Salesforce

Implementing Cookie Consent Scripts

« Go Back
Information
Implementing Cookie Consent Scripts
UUID-7478d3b4-18eb-3ac0-a6fd-fb7ebff9f8dc
English
Checked
Content

The Testing and Production script tags are the snippets of code that you use to implement the banner and preference center you have configured in Cookie Consent on your website. Once the tag is implemented on your site and republished in the application, any changes to your associated template, geolocation rules, or categorizations will be pushed to your site automatically.

For information on Banner and Preference Center browser compatibility, see OneTrust Offerings Browser Compatibility.

Testing and Production CDNs

The Testing CDN or Production CDN should be implemented as close to the top of the <head> section of your site HTML on all pages. The CDNs contain a unique identifier that is specific to the domain for which it was generated. This is in the data-domain-script. The Testing CDN with be appended with"-test".

The script needs to be loaded on each page of your domain in order to ensure site visitors are immediately presented with a banner and preference center when visiting your site if they have not yet consented. Once the user has consented or interacted with the banner and/or preference center, a cookie will be dropped on the page to prevent the banner from re-appearing on subsequent pages for the user.

If you use a site builder or content management system (CMS) to manage your domains, you may be able to customize this in your site template or through a code injector feature.

Caution

The script must be placed before any other script in your site in order to ensure the banner is loaded before any other scripts load or set cookies. This allows the script tag to communicate the site visitor's consent preferences downstream.

Tip

You can define language codes using underscores or hyphens.

Example: en-US or en_US.

The Testing CDN matches the Production CDN script except:

  • There is no cache, meaning changes can be viewed immediately after re-publishing.

  • This script will function on any test site that is or is not a subdomain of the domain scanned within the application, and should be used for testing purposes.

    Note

    When a cookie is written, it is written to a specific domain, such as .example.com or www.staging-example.com.

    A cookie written in .example.com is sent in any requests for the root domain.

    However, if you were on a different domain, such as www.staging-example.com, you would not be able to write a cookie on .example.com. Any domain featuring www. is considered a subdomain of a larger domain.

    The Testing CDN script writes cookies to the domain it is currently on, allowing it to behave like the Production CDN script in a testing environment. The Production CDN is specific to the domain scanned within the application.

    Warning

    If your domain and the script are not the same, then the script will not function correctly and the banner will continually reappear.

    If your staging/test site is a different domain than your script, you must use the test script for testing to function properly.

    For more information, see Scanning a Websiteƒuser .

The Production CDN script references an SDK hosted by OneTrust. If you want to host the SDK on your own servers, you can download the full SDK and host it locally.

Viewing the Change Log

When publishing a script, the first screen you will is the the Change Log. This screen will show the major changes in the script that will be published and any features that incompatible with the version of the script you are attempting to publish.

To implement the Testing CDN script

  1. On the Cookie Consent menu, select Scripts. The Scripts screen appears.

  2. Select the the domain where Cookie Banner will be implemented.

  3. Click the Publish Test button. The Test Website pane appears.

  4. Choose a version publish and review the incompatible features. Click Confirm.

  5. Customize your settings. For more info, see Testing CDN Screen Reference.

  6. Click the Publish Test Scripts button.

  7. Navigate to the Test Scripts tab.

  8. Click the Copy Scripts button for the Testing CDN script.

  9. Paste the copied script in the <head> section of your testing environment. The script must be placed before any other script in your <head> section.

Testing CDN Screen Reference

test_cdn.png

Field

Description

Choose a script version to publish

Choose the version of the script to publish. The default will be the latest version.

This setting allows to publish configuration to a previous OneTrust version.

When publishing a script to an older version than the current OneTrust version of your OneTrust tenant (e.g. OneTrust is currently on 6.7, but you want to publish your script to the 6.6 version), you will not be able to utilize any of the new features or bug fixes that were released in with the most recent version of OneTrust (in the above scenario any features released with 6.7).

If selecting an older version, there will be a list of features that are incompatible for the selected publish version. These features will still be able to be configured in the Admin tool, but the script will not be able to use those features if publishing to an older version.

Note

The end of support date for the selected version will be displayed.

Do you require users to re-consent?

Enabling this setting will require your website users to re-consent. This will expire the OptanonAlertBoxClosed cookie and add a value of AwaitingReconsent=true to the OptanonConsent cookie. The users previous value of consent will still be present upon the re-consent, so the cookie category values are not reset based on the default configuration. When the script files are loaded with the new configuration (not loaded from cache), the banner will be re-presented if configured as so for the geolocation rule.

Prevent Fetching Banner

If Prevent Fetch of Banner or Preference Center is turned on, when your page loads we will not load the HTML or CSS. These elements will only be called when the site visitor takes an explicit action to call them. This is used to help optimize site performance.

Prevent Fetching Preference Center

When enabled, the Preference Center template HTML and CSS will only be loaded when needed.

Google Analytics Tracking for the Banner and Preference Center

When toggle is enabled, Google Analytics events will be created and passed based on user interaction. You can also choose for gaEvent tracking on the banner to be associated with the acceptance of a category. The data-ignore-ga='true' attribute will override this configuration. Google Analytics integration also required.

Publish Individual Languages.

Enable this setting to publish the script for a specific language or languages. If not enabled, all languages will be published. The default is disabled.

Note

If language detection is not enabled for the script, you will have to publish the languages individually.

If the script has previously been published for all languages existing on templates, these languages will still exist when the script is loaded. Only the changes applied to the selected languages will be published.

Enable Automatic Blocking of Cookies

The setting will enable the OneTrust AutoBlocking feature. Cookies will automatically be blocked or allowed to drop based on the configured consent model and then, when the user provides consent or interacts, blocked or allowed to drop accordingly . Make sure to read through OneTrust Cookie Auto-Blocking™ if you are wanting to enable this feature.

Enabling this feature adds an additional script to the CDN, so if you have already implemented, make sure to include the additional script on your page. The script will be found in the same place in the CDN.

Automatically Block Known Tracking Technologies

Note

Only applicable if the Enable Automatic Blocking of Cookies setting is enabled.

If enabled, cookies, pixels, and web beacons that are known to be used in targeting will automatically be blocked.

Make sure to reference OneTrust Cookie Auto-Blocking™ for the list of common hosts.

Enable SameSite = None

If enabled, this setting configures the SameSite attribute to None on cookies where it is present.

For more info, see Setting SameSite Cookies.

Enable Single Page Application Support

If enabled, this setting allows you to force the banner to reload as it would on an actual page change.

For more info, see Single Page Applications of Cookie Consent.

Enable Content Security Policy Support

If enabled, the polyfill allows you to add inline styles.

For more info, see Configuring a Content Security Policy with OneTrust CDN.

Note

Style tags with a nonce are allowed by the CSP.

Enable Language Detection on Scripts

This feature will be enabled and set to "Determine the language from site visitor's browser settings" by default. This means that the user will be presented with the banner and preference center in the language they have configured for their browser if the language is configured in your template.

If you choose to change the setting to "Determine the language from HTML page", the language will be controlled by the HTML declared language. The language code in the HTML must match the language code from the template.

For example, I have a German site where I want to show the Cookie banner to my users in German and I want to do this based on my HTML declared language. The language code for German in my OneTrust template is "de". I can see this under Manage Languages. My HTML declared language code would need to also be "de".

<html lang="de">

Selecting this configuration adds data-document-language="true" to the script. If you have already implemented your script and decide to change this configuration, you will need to make this addition to the script. This will be reflected in the CDN after configuring.

To implement the Production CDN script

Important

Production scripts can only be published within 30 minutes of publishing test scripts. You must first publish you test script to publish your production script.

Use this script for your production website. Published changes for this script take up to 24 hours to cache but display immediately due to auto-enabled cache busting.

Note

To prevent events from being sent to Google Analytics, add the the following attribute to the Cookie Banner script.

data-ignore-ga='true'
  1. On the Cookie Consent menu, select Scripts. The Scripts screen appears.

  2. Select the the domain where script will be implemented.

  3. Click the Publish Production button. The Publish pane appears.

  4. Select the version of the script to publish and review the incompatible features.

    Note

    The end of support date for the selected version will be displayed.

  5. Click the Confirm button.

  6. Customize your settings for the Production CDN script. If you would like to host your the script locally, you can click Download to download the script to run locally. See the Production CDN Screen Reference.

  7. Navigate to the Production Scripts tab.

  8. Paste the copied script in the <head> of your site. The script must be placed before any other script in your <head> section.

  9. Click the Publish button to publish your settings.

Cookie Settings Button

The Cookie Settings button is a way for you to allows your website users to re-surface the preference center and change their consent. The button verbiage can be configured in the template. The Production CDN script must also be included on the page.

  1. On the Cookie Consent menu, select Scripts. The Scripts screen appears.

  2. Click on the name of the domain you want to implement. The Scripts Details screen appears.

  3. Navigate to the Production Scripts or Testing Scripts tab

  4. Click the Copy Script button for the Cookie Settings Button script.

  5. Paste the copied script in the code for your site. The Cookie Settings Button references the script that is placed in the <head> of the site.

Cookie List

This snippet will insert a detailed Cookie List including description and table of cookies based on the current cookie categorization. You can embed the script in a privacy policy or a standalone cookie list page. The Production CDN script must also be included on the page.

  1. On the Cookie Consent menu, select Scripts. The Scripts screen appears.

  2. Click on the name of the domain you want to implement. The Scripts Details screen appears.

  3. Navigate to the Production Scripts or Testing Scripts tab.

  4. Click the Copy Script button for the Cookie List script.

  5. Paste the copied script in the code for the page where you want to display the list. The Cookie List references the script that is placed in the <head> of the site.

Production CDN Screen Reference

publish_cdn.png

Field

Description

Choose a script version to publish

Choose the version of the script to publish. The default will be the latest version.

This setting allows to publish configuration to a previous OneTrust version.

When publishing a script to an older version than the current OneTrust version of your OneTrust tenant (e.g. OneTrust is currently on 6.7, but you want to publish your script to the 6.6 version), you will not be able to utilize any of the new features or bug fixes that were released in with the most recent version of OneTrust (in the above scenario any features released with 6.7).

If selecting an older version, there will be a list of features that are incompatible for the selected publish version. These features will still be able to be configured in the Admin tool, but the script will not be able to use those features if publishing to an older version.

Note

The end of support date for the selected version will be displayed.

Do you require users to re-consent?

Enabling this setting will require your website users to re-consent. This will expire the OptanonAlertBoxClosed cookie and add a value of AwaitingReconsent=true to the OptanonConsent cookie. The users previous value of consent will still be present upon the re-consent, so the cookie category values are not reset based on the default configuration. When the script files are loaded with the new configuration (not loaded from cache), the banner will be re-presented if configured as so for the geolocation rule.

Prevent Fetching Banner

If Prevent Fetch of Banner or Preference Center is turned on, when your page loads we will not load the HTML or CSS. These elements will only be called when the site visitor takes an explicit action to call them. This is used to help optimize site performance.

Prevent Fetching Preference Center

When enabled, the Preference Center template HTML and CSS will only be loaded when needed.

Google Analytics Tracking for the Banner and Preference Center

When toggle is enabled, Google Analytics events will be created and passed based on user interaction. You can also choose for gaEvent tracking on the banner to be associated with the acceptance of a category. The data-ignore-ga='true' attribute will override this configuration. Google Analytics integration also required.

Assign Category

Note

Only applicable if the Google Analytics Tracking for the Banner and Preference Center setting is enabled.

Select a cookie category.

Enable Automatic Blocking of Cookies

The setting will enable the OneTrust AutoBlocking feature. Cookies will automatically be blocked or allowed to drop based on the configured consent model and then, when the user provides consent or interacts, blocked or allowed to drop accordingly . Make sure to read through OneTrust Cookie AutoBlocking if you are wanting to enable this feature.

Enabling this feature adds an additional script to the CDN, so if you have already implemented, make sure to include the additional script on your page. The script will be found in the same place in the CDN.

Automatically Block Known Tracking Technologies

Note

Only applicable if the Enable Automatic Blocking of Cookies setting is enabled.

If enabled, cookies, pixels, and web beacons that are known to be used in targeting will automatically be blocked.

Make sure to reference OneTrust Cookie Auto-Blocking™ for the list of common hosts.

Enable SameSite = None

If enabled, this setting configures the SameSite attribute to None on cookies where it is present.

For more info, see Setting SameSite Cookies.

Enable Single Page Application Support

If enabled, this setting allows you to force the banner to reload as it would on an actual page change.

For more info, see Single Page Applications of Cookie Consent.

Enable Content Security Policy Support

If enabled, the polyfill allows you to add inline styles.

For more info, see Configuring a Content Security Policy with OneTrust CDN.

Note

Style tags with a nonce are allowed by the CSP.

Enable Language Detection on Scripts

This feature will be enabled and set to "Determine the language from site visitor's browser settings" by default. This means that the user will be presented with the banner and preference center in the language they have configured for their browser if the language is configured in your template.

If you choose to change the setting to "Determine the language from HTML page", the language will be controlled by the HTML declared language. The language code in the HTML must match the language code from the template.

For example, I have a German site where I want to show the Cookie banner to my users in German and I want to do this based on my HTML declared language. The language code for German in my OneTrust template is "de". I can see this under Manage Languages. My HTML declared language code would need to also be "de".

<html lang="de">

Selecting this configuration adds data-document-language="true" to the script. If you have already implemented your script and decide to change this configuration, you will need to make this addition to the script. This will be reflected in the CDN after configuring.

 

Powered by