Knowledgebase

Tag Cloud

android apple drive ftp gmail google drive ios macosx migration security

Support

I've added new functionality, but it doesn't work

Third-Party Embeds Blocked? How to Fix Auto-Blocking by Your Cookie Consent System

If you've recently added a new third-party feature like a YouTube video embed, a Mapbox map, a Spotify player, or a Calendly scheduler and it's not loading properly for users who haven't accepted all cookies, your cookie consent system is likely doing its job by auto-blocking it.

This article explains the common reason for this issue and provides a step-by-step fix for web developers and site owners.

The Problem: Invisible Scripts and Consent

Cookie consent management platforms (CMPs) adhere to privacy best practices (like GDPR and CCPA) by implementing pre-consent blocking.

This means that any script or embed that could drop a cookie, track a user, or transmit data to a third party is blocked by default until the user explicitly gives consent for the relevant cookie category (e.g., Marketing, Analytics, or Functional).

The Root Cause

When you add a new feature, your cookie banner doesn't automatically recognise or classify it. It sees a new, unknown script (e.g., the YouTube iframe or Mapbox JavaScript file) and treats it as a potential privacy risk, resulting in a "Blocked content" message.

"This third party embed for [Service name] is being blocked.  For privacy purposes, this third party script has been auto-blocked. The website owner needs to follow these steps to add this third party Service."

Your Fix: You must explicitly register and classify this new service within your cookie policy and cookie banner so it knows what the script is, what kind of cookies it uses, and when it is safe to load it.

The Solution: Registering Your New Third-Party Service

To resolve the auto-blocking issue, you need to configure your cookie consent system to recognise the new embed.

Step 1: Identify the New Service

Determine the exact third-party service you added. This will be the name you search for or register in your consent tool (e.g., Google Maps, YouTube Video, Vimeo, HubSpot Forms).

Step 2: Access Your CMP/Cookie Policy Tool

Log into your Consent Management Platform at policies.termageddon.com

Step 3: Add and Classify the Service

  1. Open your site's policy
  2. Click 'edit' for the Cookie Policy and Consent Tool
  3. Scroll to the bottom and click the gray 'add Service' button
  4. Select 'pre-defined' and search for the third party Service.  
  5. Search for the Pre-defined Service from the library. Search for the identified service (e.g., "YouTube") and add it to your website's active services.
  6. Assign a Category: Classify the service into the appropriate cookie category:
    1. Functional: Often required for basic feature operation (e.g., a language selector).
    2. Marketing: Used for tracking and personalised content (most video embeds, social media pixels, maps, analytics fall here).
    3. Essential: The site cannot function with out it (The CMP, Google Tag Manager, some Captcha services).

Step 4: Update and Publish Your Cookie Banner

Save your changes and your cookie consent tool will auto update. 

Step 5: Test and tweak 

In a new incognito window visit the website to see the new behaviour. Deny all and reload the page, and accept all and relaod the page to see the fetaure load, or not. If it is loading when you do not expect it to do so then you may need to tweak the way your script is controlled. 

You can add the following to your page to ignore all blocking for a service, the ID to place in the code can be found when editing the service in the previous step. This example ignores all blocking for hCaptcha: 

<!-- 
Ignore Blocking for hCaptcha -->
<script>
 uc.deactivateBlocking([
  'QjO6LaiOd', // hCaptcha is not blocked
 ]);
</script>

Step 6: Update your Cookie Policy

Proceed to the 'Data Type Questions' section in Termageddon, and for each data type collected by this new service add the "Purpose for collecting this information", "Sources of this information" and "What categories of third parties have you shared this personal information with?" 

This ensures that the data collected by this service is now visible in the Cookie policy. 

Should the script be on the site or in Google Tag Manager?

A script should be deployed in Google Tag Manager (GTM) when it is related to marketing, analytics, or simple dynamic functionality that needs to be deployed or changed quickly without involving developers. 

This requires specific triggering based on consent details passed from the CMP to Google Tag Manager in the data layer. 

Scripts should be placed directly in the website code when the feature is a core structural, functional, or high-security component of the application.

Both methods require adding the service to the cookie policy, and cookie banner system in order to work. 

Was this answer helpful?

0 Users Found This Useful

Related Articles

How to embed the code on my Wordpress site?

Here's Hans with a helpful video on how to embed your Privacy Policy on your Wordpress website.

How to add code on my Squarespace website?

Here's Hans of Termageddon to show you how to embed your code on to a Squarespace website.

How to embed your Privacy Policy on your website

After generating your policies, you will be provided with an embed code. This embed code is...

Can I change the styling?

You can update the styling of the policy on your site. There is nothing fancy going on, it uses...

Should you consolidate all policies onto one page?

You need a separate page for each policy because the law says so. Article 7 of General Data...