n360ortb includes built-in support for privacy regulations including GDPR/TCF, GPP (Global Privacy Platform), and US Privacy (CCPA).
Overview
n360ortb automatically detects and reads consent signals from Consent Management Platforms (CMPs) that implement industry-standard APIs:
TCF v2 - IAB Transparency and Consent Framework
GPP - IAB Global Privacy Platform
USP - IAB US Privacy String (CCPA)
GDPR / TCF v2
n360ortb automatically detects TCF v2 CMPs via the __tcfapi interface and reads the TC string.
Configuration
n360ortb.init({currency:'EUR',gdpr:{cmpTimeout:1000// Wait up to 1 second for CMP}});
Options
Property
Type
Default
Description
cmpTimeout
number
50
Milliseconds to wait for CMP response
How It Works
n360ortb calls __tcfapi('getTCData') when the page loads
If consent data is available within the timeout, it's included in bid requests
If the CMP doesn't respond in time, the request proceeds without consent data
SSPs receive the TC string and apply their consent logic
Best Practices
Set cmpTimeout high enough for your CMP to initialize
Consider user experience - longer timeouts delay ad loading
A timeout of 500-1500ms is typically sufficient
Direct Consent Passthrough
When running inside an iframe where the CMP is not accessible (e.g., GAM creative), you can pass consent data directly:
Property
Type
Description
applies
boolean
Whether GDPR applies to this request
consent
string
The IAB TCF v2 consent string
When applies and consent are provided, n360ortb skips CMP detection and uses the provided values immediately.
This is particularly useful for GAM creative integration where you can use GAM macros like %%GDPR%% and %%GDPR_CONSENT_755%% to pass consent data.
GPP (Global Privacy Platform)
n360ortb supports the IAB Global Privacy Platform for unified privacy signals across jurisdictions.
Configuration
Options
Property
Type
Default
Description
cmpTimeout
number
50
Milliseconds to wait for GPP CMP response
How It Works
n360ortb calls the GPP API (__gpp) to retrieve the GPP string
The GPP string and applicable sections are included in bid requests
SSPs interpret the GPP string according to their policies
US Privacy (CCPA)
n360ortb supports the IAB US Privacy String for CCPA compliance.
Configuration
Options
Property
Type
Default
Description
cmpTimeout
number
50
Milliseconds to wait for USP API response
How It Works
n360ortb calls __uspapi('getUSPData') to retrieve the US Privacy string
The USP string (e.g., "1YNN") is included in bid requests
SSPs apply their CCPA logic based on the string values
Combining Privacy Configurations
You can enable multiple privacy frameworks simultaneously:
n360ortb will attempt to read consent from all configured frameworks and include available signals in bid requests.
Example: Full Privacy Configuration
Consent Timeout Behavior
When consent is not available within the configured timeout:
Scenario
Behavior
CMP not present
Request proceeds without consent signals
CMP timeout
Request proceeds without consent signals
User hasn't consented yet
Request proceeds without consent signals
Consent available
Consent signals included in request
When consent signals are not available, some SSPs may not bid or may bid at reduced rates depending on their policies and the user's jurisdiction.
Debugging Consent
To verify consent is being captured correctly:
Open browser developer tools
Go to the Network tab
Find the bid request to Nexx360
Check the request payload for:
gdpr and gdpr_consent fields (TCF)
gpp and gpp_sid fields (GPP)
us_privacy field (CCPA)
Best Practices
Load CMP first: Ensure your CMP script loads before n360ortb
Set appropriate timeouts: Balance consent capture with ad load speed
Test thoroughly: Verify consent flows in different scenarios
Monitor fill rates: Low fill rates may indicate consent issues
Compliance Note
n360ortb provides the technical capability to pass consent signals to SSPs. Publishers are responsible for implementing a compliant CMP and ensuring proper consent collection according to applicable laws.
