CMP Setup Guide

  • Updated

Step 1: Create a Cookie Consent Configuration

Creating a consent management implementation is simple and takes just a few minutes. 

Navigate to the "Cookie Consent" tab in Osano and create a new configuration by clicking the purple "+" in the bottom right-hand corner.

In the configuration settings, add the following: 

  • Name - Internal identifier for this configuration. 
  • Root Domain (or sub-domain if applicable) - If you own example.com, but your website is hosted on www.example.com, you will want to enter only example.com. Osano automatically works with subdomains of your website with no additional configuration.
  • Policy Link URL - The URL for your site's privacy policy or any related policy that explains your data policy in detail. It can be relative or absolute.

Cookie Consent - Quick Start Modal

 

If you would like to create your initial config, click "Create Configuration". If you would like to see all the additional settings and options available, click "Advanced Settings".

Advanced settings can be accessed at any time once the configuration is created. All settings can be modified and updated at any point. 


Advanced Settings

General Settings

    • Policy Link Text
      • The text displayed on the cookie popup that links the customer to one of the following policies: Cookie Notice, Cookie Policy, Data Storage Policy, Privacy Notice, Privacy Policy.

Frameworks

  • Support Global Privacy Control
    • When enabled, end users using a GPC compatible browser or browser extension will have any GPC signals respected. When off, GPC signals will be ignored. [For more information, see Global Privacy Control (GPC).]

  • IAB GPP & EU TCF 2.0 Frameworks
    • When enabled, this switch changes all cookie popups in the EU to IAB-defined and compliant popups. [For more information, see Osano and the IAB Framework.]

  • IAB US Privacy String Notice Confirmation
  • By enabling this toggle, Customer is confirming that they have provided consumer notice and Do Not Sell or Share links under applicable regulations and laws. Enabling this toggle will result in a Y being sent in the second character position of the IAB US Privacy string. 
  • Google Consent Mode
  • When enabled, this switch will allow the Osano CMP to interact with Google Consent Mode (beta). [For more information, see Google Consent Mode.]

Performance

    • Legacy Browser Support 
      • When turned ON, Osano will generate an osano.js that supports legacy browsers and modern browsers. When OFF, Osano will generate an osano.js that only supports modern browsers. [For more information, see Legacy Browser Support.]
    • Split Payload
      • When turned ON, the osano.js is segmented into a reduced initial payload with additional requests made as needed. This may help your site render more efficiently.

Advanced Settings

    • Curated Block List
      • When enabled, Osano will automatically block specific scripts and cookies in regions where their usage has been declared illegal by legislation. When off, Osano will respect existing classification settings. [For more information, see Block List.]
    • First Layer Categories
      • By default, Osano utilizes a popup containing all opt-in categories for users accessing from the EU and other select locales. When disabled, this option counteracts this setting and turns the popup into a "Manage Preferences" popup. [For more information, see First Layer Categories | Manage Preferences.]
    • Add Manage Preferences Button

      • When enabled, a Manage Preferences button will be present on banner templates: 1 and 3. When disabled, banner templates 1 and 3 will have no Manage Preferences button. [For more information, see the Consent Banner Gallery.]

    • US State Level Legislation Opt-Out Banner Format (Premier Only)
      • By default, Osano utilizes an Opt-In dialog for users accessing from California, Colorado, Connecticut, and Virginia. When enabled, this option counteracts this setting and turns the opt-in dialog into an opt-out. This option is compliant with US state level legislation. [For more information, see US State Level Legislation Opt-Out Banner Format.]
    • Cross-Domain (Premier Only) 
      • When enabled, the cross-domain switch, you have the option to add multiple domains into your configuration settings, which enable initial consents to be shared across unrelated domains owned by the same entity. Simply add a domain, "tab," and add additional domains. (Some domain restrictions apply). [For more information, see Cross-Domain Support.]

Step 2: Add the CMP code (osano.js) to your site <head>

Once published, use the "get code" button to copy your osano.js and paste it into the header <head> for all pages you wish to monitor (add to the global <head> to apply to all pages).
Ensure that the osano.js is the first script that loads on your site if possible.

Important: Osano will only be able to discover and block scripts that are loaded after it, therefore it must execute in the <head> before any other 3rd party or tracking content. 

It is recommended to remain in Listener until you have added the osano.js into your site and have discovered and classified all relevant scripts. 

Once you have collected enough reports from osano.js, you can work with your other business units to identify any unknown cookies/scripts to ensure that no "strictly necessary" scripts and cookies are blocked by categorizing them appropriately.


Interlude: Compliance Mode Definitions

 

Cookie Consent - Modes

      • Discovery/Listener Mode - Osano will gather script and cookie information for categorization, but the consent dialog will not appear on your webpage, and no blocking will occur.
      • Permissive Mode - The consent dialog will appear on your website, and all uncategorized scripts will be identified and allowed regardless of consent given. All categorized scripts will be accepted or denied based on user selection. Compliance can be reached in Permissive Mode but is less certain and sustainable than Strict.
      • Strict Mode - The consent dialog will appear on your website, and all uncategorized scripts will be blocked until they have been classified. (Recommended - Most compliant)

Important: It is necessary that you classify all your discovered scripts and cookies before moving into STRICT mode.  Not doing so may cause site breakage. 


Step 3: Classify your Scripts and cookies.

Once you have placed your Osano.js in the <head> of your site in "Discovery/Listener" mode, Osano will begin alerting you to and displaying identified scripts. These scripts will appear in the "Scripts" section of the Cookie Consent Manager. It can take anywhere from a few minutes to a few hours for scripts to populate. 

Cookie Consent - Tabs.png

The script tab is broken up into 3 sections: Managed, Discovered, and Ignored (Read Classification of Scripts and Cookies for more info.)

Cookie Consent - Script/Cookie Sections

Once scripts are identified, you must classify them as one of the following: 

      • Essential
      • Analytics
      • Marketing
      • Personalization
      • Blocklist

You can find more information about Classification Categories and Classification Rules in the linked articles. 

Be sure to classify each script before saving and publishing out any new changes.


Cookies

Cookies can be categorized in the same way as scripts. Classification rules can be set for cookies as well. 

The cookies tab is broken up into 3 sections: Managed, Discovered, and Ignored (Read Classification of Scripts and Cookies for more info.)

Once Cookies are discovered, you must classify them as one of the following: 

        • Essential
        • Analytics
        • Marketing
        • Personalization
        • Blocklist

In this section, you can also set your disclosures. Cookie Disclosures are used to disclose or list out cookies your website uses to the end-user so that they are aware of what is in use and why it is in use. In this section, you can manually add the following:

      • Classification (tied to the script/cookie categories above)
      • Cookie Name
      • Vendor
      • Expiration Date
      • Description of the Cookie

Once added, these disclosures will appear to the end-user on your webpage in the "drawer" under their associated categories. You are required to include cookie disclosures for GDPR,  but it is recommended for both CCPA/CPRA.

It is important to note that, though Osano may identify 100% of your cookies, Osano’s cookie classification only affects cookies set through Javascript. Any other means of intercepting or blocking request headers can only be accomplished through browser extensions.


iFrames (Premier Only)

If this feature is enabled, Osano will discover and list iFrames in the same way it does cookies and scripts. Once discovered, iFrames can be classified and blocked in the same way. 

Once iFrames are discovered, you must classify them as one of the following: 

    • Essential
    • Analytics
    • Marketing
    • Personalization
    • Blocklist

Step 4: Customizing your Cookie Popup

Within the Cookie Consent Configuration screen, you will find the "Customization" tab. The Customization tab allows you to tailor certain aspects of your Cookie Consent banner's appearance.

Cookie Consent - Customization Screen

From here, you can customize dialog type, placement, and coloration. You have the option to change the color styles of your consent management overlay by choosing one of the Osano pre-generated themes or by setting all colors individually.

Additional Customization Settings:

      • Banner Timeout - this switch allows you to enable or disable the automatic timeout of banners that are on a timer. If you disable the banner timeout, a site visitor will need to select on the banner to make the banner disappear.
      • Notification Dialogue Timeout Duration (Slider) - some regional consent dialogues appear on a timer (ex. they appear for a set amount of time before disappearing). This option allows you to set how long the dialog persists on the page before disappearing. 
      • Show Policy Link in Drawer - this switch allows you to display a link to your privacy policy/cookie policy/data storage policy in your storage preferences as well as on the initial cookie popup. 

If there are specific customizations that you would like to employ on your cookie consent manager overlay, you can do this using CSS. View all Osano CSS Classes.

Use the world map to see how your cookie popup (dialogue) and storage preferences (drawer) will look in different countries. 

(Note: Osano will geolocate the end-user and provide them with the cookie popup that is most compliant in their location. The language displayed will be determined by the end-users' browser preferences. Selecting a location on the map will show the popup style in that location and the most common language in that location.)   


Step 5: Publish your Configuration into an "Active" Mode to See the Cookie Popup on your Site

Once the above steps are complete, you can publish your configuration into an "active" mode. When active, the cookie popup will now appear on your site, and all managed scripts/cookies will be blocked or allowed based on their classifications and the consent of the end-user. 

Cookie Consent - Modes

  • Permissive Mode - The consent dialog will appear on your website, and all uncategorized scripts will be identified and allowed regardless of consent given. All categorized scripts will be accepted or denied based on user selection. Compliance can be reached in Permissive Mode but is less certain and sustainable than Strict.
  • Strict Mode - The consent dialog will appear on your website, and all uncategorized scripts will be blocked until they have been classified. (Recommended - Most compliant)

We recommend starting in "Permissive" mode for a few days before moving into strict to ensure no new discoveries are found during that time. 

Click the "Publish" button to make this change into an active mode (note: if you see a button that says, "Save Changes", click that first and it will change to "Publish". 

After the publish, your cookie consent manager will now be live on your site. Congratulations! 

Any future changes made to your configuration can be done in the Osano application. All the is necessary to push those changes out to your end users is to republish your Osano configuration. Note, however, that browser caching may delay these changes for returning visitors for about 24 hours. 


Interlude: Additional CMP Features

 

Consent Search

This section of Osano allows you to view a log of consents for a particular configuration. Using an Osano_UUID, you can search for a particular user's consent logs over time. This data is hashed and anonymized. For more information on Consent Data, contact Osano support. 


Sitemap URLs (Premier Only)

Here you can add a sitemap XML for scanning. This scanning takes place monthly and can be used in advance of placing the osano.js on your website to identify script and cookie information. 

Click the (+) to add your sitemap URLs in the standard XML format (Osano does not support nested sitemaps). 

If your sitemap follows the standard sitemap formatting, these connected URLs will be scanned immediately and then monthly for unclassified cookies and scripts. (Example Format)


URL Scan (Premier Only)

Here you can see the URLs imported via your sitemap for this configuration OR add individual URLs to scan for scripts and cookies. When new URLs are added, they will be scanned immediately and will continue monthly while active. 

You can add, delete, and start/stop scans from this section. 


Versions (Premier Only)

Here you can see all of your current and past published versions of the Osano CMP script. 

You can roll back to previous versions in the tab. Note that when you roll back, all rules, customizations, and code are rolled back to the previous version as well. 

 

Review Osano on G2