Drupal

Drupal

Drupal is an open-source CMS whose pages load core JavaScript for UI components, form handling, and AJAX requests. Additional scripts depend on installed modules and site configuration; analytics, advertising, or tracking may be present based on the site operator's module and theme choices.

Overview

Drupal is an open-source content management system used to build and manage websites. Like WordPress and Joomla, Drupal runs as self-hosted software on the site operator's server. Its core scripts handle page rendering, form processing, user authentication, and content management. The privacy footprint of a Drupal site depends primarily on which contributed modules the site operator installs.

What This Script Does

Drupal's core scripts are served from the site's own domain:

  • CMS framework: Loads core JavaScript libraries for UI interactions, AJAX requests, form enhancements, and content administration tools.
  • Form handling: Processes contact forms, registration forms, and custom data collection forms with CSRF protection and server-side validation.
  • Authentication: Manages user session cookies for authenticated access to protected content and administrative interfaces.
  • Module integration: Drupal's contributed module ecosystem can add any functionality — analytics tracking, marketing pixels, social media integrations — each with its own privacy implications.
  • No external tracking: Drupal's core does not send data to external servers or set third-party cookies. All core operations happen on the site operator's own server.

Consent & Compliance

Drupal's core falls under the functional consent category. The CMS framework scripts and authentication cookies are necessary for the website to function.

Under GDPR and ePrivacy, Drupal's core session cookies are "strictly necessary" for website operation. The CMS scripts load from the site's own domain. Contributed modules that add analytics, marketing, or social media functionality require their own consent assessment.

Under CCPA/CPRA, Drupal's core does not collect or share personal information with third parties.

Should You Block This Without Consent?

No. Drupal's core scripts are essential CMS infrastructure. Blocking them would render the entire website non-functional. Privacy-sensitive functionality from contributed modules should be evaluated and consented independently.

Visit website

Consent Categories

Also Known As

drupaldrupal cmsdrupal modulesdrupal consentdrupal analyticsdrupal privacy

Industries

Computers Electronics and TechnologyProgramming and Developer SoftwareBusiness and Consumer ServicesMarketing and Advertising

Tracked Domains (1)

drupal.orgFunctional

Frequently Asked Questions

Are Drupal's core scripts subject to cookie consent?

No. Drupal's core CMS scripts handle page rendering, form processing, and user authentication — all strictly necessary for the website to function. Core session cookies are classified as essential under GDPR and ePrivacy. However, contributed modules adding analytics or marketing functionality require separate consent assessment.

What cookies and scripts does Drupal load by default?

Drupal's core loads JavaScript libraries for UI interactions, AJAX requests, form enhancements, and administration tools — all served from the site's own domain. It sets session cookies for authenticated access and includes CSRF protection for forms. The core does not send data to external servers or set third-party cookies.

How does ConsentStack categorize Drupal CMS scripts?

ConsentStack identifies Drupal's core framework scripts and assigns them the functional category, allowing them to load without consent. ConsentStack evaluates contributed modules separately — any analytics, marketing, or social media modules installed on the Drupal site are classified and gated under their respective consent categories.

Related Vendors

Jira
Jira
Jira (Atlassian) embeds support portal widgets and issue collector forms on external-facing websites. Browser scripts load inline feedback forms that allow visitors to submit bug reports or support tickets directly, forwarding submission data to the connected Jira project.
Ours Privacy
Ours Privacy
Ours Privacy is a consent management and privacy compliance platform. Scripts serve consent banners to website visitors and manage opt-in and opt-out preferences for tracking technologies. Consent decisions are recorded for compliance documentation and passed to connected vendors.
Contact Form 7
Contact Form 7
Contact Form 7 is a WordPress plugin that renders and processes contact forms on WordPress pages via AJAX. Scripts handle field validation, spam filtering through optional reCAPTCHA, and form submission. Only data entered by the user is collected and transmitted to the site administrator.
OpenStreetMap
OpenStreetMap
OpenStreetMap provides free, open-source collaborative map data embedded on websites as interactive tile maps. When an OSM map loads, tile images are fetched from openstreetmap.org servers, which may log the requesting IP address. No tracking scripts, advertising technologies, or user-identifying cookies are used.
Activepieces
Activepieces
Activepieces is an open-source workflow automation platform that connects applications through server-side triggers and actions. It operates entirely as backend infrastructure with no client-side scripts deployed on end-user websites; all automations execute on self-hosted or cloud servers.
Brizy Cloud
Brizy Cloud
Brizy Cloud serves website content through its visual builder platform. Scripts render page components and manage dynamic content, and may load conversion tracking or analytics integrations configured by the site owner on Brizy-hosted websites.

Manage consent for Drupal

ConsentStack automatically detects and manages Drupal trackers so your site stays compliant with global privacy regulations.

Drupal - Open Source CMS Privacy & Consent Controls | ConsentStack