Set up the age-verification gate on your site

Settings -> Site Protection -> Age Verification panel — Enable toggle, Minimum age, Cookie expiration (days), Gate background image upload, Restricted content message fields

⏱ ~6 min read · how-to reference — covers setup, all fields, troubleshooting, and worked examples.
In short. The age-verification gate is a one-click overlay shown to first-time visitors before they see any content on your site. Enable it at Settings → Site Protection → Age Verification, set a minimum age and a remember-me window, and save. Visitors confirm once; their browser remembers them for the configured number of days. The gate is a self-attested check — it satisfies "good-faith age confirmation" requirements for most regulators, payment processors, and ad networks, but it does not verify identity.

On this page: What this is for · Good use cases · What NOT to use this for · Scope · Fields · How it connects · Before you start · Where to go · Steps · What success looks like · Troubleshooting · Examples · Next steps


What is this for?

The age-verification gate is a full-screen overlay shown to first-time visitors before they see any content on your site. They confirm their age with one tap, and your site loads normally. It is the right tool when you sell or display age-restricted content — wine, beer, spirits, cigars, vape products, or adult content.

The gate is intentionally simple: a one-click affirmation. It does not check ID, verify a date of birth, or call any external service. It satisfies the "good-faith age check" requirement that most regulators ask for. For most age-restricted retailers, that is exactly the right floor. If you need actual identity verification — uncommon, but real for some adult content and online cannabis — you would add a dedicated identity service on top of the gate.

A visitor confirms once and is remembered for the number of days you choose. On their next visit inside that window, the gate stays out of the way. After the window expires, the gate appears once more, they confirm again, and the cycle repeats. The gate uses your brand colours and logo by default, so it feels like part of your site rather than a third-party widget.

Good use cases

  • Wine, beer, and spirits retailers — state laws and federal regulations expect you to ask before showing alcohol products. The gate satisfies that expectation in a way visitors find familiar.
  • Cigar lounges and tobacco specialty shops — the gate is the right first impression and signals to regulators that you are a responsible retailer.
  • Vape shops and CBD retailers — payment processors and ad networks scrutinize this category. A clear age check protects your relationships with those services and reduces account-suspension risk.
  • Adult lifestyle and intimacy brands — "must be 18 or over" is the right floor for most adult-content sites; the gate copy can be customized to say "18" instead of "21".
  • Membership clubs with age-restricted events — for example, a private supper club where a younger visitor should be asked to confirm before viewing wine pairings.
  • Auction houses and rare-goods dealers — if your catalogue includes vintage spirits, antique firearms, or estate-sale wine cellars, the gate is the lowest-friction way to set the expectation.

What NOT to use this for

  • Real identity verification — the gate is a self-attested age check, not an ID-scanning service. If your jurisdiction requires actual ID verification (some online cannabis marketplaces, some adult sites), you need an integration with a dedicated identity-verification service. The age gate is a good-faith first step, not a compliance proof.
  • Locking down your whole site to logged-in users only — use Site Protection (the full-site password feature) instead. The age gate is for "are you old enough to see this content"; Site Protection is for "are you allowed to see this content at all".
  • Region-locking your site — the gate does not check where the visitor is coming from. Geographic IP filtering is a separate feature.
  • Restricting access to specific pages — the gate is site-wide. It fires for every page or for no pages; there is no per-page allowlist or denylist.
  • Replacing a privacy or cookie-consent banner — those are different requirements governed by different rules and need their own banners.
  • Logging or auditing who confirmed — the gate does not record who tapped which button. It is anonymous by design.

Scope

The gate is site-wide. When enabled, it fires for every first-time visitor to any public page, before any content loads.

  • Covers: all public pages — homepage, product pages, blog posts, contact page, and any other page visitors can reach without a password.
  • Does not cover: your admin dashboard or areas that require admin login. Admins logged into the dashboard are not shown the gate on the public site.
  • Per-visitor memory: the gate state is stored in the visitor's browser (a cookie). Each browser is independent — a visitor who confirms on their laptop has not confirmed on their phone.
  • Not per-page: no way to show the gate only on specific pages. It fires site-wide or not at all.
  • Remember window: configurable from 1 day to 365 days. Default is 1 day. After the window expires, the gate fires again for the next visit.

Fields

SettingTypeDefaultEffect
Enable age verificationToggle (On/Off)OffMaster switch. Gate fires only when this is On.
Minimum ageNumber21The age shown in gate copy ("You must be N or older") and on the confirm button.
Cookie expiration (days)Number (1–365)1How many days a confirmed visitor is remembered before the gate fires again.
Gate background imageFile upload(none)Optional photo behind the overlay. If empty, uses brand colours from Settings → Branding.
Restricted content messageText areaPlatform defaultWhat visitors see when they tap "I am under N".

How this connects to other features

  • Site Protection (full-site password) — both show a gate before the site loads. The age gate is a one-click confirmation; Site Protection asks for a password. You can run them together for a private, age-restricted site, though most customers pick one or the other.
  • Maintenance Mode — when Maintenance Mode is on, the maintenance page replaces the entire public site and the gate does not appear. The gate state is preserved for when maintenance ends.
  • Settings → Branding — the gate inherits your site's logo and brand colours. If the gate looks off-brand, check Branding first.
  • Custom Codes — advanced customers can add tracking code (for example, a counter for "how many visitors confirmed today") in Custom Codes. That goes there, not in the age-gate panel.
  • Pages and Blog — both render normally once the visitor has confirmed. The gate only fires once per remember-me window, so it does not interrupt a visitor paging through articles.
  • Forms — visitors who confirmed can fill in forms (newsletter, contact, checkout) without seeing the gate again. The gate sits at the front of the visit, not at the front of every action.

Before you start

You will need:

  • A clear minimum age. Most US alcohol retailers use 21. Tobacco and vape are typically 18 or 21 depending on state. CBD is most often 21. If you serve multiple jurisdictions, use the strictest age that applies; visitors expect a single floor, not a region-aware one.
  • A "no, I am too young" message. Have this copy ready before turning the gate on. A friendly, brand-true goodbye keeps the visitor as a future customer. Default text works, but most customers personalize it with their voice and brand.
  • A decision on remember-me length. Default is 1 day. Some customers prefer 7 or 30 days. Shorter windows are more defensible for compliance; longer windows reduce friction for returning visitors.
  • A test visit plan. After saving, open the public site in a private browsing window and confirm the gate appears, the buttons work, and the styling looks right. Test on both desktop and mobile. A 90-second test catches the vast majority of issues before any real visitor sees them.
  • (Optional) an on-brand hero image. A vineyard photo, a tasting-room shot, a still-life of your products. Optional, but it elevates the gate from generic to yours. Keep it visually simple — the gate copy and buttons need contrast against it.

Where to go

In the admin sidebar, go to Settings → Site Protection → Age Verification. The panel is always under Settings. If you cannot find Site Protection, use the admin search bar at the top and type "age" — the panel appears in the suggestions.

Steps — turn on the age-verification gate

1. Open the Age Verification panel

In your admin sidebar, click Settings, then Site Protection. You will see two sub-panels: "Site Protection" (the full-site password) and "Age Verification". Click Age Verification.

The panel shows a master toggle at the top and a handful of fields beneath it. Take a moment to scan the panel before changing anything.

2. Set the minimum age

In the Minimum age field, type the age the gate will show in its copy. Default is 21. If your state uses 18, change it to 18. The number appears in two places on the gate: the headline ("You must be N or older") and the confirmation button ("I am N or over").

If you serve multiple jurisdictions, use the strictest age that applies. A 21-floor site is universally accepted; an 18-floor site may raise flags during a compliance review in a 21-minimum jurisdiction.

3. Set the remember-me length

In the Cookie expiration (days) field, choose how long the gate should remember a returning visitor before asking again. Default is 1 day. Common values:

  • 1 day — re-asks every 24 hours. Strictest. Default.
  • 7 days — re-asks weekly. Good for most retailers.
  • 30 days — re-asks monthly. Good for high-traffic sites where the gate is friction.
  • 365 days — effectively permanent for the year.

Stricter (shorter) values are more defensible if you need to demonstrate a "good-faith" check.

4. Personalize the restricted-content message

In the Restricted content message field, write what visitors see when they tap "I am under N". Default is generic — personalize it. A good message tells the visitor why you are asking, when they should come back, and what they can do in the meantime (newsletter signup, social follow). A thoughtful goodbye is one of the most overlooked conversion moments on a retailer's site.

5. Optionally upload a gate background image

In the Gate background image field, upload a hero image for the gate. This is optional — if you skip it, the gate uses your brand colours from Settings → Branding.

Pick something on-theme and visually simple: a vineyard, a cigar room, a tasting bar. Avoid logos or text in the image; the gate already shows your logo. A single focal point with plenty of negative space works better than a busy texture.

6. Toggle Enable age verification ON

Flip the Enable age verification toggle from Off to On. This is the master switch. Until it is on, the gate does not appear regardless of how the other fields are configured.

7. Click Save changes

Save your changes. You should see a confirmation that the settings were saved (typically under a second). If you do not see the confirmation, scroll up — it may be at the top of the panel rather than next to the button.

8. Test in a fresh browser window

Open a private browsing window (Ctrl+Shift+N in Chrome, Ctrl+Shift+P in Firefox, Cmd+Shift+N on Mac). Visit your public site. Confirm:

  • The gate appears before any of your real site content.
  • The minimum age in the headline matches what you typed.
  • The "I am over N" button dismisses the gate and reveals your site.
  • Reloading the page does NOT bring the gate back (the visitor was confirmed).
  • The "I am under N" button shows your restricted-content message.

If anything looks off, return to the admin panel and adjust. You can save as many times as needed; each save updates the live site within a couple of minutes.

What success looks like

A first-time visitor lands on your homepage. Before they see anything, the gate appears. They tap "I am over 21", the gate fades out, and your homepage loads normally. Every page they visit for the configured window loads without interruption. After that window, the gate appears once more, they confirm again, and the cycle continues.

A second visitor taps "I am under 21". The gate is replaced by your restricted-content message — they cannot reach your site content from there.

A returning customer who confirmed two days ago: depending on your remember-me setting, they either see the gate again (1-day setting) or skip it (7-day or longer). The gate state is per-browser, so a customer who switches devices sees the gate on each new device. That is expected behaviour, consistent with every other age-gated site they have visited.

What to do if it does not work

  • The gate does not appear at all. Confirm the Enable age verification toggle is On. If it is, hard-reload in a private browsing window (the previous gate state is cached for up to a couple of minutes). If you still do not see the gate, check whether Maintenance Mode is on — the maintenance page replaces the whole site, including the gate.
  • The gate keeps showing on every page even after I tapped "I am over 21". Almost always a browser setting wiping cookies between page loads — an aggressive privacy extension, a "delete cookies on tab close" setting, or a corporate browser policy. Test in a normal browser without those extensions to confirm.
  • The gate looks off-brand. Check Settings → Branding. If logo and colours there are correct and the gate still looks wrong, try uploading a gate background image. Make sure your logo is at least 400 pixels wide for typical layouts.
  • Visitors report the gate is too aggressive (re-asking every day). Bump Cookie expiration (days) from 1 to 7 or 30. Visitors keep their current state for the old window; new confirmations use the new window.
  • Visitors report two different age prompts. Another script (a third-party widget or a cookie banner) is also asking for age. Audit your Custom Codes for a duplicate gate script and remove it.
  • The buttons do not respond when tapped. Rare; usually means a Custom Codes entry is breaking the gate's interactive behaviour. Temporarily disable recently-added Custom Codes entries, reload, and test.
  • The gate appears in the wrong language. The gate uses the site's default language setting. Check Settings → Localization to confirm the default language matches what your visitors expect.
  • A visitor reports the gate looks broken on their phone. Confirm in a private browsing window on a phone. A custom background image with portrait orientation can produce odd layouts — try a landscape-oriented image instead.

Examples

Six worked scenarios — from a launch-day rollout to turning the gate off.

Example 1. Your Store launching a wine line

Your Store is launching a new line of wines. The marketing team will send a launch email to 8,000 subscribers on Tuesday and wants the age gate live before the email goes out.

The owner opens Settings → Site Protection → Age Verification, sets minimum age to 21, sets remember-me to 30 days (so existing customers are not re-gated mid-purchase), uploads a vineyard-and-bottle still-life as the background, and personalizes the under-21 message with a link to the under-21-friendly alcohol-free subscription. They flip the toggle on, save, and test in a private browsing window.

Of the 1,247 unique clicks on launch day, 38 visitors tap "I am under 21" and 14 click through to the alcohol-free subscription — a side benefit of a thoughtful goodbye message.

Example 2. Your Store's wholesale portal for trade buyers

Your Store supplies wine and spirits to bars and restaurants. Their wholesale portal runs Site Protection (a password gate) AND the age-verification gate — the password goes to verified buyer accounts, and the age gate confirms the buyer is of legal age to purchase spirits.

A buyer arrives, enters the password, and immediately sees the age gate. They tap "I am over 21" and reach the catalogue. The team set remember-me to 30 days so the gate stays out of the buyer's way during a normal purchase rhythm.

The team's compliance officer cited the gate during their annual supplier audit and the auditor moved on without further questions.

Example 3. Your Store uses an 18-floor gate for a licensed event series

Your Store runs a series of late-night tasting-room events featuring live music and beer pairings. The events are 18+ admission �� a common floor for adult events in their market. For this event-registration sub-site, they set minimum age to 18 and remember-me to 7 days because event interest is browsed in bursts around announcement dates.

The owner writes a short, direct message: "These events are for adults 18 and over. Confirm you are 18 or older to see event details." The under-18 message links to their general alcohol-free shop.

Example 4. Turning the gate OFF

Your Store added the gate by accident when a new team member was experimenting with site protection settings.

The owner opens Settings → Site Protection → Age Verification, flips the Enable age verification toggle from On to Off, and saves. The gate stops appearing for new visitors. Returning visitors who already had the cookie set see no change — they continue to see the site without interruption.

There is nothing to delete or clean up. The gate is a render-time check — turning the toggle off removes it immediately on the next page load.

Example 5. Your Store's seasonal change for a spirits launch window

Your Store runs their mulled-wine line as a seasonal product — available October through December. During the launch window they bump remember-me from 7 days down to 1 day and swap the gate background to a cozy cellar-in-winter photo. When the spirits line is off sale, they turn the gate off entirely (the non-alcoholic catalogue does not need age verification).

Every change is a save and a 90-second test. The team treats the gate as a small but real seasonal touchpoint during the spirits window, not a set-and-forget compliance checkbox.

Example 6. Handling the "two cookies" question from a tech-savvy customer

Sometimes a developer-savvy customer notices two age-related cookies in their browser — one called age_verification and one called age_verified — and emails asking why.

The short answer: the site is fine, the gate is working correctly, and only one of those cookies drives the gate. The other is a leftover from a legacy code path that does not affect production behaviour. A future engineering cleanup will remove the leftover; in the meantime, the customer can ignore it. This is documented in the internal-team triage runbook for support reps.

The longer answer: the gate is a self-attested age check, the cookie is the visitor's confirmation, and the duplicate is harmless metadata that does not change what visitors see or experience. This question comes up rarely — perhaps once a quarter — and a clear, calm answer reassures the customer that the site is well-tended.

Next steps

  • If your site needs more than an age check — for example, a member-only catalogue — see Site Protection (the full-site password feature).
  • If your site is showing a maintenance page instead of the gate, see the Maintenance Mode docs.
  • If your gate looks off-brand, see Branding to update your logo and brand colours.
  • If you want to track how often visitors decline the gate, Custom Codes can add a small counter.
  • If you want to translate the gate into multiple languages, see the Localization docs.
  • If you have a separate adult-content section on a generally-family-friendly site, see Pages and the per-page protection options for content gating beyond the site-wide gate.

Related reading

  • Your home page — manage the page your visitors land on when the gate clears.