airgap.js Load Options Glossary
Overview
Below are the configuration load options supported by airgap.js, expressed in kebab-case for data- attributes.
When defining options via our pre-init config API (e.g., airgap.loadOptions in code), convert from kebab-case to camelCase.
Type: stringLocation of the airgap.js bundle. Used for resolving relative paths for other loaded modules, such as the UI module and XDI module.
Options: "on" | "off"Default: "on"Whether to focus on the first descendant of the root arg with the data-initialFocus attribute.
Type: stringCurrent page base location override for relative URL resolution.
Type: stringCustom path to a CSS file containing the default consent manager UI's stylesheet.
Since it can be one of several literal values (info, warn, debug, error, or trace), we treat these as options.Options: "info" | "warn" | "debug" | "error" | "trace"Default: "info"Default output log level for logger.log.
Type: DismissedViewStateThe state the consent manager should go to when dismissed.
Options: "on" | "off" | "data:"Default: "on"Inline CSS options for the consent management UI. "off" disables CSS, and "data:" injects the CSS using a data: URI in an external <link rel="stylesheet"> tag.
Options: "on" | "off"Default: "off"Lazy-load the consent manager UI. When enabled, the UI module loads only when UI display APIs are called.
Type: stringDefault language selection for the default UI. Set to undefined to auto-select.
Type: string
Default: "error warn"Enabled log level(s). Available levels: fatal, error, warn, info, log, debug, and trace.
Type: stringCustom path to translation files for the default UI (overrides consentManagerConfig.messages).
Type: stringPrivacy policy URL.
Type: number | "off"
Default: "off" Automatically prompt user with consent manager UI at n pageviews.
0or"off"= disabled1= prompt on the first pageview2= prompt on the second pageview, etc.
Type: "open" | "closed"
Default: "closed" UI shadow root configuration. Set this to "open" to expose the UI shadow root for external inspection and automation.
Type: ConsentManagerConfigInput | stringConsent manager UI configuration. Can be a sparse ConsentManagerConfig object or JSON string.
Options: "on" | "off"Default: "on"Automatically reload the context (init) realm on consent changes that require a modified CSP.
Options: "on" | "off"Default: "on"Propagate node baseURI context information in the DOM regulation engine.
Options: "on" | "off"Default: "off"Use cookie setter listeners to reactively clear server-originated cookies. Note: Setting this option to "on" enables monitoring (which is required for cookie listener regulation to work), unless monitoring is explicitly disabled.
Type: stringDefault: "allow-known-hosts allow-subdomains"CSP protection configuration (relevant if Unknown Request Policy is set to block).
Type: stringDefault: "Unknown"Default privacy/legal regime.
Options: "true" | "false"Default: "false"Disable airgap.js. Set to "true" to disable airgap.js entirely.
Options: "on" | "off"Default: "on"Disable airgap patcher protections when the user is fully consented to all tracking purposes.
Options: "on" | "off"Default: "on"DOM protection caching configuration.
Options: "on" | "off"Default: "off" Load policies bundles synchronously. Warning: This option is very bad for performance. It should only be used if you can't rely on quarantine smart replay to smooth out policy changes.
Options: "on" | "off" | "export"Default: "off"Monitoring mode.
Options: "on" | "off"Default: "off"Use a MutationObserver regulation fallback while the primary document is still open (loading).
Type: stringSpecify a nonce for satisfying an existing Content Security Policy.
Type: stringConsent partition. If set, consent records are keyed by this partition identifier.
Options: "on" | "off"
Default: "on"DOM protection configuration.
Options: "self" | "descendants" | "*"Default: "*"Auto-protect all accessible same-origin realms with airgap.js.
Type: stringRealm protection same-origin request hooks. Available hooks: nav (default nav:sync), nav:async, and worker.
Type: stringOverride for privacy/legal regimes. Individual regimes must be separated by semicolons.
Options: "on" | "off" | "ip-only" | "heuristics-only"Default: "on"Regime detection configuration.
Type: stringSemicolon-separated ordered list of privacy regimes (for multi-regime precedence).
Type: stringRegime tracking purpose scoping configuration.
Options: "on" | "off" | "2"Default: "on"Regulate cookies with airgap.js.
Options: "on" | "off"Default: "off"Regulate transitive top-level navigation with airgap.js.
Options: "on" | "off"
Default: "on"Regulate network requests with airgap.js.
Options: "on" | "off"Default: "off"Enable report-only mode.
Type: string | "*" | "off"
Default: "*"Configuration for replaying quarantined events. Supported tokens: requests, mutations,
Options: "on" | "off"Default: "on"Deprecated. Whether scripts can make synchronous XMLHttpRequests.
Options: "on" | "off"Default: "off"Enable active anti-tamper interventions.
Options: "block" | "allow" | "require-full-consent"Default: "allow"How to regulate cookies with unknown purposes.
Options: "block" | "allow" | "require-full-consent"Default: "block" if CSP is enabled; otherwise "allow"How to regulate network requests with unknown purposes.
Type: numberDefault: 2621000Event quarantine maximum size (in bytes).
Type: numberDefault: 300000Cache garbage collection interval in milliseconds (0 = disable GC).
Type: numberDefault: 1000Cache key size limit (in UTF-16 string.length units).
Type: numberDefault: 70000Regulation cache size limit (# of entries). -1 = unbounded, 0 = disabled.
Options: "user" | "signals"Default: "user"Consent resolution precedence strategy. Set to 'signals' to disallow user choice from overriding conflicting browser privacy preference signals during consent changes and resolution.
Type: numberDefault: 0Quarantine pending event auto-expiry time limit (in minutes). 0 = no expiry.
Type: stringDefault: "VimeoDNT YouTubePrivacyEnhancedMode WistiaDNT GoogleConsentMode FacebookLDU"Consent Integrations configuration.
Type: stringDefault: "SaleOfInfo"Default trigger tracking purpose for enabling built-in tracker overrides. When this purpose is respected and user has lack of consent then tracker overrides are enabled.
Type: numberDefault: 1Client-side telemetry event sampling rate (percentage of outgoing requests/cookie mutations to track).
Type: numberDefault: 30Initial telemetry logging sync period (in seconds).
Options: "on" | "off"Default: "off"Require support for telemetry false positive filtering (TFPF) for event telemetry.
Type: TelemetryConfigDefault: "on"Airgap telemetry toggle.
Type: stringTelemetry endpoint URL.
Options: "origin" | "path" | "url"Default: "origin"Partition key strategy for telemetry page stats.
Type: numberDefault: 5000Telemetry processing period (in milliseconds).
Type: numberDefault: 1Telemetry sampling rate (percentage of sessions to send telemetry for).
Type: numberDefault: 300Telemetry sync period (in seconds).
Type: stringDefault: "Functional"Tracking purpose assigned to the telemetry endpoint.
Options: "on" | "off"Default: "on"Enable telemetry false positive filtering.
Type: numberDefault: 10Number of frames to collect for TFPF in Chromium. May be "Infinity".
Type: numberDefault: 1000Telemetry false positive filter cache size limit (# of entries). -1 = unbounded, 0 = disabled.
Type: BackendSyncConfigDefault: "on"Remote sync configuration.
Type: stringRemote sync endpoint URL.
Type: numberDefault: 600Bounce debouncer interaction threshold (in milliseconds).
Options: "on" | "off"Default: "off"Deferred sync. When "on", sync isn't automatically enqueued.
Options: "on" | "off" | "allow-network-observable"Default: "on"Whether to run cross-domain sync.
Type: numberDefault: 0Quarantine sync budget (in bytes). 0 = disabled, -1 = unlimited. Note: Best set to the same value as quarantine-size when enabling, which has a default of 2621000.
Type: stringSync domain scope (for cookie-based consent sync). Set this to the highest level domain within a site that you wish to sync across.
Type: stringSpace-separated list of expected sites, preferably eTLD+1. site takes precedence over this setting.
Type: stringDefault: "on"General sync configuration.
Type: stringSync endpoint URL.
Type: stringMulti-site sync endpoint mapping (JSON format).
Type: stringShared XDI host sync groups config (JSON). Maps bundle IDs to first-party sets.
Type: numberDefault: 1800Airgap consent sync period (in seconds).
Options: "b64" | "esc"Set waf=b64 to base64-encode sync cookies or waf=esc to escape sync cookies with URL-safe-encoding. There are no integrated consent migrations for these options at this time, so there is potential for consent loss/reset if this option changes between page visits.
Options: "yes" | "no" | "unknown"Whether the site owner has signed the IAB LSPA agreement.
Options: "on" | "off"Default: "off"Whether to enable the IAB TCF API.
Type: TCFConfigInput | stringTCF configuration, including paths to vendor-list.json, CSS, and messages.
Type: stringCustom XDI module location load option (overrides airgap.xdi).
Type: stringSpace/comma-separated list of allowed XDI hosts.
Type: stringComma/space-separated list of enabled XDI commands.
Type: numberDefault: 30000XDI connection timeout in milliseconds (0 = no timeout).
Options: "on" | "off"
Default: "on"
Require XDI connections to come from secure (HTTPS) origins.
Type: numberDefault: 0Consent expiry time limit (in minutes). 0 = no expiry.
Options: "prompt" | "reset"Default: "prompt"Consent expiry behavior.
"prompt"= show the consent manager again"reset"= reset consent entirely