ConsentStackDocs

Script Blocking

ConsentStack automatically detects and blocks third-party scripts until your visitors give consent.

ConsentStack finds the third-party scripts running on your site and blocks them until your visitors consent to the relevant category. No manual tagging required for known scripts — it just works.

How scripts are detected and categorized

When a visitor loads your page, ConsentStack scans for third-party scripts and checks each one against a built-in database of 5,800+ known tracker domains from 400+ vendors. If a script belongs to a recognized vendor — Google Analytics, Meta Pixel, HubSpot, and hundreds more — it is automatically assigned to the right consent category.

Scripts from domains that are not in the database are flagged as unassigned in your dashboard so you can review and categorize them yourself.

Two ways to categorize scripts

MethodHow it worksWhen to use it
AutomaticConsentStack recognizes the script's domain and assigns a category based on its known vendor database.Works out of the box for the vast majority of third-party scripts. No action needed.
Manual rulesYou create a custom rule in the dashboard for a specific domain, assigning it to any category you choose.For proprietary or niche scripts that the vendor database does not cover.

Manual rules always take priority. If you create a custom rule for a domain that is already auto-categorized, your rule wins.

What blocking looks like in practice

Scripts are stopped before they execute — not cleaned up after the fact. This is an important distinction: no tracking code runs until your visitor has actively given consent for that category.

When a visitor gives consent:

  • Blocked scripts activate immediately. There is no page reload required. Scripts in the consented category start running right away, in their original page order. If a tracker has multiple scripts (for example, a config script and a pageview script), they execute in the correct sequence — the config script loads and finishes before the pageview script starts.

When a visitor revokes consent:

  • Already-executed scripts cannot be un-run. A script that has already loaded and sent data cannot be retroactively stopped. ConsentStack shows the visitor a gentle reminder to refresh the page, which clears the scripts from memory and re-applies blocking.

The key trust signal: scripts are blocked before execution, not cleaned up afterward. Your visitors' data is never sent to a third party without their consent.

For developers

If you need more control, you can manually tag any script with a data-cs-category attribute to assign it to a specific consent category. This is useful for inline scripts or cases where you want to override automatic detection.

For implementation details, see Developers: Script Blocking.

What's next

  • Learn about consent models and how ConsentStack decides what your visitors see
  • See how to review and manage detected scripts in the dashboard

Categories & Regions

Learn how ConsentStack uses categories and regions to apply the right consent rules for every visitor automatically.

Overview

Manage your teams, sites, domains, and settings from the ConsentStack dashboard.

On this page

How scripts are detected and categorized
Two ways to categorize scripts
What blocking looks like in practice
For developers
What's next