How do I block third-party scripts on my website?

Modified on Mon, 11 Mar at 4:01 PM

What are third-party scripts?

Third-party scripts are commonly JavaScript code used to add features to a website, such as tracking analytics, displaying ads, or providing social media integration.


To include third-party JavaScript on a website, a script tag is placed in the HTML code. The browser will then load and execute the script when the webpage is loaded.


Good example of third-party scripts are Google Analytics, Google Ads, Meta pixel, Bing tracking tool and so on.


Why should I block third-party scripts?

There are a couple of reasons you should be asking for explicit consent (if required by regulation) before placing third-party script tags on your website. The two main ones are:

  • Third-party scripts may collect and share user data with third parties.
  • Third-party scripts may use third-party cookies. Third-party cookies (A.K.A. those that are stored under a domain that is not yours) cannot be reached/blocked by a Consent Management solution placed on your website.

So once the third-party script loaded on your website, these two mechanisms might kick in and you just breached a Data Privacy Regulation like GDPR.


So, how do I block third-party scripts?

Fortunately, illow Consent Management tool is already integrated with Google Consent Mode V2 and Facebook Consent, which means you only need to tweak a bit the way you setup those tags. Learn more at:

But what if you use other third-party scripts apart from Google and Facebook ones? Don't worry, we got you covered. First, install Google Tag Manager on your website, if you don't have it already.


Now, you have two ways of blocking third-party tools:

  1. Leveraging Google Consent Mode V2 to block other scripts (recommended). To implement this option you need to add illow using our GTM Tag Template.
  2. Using illow's GTM Custom Events. This is a a great alternative when you added illow without the GTM Tag Template OR when you don't see a direct match between Google Consent Mode V2 Consent Types and the purposes you use your third-party tools.


Leveraging Google Consent Mode V2 to block other scripts (recommended)

1. Go to the script tag you want to block in Google Tag Manager.


2. Click on the tag itself and open the Advanced Settings.


3. Go to Consent Settings and click on "Require additional consent for tag to fire".


4. Then add the Consent Types you need for your tag. Here we have a small explanation on what does each of them mean:


Consent TypeDescription
ad_storageEnables storage (such as cookies) related to advertising
analytics_storageEnables storage (such as cookies) related to analytics e.g. visit duration
functionality_storageEnables storage that supports the functionality of the website or app e.g. language settings
personalization_storageEnables storage related to personalization e.g. video recommendations
security_storageEnables storage related to security such as authentication functionality, fraud prevention, and other user protection
ad_user_data

It controls whether user data related to advertising can be sent to Google.

ad_personalization

It controls whether personalized advertising is allowed.


5. That's it! Save and publish. illow integrates automatically with these Consent Types based on your user's choices.



Using illow's GTM Custom Events


1. In Google Tag Manager, go to the Triggers section and click on "New".


2. Then click on the Trigger configuration box and pick Custom Event as trigger type.


3. As Event name add "illow_consent_opt_in", then click on "Save".


4. Repeat steps 1, 2 and 3 but with the following Event names:

  • illow_consent_marketing
  • illow_consent_statistics
  • illow_consent_preferences


You should have four triggers now. Note that Event names must be as described but Trigger names can be anything more semantic, like the following example.


What do these triggers mean?

illow's widget will push these Custom Events to Google Tag Manager upon user's consent. By linking these events as GTM Triggers, GTM will then fire the tags you are going to associate them with in Step 3 (below).


Custom Event definitions:

  • illow_consent_marketing: User gave consent to share data for Marketing purposes
  • illow_consent_statistics: User gave consent to share data for Statistics purposes
  • illow_consent_preferences: User gave consent to share data for Preferences purposes
  • illow_consent_opt_in: User gave consent to share/sell data under US regulations.


5. Create a new Custom HTML tag for each third-party script needed using one of the triggers you just set. For example, if you are using a third-party script for Marketing purposes, you should use the Marketing trigger.


Note: If you have European and American visitors, you should use two triggers: the Marketing/Statistics/Preferences one AND the US Opt-in one. When setting a tag with two triggers on GTM, it will fire when any of those are detected.


The following image shows how to configure a bat.bing.com script tag for a site with US visitors only:


6. Hit that Submit button on the upper-right part of the screen to publish changes!


You are all set!

Now none of your third-party scripts will be present on your website until the user gives the proper consent. Remember that if a user visits your website a second time, the scripts will be added on page load following user's previous choices.


Don't forget!

Don't forget to configure your Facebook / Meta pixel and set up the Google Consent Mode V2.


Having issues with the integration? Check out our Troubleshooting guide.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article