Skip to end of metadata
Go to start of metadata


setPageOpts ({  parameters} )

Sets page-level options placements.





The member ID.

publisherIdnumberThe publisherId can be used when using an inventory code. This ensures the right publisher is used to help pick the correct default placement.
userobjectObject that specifies information about an external user. See User Object below.



A set of key/value pairs applicable to all ad slots on this page. Querystring segments are defined by key/value pairs in this object. Keywords that contain hyphens must be enclosed in single quote marks. Best practice is to always surround keywords with single quotes. A maximum of 100 key/value pairs can be defined at the page level. (Each tag can have up to 100 additional key/value pairs defined.)

disablePsa BooleanIndicates whether all placements should disable PSAs from showing. A value of true will disable all PSAs globally.

Complex object that declares and overrides the type of device, as populated in the Xandr bid request. See Device Object below.


Specifies whether all ads will be served in a SafeFrame container. Here is more information on the SafeFrame API Reference .

appobjectComplex object that populates app information. It is an object that holds information related to the application. See App Object below.
objectSpecifies whether consent management is enabled for compliance with the transparency, notice and choice/consent requirements under the GDPR, the existing ePrivacy Directive and IAB's U.S. Privacy User Signal Mechanism (USP), which currently covers the California Consumers Privacy Act (CCPA). Consent management is enabled by default. See consentManagement Object below.
numberThe amount of time, in milliseconds, to wait for a bidder to respond to a bid request.
objectProvides the ability to override IP-based geo location. See geoOverride Object below.
stringA string that conforms to the IAB CCPA Compliance Framework requirements. See the code sample in the us_privacy section below. Note: This parameter is planned to be deprecated at a future date.
App Object 

Specifies information about the application.

appidobjectObject that defines the application identification information.

User Object

 Specifies information about an external user to whom the ads will be shown.




agenumberThe age of the user.

Specifies a string that corresponds to an external user ID for this user.

externalUid should only be used in cookieless environments. Application outside of that may result in decreased user match rate (impacting retargeting) and / or increased user blacklisting over time.

segmentsarray of numbersSpecifies the segments to which the user is a member.

Specifies the gender of the user:

  • 0: unknown
  • 1: male
  • 2: female

Do not track flag. Indicates if tracking cookies should be disabled for this auction:

  • true (disable cookies)
  • false (Default)

When dnt:true , user data will not be available throughout the auction, regardless of sending external UID or Xandr UUID. The ID would appear as -1 in LLD, representing opted-out.

languagestringThe two-letter ANSI code for this user's language; for example, EN.
Device Object

Specifies a mobile device on which the ads will be shown.





Object that defines the device identification information; includes the following parameters:

  • idfa: The Apple advertising identifier for iOS devices running iOS 6+.
  • aaid: The Google advertising identifier for Android devices as retrieved from Google Play services.
  • sha1udid: The SHA1 hash of the ANDROID_ID.
  • md5udid: The The MD5 hash of the ANDROID_ID
  • windowsadid - The Microsoft advertising identifier for Windows devices.
deviceTypestringSpecifies the type of device on which the ad will be shown (such as phone or tablet).


The user agent string from the device browser.


Object that defines the location of the device; includes the following parameters:

  • lat: Device latitude (a number, such as 45.5)
  • lng: Device longitude (a number, such as -122.7)
  • country: Country for the device. Uses the three-character ISO 3166-1 alpha-3 codes.
  • region: Device region.
  • city: Device city.
  • zip: Device ZIP code.



The device's IP address.



The device model; for example, Apple.

modelstringThe device make; for example, iPhone.
osstringThe device operating system.
osVersionstringThe version of the device operating system.
carrierstringThe carrier for the device.

The connection type:

  • 0: Unknown
  • 1: WiFi
  • 2: WAN
mccstringThe mobile country code, as specified by the ITU.
mncstringThe mobile network code, as specified by the ITU.
devTimenumberThe time on the device (in UNIX Time).
geoOverride Object

Use this object to override the auction's geographic information. The supplied country code and zip code will be used to look up all geographic attributes to determine location.

stringRequired. A two-character country code.
stringRequired. Zip code must be at least one character.
consentManagement Object

Use this object to specify whether consent management is enabled for compliance with the transparency, notice and choice/consent requirements under GDPR, the existing ePrivacy Directive and IAB's U.S. Privacy User Signal Mechanism (USP), which currently covers the California Consumers Privacy Act (CCPA). Consent management is enabled by default.

In order for our clients to meet their transparency, notice and choice/consent requirements under the GDPR, the existing ePrivacy Directive and CCPA, Xandr supports the IAB Europe Transparency & Consent Framework (the "Framework") as well as IAB's U.S. Privacy User Signal Mechanism (USP).

This is a reference for publishers using AST to surface notice, transparency and choice to end users located within regions covered by the above mentioned policies and signal approved vendors and, where necessary, pass consent, to Xandr and demand sources and their vendors through Xandr's platform.

This resource should not be construed as legal advice and Xandr makes no guarantees about compliance with any law or regulation.  Please note that because every company and its collection, use, and storage of personal data is different, you should also seek independent legal advice relating to obligations under European regulations, including the GDPR and the existing ePrivacy Directive. Only a lawyer can provide you with legal advice specifically tailored to your situation. Nothing in this guide is intended to provide you with, or should be used as a substitute for, legal advice tailored to your business.

Note our Service Policies (for Buying, Selling, and Data Providers) include privacy-specific obligations of which you should be aware.


Set to true to disable consent management functionality.


The amount of time (in milliseconds) to wait for the CMP to respond.

Disabling Consent Management

Xandr provides the option to disable all consent management or individual ones per the user's needs. 

Disable all consent management
Disable GDPR only
Disable US Signal Privacy only


The following describes the functionality of AST in supporting GDPR and USP compliance when consentManagement is enabled:

  • During the loadTags() function call, the AST tag will attempt to fetch the consent data from the IAB-compliant Consent Management Platforms (CMP).

  • When it's time for the AST tag to call ImpBus, the consent information is included in the /ut POST request. Specifically, the consent information is stored under the POST's data object as:

    The request-building process is paused during the above execution in order to allow new users a chance to complete their consent information. The process will stop waiting after a specified timeout period (default 10 seconds) and finish building the request.

When the CMP fetch fails or the timeout period expires, the consentManagement code will log a warning message to the browser console, package a consent object in the following manner and include it into the AST request as described.

AST now supports TCF 2.0 , if version 2.0 is not available AST will fall back to TCF 1.0. 

When AST detects TCF 2.0 it will rely on events generated by the CMP. The consent string will be retrieved when any of the following conditions are met: 

  • The event generated is useractioncomplete or tcloaded.
  • The event generated is cmpuishown and purposeOneTreatment flag is set to true in the available TCF string.
  • The only event generated is cmpuishown and a time out occurs.
In TCF v2.0 if the gdprApplies flag is set to true and Purpose One consent is not granted then AST will not include cookies in the /ut POST request.


The IAB Tech Lab has formalized and adopted the us_privacy string as the mechanism to encode data about the information disclosed to the user and user elections under various US privacy laws, starting with the California Consumer Privacy Act (CCPA). Since January 1, Xandr processes the us_privacy string. See the  IAB CCPA Compliance Framework for information on conforming to the string requirements. 

The setPageOpts us_privacy parameter is planned to be deprecated at a future date. To retrieve the value of the us_privacy string AST will use the dynamic usp_api from an on-page API.

  • No labels