U.S. Privacy - CCPA setup and configuration (Legacy)

This article covers the implementation steps for an updated U.S. Privacy - CCPA onsite configuration that utilizes an improved CDN setup and cloud infrastructure. In comparison to previous versions this updated configuration provides the following benefits once implemented:

  • Reduced risk of consent messaging being blocked by ad blockers
  • Improved performance in the delivery of first layer messages
  • Simplified implementation of optional CNAME strategy to improve the persistence of 1st party cookies in adverse browser environments.

If you wish to upgrade from a previous U.S. Privacy - CCPA configuration you will have to change your current Sourcepoint cnaming setup as outlined in this article. The minimum version of the U.S. Privacy - CCPA client-side library is 1.0.44 and above. If you are hosting the client-side library in your own CDN you will have to update the library version in order to benefit from these improvements.

Setting up Sourcepoint’s U.S. Privacy - CCPA solution is a simple process that publisher teams can follow to get up and running quickly. This document is a quick start guide on how to implement a Do Not Sell (my data) experience on your website using Sourcepoint’s JavaScript code snippet. The JavaScript code snippet needs to be placed on your site, preferably in the head tag before any advertising technology scripts implemented on your site. The goal of the implementation is to render a Do Not Sell (my data) notification required under U.S. Privacy - CCPA and syndicate the user's privacy settings to any relevant third party technology running on your site. The Sourcepoint script implementation has been optimized for high performance and fast delivery.

This guide provides details on the technical implementation steps, however additional settings might be required in your Sourcepoint account dashboard.

Implementation overview

The implementation can be divided into two separate steps:

  • Implementing the Sourcepoint U.S. Privacy - CCPA page configuration.
  • Setting up the message domain.

Below is Sourcepoint’s U.S. Privacy - CCPA JavaScript code snippet which needs to be placed at the top (preferably in the header of your page before other ad-tech related tags such as a header bidding tag).

<script type="text/javascript">
    (function () { var e = false; var c = window; var t = document; function r() { if (!c.frames["__uspapiLocator"]) { if (t.body) { var a = t.body; var e = t.createElement("iframe"); e.style.cssText = "display:none"; e.name = "__uspapiLocator"; a.appendChild(e) } else { setTimeout(r, 5) } } } r(); function p() { var a = arguments; __uspapi.a = __uspapi.a || []; if (!a.length) { return __uspapi.a } else if (a[0] === "ping") { a[2]({ gdprAppliesGlobally: e, cmpLoaded: false }, true) } else { __uspapi.a.push([].slice.apply(a)) } } function l(t) { var r = typeof t.data === "string"; try { var a = r ? JSON.parse(t.data) : t.data; if (a.__cmpCall) { var n = a.__cmpCall; c.__uspapi(n.command, n.parameter, function (a, e) { var c = { __cmpReturn: { returnValue: a, success: e, callId: n.callId } }; t.source.postMessage(r ? JSON.stringify(c) : c, "*") }) } } catch (a) { } } if (typeof __uspapi !== "function") { c.__uspapi = p; __uspapi.msgHandler = l; c.addEventListener("message", l, false) } })();
    window._sp_ccpa = {
        config: {
            accountId: ACCOUNT_ID,
            baseEndpoint: "https://cdn.privacy-mgmt.com",
            getDnsMsgMms: true,
            alwaysDisplayDns: false
<script src="https://cdn.privacy-mgmt.com/ccpa.js"></script>

The first section of the snipped contains the IAB Stub function. The Stub function sets up the IAB US Privacy String object “__uspapi” and makes it available on queue to be called and released when needed. It is important to have this script tag always at the top in the first position to avoid errors and failure of the service.

The second section of the snippet contains your account specific configuration parameters. This section sets up the parameters necessary for your website to communicate with the Sourcepoint messaging platform and establishes a communication channel with the Sourcepoint messaging service library. In addition to the standard parameters in the example above, there are additional parameters that allow for JavaScript callbacks to be triggered for different customization purposes. For U.S. Privacy - CCPA implementations. there are currently four required params to deliver a message successfully:

Parameter Description
accountId This parameter needs to be used to set the account ID you received from your Sourcepoint account manager - The ID associates your data and website with your account in the Sourcepoint dashboard.
baseEndpoint https://cdn.privacy-mgmt.com is a single server endpoint from where the messaging as well as the GDPR and U.S. Privacy - CCPA experience is served. The baseEndpoint can also be changed to a CNAMED 1st party subdomain in order to persist 1st party cookies on Safari web browser (due to Safari’s ITP) by setting cookies through the server with set-cookie rather than using document.cookie on the page. Changing the baseEndpoint domain is optional but recommended.
getDnsMsgMms As an alternative to establishing the communication with the message management service through the mmsDomain, you can set this value to false to establish the channel through the ccpaOrigin URL. This approach enables use cases in where a U.S. Privacy - CCPA Do Not Sell (my data) notification is shown on the website without creating a campaign in the Sourcepoint dashboard.
alwaysDisplayDns Setting this parameter to true enables use cases where a Sourcepoint Do Not Sell (my data) notification is hardcoded.

In addition to the required parameters you can use following optional configuration parameters to tailor the implementation to your use case:


Maps the message to a specific URL.

Maps the message to a specific property (website, app, OTT)

This parameter enables you to create key-value pairs that can be used for targeting in the scenario builder in the Sourcepoint dashboard. Key-value pairs can be created in the following format: 

targetingParams: {
                    key1: valueA,
                    key2: valueB

Click here for more information on key-value pairs.


Setting up The Messaging Domain

Setting up a first-party subdomain with a CNAME record for the baseEndpoint is optional. The goal of creating a first-party subdomain is for the U.S. Privacy - CCPA and GDPR TCF JavaScript libraries to communicate with the Sourcepoint messaging server in a first-party capacity. The benefit of this approach is to allow Sourcepoint cookies to be the first party and thus, circumventing Safari’s Intelligent Tracking Prevention (ITP). This creates a discrete messaging channel between the publisher’s messaging subdomain and the Sourcepoint messaging server.

  Note: You can utilize the same CNAME for both U.S. Privacy - CCPA and GDPR messaging campaigns.

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.