Configuring Tag Control Rules in the Portal

The Tag Control Rules screens are accessed from the left navigation panel of the portal:

The Rules screen is where you can build rules to deal with tag issues. You can create rules to

  • protect cookies from being accessed by other third-party tags
  • point to specific tags and defer their load sequence to a later time, or block them from being loaded at all
  • set up alerts to notify you if a tag is exceeding a time threshold

From this screen you can toggle the status of one or more rules between Enabled and Disabled by clicking one or more checkboxes at the left side of each rule and clicking Disable Selected or Enable Selected. You can also click Select All at the top to quickly select all rules to disable or enable.

This first version of Instart Tag Control only allows control over dynamic tags – that is, tags that are launched by other JavaScript. For example, tag managers insert JavaScript that will launch many of the tags on the page in runtime in the browser. Static tags, which are defined directly in the HTML code (either with references to source files or actual lines of code) are not supported.

Adding rules

To build a rule, begin by clicking on the pulldown labeled What do you want to do?

The choices are

  • Identify App, which is the first step towards creating a rule to protect a cookie or a form field from access by specific scripts, or delay loading of specific scripts
  • Set Up Alert, which allows you to specify alert conditions for scripts from a specific 3rd-party domain.

Once you have made this selection, the steps differ slightly depending on your choice.

To start a rule for your web app to control cookie access, protect a form field, or delay loading a resource:

  1. From the Rules page, click Add a new rule to open the rule builder.
  2. Enter a description (required) and one or more optional labels if desired.
  3. Click the pulldown labeled What do you want to do?  and choose Identify App. This opens up the Identify App section and moves the What do you want to do? pulldown down in the page:

  4. Match specification is set to Use criteria, match conditions by default, and a Criteria field is shown.
    You could also set Match specification to No criteria – always match, which means the rule will be applied to any request; in this case the Criteria selector below it disappears.
  5. If you are specifying criteria to match, the Criteria pulldown provides the following choices:

    These are in two groups, those that pertain to the App (the server side) and those that pertain to the Client (the browser).
    Selecting any of these criteria opens up a Match condition field and a field to specify one or more values. Depending on the criteria, some of these are text fields that accept strings, and some are pulldowns that allow you to select from a specific list of values.
    If Domain or Path is selected, the match condition can be equals any of, does not equal any of, matches any of, or does not match any of. The former two specify an exact match for the value or values you enter, while the latter two can be a regular expression. (See below for more on regular expressions, also called regexes.)
    For example, f Query String is selected, the match condition can be matches any of or does not match any of. Standard ECMAScript-flavor regexes are supported. For example, the following Query String criterion will match if a request's query string contains a specific combination of letters followed by an arbitrary six-digit number:

    A good reference on ECMAScript-flavor regexes can be found on the Mozilla Developer Network site. Regularexpressions101.com is a useful tool that can be used to test expressions and provides a quick syntax reference.
    Conditions that depend on the requesting client can be:
    - Browser name (Chrome, Internet Explorer, Edge, Safari or Firefox)
    - Device (Mobile, Tablet, or Desktop)
    - Country (from pulldown list)
    The match condition for these three criteria can be equals any of or does not equal any of, and therefore specify an exact match for the value or values you enter.
  6. Once you have selected a criterion, you can add additional ones by clicking the plus sign icon to the right of the value field. Note that the selections available no longer include the one you already specified:

    You can also remove criterion by clicking on the x icon to the right.
  7. Next you select which type of control rule you want. Click the pulldown labeled What do you want to do?

    The choices available are
    - Control Cookie Access
    - Delay Resource Load
    - Protect Form

If you select Control Cookie Access:

  1. A form section appears, allowing you to specify the appropriate criteria, which are predefined in this case:

  2. Specify the cookie by name, specify the URL pattern to match against script paths, and choose to control read access, write access, or both.
    For Cookie Name, the match conditions can be equals any of or does not equal any of, and therefore specify an exact match for the value or values you enter.
    For URL pattern, the match condition can be matches any of or does not match any of, and therefore specify a regular expression.
    For example, consider that you have a cookie named session that you wish to protect from anything other than your own scripts. The following rule specification will do this:


    If you have additional cookies you want to create rules for, click the labeled What do you want to do? pulldown and select Control Cookie Access to open another group of form fields.

If you select Delay Resource Load:

  1. A form section appears, allowing you to specify the appropriate criteria:

    The choices available are
    - Domain
    - Path
    - Query String

    Note that these fields here specify the resource that you want to delay, whereas the fields with the same name you selected under Identify App specify the location in your web application of the request and/or the properties of the requesting browser.


  2. If Domain or Path is selected, the match condition can be equals any of, does not equal any of, matches any of, or does not match any of. These specify an exact match for the value or values you enter, while the latter two can be a regular expression.
    If Query String is selected, the match condition can be matches any of or does not match any of. Standard ECMAScript-flavor regexes are supported.
    As noted earlier, you are able to add additional criteria by clicking the plus sign icon to the right of the value field. Note that the selections available no longer include the one you already specified.
  3. Next, select the Event that you want to have the specified resource load after. The choices are
    - Page Loaded – when the webpage and its dependent resources have finished loading.
    - DOM Content Loaded – when the initial HTML document has been completely loaded and parsed, without waiting for stylesheets, images, and subframes to finish loading.
    - Never Load – do not load the script at all.
    The following example shows Path set to addthis_widget.js and delays its loading until after the DOM Content Loaded event:

    As noted earlier, you are able to add additional criteria by clicking the plus sign icon to the right of the value field. Note that the selections available no longer include the one you already specified.

If you select Protect Form Field:

  1. A form section appears, allowing you to specify the appropriate criteria, which are predefined in this case:
  2. Specify the Element selector, specify the URL pattern, and choose to control read access, write access, or both.
    The Element selector is the DOM selector that specifies which form field you want to protect. This is typically the ID attribute of the element, but any valid selector that specifies the element will work.

    To determine a form field's selector:
    You can use your browser's developer tools to find the DOM selector that specifies which form field you want to protect. For example, in Chrome, right-click on the field of of interest and select Inspect to quickly open the Developer Tools console with the element selected:

    Then, right click on the element and select Copy > Copy selector from the popup menu:

    Caution

    Note that if your selector is not specific enough, this will cause the Nanovisor to examine all elements that match the selector, which can affect performance. The id attribute is ideal because it is unique.

    For the Element selector, the match conditions can be equals any of or does not equal any of, and therefore specify an exact match for the value or values you enter.
    The URL pattern specifies the script or scripts you want to prevent from being able to read and/or write the value of this form field.
    For URL pattern, the match condition can be matches any of or does not match any of, and therefore specifies a regular expression.
    For this example, the following rule specification will allow only the script processtransaction to read or write the value of the form element with an ID of ccnum:

To complete the rule:

When you have finished defining your rule, click Save at the bottom of the rule. A Change Reason box appears:

Fill in a note about why you are creating this rule and click Submit.

The rule is saved and will appear in the list of rules on the Tag Control Rules page.

To create a rule for your web app to perform multiple actions:

After you have selected either to either Control Cookie Access, Delay Resource Load, or Protect Form Field, you can add additional actions before saving the rule, or by editing the rule after you have saved it. Simply click the What do you want to do? pulldown at the bottom again to open another block of either type and define it as described above.

To create a rule to send alerts:

  1. From the Rules page, click Add a new rule to open the rule builder.
  2. Enter a description (required) and one or more optional labels if desired.
  3. Click the pulldown labeled What do you want to do?  and choose Set Up Alert. This opens up the Set Up Alert section and moves the What do you want to do? pulldown down in the page:
  4. Specify
    the Root domain of the tag(s) you want to alert on; currently this is the only way to specify the scope of what you want to set up the alert for.
    a Threshold in milliseconds – the number of milliseconds above which you consider the resource is taking too long to load.
    an Aggregate percentile – what percentage of requests this threshold is exceeded for, from a pulldown offering values 50th, 90th, 95th, and 99th.
    a Duration window – how long you want the system to wait while the threshold and percentile remain in this state before an alert is sent, from a pulldown offering values 10m, 15m, 30m, 60m, 90m, or 120m).
    the Alert notification email list: enter one of more email addresses to which the alert is to be sent when triggered.
    (The What do you want to do? pulldown moves to the bottom of the form field section but there is nothing you can select from it.)
  5. When you have finished defining your alerting rule, click Save at the bottom of the rule. A Change Reason box appears:

    Fill in a note about why you are creating this alert and click Submit.

The rule is saved and will appear in the list of rules on the Tag Control Rules page.

Editing and deleting rules

Rules can be edited at any time.

To edit an existing rule:

  1. From the rule list page, click the rule you want to change. This opens the Edit Tag Control Rule screen:
  2. You can
    - modify existing criteria and actions
    - add additional criteria and/or actions
    - delete criteria and/or actions
  3. When finished, click Save.

To delete an existing rule:

To delete an existing rule, open it for editing from the rule list page and click Delete at the bottom.

Reordering rules

The order of rules matters – any rule that defines criteria that trigger a rule set higher up in the list takes precedence will be the one whose action is taken.

You can reorder the rules by clicking Reorder Rules and then dragging and dropping rules up or down in the list: