Directus

Directus

Directus is an open-source headless CMS and data platform that serves structured content via APIs. Its backend delivers content to frontend applications through REST or GraphQL endpoints. Directus does not typically load tracking scripts in the browser, functioning primarily as a server-side content source.

Back to Vendor Library

Overview

Directus is an open-source headless CMS and data platform that exposes structured content through REST and GraphQL APIs. It is primarily a backend service, meaning its presence in a technology stack does not typically result in client-side script execution on end-user browsers. When Directus does appear in a browser context, it is usually because developers have integrated the Directus JavaScript SDK into a frontend application to query content directly from the API.

What This Script Does

Because Directus operates as an API server rather than a tag-injected script, its browser footprint is minimal. When developers use the Directus JS SDK (@directus/sdk), the library makes authenticated fetch requests to the Directus API endpoint—typically a subdomain operated by the site owner, not a third-party domain. No persistent tracking cookies are set by the SDK itself. Session authentication may use short-lived tokens stored in memory or localStorage, but these are scoped to the application and are not shared with external parties. No fingerprinting, behavioral tracking, or advertising identifiers are collected.

Consent & Compliance

Under GDPR and ePrivacy, Directus SDK requests are analogous to first-party API calls—they retrieve content from a server operated by or on behalf of the data controller. No third-party personal data processing occurs. Under CCPA/CPRA, there is no sale or sharing of personal information with Experian or other third parties. Because Directus does not set cookies or collect behavioral data for tracking purposes, it falls into the essential or functional consent category. Consent is not legally required under ePrivacy for first-party technical requests of this nature.

Should You Block This Without Consent?

No. Directus serves as a content delivery mechanism rather than a tracking or advertising tool. Blocking it would typically break content rendering on pages that depend on the Directus API. No user profiling or cross-site tracking is involved.

Visit website

Consent Categories

Essential
Functional

Also Known As

directus cmsdirectus headlessdirectus privacydirectus consentdirectus API content

Industries

Computers Electronics and TechnologyProgramming and Developer SoftwareBusiness and Consumer ServicesMarketing and Advertising

Tracked Domains (1)

directus.ioEssential

Frequently Asked Questions

Is consent required for Directus on my website?

Conditional. Directus is a headless CMS used to manage and serve content. When used as a backend API with no client-side scripts embedded on a public page, user consent is not required. If Directus client libraries load in the browser and set cookies, functional consent may apply.

What data does Directus collect?

Directus sets session cookies and tokens for authenticated CMS users managing content. For public-facing API consumption, no cookies are typically set in visitor browsers. Self-hosted deployments keep all data on the operator's own infrastructure with no data sharing with third-party services.

How does ConsentStack handle Directus?

ConsentStack identifies Directus client-side SDK scripts if they are loaded on a public-facing page. It classifies Directus as essential and functional. Authentication session cookies for CMS users are treated as essential, while optional client-side scripts are held pending functional consent from visitors.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Directus

ConsentStack automatically detects and manages Directus trackers so your site stays compliant with global privacy regulations.

Get started free