OneTrust blocking video playback due to privacy setting
I have several clients that use OneTrust for cookie consent. Each organization has different configurations for its OneTrust implementation.
Today we encountered a tricky situation that I wanted to share. This particular organization’s OneTrust configuration is set to “auto” which means OneTrust will actively enforce the user’s cookie preferences without much configuration. The “auto” setting makes implementing OneTrust much easier, but we hit a roadblock when it came to allowing video playback for users who choose not to have tracking enabled.
dnt attribute (see the docs here) which allows us to tell Vimeo whether “do not track” is true or false for this video. In the following iframe we set
dnt equal to
1 which means “do not track” is turned on, which prevents tracking.
This means we are handling the user’s tracking preferences. But OneTrust’s auto feature does not detect the
dnt=1 in the iframe and still prevents this video from playing.
OneTrust rewrites the iframe after it is inserted into the page, replacing the
src with a
data-src attribute. It also adds the class
optanon-category-C0004. The iframe basically ends up like this.
<iframe src="https://player.vimeo.com/video/12345?autoplay=1&muted=0&dnt=1" class='optanon-category-C0004'></iframe>
Obviously, without an
src attribute, the video would not play.
If you are confident you are handling the OneTrust settings a user has set, you can override the auto setting on a tag-level basis. There is a page on CookiePro by OneTrust that mentions the
data-ot-ignore attribute to tell OneTrust to skip this tag. The example shown on that page uses a
script tag, but it will also work on an
iframe with an
src attribute. Here’s how the iframe I mentioned at the beginning looks after adding that attribute.
<iframe src="https://player.vimeo.com/video/12345?autoplay=1&muted=0&dnt=1" data-ot-ignore></iframe>
You’ll see we are not tracking by setting
dnt=1 and we’re telling OneTrust to leave this tag alone with
data-ot-ignore since we’re handing the tracking. Now the videos will play on our page and not track a user.
Services are rewritten by OneTrust auto
Vimeo is not the only tag that will be intercepted by OneTrust. The list from their site is long. If you’ve found your way to this post, you might be using any of the following services that are being automatically rewritten by OneTrust. If you’re confident that you are respecting the user’s wishes, the
data-ot-ignore attribute might work for you too.
Good luck. Respect privacy and don’t track people that don’t want to be tracked.