Skip to main content
How do I share consent across subdomains?
Updated over 7 months ago

Known limitations: cross-subdomain consent sharing is known not to work consistently in Safari browsers that have 'Prevent cross-site tracking' enabled.

In the case where you have the same Termly consent management platform installed across multiple subdomains of your site (e.g. acme.com and subdomain.acme.com), you will need to configure cross-subdomain consent sharing to ensure that a user's consent preferences are recognized as they navigate between your subdomains.

How does cross-subdomain consent sharing work?

Cross-subdomain consent sharing allows a website to share user consent information between different subdomains, so that users do not have to provide consent again for each subdomain they visit.

Cross-subdomain consent sharing works between a parent website (e.g. acme.com) and one or many child websites (e.g. subdomain.acme.com), without needing to use cookies.

Consent will be unidirectionally shared from the parent website to the child.

Follow the steps below to set up cross-subdomain consent sharing for your website's Termly installation.

Step 1: Install Termly's Consent Management Platform

Ensure that Termly is correctly installed across all subdomains that you would like to set up consent sharing for.

Step 2: Create the source file on the parent website

Place an html file with the contents below somewhere in the parent website's directory structure (e.g. `https://acme.com/termly-consent-sync.html`, though the name of the file is completely up to you):

<!DOCTYPE html><head>
  <title>.</title>
  <script src="https://app.termly.io/consent-sync.min.js"></script>
</head>

Step 3: Add a TERMLY_CUSTOM_BLOCKING_MAP on the child website

If you have Auto Blocker enabled, you will need to tell Termly that your parent domain is considered `'essential'` so that it won't get blocked.

This can be done by using a CUSTOM_BLOCKING_MAP, which must be added to your document's `<head>`, and above the inclusion of the `embed.min.js` `<script>` tag.

See the example below, replacing 'acme.com' with your parent domain.

 <script type="text/javascript">
    window.TERMLY_CUSTOM_BLOCKING_MAP = {
      'acme.com': 'essential',
    }
  </script>

Without this, the Auto Blocker will disable the `<iframe>` you'll be adding to your site in a later step.

Step 4: Add `masterConsentsOrigin` to the Termly CMP `<script>` tag on the child website

The value of this attribute must be the base URL (the "origin") of your parent website, which includes the protocol and full hostname (e.g. `https://acme.com`).

<script     src="https://app.termly.io/resource-blocker/YOUR_WEBSITE_UUID?autoBlock=YOUR_AUTO_BLOCK_SETTING&masterConsentsOrigin=https://acme.com"     type="text/javascript" ></script>

Note If visitors access your parent website with a special port number (e.g. `https://acme.com:5555/some-path-here`), your `data-master-consents-origin` will need to include the port number, too (e.g., `https://acme.com:1234`).

Step 5: Add the <iframe> to the child website

Add the following HTML somewhere within your page's `<body></body>`. It shouldn't matter where you put it.

 <iframe
   src="https://acme.com/termly-consent-sync.html"
   style="display: none"
 ></iframe>
Did this answer your question?