DocsBlogIntegrationsSign InSign Up
Consent

Understanding & Configuring Auto-Blocking of Cookies & Scripts

Understanding and configuring Concord to enable auto-blocking of cookies and tracking scripts and required user consent settings.

Overview

When visitors arrive on your website, their browser may download tracking scripts and accept cookies by default upon the first page view of their session. In some jurisdictions, like the EU with GDPR, this can violate privacy regulations that require a user to actively consent prior to the serving of cookies or tracking scripts. Concord provides a Blocking Mode that can be configured per project in order to either prevent or allow this from happening. There are four options available when it comes to Blocking Mode:

  • Disabled: No blocking of cookies and scripts will occur.
  • Discovery: Used to capture the cookies and scripts on your site for categorization without blocking. This is helpful for implementation when you are not certain about the number and nature of tracking scripts and cookies in use by the site.
  • Permissive: This mode will allow Strictly Necessary, Ignored, & Unclassified cookies and scripts to run until user consent preferences are set.
  • Strict: This mode will only allow Strictly Necessary & Ignored cookies and scripts until user consent preferences are set. Scripts that are set as Ignored are not known trackers and are marked as Ignored to avoid issues on your site, but should be classified when they track users in any fashion. This is required for compliance with stricter data privacy regulations like GDPR.

The selected Blocking Mode then works in tandem with the selected Consent Mode to give you the flexibility to adjust the desired behavior per project. Where Blocking Mode determines how cookies and scripts are blocked, Consent Mode determines if the user has to expressly indicate consent or if consent is implied. Express consent is required by stricter laws like GDPR, while implied consent is all that is required in jurisdictions like California with CCPA & CPRA. We typically recommend going with the stricter version to be globally compliant (Blocking Mode = Strict and Consent Mode = Express), but you can adjust these per region if desired.

Configuring Auto-Blocking of Cookies & Scripts

Use the following information to setup and configure the general consent settings for a specific region in your project.

Configuring Blocking Mode

In order to configure the Blocking Mode:

  • Navigate to Privacy → Consent → Consent Settings → General Settings.
  • Under the General Settings tab, you will see a drop down list for Blocking Mode. Choose your desired blocking mode (Disabled, Discovery, Permissive, Strict).
    • Discovery mode collects information from your site which is used to classify tracking scripts and cookies without blocking them.
    • Permissive mode blocks categorized scripts and cookies, while unclassified cookies are still allowed.
    • Strict is recommended as all scripts and cookies that aren’t categorized as strictly necessary are blocked. This is required for full compliance with stricter privacy laws like GDPR.

For all blocking modes except Disabled, you may also select the Consent Mode, which has the following options:

  • Express: In Express Consent Mode, the user must interact with the Consent Banner or the Privacy Center to set their preferences. No consent is initially assumed merely by landing on or using the site.
  • Implied: When using Implied Consent Mode, Concord will automatically generate implied consent events for all categories when the user lands on the site. They can later choose to opt-out of certain categories via your Consent Banner or Privacy Center (depending upon your configured settings and options there).

Privacy Controls Experience

This setting works in conjunction with the Express and Implied Consent Modes to determine the experience for users when they interact with your Consent Banner and Privacy Center.

You can choose one of the following configuration options:

  • Category Controls + Do Not Sell/Share:
    • Provides both granular category-level controls and a Do Not Sell/Share toggle switch. Suitable for deployments that combine granular consent with sale/share opt-out rights.
    • All categories are enabled on arrival. Users can opt out of individual categories and use the Do Not Sell/Share toggle. Common in U.S. deployments that combine category controls with opt-out rights.
  • Category Controls
    • Users choose which specific categories to allow. The Do Not Sell/Share toggle is not shown. Appropriate for regions where sale/share opt-out rights do not apply.
    • All categories are enabled on arrival. Users can opt out of individual categories. The Do Not Sell/Share toggle is not shown. Appropriate for regions where sale/share opt-out rights do not apply.
  • Do Not Sell/Share Only
    • Simplified consent experience where category controls are hidden and users see a single Do Not Sell/Share toggle. Suitable for regions that emphasize opt-out rights.
    • All categories are enabled on arrival. Users can opt out of individual categories. The Do Not Sell/Share toggle is not shown. Appropriate for regions where sale/share opt-out rights do not apply.

Enabling Global Privacy Control

Global Privacy Control (GPC) is a browser configuration that automatically signals users’ privacy preferences to a website. Various regulations such as CCPA and CPRA require websites to respect users’ choices when this browser setting is detected.

  • Use the Enable Global Privacy Control switch under Privacy → Consent → Consent Settings → General Settings to toggle this automatic detection and control on or off.
  • Global Privacy Control detection is required by some regional data privacy laws like CCPA/CPRA in California. When this is enabled and a GPC signal is detected, Do Not Sell or Share My Personal Information consent will be set to true and Marketing consent will be disabled.
  • Note that you must select either the Category Controls + Do Not Sell/Share or Do Not Sell/Share Only option in the Privacy Controls Experience section if you want to enable Global Privacy Control.

When you enable this feature within Concord, and the user has GPC turned on in their browser settings, Concord’s consent banner will display the following message: Your Opt-Out Preferences Was Honored. Do Not Sell or Share My Personal Information will also be automatically checked.

Enables the Limit the Use of My Sensitive Personal Information consent option in your Privacy Center. This is required by some regional data privacy laws like CCPA/CPRA in California.

The Consent Duration field defines how many months the consent is valid for. Once the duration has expired, the user will be prompted to re-consent. The normal recommended duration is 12 months, but some regions have different requirements and recommendations, including countries like Germany, where the guidance is 6 months.

Show Deny Button

The show Show Deny toggle allows you to set if the Deny button shows on your consent banner. Note that this option is only available if you choose the Category Controls + Do Not Sell/Share or Category Controls in the Privacy Controls Experience section.

Advanced Options

Hide Unused Categories

When enabled, consent categories that have no trackers assigned to them will be hidden from the Privacy Center and Consent Banner. In Implied mode, hidden categories still receive implied consent. In Express mode, hidden categories are excluded from Accept All but included in Reject All. Categories automatically reappear when trackers are detected.

Sets a delay (in seconds) before implied consent is automatically granted when the user first visits your site. A value of 0 means consent is implied immediately. Increasing this value gives users more time to interact with the consent banner before implied consent is recorded.

You can set the number of seconds to wait before generating implied consent events after a user arrives on your site. This only applies when using Implied consent mode.

In addition to our general consent settings, we also provide powerful consent syncing integrations with multiple major platforms in Privacy → Consent → Consent Settings → Integrations. For more details on these integrations, refer to the sections below.

You can pick from three different modes when enabling Google Consent Mode V2 in Concord:

  • Disabled: Concord functions normally, blocking any Google tags until consent is received based on your standard consent and tracker settings. After user consent is received, no consent data is synced with Google.
  • Basic Mode: Basic Consent Mode offers a simplified privacy friendly option to sync data with Google. Google tags remain inactive until the user interacts with the consent banner. Once users consent, Google tags are enabled, consent data is synced, and Google begins collecting data based on the user’s consent settings. Without consent, no data is sent to Google, and Google Ads relies on a general conversion model.
  • Advanced Mode: Advanced Consent Mode offers a more robust option that shares additional data with Google prior to consent. Google tags load immediately and while waiting for user consent, a minimal amount of cookieless measurement data is sent to Google to allow for more accurate conversion modeling. Once consent is granted, full measurement data is then sent to Google based on each user’s consent settings. This mode provides additional data insights, but is not as privacy-friendly as Basic Mode, so we recommend Basic Mode for most people. For more details on Google’s conversion modeling please refer to this article.

Microsoft UET (Universal Event Tracking) settings control how your website tag collects data based on user consent. UET helps companies comply with privacy laws (like GDPR) by adjusting data collection when users deny cookies, ensuring you still get valuable insights while respecting user choice.  UET is Required for 2025 compliance in EEA, UK, and Switzerland.

To configure Microsoft UET consent within Concord, select one of the following options:

  • Disabled: The UET tag is completely turned off and sends no data to Microsoft Advertising, fully respecting user privacy but providing zero insights.
  • Enabled (UET Only): This is the default for many regions and uses "cookieless pings" or anonymized data when consent is denied. It loads the tag immediately but collects only basic, aggregated data, then upgrades to full tracking when consent is granted, offering more precise modeling and better compliance.
  • Enabled with Microsoft Clarify: This integrates UET with Clarity, Microsoft's free analytics tool, using one tag for both ad tracking and behavioral analysis (heatmaps, session recordings). It uses Consent Mode principles: Clarity loads but waits for consent before setting cookies or recording sessions, respecting analytics_storage and ad_storage signals.

WordPress & Webflow Integrations

Enabling the WordPress or Webflow integrations will allow you to easily sync consent data from Concord to those platforms to respect user consent. Note that the WordPress integration requires the use of the WordPress Consent API plugin that is found here: https://wordpress.org/plugins/wp-consent-api/

Scanning Your Site for Trackers (Cookies & Scripts)

Learn how to configure and use Concord’s tracker scanning features to automatically detect trackers (cookies, scripts, iframes, images, etc.) on your websites.

Understanding Unified Identity & Consent Management

Concord's Unified Identity & Consent Management system bridges anonymous browsing and known customer profiles to ensure a user's privacy choices are consistently respected across all their devices. By utilizing a "most recent wins" logic and cryptographic hashing, the platform maintains a single source of truth, across devices, for consent without storing raw personal data, simplifying global regulatory compliance.

On this page

OverviewConfiguring Auto-Blocking of Cookies & ScriptsConfiguring Blocking ModeConfiguring Consent ModePrivacy Controls ExperienceEnabling Global Privacy ControlEnable Limit Sensitive Information ConsentConsent DurationShow Deny ButtonAdvanced OptionsHide Unused CategoriesImplied Consent DelayConsent IntegrationsConfiguring Google Consent Mode V2Microsoft UET (Universal Event Tracking) ConsentWordPress & Webflow IntegrationsRelated Articles