OneTrust Auto-Blocking automates the process of setting your cookies, scripts, and tags to respond to the preferences selected by site visitors.
Other blocking options, such as Tag Manger integrations and JavaScript type-rewriting may be leveraged to achieve cookie blocking. AutoBlocking, however, can automate this process on many sites where it is a good fit.
How It Works
OneTrust Cookie Auto-Blocking works by analyzing the cookies on your site to determine which script on the page drops the associated cookie. Combining this information with the categorizations for each cookie, OneTrust can help prevent scripts that drop cookies from firing on your page until the proper consent is granted.
OneTrust intercepts scripts that will be added to the page and sets their type to Text/Plain with a class name associated with a category. Once the consent is granted, the type is changed to Text/JavaScript and the script can load normally.
The behavior can be configured to change by jurisdiction based on the consent model. When the script loads on your page, the cookies will be blocked according to your consent policy, geolocation rules, and the preferences selected by the site visitor.
Is Auto-Blocking Appropriate for Your Domain?
AutoBlocking can often simplify the maintenance and configuration of your OneTrust Cookie Consent solution. There are considerations, however, that may position another blocking method as a better fit for your website.
If you have lots of cookies and/or intensive site content, AutoBlock must be loaded synchronously on the page. If you have a long list of cookies, the download of the AutoBlock script may cause your page to render more slowly than expected. If this is a concern, consider integrating with your tag manager for a more performant implementation. For more information, see Cookie Consent Integration with Google Tag Manager.
If you generate revenue from targeted ads AutoBlock.js might impact the timing and order of scripts firing. This can sometimes cause ad targeting libraries to malfunction and impact revenue. The best practice is to use a method other than AutoBlocking for cookies related to ad targeting.
If you leverage Bulk Domain Management, due to the nature of web properties, the source URLs for many scripts will change per domain.
If any of the above scenarios are applicable to your domain(s), AutoBlock might not be the best fit for your website. Consider tag manager integration or type-rewriting for your cookie blocking needs. It is still possible to use a combination of solutions, so AutoBlock may be a good fit for some but not all of your cookie blocking.
Implementation Requirements
Requirement
Explanation
OtAutoBlock script is required to be run synchronously.
The AutoBlock may not be loaded asynchronously on the page. This means that content rendering is paused until the OtAutoBlock script finishes loading and executing. This is a requirement so that OneTrust can intercept any scripts being added to the page before they load and mark them for consent actioning. If the script were loaded asynchronously, scripts would be able to load without consent.
The OtAutoBlock and otSDKStub scripts are required to be placed in the <head> element by the Content Management System (CMS) or directly in the HTML code.
If the scripts are deployed using a tag manager, there is a high risk of latency between the domain and the tag manager. This leads to the possibility that tags will fire before OtAutoBlock script completes.
If revenue is generated from targeted advertisements, it is recommended you utilize manual blocking methods.
Auto-Blocking can cause tags to behave unexpectedly on page-load and can impact ad revenue.
Common Host Blocking
OneTrust AutoBlocking can block commonly identified trackers automatically without the need to locate a source URL. This behavior is configured during publishing. The common hosts are listed below.
Table 1. Common Host List
addthis.com
addtoany.com
adsrvr.org
amazon-adsystem.com
bing.com
bounceexchange.com
bouncex.net
criteo.com
criteo.net
dailymotion.com
doubleclick.net
everettech.net
facebook.com
facebook.net
googleadservices.com
googlesyndication.com
krxd.net
liadm.com
linkedin.com
outbrain.com
rubiconproject.com
sharethis.com
Taboola.com
twitter.com
vimeo.com
yahoo.com
youtube.com
To enable this functionality, see the Automatically Block Known Tracking Technologies section in Publishing and Implementing Cookie Consent Scripts. When enabled, any script on the website inserted by the hosts listed above is mapped to OneTrust’s Targeting category and is only allowed when the user accepts targeting cookies on a site.
Things to Know
Cookies may not be detected by the scanner if the related tag is triggered by actions such as form submission, scroll depth, timing delay, etc. These tags will either need to be added manually to OneTrust or blocked using another method.
Any cookie categorized as non-essential (Functional, Performance, Targeting, Social Media, or any custom category) that has an accurate source URL will be controlled by auto-blocking. If a cookie is categorized as Strictly Necessary or Unknown, it will not be included in the OtAutoBlock auto-blocking.
Cookies set by in-line scripting (e.g., using 'document.cookie' inline) are not supported by auto-blocking functionality. Instead, consider Client-Side Cookie Management type-rewriting for these cookies.
Prerequisites
OneTrust Cookie Auto-Blocking uses your scan results and cookie categorizations to know what to block. If a cookie has not been detected by the site scanner, is not categorized, or does not have a source URL included, it will not be controlled by the auto-blocking script.
To ensure a successful implementation of the auto-blocking script, rescan your site before beginning the implementation, ensure all cookies are categorized, and ensure all the cookies for the domain have the correct source URLs included.
To publish the cookie script with Autoblocking enabled
Caution
You should never deploy this functionality without first validating it in a testing environment to avoid unexpected errors on your user-facing (production) site.
On the Cookie Consent menu, select Scripts. The Scripts screen appears for the selected domain.
Select the domain for which you want to enable auto-blocking. The Scripts screen appears.
Click the Publish Test button. The Publish pane appears.
Select the version of the script to publish.
Click the Confirm button.
Enable the Enable Autoblock setting. This will update the script to include OneTrust Cookie Auto-Blocking.
Tip
If you’d like to automatically include AutoBlocking for scripts from Common Hosts, select Automatically Block Known Tracking Technologies.
Click the Publish Test Scripts button.
Go to the Test Scripts tab.
Click the Copy Scripts button to copy the script.
Place the script as the first script in the head section of your site.
Caution
The Autoblock.js script must be added directly to the page, not via an injector or tag manager.
This script must be the first thing loaded on the page to function correctly. If not, the script cannot effectively block cookies from being set.
If you already have a banner script implemented on your site and want to use auto-blocking, you must replace it with the new script generated by enabling the setting.
After testing, repeat the process for the production script and place the script on your production site.
This functionality is currently under Public Preview. Please contact your account representative or OneTrust Support to request early access.
You can remove source URLs from your AutoBlocking Javascript for greater control over your autoblocking functionality.
On the Cookie Consent menu, select Websites. The Websites screen appears.
Click the name of a website. The Website Details screen appears.
Go to the Auto-Block tab.
Enable the Enable Auto-Blocking setting, if disabled.
Select the source URLs you want to remove from your auto-blocking.
Click the Unblock Source URL button. A confirmation modal appears.
Click the Confirm button.
To manually block source URLs
Caution
Public Preview Notice
This functionality is currently under Public Preview. Please contact your account representative or OneTrust Support to request early access.
On the Cookie Consent menu, select Websites. The Websites screen appears.
Click the name of a website. The Website Details screen appears.
Go to the Auto-Block tab.
Enable the Enable Auto-Blocking setting, if disabled.
Click the Block Source URL button. The Block Source URLs modal appears.
Enter a Source URL for the cookie you want to add to your auto-blocking script.
Click the Search button.
Previously Linked URLs
If the source URL matches to an existing cookie, the existing cookie displays.
Click the Block button.
New URLs
If the source URL does not match to an existing cookie, configure the fields.
Field
Description
Link to
Select an item to which the source URL should be linked.
Existing Cookie
New Cookie
Existing Cookie
Cookie
If linking to an existing cookie, select the cookie to which the URL belongs.
New Cookie
Name
Enter the cookie name.
Host
Enter the host URL.
Lifespan
Select Persistent or Session.
Default Category
Select the default category for the cookie. The category will be assigned to this cookie on all domains until you edit it in the Advanced Categorizations screen.
If a new domain is scanned and an existing cookie is found, it will be assigned to the Default Category on that domain.
OneTrust suggests using autoblock for simpler websites (where you don’t have dynamic URLs firing cookies on the website and where you have fewer cookies, which makes it easier to maintain the AutoBlock file).
Note
You will need to check your autoblock.js file every time a new publish occurs to ensure no new or incorrect URLs are added.
This JavaScript file is available within the scripts in https://cdn.cookielaw.org/consent/(YOUR. DATA DOMAIN ID)/AutoBlock.js
2.
Does the Auto-Blocking script have to be the first element on the site?
Yes, the Auto Blocking script must be the first item in your head section. This is to ensure it runs before any cookies are dropped.
3.
Not all the cookies are being blocked. What do I need to do?
Ensure all cookies on your site have been categorized. Cookies that are uncategorized will not be blocked by the auto-blocking feature. Additionally, any cookies that are categorized as Strictly Necessary will not be blocked by the auto-blocking feature.
Confirm that the correct source URL is linked to the cookie in the OneTrust tool if a cookie is not being blocked. Republish after adding the correct URL and test if the cookie is now being blocked as expected.
Check the consent model being used for your region. If the consent model is Opt-out, then the cookies will be enabled until the site visitor opts out.
Confirm the cookies dropped on your site are blockable.
Contact OneTrust Support if you experience persistent issues.
4.
How do I check which cookie has the source URL that is breaking my site?
You can export an Excel file that gives you a list of all the cookies and their associated source URL(s). To export this file, follow the steps in the To export you cookie list section of Managing and Categorizing Cookies and SDKs.
Important
Disable the Exclude Resource URLs setting on the Cookie Export modal when exporting your cookie list.
5.
What happens to newly added, uncategorized cookies on my site?
Cookies will not be blocked until they are categorized, have the correct source URLs included, and the AutoBlock script has been republished to include the new URLs.
6.
When should I use a tag manager versus Auto-Blocking?
Simple integrations are available for all tag managers, giving you a great way to control when tags fire based upon user consent.
With Auto Blocking turned on, new tags are automatically disabled if the tag is in a category blocked and the correct source URLs are present until consent is given.
7.
How do I ensure my Auto-Blocking settings are up to date?
You can rescan your site by using the automatic scan scheduler or by manually initiating a scan. If new cookies are found, you will need to make sure they are categorized with correct source URLs present or they will not be blocked.
After categorizing the new cookies, you will need to publish the script.
8.
Can I use custom category IDs with Auto-Blocking?
Yes, you can use custom category IDs with the Auto-Blocking script. It uses whatever IDs are configured in the tool. The Auto-Blocking script adds the appropriate IDs to the tags that need to be blocked.
9.
Does Auto-Blocking work with iframes embedded directly on the page?
Right now Auto-Blocking will only work for iframes created dynamically on the page, such as advertising iframes that are injected by a JavaScript file.
For iframes embedded directly on page, for example some youtube videos, we recommend following the manual steps to block those iframes.
Can I use an Opt-out consent model with Auto-Blocking?
Yes, you can use any consent model with Auto-Blocking. When using an opt-out consent model, cookies are allowed when the user first visits the site. If the users chooses to opt-out or reject a category, cookies belonging to that category are blocked on the website. This also applies to AutoBlocking.
