Self-Hosting Transcend Consent

Transcend Consent's multiple JavaScript modules and synchronization endpoint can be self-hosted on your own infrastructure to help comply with internal security requirements.

We recommend using a reverse proxy with a simple caching setup to host your consent manager on your own infrastructure. This will ensure that you can continue to update your consent manager through the Transcend dashboard.

See this nginx config for an example of setting up a reverse proxy in nginx.

After you have set up your self-hosted modules, you can use the following HTML snippet to load consent manager modules using your own infrastructure:

<script
  src="/path/to/airgap.js"
  data-ui="/path/to/ui.js"
  data-xdi="/path/to/xdi.js"
  data-sync-endpoint-map='{"example.com": "https://sync.example.com", "example.net": "https://sync.example.net/"}'
></script>

Hosting your own first-party XDI sync endpoint is an easy two-step process:

  1. Host a publicly-accessible static page with this HTML on all of your sites, replacing the value of data-sync-groups with a space-separated list of sites that you wish to sync between.
<!doctype html>
<script
  src="https://transcend-cdn.com/cm/{your-bundle-id}/xdi.js"
  data-xdi-commands="ConsentManager:Sync"
  data-sync-groups='{"site1":["your-site.example"], "site2":["your-other-site.example"]}'
></script>
  1. Update your consent manager script tag as such. Take note to enter the URL(s) to the page(s) you created in step 1 in the data-sync-endpoint attribute.
<script
  src="https://transcend-cdn.com/cm/{your-bundle-id}/airgap.js"
  data-sync-endpoint="https://your-site.example/.well-known/xdi"
></script>

Our consent manager uses Transcend XDI to facilitate consent & quarantine sync. This interface works by embedding iframes to known sync endpoints in order to construct secure tunnels for transferring sync data.

  • Your consent manager's allowed domains list must include your Privacy Center domain. This is already true if your Privacy Center is on a subdomain of your primary domain (e.g. privacy.your-site.example)
  • Your sync endpoint's embedder policy must allow embedding by your Privacy Center.
  • Sync clients must connect from secure HTTPS origins.

We do not allow self-hosting our telemetry endpoint at this time.