Contentful

Contentful

Headless CMS used by development teams to manage and deliver structured content via API. Contentful's JavaScript SDK or preview scripts may appear on sites in development or preview mode to render content from the CMS in real time. In production, Contentful typically delivers content server-side with no client-side script footprint.

Back to Vendor Library

Overview

Contentful is the market-leading headless content management system (CMS), used by development teams to manage and deliver structured content via API. Over 30% of Fortune 500 companies use Contentful to power websites, mobile apps, and digital experiences. Contentful decouples content authoring from content delivery — content editors manage entries in Contentful's Studio, and developers query content via REST or GraphQL APIs at build time or runtime.

What This Script Does

In production websites, Contentful typically has no client-side script footprint — content is fetched server-side or at build time, resulting in pre-rendered HTML delivered to the browser. Client-side Contentful scripts appear in specific scenarios: preview environments, Live Preview for editors, and the optional Contentful App Framework for embedded custom tools.

Contentful Live Preview SDK

  • @contentful/live-preview npm package — Injected into staging and preview environments to enable real-time content editing. Approximately 50–100KB.
  • Establishes a postMessage connection between the Contentful Studio interface and the preview page, enabling inline editing where editors can click on content to edit it in place.
  • No tracking cookies are set by Live Preview. All communication is between the Contentful Studio tab and the preview page.

Contentful Content Preview API

  • Client-side requests to preview.contentful.com/spaces/{spaceId}/entries/ — The Preview API returns draft content (unpublished changes) for preview environments.
  • Authentication via a Preview API key (typically embedded in preview environment variables, not production).
  • Preview API keys grant read-only access to draft content and should never be exposed in production builds.

Contentful Images API

  • images.ctfassets.net — Contentful's image transformation and delivery CDN (backed by Cloudflare). No cookies set.
  • downloads.ctfassets.net — Asset download CDN.
  • videos.ctfassets.net — Video asset CDN.

Production Delivery API

  • Content Delivery API (CDA): cdn.contentful.com/spaces/{spaceId}/entries/ — In production server-side rendering (Next.js, Nuxt, etc.), this API call happens on the server, not in the browser. No client-side cookies or JavaScript footprint.
  • GraphQL API: graphql.contentful.com/content/v1/spaces/{spaceId} — Same: server-side only in production.

No Cookies Set in Production Contentful does not set any cookies on visitor browsers in a production website deployment. All content delivery is API-based (server-side) or CDN-based (static assets). No tracking, analytics, or session management cookies originate from Contentful in production.

Consent & Compliance

Consent category: Functional

  • GDPR/ePrivacy: No cookies are set in production by Contentful. No personal data about website visitors is processed by Contentful's delivery infrastructure — the delivery APIs are called server-side. The Images CDN (images.ctfassets.net) delivers assets without setting cookies. No consent is required for Contentful in production deployments.
  • Preview environments: Contentful Live Preview is used only by authenticated editors in controlled preview environments, not by end users. No public-facing consent obligations arise from preview tools.
  • CCPA/CPRA: No personal information about website visitors is processed by Contentful in production. Contentful processes content editor data (Contentful Studio user accounts) under its own privacy policy, not as a processor for the website visitor.
  • EU data residency: Contentful offers EU data residency (spaces hosted in EU data centers). Content Delivery API requests from EU visitors can be routed to EU infrastructure.

Should You Block This Without Consent?

No. In production, Contentful has no client-side scripts to block — content delivery is entirely server-side or via CDN asset URLs. No cookies are set on visitor browsers. There is nothing to block, and attempting to block ctfassets.net would break image and asset delivery. In preview environments, Live Preview scripts serve an internal editorial purpose with no visitor-facing privacy implications.

Visit website

Consent Categories

Functional

Also Known As

Contentfulheadless CMScontent delivery APIpreview scriptstructured contentCMS cookies

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Tracked Domains (1)

ctfassets.netEssential

Frequently Asked Questions

Do I need consent to use Contentful on my website?

No. In production, Contentful has no client-side scripts and sets no cookies on visitor browsers. Content is fetched server-side via API. No tracking, analytics, or session management occurs on the visitor's device.

What data does Contentful collect?

In production, Contentful collects no visitor data client-side. Content delivery and image assets are served via CDN without cookies. Live Preview scripts only load for authenticated editors in staging environments, not for public visitors.

How does ConsentStack handle Contentful?

ConsentStack classifies Contentful as functional. Since production deployments have no client-side scripts or visitor cookies, ConsentStack has nothing to block. Blocking ctfassets.net would break image delivery without any privacy benefit.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Contentful

ConsentStack automatically detects and manages Contentful trackers so your site stays compliant with global privacy regulations.

Get started free