Our Consent Manager is carefully designed to protect its own internal state and regulation capabilities from other potentially malicious scripts running in the same environment. We employ the following techniques to ensure the security of our Consent Manager:
We use an extensive runtime reference caching & utility framework as the standard library through which all of our security-critical code is built. This library is completely resistant to all prototype pollution attacks, and dynamically adjusts for implementation differences between browsers to always provide the most secure level of abstraction available.
We require a genuine user-initiated
'submit' event or a trusted Transcend XDI consent sync to change consent after initialization. Other consent managers don’t secure their consent APIs with any user authorization safeguards at all.
To disable our tamper resistance mode, add
data-tamper-resist="off" to your airgap.js script tag.