airgap.js Capabilities
Transcend Consent Management is powered by the airgap.js privacy governance SDK. This SDK implements a set of unique capabilities that make it easy for you to enforce privacy rules and integrate user consent experiences into your website.
airgap.js is the only client-side SDK that offers network-level request regulation. This means that you only have to configure data flows, and our privacy governance engine handles the rest.
Through a combination of API patchers, virtual proxy documents, and optional dynamic Content Security Policies, we provide a layered security model that offers network regulation capabilities. These capabilities are used to power our tracker regulation engine and event quarantine system which allows network and cookie events to be quarantined locally and released when consented.
Our SDK offers the following per-event enforcement actions:
- Assign tracking purposes (affects downstream regulation)
- Allow event
- Block/quarantine event
- Override event
- Omit cookies from event
Our SDK offers powerful event quarantine functionality that allows network and cookie events to be quarantined locally and released when consented. Using our APIs, you can configure what is quarantined, for how long, and whether the quarantine should be persisted across pageviews. We quarantine most blocked requests and all blocked cookies by default, using some basic heuristics to determine whether an event is worth quarantining to reduce wasted network bandwidth.
Our quarantine replay system was carefully designed to allow for in-place replay of events to enable no-code integration with any website. This means that APIs like fetch()
and new XMLHttpRequest()
can be blocked without consent and later resolve once the user consents.
Our DOM regulation engine allows for quarantining and replaying complex DOM mutations that cause network requests in-place, without necessitating any special integration steps by site owners.
airgap.js is the only client-side JavaScript library that enables you to arbitrarily override cookies and supported network requests with simple custom logic. Our overrides API makes it easy to force query parameters, swap domains, change paths, or redact sensitive user data for all supported network requests.
We use this event overrides API internally to implement our Privacy-Enhancing Tracker Overrides.
Limitation: Overrides cannot bypass an active Content Security Policy.
As an added layer of security, we offer the ability generate and enforce dynamic Content Security Policies that are tailored to your users' consent choices.
Read more: Content Security Policies
airgap.js makes it easy to omit cookies from requests through both the IPendingEvent.omitCredentials()
API available to request overrides and the declarative RegulatedPathConfig
pre-init airgap.omitCredentials
API.
Transcend's Privacy-Enhancing Tracker Overrides includes list of common trackers that we can use to automatically drop cookies from certain requests when associated tracking purposes are not consented.
Read more: Omit request credentials
Read our blog post: Defeating cookie banners
Watch our talk at PEPR 2021: