Script Blocking

Our CMP is designed to prevent tracking scripts from running until consent is given. It does this in two complementary ways: automatic blocking (always on) and manual blocking (optional for advanced control).

All blocking relies on the concept of Services you define in your configuration. Each Service includes:

• A domain pattern to match requests (e.g. *.google-analytics.com)
• The category it belongs to (like Analytics or Advertising)

When a user hasn't consented to a category, any Service matching that category will be blocked.

Automatic Blocking

Automatic blocking is always enabled. It scans your pages for network requests and script loads that match any configured Service domains:

• Blocks requests that match configured Services immediately on page load.
• Also blocks dynamically injected scripts (e.g. from Google Tag Manager).
• Stops these scripts from executing until consent is granted for their category.

Important: Always test your implementation to ensure no critical functionality is inadvertently blocked.

Important: Scripts that are present on the page during load (not injected via tools like Google Tag Manager) may have their assets loaded in the browser's resources tab. However, Ours will still attempt to block these scripts from executing, assuming you've properly configured your services and loaded the Ours Privacy CMP script early enough in your HTML page.

Important: Always configure your web scanner and check it frequently. This will help you identify which pixels, scripts, and cookies are being set without proper categorization.

If a script needs to be loaded on the page (not injected), it's best practice to include it directly in your HTML with the data-category and type="text/plain" attributes shown in the manual blocking section below.

Manual Blocking

Manual blocking gives you precise, in-page control over which scripts are held back until consent.

Use manual blocking for any script that exists in your HTML document when the page loads. This includes:

• Scripts in your HTML source code
• Scripts added during server-side rendering
• Scripts that are part of your initial page structure

For this approach, you manually mark scripts in your HTML with special attributes that identify their category:

<script
  type="text/plain"
  data-category="analytics"
  src="https://www.google-analytics.com/analytics.js"
></script>

When the user consents to "analytics," these scripts are dynamically enabled.

What manual blocking controls:

• Execution: Scripts marked with type="text/plain" won't execute until consent
• Download: Scripts still download initially (unless you add additional attributes)
• Timing: Script execution is delayed until the user grants consent

When you don't need manual blocking:

• Scripts dynamically inserted via Google Tag Manager
• Scripts added by JavaScript after page load
• Scripts loaded through other tag management systems

Benefits of manual blocking:

• Full control over which inline or external scripts are gated
• Ensures even scripts without network patterns can be held until consent
• Useful for self-hosted or custom third-party scripts

Tip: Combine automatic blocking (for domain-level detection) with manual blocking (for page-specific script tags) to ensure comprehensive coverage.

Next Steps

• General Settings: Configure Services and categories for blocking
• Installation: Ensure proper script placement for blocking to work