OneTrust blocking video playback due to privacy setting

I have sev­er­al clients that use OneTrust for cook­ie con­sent. Each orga­ni­za­tion has dif­fer­ent con­fig­u­ra­tions for its OneTrust imple­men­ta­tion.

Today we encoun­tered a tricky sit­u­a­tion that I want­ed to share. This par­tic­u­lar organization’s OneTrust con­fig­u­ra­tion is set to ​“auto” which means OneTrust will active­ly enforce the user’s cook­ie pref­er­ences with­out much con­fig­u­ra­tion. The ​“auto” set­ting makes imple­ment­ing OneTrust much eas­i­er, but we hit a road­block when it came to allow­ing video play­back for users who choose not to have track­ing enabled. 

We have a page with a play but­ton that, when clicked, inserts an iframe with the Vimeo play­er with Javascript. When the iframe is pro­gram­mat­i­cal­ly cre­at­ed, we first check the OneTrust cook­ie pref­er­ences, and only if the user has active­ly accept­ed track­ing cook­ies, do we track the video. We use Vimeo’s dnt attribute (see the docs here) which allows us to tell Vimeo whether ​“do not track” is true or false for this video. In the fol­low­ing iframe we set dnt equal to 1 which means ​“do not track” is turned on, which pre­vents track­ing.

<iframe src="https://player.vimeo.com/video/12345?autoplay=1&muted=0&dnt=1"></iframe>

Screenshot of Vimeo player parameters for `dnt` parameter, 01FEB2022

This means we are han­dling the user’s track­ing pref­er­ences. But OneTrust’s auto fea­ture does not detect the dnt=1 in the iframe and still pre­vents this video from play­ing. 

OneTrust rewrites the iframe after it is insert­ed into the page, replac­ing the src with a data-src attribute. It also adds the class optanon-category-C0004. The iframe basi­cal­ly ends up like this.

<iframe src="https://player.vimeo.com/video/12345?autoplay=1&muted=0&dnt=1" class='optanon-category-C0004'></iframe>

Obvi­ous­ly, with­out an src attribute, the video would not play.

A solu­tion #

If you are con­fi­dent you are han­dling the OneTrust set­tings a user has set, you can over­ride the auto set­ting on a tag-lev­­el basis. There is a page on Cook­iePro by OneTrust that men­tions the data-ot-ignore attribute to tell OneTrust to skip this tag. The exam­ple shown on that page uses a script tag, but it will also work on an iframe with an src attribute. Here’s how the iframe I men­tioned at the begin­ning looks after adding that attribute. 

<iframe src="https://player.vimeo.com/video/12345?autoplay=1&muted=0&dnt=1" data-ot-ignore></iframe>

You’ll see we are not track­ing by set­ting dnt=1 and we’re telling OneTrust to leave this tag alone with data-ot-ignore since we’re hand­ing the track­ing. Now the videos will play on our page and not track a user.

Ser­vices are rewrit­ten by OneTrust auto #

Vimeo is not the only tag that will be inter­cept­ed by OneTrust. The list from their site is long. If you’ve found your way to this post, you might be using any of the fol­low­ing ser­vices that are being auto­mat­i­cal­ly rewrit­ten by OneTrust. If you’re con­fi­dent that you are respect­ing the user’s wish­es, the data-ot-ignore attribute might work for you too.

• addthis​.com
• addtoany​.com
• adsrvr​.org
• ama​zon​-adsys​tem​.com
• bing​.com
• bounce​ex​change​.com
• bouncex​.net
• criteo​.com
• criteo​.net
• dai​ly​mo​tion​.com
• dou​bleclick​.net
• everettech​.net
• face​book​.com
• face​book​.net
• goog​lead​ser​vices​.com
• googlesyn​di​ca​tion​.com
• krxd​.net
• liadm​.com
• linkedin​.com
• out​brain​.com
• rubi​con​pro​ject​.com
• sharethis​.com
• Taboola​.com
• twit​ter​.com
• vimeo​.com
• yahoo​.com
• youtube​.com

Good luck. Respect pri­va­cy and don’t track peo­ple that don’t want to be tracked.