Script Blocking
Learn how Cookient blocks third-party scripts until consent is given, which scripts to configure, and which ones should never be blocked.
Overview
Script blocking prevents third-party scripts from loading until the user gives consent. This is a core GDPR requirement – scripts that set cookies or track users must not run before explicit consent is obtained.
What Gets Blocked
- •Analytics scripts – Google Analytics, Hotjar, Clarity, Plausible
- •Marketing scripts – Facebook Pixel, Google Ads, LinkedIn Insight
- •Personalization scripts – Intercom, Drift, HubSpot chat
- •Embedded content – YouTube iframes, Google Maps, social media embeds
Cookient uses a MutationObserver to intercept scripts in real-time as they're added to the DOM. This technique blocks scripts before they can execute, ensuring no tracking happens without consent.
How It Works
The script blocking mechanism works in four stages: interception, blocking, storage, and restoration.
- 1
Script Interception
A MutationObserver watches the DOM for any new
<script>tags being added. When a script matches a blocked URL pattern, it's intercepted before execution. - 2
Blocking
The script's
typeattribute is changed totext/plain, which prevents the browser from executing it. The original source URL is preserved. - 3
Storage
The original
srcis stored in adata-cookient-srcattribute so it can be restored later if consent is given. - 4
Restoration
When the user grants consent for a category, blocked scripts in that category are restored by creating a new script element with the original source.
Simplified Code Example
// Blocking a script
script.type = "text/plain";
script.setAttribute("data-cookient-src", script.src);
script.removeAttribute("src");
// Restoring after consent
const newScript = document.createElement("script");
newScript.src = originalSrc;
newScript.type = "text/javascript";
document.head.appendChild(newScript);beforescriptexecute event, which Cookient uses for even more reliable script blocking on that browser.Managing Scripts
After running a cookie scan, you can manage which scripts are blocked and their categories from your dashboard.
Viewing Detected Scripts
- Navigate to Cookie Management in your dashboard
- Select your domain from the dropdown
- Click the Scripts tab
- View all scripts detected during the scan
Configuring a Script
For each script, you can configure:
- •Category – Which consent category controls this script
- •Blocked status – Whether the script requires consent
When Changes Take Effect
Script configuration changes are cached for performance. Changes take effect:
- •Within 24 hours – Normal cache expiration
- •Immediately – After running a new scan
Script Categories
Each script is assigned to a consent category. The category determines when the script is allowed to load based on user consent.
| Category | ID | Blocked by Default | Examples |
|---|---|---|---|
| Functional | f | No | jQuery, Stripe, reCAPTCHA |
| Analytics | a | Yes | Google Analytics, Hotjar, Clarity |
| Marketing | m | Yes | Facebook Pixel, Google Ads, LinkedIn |
| Personalization | p | Yes | Intercom, Drift, HubSpot |
| Security | s | No | hCaptcha, Cloudflare Turnstile |
| Uncategorized | - | Yes | Unknown third-party scripts |
Functional and Security scripts are never blocked because they're essential for your website to function properly. All other categories require user consent before loading.
Essential Scripts
Some scripts are essential for your website to function. These should always be set to Functional category and never blocked, regardless of consent.
| Type | Examples | If Blocked |
|---|---|---|
| CSS Frameworks | Tailwind CDN, Bootstrap, Bulma | Site appears unstyled |
| JS Libraries | jQuery, React CDN, Vue CDN | Features stop working |
| CDNs | cdnjs, jsDelivr, UNPKG | Resources fail to load |
| Payment Processors | Stripe.js, PayPal SDK, Square | Checkout broken |
| Security/Captcha | reCAPTCHA, hCaptcha, Turnstile | Forms vulnerable to bots |
| Font Services | Google Fonts, Adobe Fonts | Fallback fonts used |
Cookient's Automatic Protection
Cookient automatically categorizes known essential scripts:
- ✓Common CDNs (cdnjs, jsDelivr, UNPKG) are marked as Functional
- ✓Payment processors (Stripe, PayPal) are marked as Functional
- ✓Security scripts (reCAPTCHA, hCaptcha) are marked as Security
How to Fix a Broken Site
If your site looks broken after Cookient installation:
- Open browser Developer Tools → Network tab
- Reload the page and look for failed CSS/JS requests
- Go to your Cookient dashboard → Cookie Management → Scripts
- Find the blocked script and change its category to Functional
- Run a new scan to apply changes immediately
Troubleshooting
Site appears unstyled or broken
Cause: CSS framework or JavaScript library is being blocked.
Solution:
- Open Developer Tools → Network tab
- Look for blocked or failed CSS/JS files
- In Cookient dashboard, find the script under Scripts tab
- Change category to Functional or uncheck "Blocked"
- Run a new scan
Feature stopped working (form, slider, etc.)
Cause: A required JavaScript library is blocked.
Solution:
- Open Developer Tools → Console tab
- Look for JavaScript errors mentioning undefined functions
- Identify which library provides that function
- Set that script's category to Functional
Checkout or payment not working
Cause: Payment processor script (Stripe, PayPal) is blocked.
Solution:
- Search for "stripe", "paypal", or your payment provider in Scripts tab
- Ensure category is set to Functional
- Ensure "Blocked" checkbox is unchecked
Payment scripts should never require consent – they're essential for transactions.
Script is blocked even though it shouldn't be
Cause: Script is uncategorized or miscategorized.
Solution:
- Go to Cookie Management → Scripts
- Find the script by URL or name
- Set correct category (Functional for essential scripts)
- Uncheck "Blocked" if it should always load
Changes not taking effect
Cause: Configuration is cached.
Solution:
- Run a new cookie scan to force cache refresh
- Clear your browser cache and cookies
- Wait up to 24 hours for CDN cache to expire