OneTrust Cookie Auto-Blocking™

« Go Back
OneTrust Cookie Auto-Blocking™

About Auto-Blocking

OneTrust Cookie Auto-Blocking can be used to automatically block cookies from being set on site visitor devices. Auto-Blocking automates the process of setting your cookies, scripts, and tags to respond to the preference selected by site visitors.

Instead of using a tag manager or manually adding type="text/plain" for JavaScript type re-writing, you can simply turn on a setting for your banner and preference center script that will automatically block the categorized cookies on you site.


It is possible to prevent Auto-Blocking from blocking scripts on your website. For instructions, see Preventing Auto-Blocking from Blocking Scripts.


How It Works

OneTrust Cookie Auto-Blocking works by using your scan results and categorizations to automatically block cookies from being set before site visitor consent is granted.

This relies on the categories of cookies you have configured and the consent model you select. When the script loads on your page, the cookies will be blocked according to your consent policy, geolocation rules, and the preferences selected by the site visitor.

If a category of cookies should be prevented from triggering or a site visitor opts out of a category, the auto-blocking technology will prevent that category from triggering.


Is Auto-Blocking Appropriate for Your Domain?

This section will help you determine if the OneTrust Auto-Blocking functionality in the Cookie Consent module is an appropriate solution for your domain.



OtAutoBlock script is required to be run synchronously.

If the async attribute of the OtAutoBlock script is added and true, the rest of the page will continue to parse and tags may fire. This can set cookies before the OtAutoBlock script injects the appropriate HTML elements.

The OtAutoBlock and otSDKStub scripts are required to be placed in the <head> element by the Content Management System (CMS) or directly in the HTML code.

If the scripts are deployed using a tag manager, there is a high risk of latency between the domain and the tag manager. This leads to the possibility that tags will fire before OtAutoBlock script completes.

If revenue is generated from targeted advertisements, it is recommended you utilize manual blocking methods.

Auto-Blocking can cause tags to behave unexpectedly on page-load and can impact ad revenue.




Only cookies detected during scanning can be controlled by the OtAutoBlock script. If a cookie is not detected, a manual blocking method will be required.


If you are using Auto-Blocking, all identified and categorized cookies will be controlled and related tags will be render-blocked when the page loads. Once the otSDKStub and otBannerSdk scripts run, the consent model is checked and manually configured settings are applied.

The Common Host List is also render-blocked when the page loads.

Table 1. Common Host List

Site Content

If the site has data intensive content (excessive images, videos, etc.), the auto-blocking functionality may not be appropriate.

Other Considerations

  • Cookies may not be detected by scanner if the related tag is triggered by actions such as form submission, scroll depth, timing delay, etc. These tags will need to be controlled by manual methods.

  • Any cookie categorized as non-essential (functional, performance, targeting, social media, or any custom category) will be controlled by auto-blocking. If a cookie is categorized as Strictly Necessary or Unknown, it will not be included in the OtAutoBlock auto-blocking.

  • Cookies set by in-line scripting directly in the HTML is not supported by the auto-blocking functionality.



OneTrust Cookie Auto-Blocking uses your scan results and cookie categorizations to know what to block. If a cookie has not been detected by the site scanner or is not categorized, it will not be controlled by the auto-blocking script.

To ensure a successful implementation of the auto-blocking script, rescan your site before beginning the implementation and ensure all cookies are categorized.


To implement OneTrust Cookie Auto-Blocking


You should never deploy this functionality without first validating it in a testing environment.

  1. On the Cookie Consent menu, select Scripts. The Scripts screen appears.

  2. Select the domain for which you want to enable auto-blocking. The Scripts screen appears.

  3. Click the Publish Test button. The Publish pane appears.

  4. Select the version of the script to publish and click Comfirm.

  5. Enable the Enable Autoblock setting. This will update the script to include OneTrust Cookie Auto-Blocking.

  6. Navigate to the Test Scripts tab. Click the Copy Scripts button to copy the script and then place it as the first script in the head section of your site.


    This script must be placed before everything else in order to function correctly. If it is not placed first it will not be able to effectively block cookies from being set.

    If you already have a banner script implemented on your site and want to use auto-blocking, you need to replace it with the new script generated by enabling the setting.

  7. After testing, repeat the process for the Production Script and place the script on your production site.




What are the implementation steps?

  1. In the scanning tool, categorize all of the cookies found on your site.

  2. Under Integration, select the Script tab. Click the Publish button and a side bar will open.

  3. Activate Enable Automatic Blocking of Cookies.

  4. Copy the script and paste it as the first item in the head section of your site.


Does the Auto-Blocking script have to be the first element on the site?


Yes, the Auto Blocking script must be the first item in your head section. This is to ensure it runs before any cookies are dropped.


Not all the cookies are being blocked. What do I need to do?


You should make sure all cookies on your site have been categorized. Cookies that are uncategorized will not be blocked by the auto-blocking feature. Additionally, any cookies that are categorized as Strictly Necessary will not be blocked by the auto-blocking feature.

Check the consent model being used for your region. If the consent model is Opt-out, then the cookies will be enabled until the site visitor opts out.


What happens to newly added, uncategorized cookies on my site?


Cookies will not be blocked until they are categorized.


When should I use a tag manager versus Auto-Blocking?


Simple integrations are available for all tag managers, giving you a great way to control when tags fire based upon user consent.

With Auto Blocking turned on, new tags are automatically disabled if the tag is in a category blocked until consent is given.


How do I ensure my Auto-Blocking settings are up to date?


You can rescan your site by using the automatic scan scheduler or by manually initiating a scan. If new cookies are found, you will need to make sure they are categorized or they will not be blocked.

After categorizing the new cookies, you will need to publish the script.


Can I use custom category IDs with Auto-Blocking?


Yes, you can use custom category IDs with the Auto-Blocking script. It uses whatever IDs are configured in the tool. The Auto-Blocking script adds the appropriate IDs to the tags that need to be blocked.


Does Auto-Blocking work with iframes embedded directly on the page?


Right now Auto-Blocking will only work for iframes created dynamically on the page, such as advertising iframes that are injected by a JavaScript file.

For iframes embedded directly on page, for example some youtube videos, we recommend following the manual steps to block those iframes.


Can I use an Opt-out consent model with Auto-Blocking?


Yes, you can use any consent model with Auto-Blocking.


Why isn't OneTrust blocking something it should be?


Contact OneTrust Support if you experience persistent issues.


Why is OneTrust blocking something it shouldn’t?


To learn more, see Preventing Auto-Blocking from Blocking Scripts.


Powered by