Autoblocking is Cookie Compliance’s consent-first safeguard. It pauses non-essential scripts and iframes until a visitor makes a choice, then only allows what aligns with that choice to run. This prevents pre-consent leakage, keeps analytics and ads honest, and helps you meet prior-consent obligations. Think of it as a gate that opens only for what a user has actually agreed to—nothing more.

How it works, conceptually

When a page loads, Cookie Compliance looks for third-party Providers (analytics, ads, media embeds, widgets). Until there’s valid consent, those Providers are held: they don’t execute, set non-essential cookies, or ping their endpoints. After a choice is recorded, the system “releases” only the Providers that match the accepted Purpose Categories. Withdrawals or changes are respected immediately—held Providers stay held; running ones that no longer match are shut back down. This applies to traditional sites and modern SPAs alike, so late-loaded components don’t sneak past consent.

Purpose Categories & Access Levels (the core model)

Cookie Compliance uses a small, consistent set of Purpose Categories to describe why a Provider runs. Typical categories include:

• Basic Operations — essential functions required for the site to work (not subject to autoblocking).
• Site Optimization — analytics, performance measurement, A/B testing.
• Content Personalization — recommendations, embedded media behavior, UX tailoring.
• Ad Personalization — advertising, audience building, cross-site tracking.

These categories power everything: the banner text, what’s allowed to run, and what’s recorded in your consent logs. They’re also what make consent portable across pages and sessions—if a visitor accepts “Site Optimization,” any matching Provider can run, while others remain blocked.

On top of categories, the banner offers Access Levels that provide quick, understandable defaults:

• Private — the highest-privacy experience. Only Basic Operations run. Everything else stays blocked unless the visitor later opts in.
• Balanced — a pragmatic middle ground. Site Optimization may run (for aggregate measurement and UX quality), while Content Personalization and Ad Personalization remain off unless explicitly accepted.
• Personalized — the most feature-rich experience. Content Personalization and Ad Personalization are enabled together with Site Optimization, giving visitors full personalization and marketing features.

Access Levels are simply presets over the Purpose Categories, expressed in plain language so visitors understand the tradeoffs. Whether someone taps “Private,” “Balanced,” or “Personalized,” autoblocking enforces that choice by mapping it to the underlying purposes and only unblocking Providers that fit.

Signals and scope (just what you need)

The banner is the source of truth for user choices; Autoblocking enforces those choices at runtime. Where enabled, consent modes—Google Consent Mode, Meta (Facebook) Consent Mode, and Microsoft Consent Mode—read the standardized consent signals so their tags degrade gracefully before consent and upgrade after consent. These modes complement, not replace, autoblocking. If Global Privacy Control (GPC) is honored in your setup, autoblocking also treats it as a do-not-sell/share preference for the relevant purposes.

What to expect (practical boundaries)

Most common Providers are recognized out of the box. Self-hosted or uncommon loaders may need a precise URL pattern so they’re identified correctly. Inline or obfuscated tags can obscure detection; transparent integration yields the most reliable results. Basic Operations are never blocked; everything else follows the consent model you expose in the banner. The goal is consistency: the wording visitors see, the purposes you configure, what actually runs, and what gets logged all line up.

Key Terminology

• Provider — a third-party service such as analytics, ads, media, or widgets.
• URL pattern — the match rule used to recognize a Provider’s script/iframe/endpoint.
• Purpose Category — the why behind a Provider (e.g., Site Optimization); governs unblocking.
• Access Level — a preset that toggles multiple purposes at once (Private, Balanced, Personalized).
• Consent signals / Consent Modes — standardized flags read by some platforms to adapt behavior.

That’s the big picture. Autoblocking guards the door; Purpose Categories define the rules; Access Levels make the decision simple for visitors—so what runs always reflects what was actually agreed to.