Understanding & Configuring Auto-Blocking of Cookies & Scripts
Understanding & Configuring Auto-Blocking of Cookies & Scripts
When visitors arrive on your website, their browser may download tracking scripts and accept cookies by default upon the first page view of their session. In some jurisdictions, like the EU with GDPR, this can violate privacy regulations that require a user to actively consent prior to the serving of cookies or tracking scripts. Concord provides a Blocking Mode that can be configured per project in order to either prevent or allow this from happening. There are four options available when it comes to Blocking Mode:
- Disabled: No blocking of cookies and scripts will occur.
- Discovery: Used to capture the cookies and scripts on your site for categorization without blocking. This is helpful for implementation when you are not certain about the number and nature of tracking scripts and cookies in use by the site.
- Permissive: This mode will allow both Strictly Necessary and Unclassified cookies and scripts to run until user consent preferences are set.
- Strict: This mode will only allow Strictly Necessary cookies and scripts until user consent preferences are set. This is required for compliance with stricter data privacy regulations like GDPR.
The selected Blocking Mode then works in tandem with the selected Consent Mode to give you the flexibility to adjust the desired behavior per project. Where Blocking Mode determines how cookies and scripts are blocked, Consent Mode determines if the user has to expressly indicate consent or if consent is implied. Express consent is required by stricter laws like GDPR, while implied consent is all that is required in jurisdictions like California with CCPA & CPRA. We typically recommend going with the stricter version to be globally compliant (Blocking Mode = Strict and Consent Mode = Express), but you can adjust these per region if desired.
Configuring Blocking Mode
In order to configure the Blocking Mode:
- Navigate to Consent → Consent Settings
- Click the Edit button to enable editing of all the options in the General Settings tab.
- Under the General Settings tab, you will see a drop down list for Blocking Mode. Choose your desired blocking mode (Disabled, Discovery, Permissive, Strict).
Configuring Consent Mode
For all blocking modes except Disabled, you may also select the Consent Mode, which has the following options:
- Express: In Express Consent Mode, the user must interact with the Consent Banner or the Privacy Center to set their preferences. No consent is initially assumed merely by landing on or using the site.
- Implied: When using Implied Consent Mode, Concord will automatically generate implied consent events for all categories when the user lands on the site. They can later choose to opt-out of certain categories via your Consent Banner or Privacy Center (depending upon your configured settings and options there).
Enable & Disable Do Not Sell (Consent Version)
Use the Enable Do Not Sell toggle to turn on the option to show a Do Not Sell or Share My Personal Information consent type in your Consent Banner and in the consent settings section of your unified Privacy Center.
- Enabling this option will also cause a Do Not Sell option to appear on your Consent Banner and in your Privacy Center.
- When users enable this option, they are indicating that they do not want you to sell or share/disclose their personal information for online marketing activities.
- Toggling on this option will also automatically disable marketing consent.
Enabling Global Privacy Control
Global Privacy Control (GPC) is a browser configuration that automatically signals users’ privacy preferences to a website. Various regulations such as CCPA and CPRA require websites to respect users’ choices when this browser setting is detected.
- Use the Enable Global Privacy Control switch under Consent → Consent Settings to toggle this automatic detection and control on or off.
- When GPC is enabled Concord Consent and Compliance will respect the GPC settings on users’ browsers and automatically deny marketing consent (they can later change that setting if desired).
When you enable this feature within Concord, and the user has GPC turned on in their browser settings, Concord’s consent banner will display the following message: Your Opt-Out Preferences Was Honored. Do Not Sell or Share My Personal Information will also be automatically checked.