Enforcement policies control how LegalBanner's SDK handles third-party scripts based on their approval status in the Tag Registry. This is a Pro-plan feature within the Tag Governance module.
Policy Scopes
Enforcement policies can be set at three levels:
1. Organization - applies to all sites in the org (default)
2. Client - overrides org policy for all sites under a specific client
3. Site - overrides client and org policy for a specific site
The SDK resolves the policy by checking site first, then client, then org. The first enabled policy wins.
Policy Settings
| Setting | Options | Description |
|---------|---------|-------------|
| Enabled | on/off | Whether enforcement is active for this scope |
| Mode | Loader / Strict | How scripts are intercepted |
| Unknown tag action | Alert only / Block until approved | What happens when an unrecognized script is detected |
Loader Mode (Default)
In Loader mode, you wrap third-party scripts as inert stubs in your HTML:
``html
`
The SDK:
1. Reads the tag registry from the enforcement config
2. For each stub, checks if the tag is approved AND the visitor has consented to the relevant category
3. If both conditions are met, changes type to text/javascript and the script executes
4. If the tag is blocked or pending, the script never executes
Strict Mode (Experimental)
Strict mode intercepts dynamically injected scripts at runtime by wrapping document.createElement. When any code (GTM, third-party libraries, etc.) tries to inject a