Skip to main content
The Web JS SDK supports three ways to determine user consent. Pick the strategy at init() time; the SDK uses it for three actions:
  • User identification
  • Tracking user data
  • Cookie syncing
Consent decisions are stored in cookie storage (or session storage, depending on persistenceInCookieStorage) and replayed on subsequent events until changed.
For Default Opt-in and GDPR strategies, only Brand Consent is honored from setConsent. The primary track, cookieSync, and identify fields are ignored — resolution comes from optOut or the TCF string. Primary fields only apply when using the Custom strategy.

Default opt-in

Use this when you don’t have a CMP and consent is conveyed by your own server-side logic. Set optOut directly: 
window.zeotap.init("YOUR_WRITE_KEY", { optOut: false });
FunctionTypeValueDescription
optOutBooleanfalseExplicit consent signal. When true, the SDK is fully suppressed — no identification, no cookie sync, no event capture.
You can still pass brand consent via setConsent: 
zeotap.setConsent({ brand1Consent: true, brand2Consent: false });

GDPR TCF 2.0

Use this when your site has a TCF 2.0 CMP. The SDK automatically queries the TCF API for the publisher’s consent before recording events. 
window.zeotap.init("YOUR_WRITE_KEY", {
  useConsent: true,
  checkForCMP: true,
  includeTCFString: true,            // optional: forward gdpr_consent string
  purposesForTracking: [1, 3, 4],
  purposesForCookieSyncing: [1, 3, 4]
});
OptionTypeDefaultDescription
useConsentBooleantrueSDK waits for a consent signal before recording.
checkForCMPBooleantrueQueries the TCF API on the page. Set false to use setConsent instead.
purposesForTrackingnumber[][1,3,4]TCF purpose IDs that must be allowed to enable tracking.
purposesForCookieSyncingnumber[][1,3,4]TCF purpose IDs that must be allowed to enable cookie syncing.
TCF purpose IDs are defined in the TCF policies appendix. Use this when you want full control over consent — no optOut shortcut, no TCF API. Supply consent explicitly via setConsent. 
window.zeotap.init("YOUR_WRITE_KEY", {
  useConsent: true,
  checkForCMP: false
});

// later, when the user makes a choice:
zeotap.setConsent({ track: true, cookieSync: true });
In custom mode, the SDK reads primary consent fields from setConsent and uses them to gate every SDK action. Decisions are persisted until a new setConsent call overrides them.

setConsent — full signature

zeotap.setConsent(value, [expiry])
ParameterTypeDefaultRequiredDescription
valueObjectYes{ primaryConsent, brandConsent }. Primary keys: track, cookieSync, identify. Any other key is treated as brand consent.
[expiry]Number365NoDays the consent is valid.
Basic — one decision applied to all primary purposes: 
zeotap.setConsent({ track: true, cookieSync: true });

// with brand consent
zeotap.setConsent({ track: true, brand1Consent: true });
Granular — different decisions per primary purpose: 
zeotap.setConsent({ track: true, cookieSync: false, p1: true, p2: false });
Granular consent can be expressed under any strategy, but primary fields (track, cookieSync, identify) are only honored under Custom. Brand consent fields work everywhere.
Send both primary and brand consent in a single call: 
zeotap.setConsent({ track: true, cookieSync: true, brandConsent: true });
KeyTypeDescription
trackBooleanIf true, user data can be tracked.
cookieSyncBooleanIf true, cookie syncs fire with configured channels.

Choosing a strategy

Default opt-in

No CMP, simple boolean control via optOut.

GDPR TCF 2.0

You already have a TCF 2.0 CMP on the page.

Custom

You want granular control and your own consent UI.
Last modified on June 22, 2026