Documentation > UCP Implementation Guide > Prior Consent


Information on Description of Script, Script Deployment and Creating Notices

Description of Script

Our script has to the added to your web properties for UCP to be available.

Once a notice is configured, this script is available in our privacy application,

Here is an example:

<script type="text/javascript">

    (function (id) {

        function append(scriptid, url, async) {

            var d = document, sn = 'script', f = d.getElementsByTagName(sn)[0];

            if (!f) f = d.head;

            var s = d.createElement(sn);

            s.async = true;

   = scriptid;

            s.src = url;

            f.parentNode.insertBefore(s, f);


         function getRootDomain() {

            var parts = window.location.hostname.split('.');

            if (parts.length === 2) rootDomain = parts[0];

            else if (parts.length > 2) {

              // see if the next to last value is a common tld

              var part = parts[parts.length - 2];

              if (part === 'com' || part === 'co') {

                rootDomain = parts[parts.length - 3]; // go back one more


              else {

                rootDomain = part;



           return rootDomain;


         window.evidon = {}; = id;

        var cdn = '//', rootDomain = getRootDomain(), noticecdn = cdn + 'sitenotice/';

        append('evidon-notice', noticecdn + 'evidon-sitenotice-tag.js', false);

        append('evidon-location', cdn + 'geo/country.js', true);

        append('evidon-themes', noticecdn + id + '/snthemes.js', true);

        if (rootDomain) append('evidon-settings', noticecdn + id + '/' + rootDomain + '/settings.js', true);

         window.evidon.priorConsentCallback = function () {

            // add the tags which need to wait for prior consent

            // here.  This should be all your advertising tags and

            // probably most of your social and tracking tags.


 window.evidon.closeCallback = function () {

            // this is executed if the user closed a UI element without either Accepting (providing consent)

            // or Declining (declining to provide consent).


               window.evidon.consentWithdrawnCallback = function () {

            // this is executed if the user withdraws consent and elects to

            // no longer allow technologies to run on the site.


               window.evidon.consentDeclinedCallback = function () {

            // this is executed if the user explicitly declines giving consent by

            // using a Decline button


    })({your company identifier});


Our script is intentionally generic and is meant to be hosted on your various web properties. The only customer-specific piece of information is the identifier assigned to your company in our system.  That is inserted into the section just above the closing script tag titled {your company identifier}.

info icon

When you download the script from the privacy application, you’ll see the identifier included by default.

When this script runs on your web properties it will do the following:

  • Load the evidon-sitenotice-tag.js script, which is what powers our UCP.
  • Load the country.js script which tells our script which country it is currently active in.
  • Load your company themes script - snthemes.js.  This contains the styles for the user interface elements we display.
  • Load the settings.js file, which contains the settings used to correctly display our UCP based on the location, user language, and current domain.


In addition to the script loading, we have the shell of our prior consent callback function - window.evidon.priorConsentCallback - with some comments on how to use it.  If you aren’t using prior consent anywhere this script will execute, or if you are using one of our tag manager integrations to control prior consent, you can safely remove that section of the script.

In the script you will see a function called getRootDomain.  That function is used to pull the root domain from the current URL -- for example “" would return “evidon”.  That is used to pull the correct settings file to power the notice.  You can safely run our script on web properties where you are not using our UCP, but that will involve each page pulling down the resources listed above.  If a settings file is not located the call will log a 404 error which will be visible in browser consoles.  Beyond that it won’t hurt anything, there will just be some extraneous resource calls made.

Script Deployment

Deploying our script should be very straight-forward.  Just take the supplied script and add it to the templates used in your web properties.  It can either be placed in the header or body. There is no specific location required for our script to function. 

If you are using one of our supported Tag Manager integrations, you can also deploy our script using your tag manager. There are instructions for GTM and Tealium later in this document.  For additional assistance, ask your Customer Success Manager (CSM).

Creating Notices

In addition to deploying our script to your web properties you will also need to set up one or more domains in our privacy application, so our script knows it is supposed to execute on those domains.  The full scope of creating notices is beyond this document, but it is important to understand how to configure the various domains and what effect that will have on the UCP when it runs on your properties.

As a short introduction, when you set up your notice for prior consent, your site users see a banner that must be accepted before non-essential tracking is triggered.

To enable prior consent, you’ll create or edit a site notice for a domain by following the steps in this guide.

In step 3 of the wizard, you will:

  1. Select Banner Notification as the Notice Type (so users can navigate the site with or without consent)
  2. Check Consent Required

consent required

On your site, your users see a banner with an accept button. They will be able to navigate the site, but the banner will persist until it is accepted.

The first thing to understand is how our script detects the current domain to map that to the specific notice for that domain.  The script pulls the current location from the browser and uses that domain/path information to search the list of domains in the settings.js file pulled for that domain.  It scans the settings.js list of domains by length, starting with the longest one to find the correct match.  The comparison is a simple, case-insensitive match.

 The second thing to understand is what the domain means in terms of the UCP.  The domain value can technically be a domain, a subdomain, or simply a “host” that resolves to a specific website. Paths may be included as well. Each domain is a singled notice setup that can contain a variable set of experiences for a user based on their location viewing your site and their language requested. Domains are used to map user experiences to a specific set of advertising/analytics vendors.  When setting up your domain, it is important to segment your properties out in a manner that encompasses those vendors.  It is better to over-disclose than under-disclose.  When your website is scanned, the vendor under that domain will be added.  This scanning and grouping are done on a per-country basis, so keep that in mind when assigning countries to your notice. If you select multiple regions or multiple countries, you may be creating multiple scans per domain notice setup. If you have questions to determine exactly what you need or how this affects your setup, contact your CMS or TAM.

Keeping those two things in mind, the UCP is very flexible on how you add Domains.  You can set up specific sub-domains (e.g., “”, “”, “”, etc.), specific paths (“”, “”, etc.), or a root domain (”“).  When you set up a root domain that will act as a fallback for all sub-domains not setup with their own notice setup.  For example, if you set up “” as a domain and do not have a notice configured for “”, a site user will see the notice configured for ””.

info icon

One caveat on using just a root domain (“”).  If you are set up for vendor auto-population (“auto-pop”) our scanning system use the Domain entered for the notice as the starting point for their crawl and scan actions.  Because of that they will not scan sub-domains since the scanner system does not know about them.  In this instance, the scanners may miss vendors specific to sub-domains if you have sub-domains using a different set of vendors.  If that’s the case it would be better to set up a separate notice for that sub-domain.

Connect with Crownpeak