Drupal

Drupal

Drupal is an open-source CMS whose pages load core JavaScript for UI components, form handling, and AJAX requests. Additional scripts depend on installed modules and site configuration; analytics, advertising, or tracking may be present based on the site operator's module and theme choices.

Back to Vendor Library

Overview

Drupal is an open-source content management system used to build and manage websites. Like WordPress and Joomla, Drupal runs as self-hosted software on the site operator's server. Its core scripts handle page rendering, form processing, user authentication, and content management. The privacy footprint of a Drupal site depends primarily on which contributed modules the site operator installs.

What This Script Does

Drupal's core scripts are served from the site's own domain:

  • CMS framework: Loads core JavaScript libraries for UI interactions, AJAX requests, form enhancements, and content administration tools.
  • Form handling: Processes contact forms, registration forms, and custom data collection forms with CSRF protection and server-side validation.
  • Authentication: Manages user session cookies for authenticated access to protected content and administrative interfaces.
  • Module integration: Drupal's contributed module ecosystem can add any functionality — analytics tracking, marketing pixels, social media integrations — each with its own privacy implications.
  • No external tracking: Drupal's core does not send data to external servers or set third-party cookies. All core operations happen on the site operator's own server.

Consent & Compliance

Drupal's core falls under the functional consent category. The CMS framework scripts and authentication cookies are necessary for the website to function.

Under GDPR and ePrivacy, Drupal's core session cookies are "strictly necessary" for website operation. The CMS scripts load from the site's own domain. Contributed modules that add analytics, marketing, or social media functionality require their own consent assessment.

Under CCPA/CPRA, Drupal's core does not collect or share personal information with third parties.

Should You Block This Without Consent?

No. Drupal's core scripts are essential CMS infrastructure. Blocking them would render the entire website non-functional. Privacy-sensitive functionality from contributed modules should be evaluated and consented independently.

Visit website

Consent Categories

Functional

Also Known As

drupaldrupal cmsdrupal modulesdrupal consentdrupal analyticsdrupal privacy

Industries

Computers Electronics and TechnologyProgramming and Developer SoftwareBusiness and Consumer ServicesMarketing and Advertising

Tracked Domains (1)

drupal.orgFunctional

Frequently Asked Questions

Are Drupal's core scripts subject to cookie consent?

No. Drupal's core CMS scripts handle page rendering, form processing, and user authentication — all strictly necessary for the website to function. Core session cookies are classified as essential under GDPR and ePrivacy. However, contributed modules adding analytics or marketing functionality require separate consent assessment.

What cookies and scripts does Drupal load by default?

Drupal's core loads JavaScript libraries for UI interactions, AJAX requests, form enhancements, and administration tools — all served from the site's own domain. It sets session cookies for authenticated access and includes CSRF protection for forms. The core does not send data to external servers or set third-party cookies.

How does ConsentStack categorize Drupal CMS scripts?

ConsentStack identifies Drupal's core framework scripts and assigns them the functional category, allowing them to load without consent. ConsentStack evaluates contributed modules separately — any analytics, marketing, or social media modules installed on the Drupal site are classified and gated under their respective consent categories.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Drupal

ConsentStack automatically detects and manages Drupal trackers so your site stays compliant with global privacy regulations.

Get started free