Cross-Domain Support Data Flow

  • Updated

Understand Cross-Domain Support 

Cross-domain support is recommended when the goal is for the initial consent experience to be shared across root domains: (ex. osano.com and myosano.com). 

Note that cross-domain support may not be considered compliant under privacy laws in certain locations (Example: France) and should not be used in cases where sites have separate privacy policies and brand identity. 

Enable Cross-domain support

Cross-domain support is enabled by flipping the cross-domain switch in your configuration "Settings."

Screenshot 2023-01-18 at 9.38.41 AM

When enabled, you have the option to add multiple domains into your configuration settings, which enable initial consents to be shared across unrelated domains owned by the same entity. 

Screenshot 2023-01-18 at 9.39.07 AM

Osano naturally supports sub-domains, so cross-domain support is not necessary to share consent information across sub-domains: (ex. osano.com and docs.osano.com). 

 

Cross-Domain Workflow

When the customer has enabled cross-domain support, the osano.js script delivered to the end-user's browser will spawn a transparent iframe that accesses consent sharing code retrieved from "https://cmp.osano.com".  

The iframe will communicate with the underlying osano.js script to both stores and retrieve the end-user's consent across different root domains.  

Normally, the end-user consent is stored under the domain the customer application (and the osano.js script) is being executed in.  

With cross-domain support enabled, the end-user consent is now stored in a "cmp.osano.com" scoped cookie and not in the executing application domain.

This workflow is depicted in the diagram below: