Auto-blocking
The script automatically blocks third-party resources detected by the scanner on your site. No code changes are needed.
What gets blocked and how
- Scripts:
typeis changed totext/plain, which prevents execution - Iframes:
srcis removed and a placeholder overlay is shown - Images, video, audio, embed, object:
srcordatais removed - Link preconnect, prefetch, preload and dns-prefetch:
hrefis removed, which prevents DNS leaks - Cookies: removed automatically when category consent is withdrawn
Only scripts and iframes that the scanner detected on your specific
website are blocked. There is no global blocklist. Patterns match by URL
substring, for example connect.facebook.net or static.hotjar.com.
Google Tag Manager and Google Analytics are not blocked this way. They are controlled through Google Consent Mode, which keeps tags from firing until consent is given.
Iframe placeholders
When an iframe is blocked, a placeholder overlay shows:
- Provider name (when known)
- Category label
- An Allow button that consents to that specific category
localStorage and sessionStorage blocking
Third-party scripts are prevented from writing to localStorage and
sessionStorage until consent is given. OptSens' own keys (os_consent,
os_visitor_id, os_banner_lang) are always allowed.
After consent is granted for all categories, storage interception is removed entirely, leaving zero performance impact.