Press enter to see results or esc to cancel.

GDPR compliance, cookies and consent

The GDPR (General Data Protection Regulation) is a regulation in European Union (EU) on data protection and privacy for all individuals within the EU and the European Economic Area (EEA) that was designed to harmonize data privacy laws across Europe. If you collect personal information from any EU citizen (within or outside the EU), you must first obtain explicit and unambiguous consent.

Ad Inserter Cookies

Ad Inserter itself does not use cookies except for debugging to store enabled debugging functions and for ad blocking detection when you use delayed action to store pageviews and action settings.

Debugging cookie is only created for administrator using debugging functions or for the user using remote debugging functions via url.

When ad blocking detection is enabled and delayed actions used, 3 cookies may be created for every visitor: aiADB, aiADB_PV and aiADB_PR. However, no personal data is stored in the cookies, only pageviews and action settings.

PRO Ad Inserter Pro also creates and uses cookie aiBLOCKS which stores client-side information about impression and click limitations (if configured).

The ads you may insert with the plugin may use own cookies – please check with ad networks for details.

How to display a GDPR compliant cookie message?

You can use any WordPress plugin for GDPR compliance / cookie consent, for example:

Cookie Notice for GDPR
Cookie Consent
GDPR Cookie Consent
Complianz | GDPR/CCPA Cookie Consent
Borlabs Cookie (paid)
Quantcast Choice
Any plugin or consent solution using IAB TCF v2.0 framework

Installing GDPR plugin alone does not make your site GDPR compliant. Since ads you insert may use various cookies, you may need to make sure you have necessary configurations in place.

How to show ads based on visitors’ consent?

Ad Inserter supports inserting (showing) ads based on cookies or cookie values. If you have used a plugin for cookie consent you can define cookie condition to insert or show ads by black/white-listing Url parameters (where also cookies are checked).

ad inserter cookie check

If you are using one of the following plugins for cookie consent you need to white-list () the following cookie value in Url parameters list (button Lists):

Cookie consent plugin List value
GDPR Cookie Consent viewed_cookie_policy=yes
Cookie Notice for GDPR cookie_notice_accepted=true
Cookie Consent catAccCookies=1
CookieYes cookieyes-advertisement=yes
Complianz Cookie Consent complianz_consent_status=allow

Settings listed above are for plugins where the only check is the presence of the right value (string) in the cookie which is created after the consent is given. Some plugins offer more settings where you can configure consents for different purposes. Below we list settings for plugins that have separate consent for Google AdSense ads. Please note that the actual values in the cookie depend also on the consent plugin settings.

Cookie consent plugin List value

Borlabs Cookie

borlabs-cookie[consents][marketing][*]=google-adsense

TCF v2 compatible (for example Quantcast Choice) tcf-v2[vendor][consents][755]=true && tcf-v2[purpose][consents][1]=true, tcf-v2[gdprApplies]=false     

The plugin previously used euconsent-v2 cookie name for TCF v2 checks. This was now changed to tcf-v2 but the old name will continue to work.

Vendor ID 755 means Google Advertising Products – use vendor ID according to your needs i.e. block ads. See below for detailed description of TCF v2.0 framework which is used by Quantcast Choice. Google requires also consent for “Purpose 1 – Store and/or access information on a device”. The same settings can be used also for any other consent solution using IAB TCF v2.0 framework.

The actual cookie name may differ form tcf-v2 – this is only a general name for TCF v2 checks. You need to use this name when checking the IAB TCF v2.0 compatible consent as the plugin does not check the cookie directly, it uses TCF v2 API to get the tcData object which is then checked.

For visitors where GDPR does not apply the consent is not needed – those cases are enabled by the second item tcf-v2[gdprApplies]=false.

Make sure you have Dynamic blocks set to client-side insertTCF v2.0 based cookie needs to be checked client-side (in the browser).

If you are using caching (very likely) you also need to set Dynamic blocks to Client-side insert (tab / tab General) in order to check cookies in visitor’s browser and not when the page is generated.

Example for GDPR Cookie Consent plugin:

ad inserter cookie check example

In case you don’t see the block inserted or it is inserted when it should not be, you can use debugging functions to diagnose insertions. Debugging function Label Blocks will mark all the blocks with lables showing block status, for example:

ad inserter client side list debugging

How insert arbitrary code based on visitors’ consent?

The same approach can be used to insert any (javascript) code anywhere on the page (including into header or footer) only after the consent is given, for example Google Analytics code, code for AdSense Auto ads, etc.

  • Configure one block with the code you need to insert only after the consent is given
  • Set insertion position (for example Footer)
  • Set Alignment to No wrapping (we don’t need any wrapping div for the block alignment or margins)
  • Set Url parameters list with cookie conditions as described above – whitelist the block for consent conditions according to the consent plugin used

How to insert into header

Header code window will insert the code into page header (code in the <head></head> section) on all pages unconditionally. However, you can configure any block to insert header code according to your needs. Normally, position for automatic insertion into Header does not exist and needs to be created.

To create position for automatic insertion into the page header (code in the <head></head> section) go to tab  / tab Hooks and create and enable a hook with name Header and action wp_head. After you save settings you’ll get Header position for automatic insertion for each code block.

Please note that this Header position for automatic insertion has nothing to do with the header of your theme. This is HTML page header – code in the invisible <head></head> section.

IAB Transparency and Consent Framework 2.0

The IAB Europe Transparency and Consent Framework (TCF) is a GDPR consent solution built by the industry for the industry, creating a true industry-standard approach. The TCF creates an environment where website publishers can tell visitors what data is being collected and how their website and the companies they partner with intend to use it. The TCF gives the publishing and advertising industries a common language (API) with which to communicate consumer consent for the delivery of relevant online advertising and content. One example of consent manager solution using TCF 2.0 is Quantcast Choice – Consent & Compliance Management.

Ad Inserter supports IAB TCF 2.0. Since the consent information in the cookie is stored as encoded object with multiple values it is not possible to simply check the cookie value. The plugin uses TCF v2 API to get the consent data and then checks the tcData javascript object where individual properties can be checked with the array syntax.

An example of the tcData object decoded from the IAB TCF 2.0 cookie:

{
  "cmpId": 10,
  "cmpVersion": 7,
  "gdprApplies": true,
  "tcfPolicyVersion": 2,
  "eventStatus": "tcloaded",
  "cmpStatus": "loaded",
  "listenerId": 0,
  "tcString": "CO333bBO333bBAKAHAENAyCsAP_AAH_AACRAGStV_T9fb2vj-_5999t0eY1f9_63t-wjhgeMs-8NyZ-X_J4Wr2MyvB34JqQKGRgEunLBAQdlHGHcTQgAwIkViTLMYk2MizNKJrJEilMbM2dYGG1Pn8XTuZCY70-sP__zv3-_-33_4GSEEmCpfAQJCWMBJNmlUKIEIVxIVAOASghGEg0sNCRwU7I4CPUACABAYAIQIAQAgohJBAAIAAElEQAgAwIBEARAIAAQAjQEIACJAEFgBIGAQACoGhYARRBKBIQYHBUcogQFSLRQTwAA.f_gAH_gAAAAA",
  "isServiceSpecific": true,
  "useNonStandardStacks": false,
  "purposeOneTreatment": false,
  "publisherCC": "SI",
  "outOfBand": {
    "allowedVendors": {},
    "disclosedVendors": {}
  },
  "purpose": {
    "consents": {
      "1": true,
      "2": true,

      ...

      "9": true,
      "10": true
    },
    "legitimateInterests": {
      "1": false,
      "2": true,

      ...

      "9": true,
      "10": true
    }
  },
  "vendor": {
    "consents": {
      "1": true,
      "2": true,
      "3": false,

      ...

      "803": true,
      "804": true,
      "805": true
    },
    "legitimateInterests": {
      "1": false,
      "2": true,
      "3": false,

      ...

      "802": true,
      "803": true,
      "804": true
    }
  },
  "specialFeatureOptins": {
    "1": true,
    "2": true
  },
  "publisher": {
    "consents": {
      "1": true,
      "2": true,

      ...

      "9": true,
      "10": true
    },
    "legitimateInterests": {
      "1": true,
      "2": true,

      ...

      "9": true,
      "10": true
    },
    "customPurpose": {
      "consents": {},
      "legitimateInterests": {}
    },
    "restrictions": {}
  }
}

The plugin previously used euconsent-v2 cookie name for TCF v2 checks. This was now changed to tcf-v2 but the old name will continue to work.

You can check individual object properties in the TCF v2 cookie like in other cookie objects, for example, you can whitelist ads with the following cookie propertiy (set in the url parameters list):

tcf-v2[vendor][consents][755]=true

This would check IAB TCF 2.0 cookie whether vendor -> consents [755] value is true. Vendor ID 755 means Google Advertising Products – use vendor ID according to your needs i.e. block ads.

The actual cookie name may differ form tcf-v2 – you still need to use this name when checking the IAB TCF v2.0 compatible consent as the plugin does not check the cookie directly, it uses TCF v2 API to get the tcData object which is then checked.

Google requires also consent for “Purpose 1 – Store and/or access information on a device” – tcf-v2[purpose][consents][1]=true

For visitors where GDPR does not apply the consent is not needed – those cases can be enabled enabled with tcf-v2[gdprApplies]=false.

So the final check for Google ads is:

tcf-v2[vendor][consents][755]=true && tcf-v2[purpose][consents][1]=true, tcf-v2[gdprApplies]=false

ad inserter cookie check example tcf

Make sure you have Dynamic blocks set to client-side insert.

To check only the presence of some property (regardless of its value) simply specify it without the value. For example, to check for the presence of publisher -> consents [1] property use in the list only

tcf-v2[publisher][consents][1]

IAB TCF Troubleshooting

Diagnosing IAB TCF issues is not simple and requires some experience with Javascript code and the console in the browser. Ad Inserter already supports many debugging functions that can be used to label blocks and diagnose insertions. Additionally, to see the status of the IAB TCF consent API (used also by Quantcast Choice), Ad Inserter shows an additional IAB TCF debugging bar on the top of the page. This bar is present only when at least one block is configured for TCF v2 cookie check:

ad inserter debug bar iab tcf

Initially, when the TCF API (Javascript function __tcfapi) is detected, the bar is gray. When the consent pop-up window is shown or when the cookie is already present and consent data loaded, the bar becomes green showing that the API function works. If there is an issue the bar becomes red showing the error message.

PRO How to display ads as soon as the consent is given?

Normally, when you configure the plugin as described above, the ads will be loaded with the next page load after the consent is given. However, with Ad Inserter Pro it is possible to immediately display the ads as Ad Inserter Pro supports manual loading. Manual loading means that the code block (ad) is not loaded (inserted) until you call a Javascript function for loading.

If your consent plugin supports custom action when the consent is given (or changed), you need to set Manual loading to Auto and Dynamic blocks to Client-side insert. The block will be processed according to the settings. If url parameter list (used also for cookies) fails, the block will be marked for manual loading. To check again for cookies and load the block if the conditions (cookies present) are met, the Javascript function ai_load_blocks ([block]) needs to be called. The block number parameter is optional, if it is not provided all blocks enabled for manual loading (and not loaded yet) will be loaded. Of course, the code for the ads needs to support asynchronous loading (loading after the page is created).

For some plugins like Quantcast Choice and Complianz Cookie Consent Ad Inserter Pro will automatically perform necessary actions and insert ad codes as soon as the consent is given (you only need to set Manual loading to Auto for every block that needs to be inserted).

Please note that the settings described here will only insert ad codes immediately after the consent will be given. In most cases the code will display ads, however, this may not happen in all the cases as the ads are displayed by the ad code and the ad code decides what to display and when.

Please not that the code for the ads needs to support asynchronous loading (loading after the page is created).