. Test in a private window.
- 6. Set Use HTTP Only: Yes to reduce XSS risk.
- 7. Configure Cookie SameSite (commonly Lax).
Scope correctly for multi-language/multi-region stores
- 1. For each store view, duplicate policy pages with localized content.
- 2. Create separate Widgets pointing to each localized page.
- 3. Configure Checkout Terms and Cookie Restriction Mode per website.
Clear caches and test end-to-end
- 1. Go to System › Tools › Cache Management. Select All › Refresh.
- 2. If using Varnish/CDN, purge external caches selectively.
- 3. Open private/incognito window. Check footer links and policy pages.
- 4. Test checkout Terms checkbox behavior.
- 5. Confirm cookie banner behavior.
- 6. Repeat for each store view/website.
Verification
To confirm everything is working correctly:
-
Footer Links
- ✓ Verify links point to localized pages on each store view
- ✓ Confirm pages return HTTP 200
-
Terms & Conditions
- ✓ Attempt to place order without checking box; should be blocked
- ✓ Confirm content displays in modal with correct height
-
Cookies
- ✓ Confirm cookie banner appears in new session
- ✓ After acceptance, verify user_allowed_save_cookie=1 is set
-
Accessibility
- ✓ Verify banner/modal keyboard navigation (Tab/Shift+Tab)
- ✓ Checkbox has accessible label; focus trapped in modal
- ✓ Color contrast meets WCAG; screen readers announce headings
Common Issues and Solutions
Solution
- Set Stores › Configuration › Sales › Checkout › Enable Terms and Conditions = Yes at Website scope
- Confirm agreement Status = Enabled and assigned to correct Store Views
- See Step 5
Solution
- Ensure widget/block is assigned to correct Store View and Container
- Refresh invalidated caches at System › Tools › Cache Management
- See Step 6 (Widget) or Step 7 (Footer CMS block)
Solution
- Verify Cookie Restriction Mode = Yes at Website scope (Step 8)
- Clear browser cookies and test again
- Check browser console for JavaScript bundling/minification errors
Solution
- Confirm page is assigned to current Store View (Steps 2–4)
- Verify URL Key matches the link exactly
- If using widgets, confirm Design Theme matches storefront theme (Step 6)
