Sets page-level options placements.
The member ID.
|object||Object that specifies information about an external user. See User Object below.|
A set of key/value pairs applicable to all ad slots on this page. Querystring segments are defined by key/value pairs in this object. Keywords that contain hyphens must be enclosed in single quote marks. Best practice is to always surround keywords with single quotes. A maximum of 100 key/value pairs can be defined at the page level. (Each tag can have up to 100 additional key/value pairs defined.)
|Boolean||Indicates whether all placements should disable PSAs from showing. A value of |
Complex object that declares and overrides the type of device, as populated in the Xandr bid request. See Device Object below.
Specifies whether all ads will be served in a SafeFrame container. Here is more information on the SafeFrame API Reference .
|object||Complex object that populates app information. It is an object that holds information related to the application. See App Object below.|
|object||Specifies whether consent management is enabled for compliance with the transparency, notice and choice/consent requirements under the GDPR and the existing ePrivacy Directive. Consent management is enabled by default. See consentManagement Object below.|
|number||The amount of time, in milliseconds, to wait for a bidder to respond to a bid request.|
|object||Provides the ability to override IP-based geo location. See geoOverride Object below.|
|string||A string that conforms to the IAB CCPA Compliance Framework requirements. See the code sample in the us_privacy section below.|
Specifies information about the application.
|object||Object that defines the application identification information.|
Specifies information about an external user to whom the ads will be shown.
|number||The age of the user.|
Specifies a string that corresponds to an external user ID for this user.
externalUid should only be used in cookieless environments. Application outside of that may result in decreased user match rate (impacting retargeting) and / or increased user blacklisting over time.
|array of numbers||Specifies the segments to which the user is a member.|
Specifies the gender of the user:
Do not track flag. Indicates if tracking cookies should be disabled for this auction:
|string||The two-letter ANSI code for this user's language; for example, |
Specifies a mobile device on which the ads will be shown.
Object that defines the device identification information; includes the following parameters:
|string||Specifies the type of device on which the ad will be shown (such as |
The user agent string from the device browser.
Object that defines the location of the device; includes the following parameters:
The device's IP address.
The device model; for example,
|string||The device make; for example, |
|string||The device operating system.|
|string||The version of the device operating system.|
|string||The carrier for the device.|
The connection type:
|string||The mobile country code, as specified by the ITU.|
|string||The mobile network code, as specified by the ITU.|
|number||The time on the device (in UNIX Time).|
Use this object to override the auction's geographic information. The supplied country code and zip code will be used to look up all geographic attributes to determine location.
|string||Required. A two-character country code.|
|string||Required. Zip code must be at least one character.|
Use this object to specify whether consent management is enabled for compliance with the transparency, notice and choice/consent requirements under the GDPR and the existing ePrivacy Directive. Consent management is enabled by default.
In order for our clients to meet their transparency, notice and choice/consent requirements under the GDPR and the existing ePrivacy Directive, Xandr supports the IAB Europe Transparency & Consent Framework (the "Framework").
This is a reference for publishers using AST to surface notice, transparency and choice to end users located in the EEA and signal approved vendors and, where necessary, pass consent, to Xandr and demand sources and their vendors through Xandr's platform.
This resource should not be construed as legal advice and Xandr makes no guarantees about compliance with any law or regulation. Please note that because every company and its collection, use, and storage of personal data is different, you should also seek independent legal advice relating to obligations under European regulations, including the GDPR and the existing ePrivacy Directive. Only a lawyer can provide you with legal advice specifically tailored to your situation. Nothing in this guide is intended to provide you with, or should be used as a substitute for, legal advice tailored to your business.
Note our Service Policies (for Buying, Selling, and Data Providers) include privacy-specific obligations of which you should be aware.
Set to true to disable consent management functionality.
The amount of time (in milliseconds) to wait for the CMP to respond.
The following describes the functionality of AST in supporting GDPR compliance when consentManagement is enabled:
- During the loadTags() function call, the AST tag will attempt to fetch the consent data from the IAB-compliant Consent Management Platform (CMP).
- consentManagement will attempt to locate the CMP:
- First it will look for the window.__cmp object, assuming it's on the same page level as the AST tag.
- Next it will check whether the AST tag is implemented in a SafeFrame object that's configured to support the CMP (see IAB CMP spec for reference).
- Finally it will assume the AST is inside an iframe and will use the IAB CMP iframe/postMessage reference code to try to find the CMP outside the iframe and communicate with it via the postMessage call.
- If the CMP is found, consentManagement will execute a getConsentData request against the CMP API to obtain the user's:
- consentString (encoded string value representing their consent choices)
- gdprApplies (a boolean field included in the CMP's response, denoting whether GDPR is applied for the user as per the CMP)
- AST will package this information into a new object called gdpr_consent, which in turn gets stored inside the main AST request object (apntag.requests).
The AST tag then resumes its normal workflow of being built.
The request-building process is paused during the above execution in order to allow new users a chance to complete their consent information. The process will stop waiting after a specified timeout period (default 10 seconds) and finish building the request.
- When it's time for the AST tag to call ImpBus, the consent information is included in the /ut POST request. Specifically, the consent information is stored under the POST's data object as:
When the CMP is not found or the timeout period expires, the consentManagement code will log a warning message to the browser console, package a consent object in the following manner and include it into the AST request as described.
The IAB Tech Lab has formalized and adopted the
us_privacy string as the mechanism to encode data about the information disclosed to the user and user elections under various US privacy laws, starting with the California Consumer Privacy Act (CCPA). Since January 1, Xandr processes the
us_privacy string. See the IAB CCPA Compliance Framework for information on conforming to the string requirements.
" support will be added soon.