How to set up Custom Blocking rules
In this article, you will see how to create custom rules to block any script your store loads in order to comply with data regulations.
Custom rules are entries with script rules to let the Pandectes app detect them and block them from running before user gives consent.
There are 2 cases when it comes to blocking:
Opt-in banner (Strict): The scripts marked by Custom rules will only run after consent.
Opt-out banner (Loose): The scripts marked by Custom rules will run initially but will be blocked if the user clicks on the "Decline" Button on the next page load.
You have a 3rd party app, which runs before consent.
An injected script is loading on your theme from a 3rd party domain.
You only want a service to run after accepting cookies. (e.x. Email marketing popup)
Suppose you have a script tag loading Microsoft Clarity on your store from the domain: "https://clarity.ms"
You can add a custom rule for that domain - "clarity.ms" to the autoblocker as a custom rule. This will mark all scripts and assets coming from that domain, and make it run after consent.
Go to your store and click on "inspect element". Then, go to the Network tab, and choose to Filter by JS
Check the scripts that load. Are they coming from your domain? If not, you can add a custom rule to block them, in the next step.
Navigate to the Settings > Autoblocker > Custom rules
Add a new rule
Fill out the form
The most important field of the form is the domain field. You will need to add the domain of the script that you want to block, without spaces. The field functions as a regular expression.
So, for the clarity example, we would add "clarity.ms" as the domain.
Any domain you add here, will match and mark all the instances that are under that domain. So, for example, if you add clarity.ms as the domain, all the scripts that are from that domain will be blocked.
For example:
https://www.clarity.ms/tag/3b3a8r2k7 ✅ (matches by the rule)
https://www.clarity.ms/some-other-script.js. ✅ (matches by the rule)
https://www.clarity.ms/another-file.css ✅ (matches by the rule)
But, if you add clarity.ms/tag to the domain field, only the first script will be marked. The others will not be subject to blocking.
Be very cautious not to add your store's own domain as a custom rule, as well as domains from services that are absolutely necessary for the functionality of the store. Adding any of those, can break the experience for your users.
Check the network tab after adding the custom rule. If the script does not load before consent, you have successfully added the rule.
Note: Sometimes you have blocked a script successfully, but you will keep seeing it in the Network tab (Because the request to the server gets executed) However, the script's variables and functions are undefined and no not run until consent.
If the script is one that places cookies, you can check the cookies that are placed prior to consent on your store in an incognito browser window. Adding the custom rule successfully will result in the related cookie not being placed before consent.
What are custom rules?
Custom rules are entries with script rules to let the Pandectes app detect them and block them from running before user gives consent.
There are 2 cases when it comes to blocking:
Opt-in banner (Strict): The scripts marked by Custom rules will only run after consent.
Opt-out banner (Loose): The scripts marked by Custom rules will run initially but will be blocked if the user clicks on the "Decline" Button on the next page load.
When is useful
You have a 3rd party app, which runs before consent.
An injected script is loading on your theme from a 3rd party domain.
You only want a service to run after accepting cookies. (e.x. Email marketing popup)
Use case
Suppose you have a script tag loading Microsoft Clarity on your store from the domain: "https://clarity.ms"
You can add a custom rule for that domain - "clarity.ms" to the autoblocker as a custom rule. This will mark all scripts and assets coming from that domain, and make it run after consent.
How to find which scripts to block?
Go to your store and click on "inspect element". Then, go to the Network tab, and choose to Filter by JS
Check the scripts that load. Are they coming from your domain? If not, you can add a custom rule to block them, in the next step.
How to add a custom rule?
Steps
Navigate to the Settings > Autoblocker > Custom rules
Add a new rule
Fill out the form
The most important field of the form is the domain field. You will need to add the domain of the script that you want to block, without spaces. The field functions as a regular expression.
So, for the clarity example, we would add "clarity.ms" as the domain.
Any domain you add here, will match and mark all the instances that are under that domain. So, for example, if you add clarity.ms as the domain, all the scripts that are from that domain will be blocked. For example:
https://www.clarity.ms/tag/3b3a8r2k7 ✅ (matches by the rule)
https://www.clarity.ms/some-other-script.js. ✅ (matches by the rule)
https://www.clarity.ms/another-file.css ✅ (matches by the rule)
But, if you add clarity.ms/tag to the domain field, only the first script will be marked. The others will not be subject to blocking.
Be very cautious not to add your store's own domain as a custom rule, as well as domains from services that are absolutely necessary for the functionality of the store. Adding any of those, can break the experience for your users.
How to verify that the script runs after consent?
Check the network tab after adding the custom rule. If the script does not load before consent, you have successfully added the rule.
Note: Sometimes you have blocked a script successfully, but you will keep seeing it in the Network tab (Because the request to the server gets executed) However, the script's variables and functions are undefined and no not run until consent.
If the script is one that places cookies, you can check the cookies that are placed prior to consent on your store in an incognito browser window. Adding the custom rule successfully will result in the related cookie not being placed before consent.
Updated on: 10/02/2025
Thank you!