├── README.md ├── LICENSE └── scripts ├── user-centrics.md ├── trustarc.md ├── onetrust.md ├── liveramp-privacy-manager.md └── quantcast-choice.md /README.md: -------------------------------------------------------------------------------- 1 | # webpagetest-cookie-consent-scripts 2 | Scripts that can be used with WebPageTest (or other testing tools) to bypass Cookie Consents and enable full page load 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Andy Davies 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /scripts/user-centrics.md: -------------------------------------------------------------------------------- 1 | # Usercentrics 2 | 3 | Bypassing the Usercentrics cookie prompt seems to require the following to be set: 4 | 5 | **localStorage** 6 | - uc_settings 7 | - uc_user_interaction 8 | 9 | These can be set near the start of a test in WebPageTest via the _Inject Script_ field at the bottom of the _Advanced_ tab. 10 | 11 | The DevTools snippet below can be used extracts relevant data from an existing Chrome session and then generate an appropriate script. 12 | 13 | I'd recommend generating the script using a fresh Guest profile in Chrome first to avoid capturing anything that may be personal. 14 | 15 | 1. Launch fresh Guest window in Chrome 16 | 17 | 2. Open a site that uses Usercentrics as it's CMP 18 | 19 | 3. Accept cookies (could reject, or experiment with different options too) 20 | 21 | 4. Launch DevTools 22 | 23 | 5. Either paste script below into the console or save it as a devtools snippet, and then execute it 24 | 25 | 26 | ``` 27 | // Local storage items 28 | var UCSettings = localStorage.getItem('uc_settings'); 29 | var UCUserInteraction = localStorage.getItem('uc_user_interaction'); 30 | 31 | // Generate WPT Script 32 | var output = `localStorage.setItem('uc_settings', '${UCSettings}');\n` + 33 | `localStorage.setItem('uc_user_interaction', '${UCUserInteraction}');\n`; 34 | 35 | console.log(output); 36 | 37 | copy(output); 38 | ``` 39 | 40 | 6. The script will generate another script that looks something like this (it will also copy it to the clipboard) 41 | 42 | 7. In WebPageTest… 43 | 44 | 8. Enter the page you want test 45 | 46 | 9. Paste the generated script into the _Inject Script_ text box 47 | 48 | 8. Hit start 49 | 50 | If all's gone well when the test completes the filmstrip shouldn't contain a consent popup, and the waterfall should have all the third-parties and ads (although some third-parties and ad providers don't serve their content to AWS locations etc) 51 | 52 | Here's two tests using https://www.baywa.de/ 53 | 54 | Without injected script: https://www.webpagetest.org/result/230312_AiDc21_5P8/ 55 | With script: https://www.webpagetest.org/result/230312_AiDc99_5N6/ 56 | 57 | Comparison: https://www.webpagetest.org/video/compare.php?tests=230312_AiDc21_5P8,230312_AiDc99_5N6 58 | -------------------------------------------------------------------------------- /scripts/trustarc.md: -------------------------------------------------------------------------------- 1 | # TrustArc 2 | 3 | TrustArc sets the following cookies: 4 | 5 | - TAconsentID 6 | - notice_preferences 7 | - cmapi_cookie_privacy 8 | - cmapi_gtm_bl 9 | - notice_gdpr_prefs 10 | 11 | These can be set in WebPageTest via the Advanced Settings → Script → "Enter Script" text field. 12 | 13 | The DevTools snippet below can be used extracts relevant data from an existing Chrome session and then generate an appropriate script. 14 | 15 | I'd recommend generating the script using a fresh Guest profile in Chrome first to avoid capturing anything that may be personal. 16 | 17 | 1. Launch fresh Guest window in Chrome 18 | 19 | 2. Open a site that uses TrustArc as it's CMP 20 | 21 | 3. Accept cookies (could reject, or experiment with different options too) 22 | 23 | 4. Launch DevTools 24 | 25 | Either paste script below into the console or save it as a devtools snippet, and then execute it 26 | 27 | 28 | ``` 29 | // Cookies 30 | var cookies = document.cookie.split('; '); 31 | var TAconsentID = cookies.find(entry => entry.startsWith('TAconsentID=')); 32 | var notice_preferences = cookies.find(entry => entry.startsWith('notice_preferences=')); 33 | var cmapi_cookie_privacy = cookies.find(entry => entry.startsWith('cmapi_cookie_privacy=')); 34 | var cmapi_gtm_bl = cookies.find(entry => entry.startsWith('cmapi_gtm_bl=')); 35 | var notice_gdpr_prefs = cookies.find(entry => entry.startsWith('notice_gdpr_prefs=')); 36 | 37 | // Generate WPT Script 38 | var output = 39 | `setCookie %ORIGIN% ${TAconsentID}\n` + 40 | `setCookie %ORIGIN% ${notice_preferences}\n` + 41 | `setCookie %ORIGIN% ${cmapi_cookie_privacy}\n` + 42 | `setCookie %ORIGIN% ${cmapi_gtm_bl}\n` + 43 | `setCookie %ORIGIN% ${notice_gdpr_prefs}\n` + 44 | `navigate %URL%`; 45 | 46 | console.log(output); 47 | 48 | copy(output); 49 | ``` 50 | 51 | 6. The script will generate another script that looks something like this (it will also copy it to the clipboard) 52 | 53 | ``` 54 | setCookie %ORIGIN% TAconsentID=3851e98e-1622-4fc4-926b-574bf940ba44 55 | setCookie %ORIGIN% notice_preferences=3: 56 | setCookie %ORIGIN% cmapi_cookie_privacy=permit 1,2,3,4 57 | setCookie %ORIGIN% cmapi_gtm_bl= 58 | setCookie %ORIGIN% notice_gdpr_prefs=0,1,2,3::expressed,eu 59 | navigate %URL% 60 | ``` 61 | 62 | 7. In WebPageTest… 63 | 64 | 8. Enter the page you want test 65 | 66 | 9. Paste the generated script into Advanced Settings → Script → "Enter Script" text box 67 | 68 | 8. Hit start 69 | 70 | If all's gone well when the test completes the filmstrip shouldn't contain a consent popup, and the waterfall should have all the third-parties and ads (although some third-parties and ad providers don't serve their content to AWS locations etc) 71 | 72 | -------------------------------------------------------------------------------- /scripts/onetrust.md: -------------------------------------------------------------------------------- 1 | # [OneTrust](https://www.onetrust.com/) 2 | 3 | Bypassing the OneTrust cookie prompt seems to require the following to be set: 4 | 5 | **Cookies** 6 | - OptanonConsent 7 | - OptanonAlertBoxClosed 8 | 9 | These can be set in WebPageTest via the Advanced Settings → Script → "Enter Script" text field. 10 | 11 | The DevTools snippet below can be used extracts relevant data from an existing Chrome session and then generate an appropriate script. 12 | 13 | I'd recommend generating the script using a fresh Guest profile in Chrome first to avoid capturing anything that may be personal. 14 | 15 | 1. Launch fresh Guest window in Chrome 16 | 17 | 2. Open a site that uses OneTrust as it's CMP 18 | 19 | 3. Accept cookies (could reject, or experiment with different options too) 20 | 21 | 4. Launch DevTools 22 | 23 | 5. Either paste script below into the console or save it as a devtools snippet, and then execute it 24 | 25 | 26 | ``` 27 | // Cookies 28 | var cookies = document.cookie.split('; '); 29 | var OptanonConsent = cookies.find(entry => entry.startsWith('OptanonConsent=')); 30 | var OptanonAlertBoxClosed = cookies.find(entry => entry.startsWith('OptanonAlertBoxClosed=')); 31 | 32 | // Generate WPT Script 33 | var output = 34 | `setCookie %ORIGIN% ${OptanonConsent}\n` + 35 | `setCookie %ORIGIN% ${OptanonAlertBoxClosed}\n` + 36 | `navigate %URL%`; 37 | 38 | console.log(output); 39 | 40 | copy(output); 41 | ``` 42 | 43 | 6. The script will generate another script that looks something like this (it will also copy it to the clipboard) 44 | 45 | ``` 46 | setCookie %ORIGIN% OptanonConsent=isIABGlobal=false&datestamp=Sat+May+22+2021+15%3A42%3A12+GMT%2B0200+(Central+European+Summer+Time)&version=6.15.0&hosts=&consentId=ab1fcb80-a45b-49ca-b5f4-357887f51f7a&interactionCount=1&landingPath=NotLandingPage&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1&geolocation=DE%3BBY&AwaitingReconsent=false 47 | setCookie %ORIGIN% OptanonAlertBoxClosed=2021-05-04T13:11:41.750Z 48 | navigate %URL% 49 | ``` 50 | 51 | 7. In WebPageTest… 52 | 53 | 8. Enter the page you want test 54 | 55 | 9. Paste the generated script into Advanced Settings → Script → "Enter Script" text box 56 | 57 | 8. Hit start 58 | 59 | If all's gone well when the test completes the filmstrip shouldn't contain a consent popup, and the waterfall should have all the third-parties and ads (although some third-parties and ad providers don't serve their content to AWS locations etc) 60 | 61 | Here's two tests using https://www.netcentric.biz/: 62 | * Without injected script: https://www.webpagetest.org/result/210522_AiDc73_c3abaa493cdc36627a250180c4f8324e/ 63 | * With script: https://www.webpagetest.org/result/210522_BiDcFG_64d6f46c9c451e6b751b11d8c1c88c07/ 64 | * Comparison: https://www.webpagetest.org/video/compare.php?tests=210522_BiDcFG_64d6f46c9c451e6b751b11d8c1c88c07,210522_AiDc73_c3abaa493cdc36627a250180c4f8324e 65 | 66 | -------------------------------------------------------------------------------- /scripts/liveramp-privacy-manager.md: -------------------------------------------------------------------------------- 1 | # LiveRamp Privacy Manager 2 | 3 | Bypassing the LiveRamp consent prompt requires a number of localStorage values to be set: 4 | 5 | - euconsent-v2 6 | - cconsent-v2 7 | - addtl_consent 8 | - gdpr-dau 9 | - gdpr-last-interaction 10 | - gdpr-config-version 11 | - gdpr-auditId 12 | - geo-location 13 | 14 | These can be set near the start of a test in WebPageTest via the _Inject Script_ field at the bottom of the _Advanced_ tab. 15 | 16 | The DevTools snippet below can be used extracts relevant data from an existing Chrome session and then generate an appropriate script. 17 | 18 | I'd recommend generating the script using a fresh Guest profile in Chrome first to avoid capturing anything that may be personal. 19 | 20 | 1. Launch fresh Guest window in Chrome 21 | 22 | 2. Open a site that uses LiveRamp as its CMP (look for `*.privacymanager.io`) 23 | 24 | 3. Accept cookies (could reject, or experiment with different options too) 25 | 26 | 4. Launch DevTools 27 | 28 | 5. Either paste script below into the console or save it as a devtools snippet, and then execute it 29 | 30 | ``` 31 | const items = ["euconsent-v2","cconsent-v2","addtl_consent","gdpr-dau","gdpr-last-interaction","gdpr-config-version","gdpr-auditId","geo-location"] 32 | const commands = items.map(key=>`localStorage.setItem('${key}','${localStorage.getItem(key)}');`).join('\n'); 33 | 34 | console.log(commands); 35 | copy(commands); 36 | ``` 37 | 38 | 6. The script will generate another script that looks something like this (it will also copy it to the clipboard) 39 | 40 | ``` 41 | localStorage.setItem('euconsent-v2','{"data":"...","expire":1693128301069}'); 42 | localStorage.setItem('cconsent-v2','{"data":"...","expire":1693128301078}'); 43 | localStorage.setItem('addtl_consent','{"data":"...","expire":1693131139654}'); 44 | localStorage.setItem('gdpr-dau','{"data":true,"expire":1659518701769}'); 45 | localStorage.setItem('gdpr-last-interaction','{"data":1659432301.061,"expire":1693128301061}'); 46 | localStorage.setItem('gdpr-config-version','{"data":25,"expire":1693128301061}'); 47 | localStorage.setItem('gdpr-auditId','{"data":"...","expire":1693128289025}'); 48 | ``` 49 | 50 | 7. In WebPageTest… 51 | 52 | 8. Enter the page you want test 53 | 54 | 9. Paste the generated script into the _Inject Script_ text box under the _Advanced_ tab 55 | 56 | 8. Hit start 57 | 58 | If all's gone well when the test completes the filmstrip shouldn't contain a consent popup, and the waterfall should have all the third-parties and ads (although some third-parties and ad providers don't serve their content to AWS locations etc) 59 | 60 | Here's two tests using https://www.ibtimes.co.uk/ 61 | 62 | Without injected script: https://www.webpagetest.org/result/220802_BiDc7F_7H5/ 63 | With script: https://www.webpagetest.org/result/220802_BiDcTM_7HB/1 64 | 65 | Comparison: https://www.webpagetest.org/video/compare.php?tests=220802_BiDcTM_7HB,220802_BiDc7F_7H5 66 | -------------------------------------------------------------------------------- /scripts/quantcast-choice.md: -------------------------------------------------------------------------------- 1 | # Quantcast Choice IAB EU 2 | 3 | Bypassing the Quantcast Choice cookie prompt seems to require the following to be set: 4 | 5 | **localStorage** 6 | - CMPList 7 | - noniabvendorconsent 8 | - _cmpRepromptHash 9 | 10 | **cookies** 11 | - euconsent_v2 12 | - addtl_consent 13 | 14 | These can be set near the start of a test in WebPageTest via the _Inject Script_ field at the bottom of the _Advanced_ tab. 15 | 16 | The DevTools snippet below can be used extracts relevant data from an existing Chrome session and then generate an appropriate script. 17 | 18 | I'd recommend generating the script using a fresh Guest profile in Chrome first to avoid capturing anything that may be personal. 19 | 20 | 1. Launch fresh Guest window in Chrome 21 | 22 | 2. Open a site that uses Quantcast Choice as it's CMP 23 | 24 | 3. Accept cookies (could reject, or experiment with different options too) 25 | 26 | 4. Launch DevTools 27 | 28 | 5. Either paste script below into the console or save it as a devtools snippet, and then execute it 29 | 30 | 31 | ``` 32 | // Local storage items 33 | var CMPList = localStorage.getItem('CMPList'); 34 | var noniabvendorconsent = localStorage.getItem('noniabvendorconsent'); 35 | var _cmpRepromptHash =localStorage.getItem('_cmpRepromptHash'); 36 | 37 | 38 | // Cookies 39 | var cookies = document.cookie.split('; '); 40 | var euconsent_v2 = cookies.find(entry => entry.startsWith('euconsent-v2=')); 41 | var addtl_consent = cookies.find(entry => entry.startsWith('addtl_consent=')); 42 | 43 | // Generate WPT Script 44 | var output = `localStorage.setItem('CMPList', '${CMPList}');\n` + 45 | `localStorage.setItem('noniabvendorconsent', '${noniabvendorconsent}');\n` + 46 | `localStorage.setItem('_cmpRepromptHash', '${_cmpRepromptHash}');\n` + 47 | `document.cookie = '${euconsent_v2};'\n` + 48 | `document.cookie = '${addtl_consent};'\n`; 49 | 50 | console.log(output); 51 | 52 | copy(output); 53 | ``` 54 | 55 | 6. The script will generate another script that looks something like this (it will also copy it to the clipboard) 56 | 57 | ``` 58 | localStorage.setItem('CMPList', '{"lastUpdated":"2021-02-04T17:03:11Z","CMP":["2","3","5","6","7","9","10","14","18","21","23","25","27","28","30","31","38","44","45","46","47","50","54","58","59","61","63","65","68","69","72","76","77","79","84","90","92","96","104","105","113","123","125","129","134","141","162","167","168","170","171","181","185","193","198","212","217","218","221","222","224","225","227","229","231","235","236","237","242","246","247","252","258","259","264","273","277","279","280","282","284","287","291","292","294","297","299","300","302","303","304","305","306","307","308","309","310","312","316","318","319","321","322","323","327","329","330","332","335","338","339","343","345","348","351","352","353"],"expiry":1613831801672}'); 59 | localStorage.setItem('noniabvendorconsent', 'null'); 60 | localStorage.setItem('_cmpRepromptHash', 'CPBw6O8PBw6O8AKAaAENBNCsAP_AAH_AACiQHZtf_X_fb39j-_59_9t0eY1f9_7_v-0zjhfds-8Nyf_X_L8X42M7vF36pq4KuR4Eu3LBIQFlHOHUTUmw6okVrTPsak2Mr7NKJ7LEinMbe2dYGHtfn9VTuZKYr97s___z__-__v__79f_r-3_3_vp9X---_e_V399gdmASYal8BFmJY4Ek0aVQogQhXEh0AoAKKEYWiawgJXBTsrgI9QQMAEBqAjAiBBiCjFgEAAAAASURASAHggEQBEAgABACpAQgAIkAQWAFgYBAAKAaFgBFAEIEhBkcFRymBARItFBPJWAJRd7GGEIZRYAUCj-iowESAAA.YAAAAAAAAAAA.1.QjY0v9UMqYSBhGAhdjRltA=='); 61 | document.cookie = 'euconsent-v2=CPBw6O8PBw6O8AKAaAENBNCsAP_AAH_AACiQHZtf_X_fb39j-_59_9t0eY1f9_7_v-0zjhfds-8Nyf_X_L8X42M7vF36pq4KuR4Eu3LBIQFlHOHUTUmw6okVrTPsak2Mr7NKJ7LEinMbe2dYGHtfn9VTuZKYr97s___z__-__v__79f_r-3_3_vp9X---_e_V399gdmASYal8BFmJY4Ek0aVQogQhXEh0AoAKKEYWiawgJXBTsrgI9QQMAEBqAjAiBBiCjFgEAAAAASURASAHggEQBEAgABACpAQgAIkAQWAFgYBAAKAaFgBFAEIEhBkcFRymBARItFBPJWAJRd7GGEIZRYAUCj-iowESAAA.YAAAAAAAAAAA;' 62 | document.cookie = 'addtl_consent=1~39.4.3.9.6.5.4.13.6.4.15.9.5.2.7.4.1.7.1.3.2.10.3.5.4.13.8.4.6.9.7.10.2.9.2.12.6.7.6.14.5.20.6.5.1.3.1.11.29.4.14.4.4.1.3.10.6.2.9.6.6.4.5.3.1.4.29.4.5.3.1.6.2.2.17.1.17.10.9.1.8.6.2.8.1.2.4.142.4.8.35.7.15.1.14.3.1.8.10.14.11.3.7.25.5.18.9.7.41.2.4.18.21.3.4.2.1.6.6.5.2.14.18.7.3.2.2.8.19.1.8.8.6.3.10.4.5.15.2.4.9.3.1.6.4.11.1.3.22.16.2.6.8.2.4.11.6.5.17.16.11.8.1.10.28.8.4.1.3.21.2.7.6.1.9.30.17.4.9.15.8.7.3.6.6.7.2.4.1.7.12.13.22.13.2.12.2.4.6.1.4.15.2.4.9.4.5.1.3.7.13.5.3.12.4.13.4.14.8.2.15.2.5.5.1.2.2.1.2.14.7.4.8.2.9.10.18.12.13.2.18.1.1.3.1.1.9.20.5.4.20.8.4.5.3.5.4.8.4.2.2.2.14.2.13.4.2.6.9.6.3.4.3.5.2.3.6.10.11.2.4.3.16.3.8.3.3.1.2.3.9.19.11.15.3.10.7.6.4.3.4.9.3.3.3.1.1.1.6.11.3.1.1.7.4.6.1.10.5.2.6.3.2.1.1.4.3.2.2.4.3.2.13.7.12.2.1.6.4.5.4.3.2.2.4.1.3.1.1.1.2.9.1.6.9.1.5.2.1.7.2.8.11.1.3.1.1.2.1.3.2.6.1.5.6.1.5.3.1.3.1.1.2.2.7.7.1.4.1.2.6.1.2.1.1.3.1.1.4.1.1.2.1.8.1.3.4.4.3.2.1.3.1.4.3.9.6.1.15.10.28.1.2.1.1.12.3.4.1.6.3.4.7.1.3.1.1.3.1.5.3.1.3.2.2.1.1.4.2.1.2.1.1.1.2.2.4.2.1.2.2.2.4.1.1.1.2.1.1.1.1.1.1.1.1.1.1.1.2.2.1.1.2.1.2.1.7.1.2.1.1.1.2.1.1.1.1.2.1.1.3.2.1.1.2.6.1.1.1.5.2.1.6.5.1.1.1.1.1.2.1.1.3.1.1.4.1.1.2.2.1.1.4.2.1.1.2.3.2.1.2.3.1.1.1.1.4.1.1.1.5.1.9.3.1.5.1.1.3.4.1.2.3.1.4.2.1.2.2.2.1.1.1.1.1.1.11.1.3.1.1.2.2.1.4.2.3.2.1.4.1.1.1.1.1.3.2.1.1.2.5.1.3.6.4.1.1.3.1.4.3.1.4.5.1.7.2.1.1.1.2.1.1.1.3.1.2.1.12.1.1.3.1.2.2.3.1.4.1.2;' 63 | ``` 64 | 65 | 7. In WebPageTest… 66 | 67 | 8. Enter the page you want test 68 | 69 | 9. Paste the generated script into the _Inject Script_ text box 70 | 71 | 8. Hit start 72 | 73 | If all's gone well when the test completes the filmstrip shouldn't contain a consent popup, and the waterfall should have all the third-parties and ads (although some third-parties and ad providers don't serve their content to AWS locations etc) 74 | 75 | Here's two tests using https://www.ultimate-guitar.com/ 76 | 77 | Without injected script: https://www.webpagetest.org/result/210217_Di80_9e9124921d95b62ddf7db6ff54e9432e/ 78 | With script: https://www.webpagetest.org/result/210217_DiWJ_0bf7a6b75186403f4125c6ccf784981b/ 79 | 80 | Comparison: https://www.webpagetest.org/video/compare.php?tests=210217_Di80_9e9124921d95b62ddf7db6ff54e9432e,210217_DiWJ_0bf7a6b75186403f4125c6ccf784981b 81 | 82 | --------------------------------------------------------------------------------