AMP Integration
Update on AMP and TCF 2.0 Global Deprecation
Please note: if you are not utilizing the built-in integration with the amp-consent component, which is being deprecated, you are not impacted by this announcement.
This is an important announcement regarding your use of the OneTrust’s Consent Management Platform AMP integration solutions in conjunction with recent updates from IAB Europe TCF.
As of September 2021, global scope will no longer be supported per the recent TCF Policy and Technical Specifications. To view the formal notification, please refer to the IAB Europe PDF Notification and IAB Europe PDF Notification Update.
With the deprecation of global scope support in TCF, the IAB will no longer manage the global domain consensu.org and will no longer delegate a subdomain of the consensu.org domain to each newly registered CMP.
The consensu.org URL will remain out there until further notice as there are other CMPs who utilize a sub domain of consensu.org to host their SDK. These may get transferred to a collective, but TCF Policy working group has not made the decision on this yet.
The OneTrust built-in integration with the amp-consent component is hosted on a sub domain of consensu.org as is the case for other CMPs.
Please note if you are not utilizing built-in integration with the amp-consent component (developer portal solution), you are not impacted by this announcement.
Impact
In time, it is likely that the consensu.org URL will become inactive due to the IAB's decision. We encourage all who are currently using the built-in integration with the amp-consent component or those who are looking to integrate AMP pages to transition to the AMP solution detailed in our myOneTrust Cookie Compliance Support for AMP Websites knowledge base article.
For any additional questions, please submit a support ticket through the myOneTrust portal.
Summary
There are two ways of integrating OneTrust with your AMP page. Outlined below is the recommended approach of using our built-in integration with the amp-consent component. This method is the simplest to implement. If you require more customization or are hosting your cookie script yourself, you can check out our other method outlined here.
What is AMP?
AMP stands for Accelerated Mobile Pages. It is an open source website framework that dedicated to providing fast and efficient web pages for mobile devices. It does this by enforcing strict standards for how web pages are created, this includes restricting JavaScript. This creates a challenge for third-party JavaScript providers like OneTrust, but in order to fit the need for compliant cookie banners on AMP pages, OneTrust has integrated directly into the AMP base to make implementation with AMP pages easier. Too learn more about AMP check out these links.
AMP Limitations
Right now, AMP has several limitations related to consent that OneTrust is subject to
- There is limited support for IAB, which is dependent on whether vendors are reading the IAB consent string that is collected and passed by OneTrust. Please contact your vendors to ensure they are reading the IAB consent string in AMP.
- Only one consent string can be passed, so Google Additional Consent is not supported in AMP
- Outside of IAB TCF 2.0 Purposes, granular consent is not possible. A single consent of Accepted or Rejected is applied.
Integration
Integrating with AMP using the amp-consent component is simple. All you will need is the following:
- Ability to modify your AMP pages
- The ID of the domain script, see here to find that
- The environment of your cookie module, see here to find that.
- Cookie Category ID for opt-out, see here to find that
Embed the <amp-consent> component on your AMP page
<amp-consent> component on your AMP page<script async custom-element="amp-consent" src="https://cdn.ampproject.org/v0/amp-consent-0.1.js"></script>
Embed the <amp-consent> tag
<amp-consent> tag<amp-consent id='consent' layout='nodisplay' type='onetrust'>
<script type="application/json">
{
"postPromptUI": "onetrust-consent-prompt-ui",
"clientConfig": {
"CMP_id": "[Your Domain ID]",
"Env": "[Your Environment]",
"Opt_Out": "[Opt-out Category ID]"
}
}
</script>
<div id="onetrust-consent-prompt-ui">
<button on="tap:consent.prompt(consent=onetrust)" role="button">Privacy Settings</button>
</div>
</amp-consent>
Note: The type='onetrust' is important because it tells AMP to use the OneTrust CMP configuration.
How to find your domain ID
Your domain ID is found in the script integration section of your domain, within the script tag there is an attribute called data-domain-script which holds your Domain ID
How to find your environment
Your environment is found by looking at the URL of your OneTrust tool, these are common examples:
| OneTrust Tool URL | Environment |
|---|---|
| app.onetrust.com | App |
| app-eu.onetrust.com | App-eu |
| app-de.onetrust.com | App-de |
| app.cookiepro.com | CookiePro |
| app-uk.onetrust.com | App-uk |
| app-apac.onetrust.com | App-apac |
| app-au.onetrust.com | App-au |
How to choose your Opt-Out ID
The Opt-Out ID is needed to set the consent status for AMP. Since AMP does not support granular consent outside of IAB TCF 2.0, a single Cookie Category ID is used to send the Accept or Reject status to AMP.
For example, the Targeting Category could be used.
Make sure use a category ID from your tenant. For how to find your category IDs please see here.
Adding a cookie settings button
The cookie settings button is necessary for IAB 2.0 implementations and can be added to the website via a postPromptUI element within the <amp-consent> element. This will add a banner at the bottom of the page for the user to reopen the preference center.
<amp-consent id='consent' layout='nodisplay' type='onetrust'>
<script type="application/json">
{
"postPromptUI": "onetrust-consent-prompt-ui", //see id in div below
"clientConfig": {…}
}
</script>
<div id="onetrust-consent-prompt-ui">
Post Prompt UI
<button on="tap:consent.prompt(consent=onetrust)" role="button">Privacy Settings</button>
</div>
</amp-consent>
The value of postPromptUI should be the id of the HTML tag in which the consent UI will be attached to. In our example above, the value of postPromptUI is onetrust-consent-prompt-ui since we have a DIV with that id.
Notice in the example above, we have a button with the attribute on="tap:consent.prompt(consent=onetrust)" with the text "Privacy Settings". The id of your <amp-consent> element is relevant here. Notice how the id of our <amp-consent> is "consent", that's why the on attribute has the value tap:consent.prompt(consent=onetrust).
Blocking behaviors
In order for the <amp-consent> framework to block other AMP components, such as AMP ads, you need to add an attribute called data-block-on-consent.
To configure <amp-ad> to block the ad until consent is given, add the data-block-on-consent element to <amp-ad>. This ensures that buildCallback of the component is not called until consent has been given or the consent prompt has been skipped by promptIfUnknownForGeoGroup.
Example: Blocking ads until the user gives consent.
<amp-ad
data-block-on-consent
type="a9"
data-amzn_assoc_ad_mode="auto"
data-divid="amzn-assoc-ad-fe746097-f142-4f8d-8dfb-45ec747632e5"
data-recomtype="async"
data-adinstanceid="fe746097-f142-4f8d-8dfb-45ec747632e5"
width="300"
height="250"
data-aax_size="300x250"
data-aax_pubname="test123"
data-aax_src="302">
</amp-ad>
More documentation
AMP documentation: https://amp.dev/documentation/
Amp-consent documentation: https://amp.dev/documentation/components/amp-consent/
AMP OneTrust example: https://github.com/ampproject/amphtml/blob/master/extensions/amp-consent/cmps/onetrust.md
AMP Consent Integration with Vendor Real Time Config:
https://github.com/ampproject/amphtml/blob/master/extensions/amp-a4a/rtc-documentation.md#amp-consent-integration
Updated 8 months ago