Consent & privacy
Gate collection on a visitor's consent. Set a default at init, then relay your cookie banner or CMP decision at runtime. The collector buffers safely while a choice is pending and flushes once it is made.
Set the default at init #
defaultConsent is the fallback state before any explicit decision arrives. Pick it based on
your jurisdiction and where consent is required:
granted: collect immediately. Suitable for first-party analytics where consent is not required.pending: buffer events until the visitor chooses. Nothing is sent until you callconsent.denied: collect nothing until an explicit grant.
amb('init', {
appId: 'storefront',
environment: 'production',
endpoint: 'https://rum-ingest.example.com/v1/events',
defaultConsent: 'pending' // buffer until the visitor decides
}); Relay a runtime decision #
Call amb('consent', state) when the visitor interacts with your cookie banner or CMP. An
explicit decision overrides the default and any Do Not Track signal handling described below.
// Relay a CMP / cookie-banner decision at runtime.
// 'granted' starts (or resumes) collection and flushes the buffer.
// 'denied' stops collection. 'pending' returns to buffering.
function onConsentChoice(choice) {
amb('consent', choice); // 'granted' | 'denied' | 'pending'
}
// e.g. from your cookie banner:
acceptButton.addEventListener('click', () => amb('consent', 'granted'));
rejectButton.addEventListener('click', () => amb('consent', 'denied')); How pending buffers #
While consent is pending the collectors stay active and keep measuring, but the transport
holds events back rather than sending them. This is deliberate: an early metric like Largest Contentful
Paint is captured once and cannot be re-measured, so the collector keeps it buffered. The moment consent
flips to granted, the buffer flushes and collection continues normally.
An explicit denied blocks emission outright. Errors are the one exception the collector
still buffers, in case an imminent grant lets it report the crash that motivated the consent prompt; the
transport gate has the final say on whether anything leaves the browser.
Per-app overrides #
Two per-app options, served from GET /v1/config and configured in the console, can shift
the gate without a code change:
- Implicit consent. When on, the
pendingstate counts as permission to emit (opt-out analytics) instead of buffering. An explicitdenied, or a honoured Do Not Track or Global Privacy Control signal, still blocks. - Honor Do Not Track / GPC. When on, a browser Do Not Track or Global Privacy Control
signal forces
denied. Turn it off to ignore those signals.