# Consent-Auto-Blocking für flb.de

flb.de: 21 Auto-Blocking-Regel(n) für Skripte, Iframes und Tag-Manager-Trigger aus SaferPage-Dienstsignalen.

> Auto-Blocking-Regeln sind Betreiber-Vorlagen. Produktivbetrieb braucht CMP-Freigabe, Tests je Consent-Zustand, CSP-/Tag-Manager-Abgleich und fachliche Freigabe.

## Regeln
- fonts.verwaltungsportal.de (*.fonts.verwaltungsportal.de): Kategorie externe_medien, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="externe_medien" data-src="https://fonts.verwaltungsportal.de/..."></script>`
  Iframe: `<iframe data-saferpage-category="externe_medien" data-src="https://fonts.verwaltungsportal.de/..." src="about:blank" title="fonts.verwaltungsportal.de"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.externe_medien equals true.
- chatbot.hw.ag (*.chatbot.hw.ag): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://chatbot.hw.ag/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://chatbot.hw.ag/..." src="about:blank" title="chatbot.hw.ag"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- cookie-consent (*.tiktok.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://tiktok.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://tiktok.com/..." src="about:blank" title="cookie-consent"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- fotos.verwaltungsportal.de (*.fotos.verwaltungsportal.de): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://fotos.verwaltungsportal.de/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://fotos.verwaltungsportal.de/..." src="about:blank" title="fotos.verwaltungsportal.de"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- instagram.com (*.instagram.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://instagram.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://instagram.com/..." src="about:blank" title="instagram.com"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- layout.verwaltungsportal.de (*.layout.verwaltungsportal.de): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://layout.verwaltungsportal.de/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://layout.verwaltungsportal.de/..." src="about:blank" title="layout.verwaltungsportal.de"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- libraweb-ttp2.tiktokw.eu (*.libraweb-ttp2.tiktokw.eu): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://libraweb-ttp2.tiktokw.eu/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://libraweb-ttp2.tiktokw.eu/..." src="about:blank" title="libraweb-ttp2.tiktokw.eu"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- mcs-ie2.tiktokw.eu (*.mcs-ie2.tiktokw.eu): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://mcs-ie2.tiktokw.eu/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://mcs-ie2.tiktokw.eu/..." src="about:blank" title="mcs-ie2.tiktokw.eu"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- mon16-normal-no1a.tiktokv.eu (*.mon16-normal-no1a.tiktokv.eu): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://mon16-normal-no1a.tiktokv.eu/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://mon16-normal-no1a.tiktokv.eu/..." src="about:blank" title="mon16-normal-no1a.tiktokv.eu"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- mon16-normal-useastred.tiktokv.eu (*.mon16-normal-useastred.tiktokv.eu): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://mon16-normal-useastred.tiktokv.eu/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://mon16-normal-useastred.tiktokv.eu/..." src="about:blank" title="mon16-normal-useastred.tiktokv.eu"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- p16-common-sign.tiktokcdn-eu.com (*.p16-common-sign.tiktokcdn-eu.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://p16-common-sign.tiktokcdn-eu.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://p16-common-sign.tiktokcdn-eu.com/..." src="about:blank" title="p16-common-sign.tiktokcdn-eu.com"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- scontent-fra3-2.cdninstagram.com (*.scontent-fra3-2.cdninstagram.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://scontent-fra3-2.cdninstagram.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://scontent-fra3-2.cdninstagram.com/..." src="about:blank" title="scontent-fra3-2.cdninstagram.com"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- scontent-fra5-1.cdninstagram.com (*.scontent-fra5-1.cdninstagram.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://scontent-fra5-1.cdninstagram.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://scontent-fra5-1.cdninstagram.com/..." src="about:blank" title="scontent-fra5-1.cdninstagram.com"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- scontent-fra5-2.cdninstagram.com (*.scontent-fra5-2.cdninstagram.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://scontent-fra5-2.cdninstagram.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://scontent-fra5-2.cdninstagram.com/..." src="about:blank" title="scontent-fra5-2.cdninstagram.com"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- sf16-website-login.neutral.tiktokcdn-eu.com (*.sf16-website-login.neutral.tiktokcdn-eu.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://sf16-website-login.neutral.tiktokcdn-eu.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://sf16-website-login.neutral.tiktokcdn-eu.com/..." src="about:blank" title="sf16-website-login.neutral.tiktokcdn-eu.com"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- sf16-website-login.neutral.ttwstatic.com (*.sf16-website-login.neutral.ttwstatic.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://sf16-website-login.neutral.ttwstatic.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://sf16-website-login.neutral.ttwstatic.com/..." src="about:blank" title="sf16-website-login.neutral.ttwstatic.com"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- static.cdninstagram.com (*.static.cdninstagram.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://static.cdninstagram.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://static.cdninstagram.com/..." src="about:blank" title="static.cdninstagram.com"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- tiktok.com (*.tiktok.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://tiktok.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://tiktok.com/..." src="about:blank" title="tiktok.com"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- ttwid (*.tiktok.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://tiktok.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://tiktok.com/..." src="about:blank" title="ttwid"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- v45.tiktokcdn-eu.com (*.v45.tiktokcdn-eu.com): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://v45.tiktokcdn-eu.com/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://v45.tiktokcdn-eu.com/..." src="about:blank" title="v45.tiktokcdn-eu.com"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.
- webmssdk16-normal-no1a.tiktokw.eu (*.webmssdk16-normal-no1a.tiktokw.eu): Kategorie unklar, Default blocked.
  Script: `<script type="text/plain" data-saferpage-category="unklar" data-src="https://webmssdk16-normal-no1a.tiktokw.eu/..."></script>`
  Iframe: `<iframe data-saferpage-category="unklar" data-src="https://webmssdk16-normal-no1a.tiktokw.eu/..." src="about:blank" title="webmssdk16-normal-no1a.tiktokw.eu"></iframe>`
  GTM: Fire only when event equals saferpage_consent_update and consent.unklar equals true.

## Loader Snippet

```js
window.addEventListener('saferpage-consent-update', function(event) {
  var consent = event.detail || {};
  document.querySelectorAll('script[type="text/plain"][data-saferpage-category][data-src]').forEach(function(node) {
    var category = node.getAttribute('data-saferpage-category');
    if (!consent[category] || node.getAttribute('data-saferpage-loaded') === 'true') return;
    var script = document.createElement('script');
    Array.prototype.slice.call(node.attributes).forEach(function(attr) {
      if (attr.name === 'type' || attr.name === 'data-src' || attr.name === 'data-saferpage-category') return;
      script.setAttribute(attr.name, attr.value);
    });
    script.src = node.getAttribute('data-src');
    script.async = true;
    node.setAttribute('data-saferpage-loaded', 'true');
    node.parentNode.insertBefore(script, node.nextSibling);
  });
  document.querySelectorAll('iframe[data-saferpage-category][data-src]').forEach(function(node) {
    var category = node.getAttribute('data-saferpage-category');
    if (!consent[category] || node.src === node.getAttribute('data-src')) return;
    node.src = node.getAttribute('data-src');
  });
});
```

## GTM Setup
- 1. Consent Initialization: Default Consent Mode vor allen Marketing-/Analytics-Tags auf denied setzen.
- 2. Tag Trigger prüfen: Jeder nicht notwendige Tag braucht Kategoriebedingung aus saferpage_consent_update.
- 3. Unklassifizierte Tags blockieren: Neue oder unbekannte Dienste bleiben aus, bis Kategorie, Zweck und Rechtsgrundlage freigegeben sind.
- 4. Reject/GPC testen: Nach Ablehnen und GPC dürfen keine Marketing-/Analytics-/Embed-Tags nachladen.

## Placeholder
- visual_embeds: Videos, Karten, Captchas und Social Widgets mit Platzhalter anzeigen und erst nach Kategorie-Freigabe laden.
- copy: Dieser externe Inhalt ist blockiert, bis Sie die passende Datenschutz-Kategorie aktivieren.
- preview_limit: Keine externen Preview-Bilder laden, wenn diese bereits Drittanbieter-Kontakte auslösen.