Consent Management Sync

airgap.js supports synchronizing consent and metadata data over two modalities: client-side and server-side. Private client-side sync can also be used to synchronize quarantine data.

After initialization, airgap.js can synchronize state cross-subdomain. If an XDI sync endpoint is configured and the user's browser supports XDI, then XDI is used for sync, unlocking optional quarantine sync. Quarantine sync can be enabled by configuring the quarantine-sync-budget load option for your airgap.js and xdi.js script tags.

When resolving initial consent, both localStorage-stored and cookie-stored consent are compared and the most recent consent is chosen as the reference consent. Whenever consent is saved and cookie-based sync is enabled, both cookie and localStorage-stored consent are updated.

Cookie and localStorage-based storage keys and their intended uses are listed in our consent management privacy and security documentation.

airgap.js supports privately synchronizing consent, metadata, and quarantine data across same-site cross-domain hosts using Transcend XDI.

⚠️ XDI sync is not available in Safari

airgap.js 9.5 and later supports storing consent and metadata in cookies for browsers that don't support private same-site cross-domain data sharing, such as Safari. To allow the use of cookie-based consent sync as a fallback when XDI sync is unsupported, set data-local-sync="allow-network-observable" on your airgap.js script tag.

airgap.js 9.60 and later automatically uses cookie-based sync if XDI is not supported or an XDI endpoint has not been configured. Sync can be restricted to only using XDI by setting data-local-sync="private" on your airgap.js script tag.

Cookie-based sync requires that you set the data-site attribute on your airgap.js script tag configure what domain to associate the cookie with. All subdomains of the domain specified in the data-site attribute will be able to read the cookie.

Alternatively, the data-sites attribute can be used to specify a space-separated list of multiple sites, and the appropriate site will be selected based on the current page's domain. data-sites is ignored whenever data-site is specified.

Note that unlike XDI sync, cookie-based sync potentially allows for third-party scripts to override stored consent. This sync method should only be used when you trust that the content running on your site will not attempt to actively bypass our protections.

Consent information and metadata can be stored in and restored from a backend server, enabling logged-in users to persist consent across sessions and browsers.