The Testing and Production script tags are the snippets of code that you use to implement the banner and preference center you have configured in Cookie Consent on your website. Once the tag is implemented on your site and republished in the application, any changes to your associated template, geolocation rules, or categorizations will be pushed to your site automatically.
The Testing CDN or Production CDN should be implemented as close to the top of the <head> section of your site HTML on all pages. The CDNs contain a unique identifier that is specific to the domain for which it was generated. This is in the data-domain-script. The Testing CDN with be appended with"-test".
The script needs to be loaded on each page of your domain in order to ensure site visitors are immediately presented with a banner and preference center when visiting your site if they have not yet consented. Once the user has consented or interacted with the banner and/or preference center, a cookie will be dropped on the page to prevent the banner from re-appearing on subsequent pages for the user.
If you use a site builder or content management system (CMS) to manage your domains, you may be able to customize this in your site template or through a code injector feature.
Caution
The script must be placed before any other script in your site in order to ensure the banner is loaded before any other scripts load or set cookies. This allows the script tag to communicate the site visitor's consent preferences downstream.
Tip
You can define language codes using underscores or hyphens.
Example: en-US or en_US.
The Testing CDN matches the Production CDN script except:
There is no cache, meaning changes can be viewed immediately after re-publishing.
This script will function on any test site that is or is not a subdomain of the domain scanned within the application, and should be used for testing purposes.
Note
When a cookie is written, it is written to a specific domain, such as .example.com or www.staging-example.com.
A cookie written in .example.com is sent in any requests for the root domain.
However, if you were on a different domain, such as www.staging-example.com, you would not be able to write a cookie on .example.com. Any domain featuring www. is considered a subdomain of a larger domain.
The Testing CDN script writes cookies to the domain it is currently on, allowing it to behave like the Production CDN script in a testing environment. The Production CDN is specific to the domain scanned within the application.
Warning
If your domain and the script are not the same, then the script will not function correctly and the banner will continually reappear.
If your staging/test site is a different domain than your script, you must use the test script for testing to function properly.
The Production CDN script references an SDK hosted by OneTrust. If you want to host the SDK on your own servers, you can download the full SDK and host it locally.
Viewing the Change Log
When publishing a script, the first screen you will is the the Change Log. This screen will show the major changes in the script that will be published and any features that incompatible with the version of the script you are attempting to publish.
To implement the Testing CDN script
On the Cookie Consent menu, select Scripts. The Scripts screen appears.
Select the the domain where Cookie Banner will be implemented.
Click the Publish Test button. The Test Website pane appears.
Choose a version publish and review the incompatible features. Click Confirm.
Click the Copy Scripts button for the Testing CDN script.
Paste the copied script in the <head> section of your testing environment. The script must be placed before any other script in your <head> section.
Testing CDN Screen Reference
Field
Description
Choose a script version to publish
Choose the version of the script to publish. The default will be the latest version.
This setting allows to publish configuration to a previous OneTrust version.
When publishing a script to an older version than the current OneTrust version of your OneTrust tenant (e.g. OneTrust is currently on 6.7, but you want to publish your script to the 6.6 version), you will not be able to utilize any of the new features or bug fixes that were released in with the most recent version of OneTrust (in the above scenario any features released with 6.7).
If selecting an older version, there will be a list of features that are incompatible for the selected publish version. These features will still be able to be configured in the Admin tool, but the script will not be able to use those features if publishing to an older version.
Note
The end of support date for the selected version will be displayed.
Do you require users to re-consent?
Enabling this setting will require your website users to re-consent. This will expire the OptanonAlertBoxClosed cookie and add a value of AwaitingReconsent=true to the OptanonConsent cookie. The users previous value of consent will still be present upon the re-consent, so the cookie category values are not reset based on the default configuration. When the script files are loaded with the new configuration (not loaded from cache), the banner will be re-presented if configured as so for the geolocation rule.
Prevent Fetching Banner
If Prevent Fetch of Banner or Preference Center is turned on, when your page loads we will not load the HTML or CSS. These elements will only be called when the site visitor takes an explicit action to call them. This is used to help optimize site performance.
Prevent Fetching Preference Center
When enabled, the Preference Center template HTML and CSS will only be loaded when needed.
Google Analytics Tracking for the Banner and Preference Center
When toggle is enabled, Google Analytics events will be created and passed based on user interaction. You can also choose for gaEvent tracking on the banner to be associated with the acceptance of a category. The data-ignore-ga='true' attribute will override this configuration. Google Analytics integration also required.
Publish Individual Languages.
Enable this setting to publish the script for a specific language or languages. If not enabled, all languages will be published. The default is disabled.
Note
If language detection is not enabled for the script, you will have to publish the languages individually.
If the script has previously been published for all languages existing on templates, these languages will still exist when the script is loaded. Only the changes applied to the selected languages will be published.
Enable Automatic Blocking of Cookies
The setting will enable the OneTrust AutoBlocking feature. Cookies will automatically be blocked or allowed to drop based on the configured consent model and then, when the user provides consent or interacts, blocked or allowed to drop accordingly . Make sure to read through OneTrust Cookie Auto-Blocking™ if you are wanting to enable this feature.
Enabling this feature adds an additional script to the CDN, so if you have already implemented, make sure to include the additional script on your page. The script will be found in the same place in the CDN.
Automatically Block Known Tracking Technologies
Note
Only applicable if the Enable Automatic Blocking of Cookies setting is enabled.
If enabled, cookies, pixels, and web beacons that are known to be used in targeting will automatically be blocked.
This feature will be enabled and set to "Determine the language from site visitor's browser settings" by default. This means that the user will be presented with the banner and preference center in the language they have configured for their browser if the language is configured in your template.
If you choose to change the setting to "Determine the language from HTML page", the language will be controlled by the HTML declared language. The language code in the HTML must match the language code from the template.
For example, I have a German site where I want to show the Cookie banner to my users in German and I want to do this based on my HTML declared language. The language code for German in my OneTrust template is "de". I can see this under Manage Languages. My HTML declared language code would need to also be "de".
<html lang="de">
Selecting this configuration adds data-document-language="true" to the script. If you have already implemented your script and decide to change this configuration, you will need to make this addition to the script. This will be reflected in the CDN after configuring.
To implement the Production CDN script
Important
Production scripts can only be published within 30 minutes of publishing test scripts. You must first publish you test script to publish your production script.
Use this script for your production website. Published changes for this script take up to 24 hours to cache but display immediately due to auto-enabled cache busting.
Note
To prevent events from being sent to Google Analytics, add the the following attribute to the Cookie Banner script.
data-ignore-ga='true'
On the Cookie Consent menu, select Scripts. The Scripts screen appears.
Select the the domain where script will be implemented.
Click the Publish Production button. The Publish pane appears.
Select the version of the script to publish and review the incompatible features.
Note
The end of support date for the selected version will be displayed.
Click the Confirm button.
Customize your settings for the Production CDN script. If you would like to host your the script locally, you can click Download to download the script to run locally. See the Production CDN Screen Reference.
Navigate to the Production Scripts tab.
Paste the copied script in the <head> of your site. The script must be placed before any other script in your <head> section.
Click the Publish button to publish your settings.
Cookie Settings Button
The Cookie Settings button is a way for you to allows your website users to re-surface the preference center and change their consent. The button verbiage can be configured in the template. The Production CDN script must also be included on the page.
On the Cookie Consent menu, select Scripts. The Scripts screen appears.
Click on the name of the domain you want to implement. The Scripts Details screen appears.
Navigate to the Production Scripts or Testing Scripts tab
Click the Copy Script button for the Cookie Settings Button script.
Paste the copied script in the code for your site. The Cookie Settings Button references the script that is placed in the <head> of the site.
Cookie List
This snippet will insert a detailed Cookie List including description and table of cookies based on the current cookie categorization. You can embed the script in a privacy policy or a standalone cookie list page. The Production CDN script must also be included on the page.
On the Cookie Consent menu, select Scripts. The Scripts screen appears.
Click on the name of the domain you want to implement. The Scripts Details screen appears.
Navigate to the Production Scripts or Testing Scripts tab.
Click the Copy Script button for the Cookie List script.
Paste the copied script in the code for the page where you want to display the list. The Cookie List references the script that is placed in the <head> of the site.
Production CDN Screen Reference
Field
Description
Choose a script version to publish
Choose the version of the script to publish. The default will be the latest version.
This setting allows to publish configuration to a previous OneTrust version.
When publishing a script to an older version than the current OneTrust version of your OneTrust tenant (e.g. OneTrust is currently on 6.7, but you want to publish your script to the 6.6 version), you will not be able to utilize any of the new features or bug fixes that were released in with the most recent version of OneTrust (in the above scenario any features released with 6.7).
If selecting an older version, there will be a list of features that are incompatible for the selected publish version. These features will still be able to be configured in the Admin tool, but the script will not be able to use those features if publishing to an older version.
Note
The end of support date for the selected version will be displayed.
Do you require users to re-consent?
Enabling this setting will require your website users to re-consent. This will expire the OptanonAlertBoxClosed cookie and add a value of AwaitingReconsent=true to the OptanonConsent cookie. The users previous value of consent will still be present upon the re-consent, so the cookie category values are not reset based on the default configuration. When the script files are loaded with the new configuration (not loaded from cache), the banner will be re-presented if configured as so for the geolocation rule.
Prevent Fetching Banner
If Prevent Fetch of Banner or Preference Center is turned on, when your page loads we will not load the HTML or CSS. These elements will only be called when the site visitor takes an explicit action to call them. This is used to help optimize site performance.
Prevent Fetching Preference Center
When enabled, the Preference Center template HTML and CSS will only be loaded when needed.
Google Analytics Tracking for the Banner and Preference Center
When toggle is enabled, Google Analytics events will be created and passed based on user interaction. You can also choose for gaEvent tracking on the banner to be associated with the acceptance of a category. The data-ignore-ga='true' attribute will override this configuration. Google Analytics integration also required.
Assign Category
Note
Only applicable if the Google Analytics Tracking for the Banner and Preference Center setting is enabled.
Select a cookie category.
Enable Automatic Blocking of Cookies
The setting will enable the OneTrust AutoBlocking feature. Cookies will automatically be blocked or allowed to drop based on the configured consent model and then, when the user provides consent or interacts, blocked or allowed to drop accordingly . Make sure to read through OneTrust Cookie AutoBlocking if you are wanting to enable this feature.
Enabling this feature adds an additional script to the CDN, so if you have already implemented, make sure to include the additional script on your page. The script will be found in the same place in the CDN.
Automatically Block Known Tracking Technologies
Note
Only applicable if the Enable Automatic Blocking of Cookies setting is enabled.
If enabled, cookies, pixels, and web beacons that are known to be used in targeting will automatically be blocked.
This feature will be enabled and set to "Determine the language from site visitor's browser settings" by default. This means that the user will be presented with the banner and preference center in the language they have configured for their browser if the language is configured in your template.
If you choose to change the setting to "Determine the language from HTML page", the language will be controlled by the HTML declared language. The language code in the HTML must match the language code from the template.
For example, I have a German site where I want to show the Cookie banner to my users in German and I want to do this based on my HTML declared language. The language code for German in my OneTrust template is "de". I can see this under Manage Languages. My HTML declared language code would need to also be "de".
<html lang="de">
Selecting this configuration adds data-document-language="true" to the script. If you have already implemented your script and decide to change this configuration, you will need to make this addition to the script. This will be reflected in the CDN after configuring.
