---
title: OneTrust blocking video playback due to privacy setting
date: 2022-02-01T14:50:00-05:00
author: John Morton
canonical_url: "https://supergeekery.com/blog/onetrust-blocking-video-playback-privacy-tracking"
section: Blog
---
# OneTrust blocking video playback due to privacy setting
*February 1, 2022* by John Morton
*This image is from the film "It Follows". A good and creepy movie.*
I have several clients that use OneTrust for cookie consent. Each organization has different configurations for its OneTrust implementation.
Today we encountered a tricky situation that I wanted to share. This particular organization's OneTrust configuration is set to "auto" which means OneTrust will actively enforce the user's cookie preferences without much configuration. The "auto" setting makes implementing OneTrust much easier, but we hit a roadblock when it came to allowing video playback for users who choose not to have tracking enabled.
We have a page with a play button that, when clicked, inserts an iframe with the Vimeo player with Javascript. When the iframe is programmatically created, we first check the OneTrust cookie preferences, and only if the user has actively accepted tracking cookies, do we track the video. We use Vimeo's `dnt` attribute ([see the docs here](https://vimeo.zendesk.com/hc/en-us/articles/360001494447-Player-parameters-overview#h_01FNYA7F7GKWE17XDQJPMBC058)) which allows us to tell Vimeo whether "do not track" is true or false for this video. In the following iframe we set `dnt` equal to `1` which means "do not track" is turned on, which prevents tracking.
```
```
*Screenshot of Vimeo player parameters for `dnt` parameter, 01FEB2022*
This means _we_ are handling the user's tracking preferences. But OneTrust's auto feature does not detect the `dnt=1` in the iframe and still prevents this video from playing.
OneTrust rewrites the iframe after it is inserted into the page, replacing the `src` with a `data-src` attribute. It also adds the class `optanon-category-C0004`. The iframe basically ends up like this.
```
```
Obviously, without an `src` attribute, the video would not play.
## A solution
If you are **confident** you are handling the OneTrust settings a user has set, you can override the auto setting on a tag-level basis. There is [a page on CookiePro by OneTrust](https://community.cookiepro.com/s/article/UUID-71e7d0a8-03d8-e272-e683-72cadded2ecf) that mentions the `data-ot-ignore` attribute to tell OneTrust to skip this tag. The example shown on that page uses a `script` tag, but it will also work on an `iframe` with an `src` attribute. Here's how the iframe I mentioned at the beginning looks after adding that attribute.
```
```
You'll see we are not tracking by setting `dnt=1` and we're telling OneTrust to leave this tag alone with `data-ot-ignore` since we're handing the tracking. Now the videos will play on our page and not track a user.
## Services are rewritten by OneTrust auto
Vimeo is not the only tag that will be intercepted by OneTrust. The [list from their site](https://community.cookiepro.com/s/article/UUID-c5122557-2070-65cb-2612-f2752c0cc4aa) is long. If you've found your way to this post, you might be using any of the following services that are being automatically rewritten by OneTrust. If you're confident that you are respecting the user's wishes, the `data-ot-ignore` attribute might work for you too.
* addthis.com
* addtoany.com
* adsrvr.org
* amazon-adsystem.com
* bing.com
* bounceexchange.com
* bouncex.net
* criteo.com
* criteo.net
* dailymotion.com
* doubleclick.net
* everettech.net
* facebook.com
* facebook.net
* googleadservices.com
* googlesyndication.com
* krxd.net
* liadm.com
* linkedin.com
* outbrain.com
* rubiconproject.com
* sharethis.com
* Taboola.com
* twitter.com
* vimeo.com
* yahoo.com
* youtube.com
Good luck. Respect privacy and don't track people that don't want to be tracked.
---
**Tags:** cookies, onetrust, dnt, privacy, webdev