Sets page-level options placements.
The member ID.
|object||Object that specifies information about an external user. See User Object below.|
A set of key/value pairs applicable to all ad slots on this page. Querystring segments are defined by key/value pairs in this object. Keywords that contain hyphens must be enclosed in single quote marks. Best practice is to always surround keywords with single quotes. A maximum of 100 key/value pairs can be defined at the page level. (Each tag can have up to 100 additional key/value pairs defined.)
|Boolean||Indicates whether all placements should disable PSAs from showing. A value of |
Complex object that declares and overrides the type of device, as populated in the Xandr bid request. See Device Object below.
Specifies whether all ads will be served in a SafeFrame container. Here is more information on the SafeFrame API Reference .
|object||Complex object that populates app information. It is an object that holds information related to the application. See App Object below.|
|object||Specifies whether consent management is enabled for compliance with the transparency, notice and choice/consent requirements under the GDPR, the existing ePrivacy Directive and IAB's U.S. Privacy User Signal Mechanism (USP), which currently covers the California Consumers Privacy Act (CCPA). Consent management is enabled by default. See consentManagement Object below.|
|number||The amount of time, in milliseconds, to wait for a bidder to respond to a bid request.|
|object||Provides the ability to override IP-based geo location. See geoOverride Object below.|
|string||A string that conforms to the IAB CCPA Compliance Framework requirements. See the code sample in the us_privacy section below. Note: This parameter is planned to be deprecated at a future date.|
Specifies information about the application.
|object||Object that defines the application identification information.|
Specifies information about an external user to whom the ads will be shown.
|number||The age of the user.|
Specifies a string that corresponds to an external user ID for this user.
externalUid should only be used in cookieless environments. Application outside of that may result in decreased user match rate (impacting retargeting) and / or increased user blacklisting over time.
|array of numbers||Specifies the segments to which the user is a member.|
Specifies the gender of the user:
Do not track flag. Indicates if tracking cookies should be disabled for this auction:
|string||The two-letter ANSI code for this user's language; for example, |
Specifies a mobile device on which the ads will be shown.
Object that defines the device identification information; includes the following parameters:
|string||Specifies the type of device on which the ad will be shown (such as |
The user agent string from the device browser.
Object that defines the location of the device; includes the following parameters:
The device's IP address.
The device model; for example,
|string||The device make; for example, |
|string||The device operating system.|
|string||The version of the device operating system.|
|string||The carrier for the device.|
The connection type:
|string||The mobile country code, as specified by the ITU.|
|string||The mobile network code, as specified by the ITU.|
|number||The time on the device (in UNIX Time).|
Use this object to override the auction's geographic information. The supplied country code and zip code will be used to look up all geographic attributes to determine location.
|string||Required. A two-character country code.|
|string||Required. Zip code must be at least one character.|
Use this object to specify whether consent management is enabled for compliance with the transparency, notice and choice/consent requirements under GDPR, the existing ePrivacy Directive and IAB's U.S. Privacy User Signal Mechanism (USP), which currently covers the California Consumers Privacy Act (CCPA). Consent management is enabled by default.
In order for our clients to meet their transparency, notice and choice/consent requirements under the GDPR, the existing ePrivacy Directive and CCPA, Xandr supports the IAB Europe Transparency & Consent Framework (the "Framework") as well as IAB's U.S. Privacy User Signal Mechanism (USP).
This is a reference for publishers using AST to surface notice, transparency and choice to end users located within regions covered by the above mentioned policies and signal approved vendors and, where necessary, pass consent, to Xandr and demand sources and their vendors through Xandr's platform.
This resource should not be construed as legal advice and Xandr makes no guarantees about compliance with any law or regulation. Please note that because every company and its collection, use, and storage of personal data is different, you should also seek independent legal advice relating to obligations under European regulations, including the GDPR and the existing ePrivacy Directive. Only a lawyer can provide you with legal advice specifically tailored to your situation. Nothing in this guide is intended to provide you with, or should be used as a substitute for, legal advice tailored to your business.
Note our Service Policies (for Buying, Selling, and Data Providers) include privacy-specific obligations of which you should be aware.
Set to true to disable consent management functionality.
The amount of time (in milliseconds) to wait for the CMP to respond.
Disabling Consent Management
Xandr provides the option to disable all consent management or individual ones per the user's needs.
Disable all consent management
Disable GDPR only
Disable US Signal Privacy only
The following describes the functionality of AST in supporting GDPR and USP compliance when consentManagement is enabled:
During the loadTags() function call, the AST tag will attempt to fetch the consent data from the IAB-compliant Consent Management Platforms (CMP).
When it's time for the AST tag to call ImpBus, the consent information is included in the /ut POST request. Specifically, the consent information is stored under the POST's data object as:
The request-building process is paused during the above execution in order to allow new users a chance to complete their consent information. The process will stop waiting after a specified timeout period (default 10 seconds) and finish building the request.
When the CMP fetch fails or the timeout period expires, the consentManagement code will log a warning message to the browser console, package a consent object in the following manner and include it into the AST request as described.
AST now supports TCF 2.0 , if version 2.0 is not available AST will fall back to TCF 1.0.
When AST detects TCF 2.0 it will rely on events generated by the CMP. The consent string will be retrieved when any of the following conditions are met:
- The event generated is
- The event generated is
purposeOneTreatmentflag is set to true in the available TCF string.
- The only event generated is
cmpuishownand a time out occurs.
In TCF v2.0 if the
gdprAppliesflag is set to true and Purpose One consent is not granted then AST will not include cookies in the
The IAB Tech Lab has formalized and adopted the
us_privacy string as the mechanism to encode data about the information disclosed to the user and user elections under various US privacy laws, starting with the California Consumer Privacy Act (CCPA). Since January 1, Xandr processes the
us_privacy string. See the IAB CCPA Compliance Framework for information on conforming to the string requirements.
setPageOpts us_privacy parameter is planned to be deprecated at a future date. To retrieve the value of the
us_privacy string AST will use the dynamic
usp_api from an on-page API.