TagFirewall

TagFirewall can whitelist or blacklist tags.

TagFirewall is a paid extension that can be installed with TagCommander or run in standalone mode. Please contact a Commanders Act consultant or account manager to activate it.
Overview
TagFirewall blocks unauthorised tags (domains) in real time. This can e.g. help to block and reduce the risk of piggybacking tags. TagFirewall is highly dynamic and can therefore enrich an existing Content Security Policy (CSP) setup to resolve critical issues with tags in minutes or replace the need for a Content Security Policy (CSP) entirely. TagFirewall offers two modes:
Blacklist Mode
This mode blocks tag communication with a configurable list of domains. Communication with all other domains is still permitted.
Whitelist Mode
This mode blocks tag communication with all domains except a configured whitelist.
Setup
TagCommander
TagFirewall can be set up and configured with the tag template "TagCommander - TagFirewall" in TagCommander.
Option
Description
Mode
Allows to select Blacklist or Whitelist mode.
Blacklist domains
Domains that should be blacklisted. Enclosed in " and and separated by, . (Only for Blacklist Mode)
Internal domains
Tag domains that should be whitelisted. Enclosed in " and and separated by, . (Only for Whitelist Mode)
Tag domains
Internal domains (domain the website needs to function) that should be whitelisted. Enclosed in " and and separated by, . (Only for Whitelist Mode)
Check SSL
This option allows to block all http script hits (it will only allows https script hits).
Example of a TagFirewall configuration.
Standalone
TagFirewall can be set up and configured with a custom JavaScript tag for all other installations. The tag has following options.
Option
Description
<whitelist_tags>
Array of domains used by tags that should not be blocked. (Only for Whitelist Mode)
<whitelist_internal>
Array of internal domains (domain the website needs to function) that should not be blocked. (Only for Whitelist Mode)
<blacklist_tags>
Array of domains used by tags that should be blacklisted. (Only for Blacklist Mode)
<active_flag>
This option activates TagFirewall. Set to true to activate TagFirewall.
<check_ssl>
This option allows to block all http script hits (it will only allows https script hits). Set to true to activate it.
<script_url>
URL of the TagFirewall library JavaScript file. This URL will be provided by a Commanders Act Consultant or Account Manager.
Blacklist Mode
Whitelist Mode
Blacklist Mode
<script>
tC = tC || {};
tC.tagFirewall = tC.tagFirewall || {};
​
tC.tagFirewall.list = {
    "blacklist": {
        "tags": <blacklist_tags>
    }
};
​
tC.tagFirewall.checkSSL = <check_ssl>;
tC.tagFirewall.blocked  = <active_flag>;  
</script>
<script src="<script_url>"></script>
Whitelist Mode
<script>
tC = tC || {};
tC.tagFirewall = tC.tagFirewall || {};
​
tC.tagFirewall.list = {
    "whitelist": {
        "internal": <whitelist_internal>,
        "tags": <whitelist_tags>
    }
};
​
tC.tagFirewall.checkSSL = <check_ssl>;
tC.tagFirewall.blocked  = <active_flag>; 
</script>
<script src="<script_url>"></script> 
Examples
Blacklist Mode
Whitelist Mode
Blacklist Mode
<script>
tC = tC || {};
tC.tagFirewall = tC.tagFirewall || {};
​
tC.tagFirewall.list = {
    "blacklist": {
        "tags": ["bad-domain1.com", "bad-domain2.com"]
    }
};
​
tC.tagFirewall.checkSSL = true;
tC.tagFirewall.blocked  = true;  
</script>
<script src="<script_url>"></script>
Whitelist Mode
<script>
tC = tC || {};
tC.tagFirewall = tC.tagFirewall || {};
​
tC.tagFirewall.list = {
    "whitelist": {
        "internal": ["cdn.yourdomain.com", "cdn.yourdomain2.com"],
        "tags": ["facebook.com","twitter.com"]
    }
};
​
tC.tagFirewall.checkSSL = true;
tC.tagFirewall.blocked  = true;
</script>
<script src="<script_url>"></script>
The tag should be included in the <head> of your document. It can only block tags that are loaded after the TagFirewall tag and JavaScript library file.

Extensions - Previous

Cookie Scanner

Next - Extensions

Tag Hierarchy

Last updated 9 months ago

Option	Description
Mode	Allows to select Blacklist or Whitelist mode.
Blacklist domains	Domains that should be blacklisted. Enclosed in `"` and and separated by`,` . (Only for Blacklist Mode)
Internal domains	Tag domains that should be whitelisted. Enclosed in `"` and and separated by`,` . (Only for Whitelist Mode)
Tag domains	Internal domains (domain the website needs to function) that should be whitelisted. Enclosed in `"` and and separated by`,` . (Only for Whitelist Mode)
Check SSL	This option allows to block all `http` script hits (it will only allows `https` script hits).

Option	Description
<whitelist_tags>	Array of domains used by tags that should not be blocked. (Only for Whitelist Mode)
<whitelist_internal>	Array of internal domains (domain the website needs to function) that should not be blocked. (Only for Whitelist Mode)
<blacklist_tags>	Array of domains used by tags that should be blacklisted. (Only for Blacklist Mode)
<active_flag>	This option activates TagFirewall. Set to `true` to activate TagFirewall.
<check_ssl>	This option allows to block all `http` script hits (it will only allows `https` script hits). Set to `true` to activate it.
<script_url>	URL of the TagFirewall library JavaScript file. This URL will be provided by a Commanders Act Consultant or Account Manager.