Frequently Asked Questions (GDPR / CMP)

Do I need to host the CMP JS script on my site domain?

No, as long as the CMP JS script loads in the 1st-party domain, the CMP will be able to store consent as a 1st-party cookie.


For server to server ad calls that take place before content is returned to the browser, do I need to add CMP JS to my pages?

Yes, include CMP JS because occasional downstream creatives and pixels may need to obtain consent. However, if you are confident your property only conducts S2S ad calls you may opt out.


My buyers sometimes provide HTML-based creatives which initiate third-party integrations, some of which will now need access to the consent parameters I would pass. Could these third parties use JavaScript to retrieve consent parameters within a creative?

Yes. The interface is standardized so that any client-side component that ingests and interprets consent can get this from the CMP JS.


How does CMP JS work with creatives inserted into iframes?

The IAB spec specifies iframe communication to and from the CMP JS be allowed via postMessage()/safeFrames. See the example above in the Ad Call/Pixel integration section.

Have more questions? Submit a request