Consent Management for Site Tracking

  • Updated

When Informed Consent is Enough

Through our Data Processing Agreements, we contractually require our clients and partners to give their consent to set Adform cookies or reading device IDs. If you consider that the domestic legislation allows "informed consent" (for example, cookie notices on a website are satisfactory for authorities in Germany and France), that is sufficient consent for us to provide our services. All Adform processing happens under legitimate interest, so we formally require such consent only for compliance with the existing ePrivacy implementation.

When Active Consent is Required

However, if you ask users for explicit consent for Adform to set cookies and/or process data AND a user rejects it, then setting cookies and/or processing the related data would violate the existing ePrivacy directive.

While Adform doesn't ask each user for consent, you can inform us about the current status of the user consent. For that, there are two key parameters: a "flag" (a parameter that indicates "true" or "false") in case the user is in the GDPR-affected area, and an IAB consent framework string:

  • gdpr: this parameter tells vendors if a user is in the GDPR-affected area. Expected values are 1 (meaning "yes/true") or 0 (meaning "no/false").

  • gdpr_consent: this parameter provides consent cookie value containing all information for all purposes and for vendors to understand if a user has given consent for them to operate.

In all cases, the information is delivered via URL parameters. The method of adding these parameters depends on the type of tag.

Asynchronous Tracking Points

For asynchronous tags, append the gdpr or gdpr_consent parameters to the Adform tracking tag as in the example below:

<!-- Adform Tracking Code BEGIN -->
<script type="text/javascript">
    window._adftrack = Array.isArray(window._adftrack) ? window._adftrack : (window._adftrack ? [window._adftrack] : []);
        pm: <trackingID>,
        divider: encodeURIComponent('|'),
        pagename: encodeURIComponent('<Tracking Point Name>'),
        gdpr: <true/false>,
        gdpr_consent: '<IAB_consent_string_value>'
    (function () { var s = document.createElement('script'); s.type = 'text/javascript'; s.async = true; s.src = ''; var x = document.getElementsByTagName('script')[0]; x.parentNode.insertBefore(s, x); })();

This code is only needed when a user is in the GDPR-affected area and all other users can be left untouched.


Remember to replace the consent string macro. You can find it in the CMP tool implemented on your website (see below).

Synchronous Tracking Points

Add this code right after the synchronous tracking library and before the tracking function:

<script type="text/javascript" src=""></script>
<script type="text/javascript">
adf.Gdpr = true;
adf.GdprConsent = 'IAB_consent_string_value';
adf.Params.PageName = encodeURIComponent('<Tracking Point Name>');
adf.Params.Divider = encodeURIComponent('|');
adf.track(<trackingID>); </script>

An alternative solution is to switch to asynchronous tags and follow the instructions in the section above.

Synchronous Non-JavaScript Tracking Points

Add the URL parameters (gdpr and gdpr_consent) manually.

The required URL parameters are &amp;gdpr=1&amp;gdpr_consent=IAB_consent_string_value.


<iframe src="{trackingID}&ADFPageName={TrackingPointName}&ADFdivider=|&ADFtpmode=4&gdpr=1&gdpr_consent={IAB_consent_string_value}" style="display:none;"></iframe>


Remember to replace the consent string macro. You can find it in the CMP tool implemented on your website (see below).

How to Retrieve Consent Information from a Cookie

The simplest way to retrieve the consent information is to use dedicated CMP functions. Refer to your CMP tool documentation for details.

Below is an example of one CMP that outputs consent information into the console as a JSON object.

<script type="text/javascript">
  window.__cmp('getConsentData',null,function(result) { console.log(result) });


{gdprApplies: true, hasGlobalScope: false, consentData: "BONKsyAONyggoABABAENAS-AAAAKh_______________9uT4Kp-KDVZwiA"}

As the example shows, the CMP provides information about whether the GDPR is applicable and the consentData string that should be passed.

function(result) { console.log(result) } should be replaced to the callback of your native function that would handle consent information before initiating ad tags.

Verify if the GDPR Consent is Sent

  1. Right-click anywhere on the page.

  2. Click on Inspect.

  3. Go to the Network tab.

  4. In the search bar, type in rp=

  5. Refresh the page.

  6. Click on one of the new lines that will show on the Network tab.

  7. In the Header tab, scroll down to the Query String Parameters section.

  8. If you see the lines gdpr: true and gdpr_consent with a long string of encrypted code, that means that the GDPR consent is sent.

Verify if the User ID is Sent

  1. On the publisher website, open the developer tools.

  2. Refresh the page.

  3. In the Network tab, use as domain filter.


    The parameter rp=3 is visible for usual display placements, while parameter rp=4 is visible for Header Bidding requests.

  4. Click on the request to see the parameters of the query string.

  5. Scroll down to the Query String Parameters section.

    If the user ID is sent, there will be an additional parameter (eids). That parameter contains the user ID.

Custom Consent Versus IAB Consent Framework

Please note that following the recommendation from IAB, TCF v.1.1 signals or any other custom consent signals will not be supported, they will be treated as if no consent is given and will be processed as cookieless.

Passing Consent Information to Container Tag

Given that Adform tracking point receives consent information from the advertiser's website (with gdpr=1 and gdpr_consent="value"), it is possible to pass the consent information to container pixels with macros __ADFGDPRCONSENT__ and __ADFGDPR__ to inform vendors whether a user is in the GDPR-affected area.


As of August 15, 2020, following the recommendation from IAB, TCF, only version 2.0 consent signals and higher are accepted. If you are using an earlier version, it will be treated as if no consent is given and will be processed without cookies.

Was this article helpful?

How we can make it better?

Thank you for your feedback!