How Does Automatic Blocking Work in Secure Privacy CMP v1?
General Working Mechanism
The Secure Privacy Scanner scans your website and identifies all cookies and services. You can view a detailed report of your cookies and plugins inside the Scan Report.
Based on the Scan Report, Secure Privacy generates a JavaScript file unique for each domain. This file contains detailed information on what scripts, pixels, and iframes to block. The list is editable and configurable through the Classification screen in the dashboard:
Use this screen to add or remove any custom scripts you want to block or unblock. Each time you save, the JavaScript file updates with the latest list.
Note: Automatic Cookie Blocking
Secure Privacy blocks all non-essential cookies from being set until user consent is received.
[CMP v1] Blocking Modes Explained
- v2 Blocking: This is Secure Privacy’s current automatic blocking method. It prevents all cookies from being set on a visitor’s device except for those classified as essential—typically cookies necessary for basic website functionality. Cookies beyond these essential ones require explicit user consent before they can be placed. This advanced blocking approach respects users' privacy by ensuring no non-essential tracking occurs without their agreement.
- v1 Blocking: This is an older, legacy blocking mechanism maintained for backward compatibility with some existing systems. However, it is not recommended for new users because it lacks the robustness, effectiveness, and features of the v2 method. Privacy protection technology continues to evolve, making the v1 method outdated and less secure compared to modern standards.
- Disabled Blocking: When blocking is disabled, Secure Privacy does not restrict the placement of any cookies or services. This mode is generally used for manual blocking scenarios, allowing users to decide freely which cookies or services to permit. While it offers maximum flexibility, it places the responsibility for privacy management entirely on the user, as all cookies may be set until the user actively intervenes.
Prerequisites for Auto-Blocking
Auto-blocking depends on your scan results and cookie categorizations. If a cookie is undetected or uncategorized, it won't be blocked. Always re-scan your site before implementing auto-blocking to ensure all cookies are detected and categorized.
Technical Working Mechanism
Each cookie-setting script is tracked in a unique JavaScript file, using the MutationObserver API compatible with all major browsers including IE11. This observer monitors script loading patterns and blocks them until user consent is given.
Blocking Mechanism for Different Components
- Pixels – When automatic blocking is enabled, Secure Privacy blocks all pixel trackers by default. These pixels are only added to the HTML DOM after the user has given explicit consent. For example, a Facebook Pixel will remain inactive until the user approves the related consent.
- Scripts – Similar to pixels, Secure Privacy prevents scripts from being injected into the HTML DOM until the user grants consent. For instance, Google Analytics scripts will not load before user approval, which may lead to reduced analytics and user tracking until consent is given.
- Iframes – Blocked iframes are managed via the Iframe tab within the blocking configuration settings. Secure Privacy automatically blocks these iframes and displays an overlay informing users that the iframe is blocked. This overlay includes a message and a consent button, allowing users to enable the iframe if they choose.
How to Block a New Script, Pixel, or Iframe
If you need to block a new script manually, use the Add Tag Blocking form. Specify the type (script, iframe, or pixel) and enter the source to block it.
