Skip to end of metadata
Go to start of metadata


setPageOpts ({  parameters} )

Sets page-level options placements.





The member ID.

publisherIdnumberThe publisherId can be used when using an inventory code. This ensures the right publisher is used to help pick the correct default placement.
userobjectObject that specifies information about an external user. See User Object below.



A set of key/value pairs applicable to all ad slots on this page. Querystring segments are defined by key/value pairs in this object. Keywords that contain hyphens must be enclosed in single quote marks. Best practice is to always surround keywords with single quotes. A maximum of 100 key/value pairs can be defined at the page level. (Each tag can have up to 100 additional key/value pairs defined.)

disablePsa BooleanIndicates whether all placements should disable PSAs from showing. A value of true will disable all PSAs globally.

Complex object that declares and overrides the type of device, as populated in the Xandr bid request. See Device Object below.


Specifies whether all ads will be served in a SafeFrame container. Here is more information on the SafeFrame API Reference .

appobjectComplex object that populates app information. It is an object that holds information related to the application. See App Object below.
objectSpecifies whether consent management is enabled for compliance with the transparency, notice and choice/consent requirements under the GDPR and the existing ePrivacy Directive. Consent management is enabled by default. See consentManagement Object below.
numberThe amount of time, in milliseconds, to wait for a bidder to respond to a bid request.
objectProvides the ability to override IP-based geo location. See geoOverride Object below.
stringA string that conforms to the IAB CCPA Compliance Framework requirements. See the code sample in the us_privacy section below.
App Object 

Specifies information about the application.

appidobjectObject that defines the application identification information.

User Object

 Specifies information about an external user to whom the ads will be shown.




agenumberThe age of the user.

Specifies a string that corresponds to an external user ID for this user.

externalUid should only be used in cookieless environments. Application outside of that may result in decreased user match rate (impacting retargeting) and / or increased user blacklisting over time.

segmentsarray of numbersSpecifies the segments to which the user is a member.

Specifies the gender of the user:

  • 0: unknown
  • 1: male
  • 2: female

Do not track flag. Indicates if tracking cookies should be disabled for this auction:

  • true (disable cookies)
  • false (Default)

When dnt:true , user data will not be available throughout the auction, regardless of sending external UID or Xandr UUID. The ID would appear as -1 in LLD, representing opted-out.

languagestringThe two-letter ANSI code for this user's language; for example, EN.
Device Object

Specifies a mobile device on which the ads will be shown.





Object that defines the device identification information; includes the following parameters:

  • idfa: The Apple advertising identifier for iOS devices running iOS 6+.
  • aaid: The Google advertising identifier for Android devices as retrieved from Google Play services.
  • sha1udid: The SHA1 hash of the ANDROID_ID.
  • md5udid: The The MD5 hash of the ANDROID_ID
  • windowsadid - The Microsoft advertising identifier for Windows devices.
deviceTypestringSpecifies the type of device on which the ad will be shown (such as phone or tablet).


The user agent string from the device browser.


Object that defines the location of the device; includes the following parameters:

  • lat: Device latitude (a number, such as 45.5)
  • lng: Device longitude (a number, such as -122.7)
  • country: Country for the device. Uses the three-character ISO 3166-1 alpha-3 codes.
  • region: Device region.
  • city: Device city.
  • zip: Device ZIP code.



The device's IP address.



The device model; for example, Apple.

modelstringThe device make; for example, iPhone.
osstringThe device operating system.
osVersionstringThe version of the device operating system.
carrierstringThe carrier for the device.

The connection type:

  • 0: Unknown
  • 1: WiFi
  • 2: WAN
mccstringThe mobile country code, as specified by the ITU.
mncstringThe mobile network code, as specified by the ITU.
devTimenumberThe time on the device (in UNIX Time).
geoOverride Object

Use this object to override the auction's geographic information. The supplied country code and zip code will be used to look up all geographic attributes to determine location.

stringRequired. A two-character country code.
stringRequired. Zip code must be at least one character.
consentManagement Object

Use this object to specify whether consent management is enabled for compliance with the transparency, notice and choice/consent requirements under the GDPR and the existing ePrivacy Directive. Consent management is enabled by default.

In order for our clients to meet their transparency, notice and choice/consent requirements under the GDPR and the existing ePrivacy Directive, Xandr supports the IAB Europe Transparency & Consent Framework (the "Framework").

This is a reference for publishers using AST to surface notice, transparency and choice to end users located in the EEA and signal approved vendors and, where necessary, pass consent, to Xandr and demand sources and their vendors through Xandr's platform.

This resource should not be construed as legal advice and Xandr makes no guarantees about compliance with any law or regulation.  Please note that because every company and its collection, use, and storage of personal data is different, you should also seek independent legal advice relating to obligations under European regulations, including the GDPR and the existing ePrivacy Directive. Only a lawyer can provide you with legal advice specifically tailored to your situation. Nothing in this guide is intended to provide you with, or should be used as a substitute for, legal advice tailored to your business.

Note our Service Policies (for Buying, Selling, and Data Providers) include privacy-specific obligations of which you should be aware.


Set to true to disable consent management functionality.


The amount of time (in milliseconds) to wait for the CMP to respond.


The following describes the functionality of AST in supporting GDPR compliance when consentManagement is enabled:

  • During the loadTags() function call, the AST tag will attempt to fetch the consent data from the IAB-compliant Consent Management Platform (CMP).
  • consentManagement will attempt to locate the CMP:
    • First it will look for the window.__cmp object, assuming it's on the same page level as the AST tag.
    • Next it will check whether the AST tag is implemented in a SafeFrame object that's configured to support the CMP (see IAB CMP spec for reference).
    • Finally it will assume the AST is inside an iframe and will use the IAB CMP iframe/postMessage reference code to try to find the CMP outside the iframe and communicate with it via the postMessage call.
  • If the CMP is found, consentManagement will execute a  getConsentData  request against the CMP API to obtain the user's:
    • consentString (encoded string value representing their consent choices)
    • gdprApplies (a boolean field included in the CMP's response, denoting whether GDPR is applied for the user as per the CMP)
  • AST will package this information into a new object called gdpr_consent, which in turn gets stored inside the main AST request object (apntag.requests).
  • The AST tag then resumes its normal workflow of being built.

    The request-building process is paused during the above execution in order to allow new users a chance to complete their consent information. The process will stop waiting after a specified timeout period (default 10 seconds) and finish building the request.

  • When it's time for the AST tag to call ImpBus, the consent information is included in the /ut POST request. Specifically, the consent information is stored under the POST's data object as:

When the CMP is not found or the timeout period expires, the consentManagement code will log a warning message to the browser console, package a consent object in the following manner and include it into the AST request as described.


The IAB Tech Lab has formalized and adopted the us_privacy string as the mechanism to encode data about the information disclosed to the user and user elections under various US privacy laws, starting with the California Consumer Privacy Act (CCPA). Since January 1, Xandr processes the us_privacy string. See the  IAB CCPA Compliance Framework for information on conforming to the string requirements. 

"USP API" support will be added soon.

  • No labels