Secure Privacy offers two types of blocking mechanism - automated and manual blocking. In this article, we'll explain to you how to set up manual blocking for scripts and iframes.


Scripts and cookies blocking


To block cookies and trackers, you need to change the attributes of the script tags on your website. Follow these steps to change the attributes.

  1. Apply the attribute sp-consent="PLUGIN NAME" to the script/image tags on your website. Depending on where you have installed the plugins, this may be inside a module, plugin or directly on your website. Make sure you write the exact plugin name, which appears on your Scan Report.

  2. On script tags change the attribute 'type' from 'text/javascript' to 'text/plain'.  

  3. If you are using a pixel tracker (image trackers), then rename the “src” attribute to “data-src”.

Here is an example of how it would look after you have changed a Google Analytics script.

Normal script tags look like this:

<script type="text/javascript"> code… </script>

Using script type re-writing, you need to change the scripts to:

<script type="text/plain" sp-consent="Google Analytics"> code… </script>

See this video tutorial below based on Wix.com as an example 

 

 

iFrame blocking setup


This article covers the scenario when the iframes, embedded on your website, set cookies and trackers and thereby require the visitor's prior consent.


These are generally third party content providers like YouTube and Vimeo. To hold back cookies until the website visitor has consented, Secure Privacy will block loading the video until the visitor has provided consent. 


We will take an example of YouTube to implement prior consent. You can follow these simple steps to implement prior consent.

  • Apply the attribute sp-consent="PLUGIN NAME" to the iframe tag on your website.  Make sure that you write the exact plugin name, which appears on your Scan Report.

  • Change the attribute “src”: from “src” to “data-src”.

For example:

<iframe src="https://www.youtube.com/embed/xxxxxxxxxxx" frameborder="0" 
allowfullscreen="allowfullscreen" </iframe>

changes to the following (rename 'src' to 'data-src' and apply the sp-consent="PLUGIN NAME" attribute to the tag):

<iframe data-src="https://www.youtube.com/embed/xxxxxxxxxxx" frameborder="0"
sp-consent="Youtube" allowfullscreen="allowfullscreen"> </iframe>

Here the PLUGIN NAME is Youtube. This can be found in your scan report. 


Note 1: YouTube offers you to serve videos from the alternative domain www.youtube-nocookie.com which is not setting HTTP cookies. Instead, the alternative domain is setting persistent "super cookies" in the browser's HTML localStorage, which also requires consent. 


Note 2: You need to use manual blocking for iframes even If you are using auto-blocking. Currently, auto-blocking will only work for iframes created dynamically on the page, such as advertising iframes that are injected by a JavaScript file. For iframes embedded directly on-page, for example, some YouTube videos, we recommend following the manual steps.