This article summarizes how to setup your first Osano Consent Manager Configuration (Cookie Popup)
Creating a consent management implementation is simple and takes just a few minutes.
Navigate to the "Consent Management" tab in Osano, and create a new configuration. In the configuration settings, add the following:
- Name - Internal identifier for this configuration.
- Root Domain - If you own example.com, but your website is hosted on www.example.com, you will want to enter only example.com. Osano automatically works with subdomains of your website with no additional configuration.
- Policy Link Text - The text displayed on the cookie popup that links the customer to one of the following policies:
- Policy Link URL - The URL link to the aforementioned policy.
- Additional Settings
- CCPA Opt-Out Mode (Business, Business+, Enterprise)
- By default, Osano utilizes an Opt-In dialog for users accessing from the US. When enabled, this option counteracts this setting and turns the opt-in dialog into an opt-out. This option is compliant with CCPA. [For more information, see CCPA Opt-Out Mode ]
- IAB EU TCF 2.0 (Enterprise Only)
- When enabled, this switch changes all cookie popups in the EU to IAB-defined and compliant popups. [For more information, see Osano and the IAB Framework .]
- First Layer Categories (Business, Business+, Enterprise)
- By default, Osano utilizes a popup containing all opt-in categories for users accessing from the EU and other select locales. When disabled, this option counteracts this setting and turns the popup into a "Manage Preferences" popup. [For more information, see First Layer Categories | Manage Preferences .]
- CCPA Opt-Out Mode (Business, Business+, Enterprise)
- When enabled, the cross-domain switch, you have the option to add multiple domains into your configuration settings, which enable initial consents to be shared across unrelated domains owned by the same entity. Simply add a domain, "tab," and add additional domains. (Some domain restrictions apply). [For more information, see Cross-Domain Support .]
- Legacy Broswer Support
- When turned ON, Osano will generate an osano.js that supports legacy browsers and modern browsers. When OFF, Osano will generate an osano.js that only supports modern browsers. [For more information, see Legacy Browser Support.]
- Google Consent Mode
- When enabled, this switch will allow the Osano CMP to interact with Google Consent Mode (beta). [For more information, see Google Consent Mode.]
Create Configuration and Publish
Once published, use the "get code" button to copy your osano.js and paste it into the header <head> for all pages you wish to monitor. Ensure that the osano.js is the first script that loads on your site.
It is recommended to remain in Listener until you have added the osano.js into your site and have discovered and classified all relevant scripts. In Listener mode, the consent manager will NOT block any scripts or beacons, it will NOT delete cookies, and it will NOT display dialogs to your visitors. In other words, it will not alter your site in any way. You can use Listener mode and another CMP if you are migrating away from another provider. This will ensure no gaps in compliance.
Once the osano.js is placed in your site's <head>, it can take a few minutes to a few hours before the script has captured and reported all cookies, scripts, and local storage items that exist across your sites. [Osano is Tag Manager agnostic, meaning that no additional configuration is necessary for the blocking to occur].
Once you have collected enough reports from osano.js, you can work with your other business units to identify any unknown cookies/scripts/and local storage items to ensure that no "strictly necessary" scripts, cookies, or local storage are blocked by categorizing them appropriately in "Script Classification."
After you have categorized each script and cookie appropriately, you can enable Permissive or Strict Mode and publish these changes.
*** NOTE: You cannot publish into Permissive or Strict mode without having at least ONE (1) script classified or ONE (1) script rule in place. We recommend classifying ALL scripts/cookies prior to publishing in Strict or Permissive. ***
You will now see the consent dialog on your website!
Compliance Mode Definitions
- Discovery/Listener Mode - Osano will gather script and cookie information for categorization, but the consent dialog will not appear on your webpage, and no blocking will occur.
- Permissive Mode - The consent dialog will appear on your website, and all uncategorized scripts will be identified and allowed regardless of consent given. All categorized scripts will be accepted or denied based on user selection. Compliance can be reached in Permissive Mode but is less certain and sustainable than Strict.
- Strict Mode - The consent dialog will appear on your website, and all uncategorized scripts will be blocked until they have been classified. (Recommended - Most compliant)
Within the Consent Manager Configuration screen, you will find the "Stylizing" tab. The Styling tab allows you to customize certain aspects of your Consent Manager's appearance.
From here, you can customize dialog type, placement, and coloration. You have the option to customize your consent management overlay by choosing one of the Osano pre-generated themes or by setting all colors individually.
Additional Styling Settings:
- Notification Dialogue Timeout Duration (Slider) - some regional consent dialogues appear on a timer (ex. they appear for a set amount of time before disappearing). This option allows you to set how long the dialog persists on the page before disappearing. This timer ONLY applies to popups without buttons (implied consent popups). All popups with buttons will persist until the end-user interacts with those buttons.
If there are specific customizations that you would like to employ on your consent manager overlay, you can do this using CSS. See a full list of Osano Classes.
Use the world map to see how your cookie popup (dialogue) and storage preferences (drawer) will look in different countries.
(Note: Osano will geolocate the end-user and provide them with the cookie popup that is most compliant in their location. The language displayed will be determined by the end-users' browser preferences. Selecting a location on the map will show the popup style in that location as well as the most common language in that location.)
Scripts and Script Classification
Once you have placed your Osano.js in the <head> of your site in "Listener" mode, Osano will begin alerting you to and displaying identified scripts. These scripts will appear in the "Scripts" section of the Consent Manager. It can take anywhere from a few minutes to a few hours for scripts to populate.
The script tab is broken up into 2 sections: Classified & Unclassified (Read Classification of Scripts and Cookies for more info.)
Once scripts are identified, you must classify them as one of the following:
Be sure to classify each script before saving and publishing out any new changes.
*** NOTE: You CANNOT switch compliance mode from "Listener" to "Permissive" or "Strict" without at least one script classified. For compliance's sake, we recommend you classify as many scripts as possible before switching out of "Listener" mode. ***
Cookies can be categorized in the same way as scripts. Classification rules can be set for cookies as well.
The cookies tab is broken up into 3 sections: Classified & Unclassified (Read Auto-Classification of Scripts and Cookies for more info.)
Once Cookies are discovered, you must classify them as one of the following:
In this section, you can also set your disclosures. Cookie Disclosures are used to disclose or list out cookies your website is using to the end-user so that they are aware of what is in use and why it is in use. In this section, you can manually add the following:
- Category (tied to the script/cookie categories above)
- Cookie Name
- Cookie Provider
- Expiration Date
- Description of the Cookie
Once added, these disclosures will appear to the end-user on your webpage in the "drawer" under their associated categories. You are not required to include cookie disclosures, but it is recommended practice for both CCPA and GDPR.
iFrames (Enterprise Only)
If this feature is enabled, Osano will discover and list iFrames in the same way it does cookies and scripts. Once discovered, iFrames can be classified and blocked in the same way.
Once iFrames are discovered, you must classify them as one of the following:
Consent Data (Business, Business+, Enterprise)
This section of Osano allows you to view a log of consents for a particular configuration. Using an Osano_UUID or a public IP address, you can search for a particular user's consent logs over a period of time. This data is hashed and anonymized. For more information on Consent Data, contact Osano support.
Sitemap URLs (Enterprise Only)
Here you can add a sitemap XML for scanning. This scanning takes place on a monthly basis and can be used in advance of placing the osano.js on your website to identify script and cookie information.
Click the (+) to add your sitemap URLs in the standard XML format (Osano does not support nested sitemaps).
If your sitemap follows the standard sitemap formatting, these connected URLs will be scanned immediately and then on a monthly basis for unclassified cookies and scripts. (Example Format)
URL Scan (Enterprise Only)
Here you can see the URLs imported via your sitemap for this configuration OR add individual URLs to scan for scripts and cookies. When new URLs are added, they will be scanned immediately and will continue on a monthly basis while active.
You can add, delete, and start/stop scans from this section.
Versions (Enterprise Only)
Here you can see all of your current and past published versions of the Osano CMP script.
You can roll back to previous versions in the tab. Note that when you roll back, all rules, styling, and code is rolled back to the previous version as well.