Sep 03, 2025
UPDATED:
Nov 21, 2025
For enterprise marketing teams, user privacy is a key consideration when creating digital experiences. Regulations such as GDPR and CCPA impact marketers' ability to gather accurate analytics data and personalize the user experience.
In this tutorial, we’ll explain how to integrate the consent management platform OneTrust with Sitecore 10.4. We’ll use lightweight JavaScript on the front end and the IConsentManager on the back end to enforce consent before data is captured, keeping personalization and tracking aligned without compromising performance or accessibility.
Implementation Goal
-
Load only strictly necessary cookies on initial page load.
-
Only enable Sitecore’s analytics cookie
(SC_ANALYTICS_GLOBAL_COOKIE)if the user provides explicit consent. -
Synchronize consent state between OneTrust and Sitecore programmatically.
Cookie Categorization in OneTrust
Cookies used in this solution are grouped into two categories:
1. Necessary Cookies
-
SC_TRACKING_CONSENT: A Sitecore-generated cookie that stores the user’s consent state. This is essential for managing analytics and is always loaded.
2. Analytics Cookies
-
SC_ANALYTICS_GLOBAL_COOKIE: Used by Sitecore to identify unique visitors and track their behavior. Should only be created if the user accepts analytics cookies.
Technical Implementation
OneTrust Script
For this tutorial, the OneTrust script was manually added to the main layout file in Sitecore (Default.cshtml), before the closing </head> tag:
<script type="text/javascript" src="https://cdn.cookielaw.org/consent/YOUR_SCRIPT_ID.js"
charset="UTF-8"
data-document-language="true">
</script>
This script initializes the cookie consent banner and controls cookie categories.
Backend: Sitecore Consent Controller
To manage user consent in Sitecore, we created a custom MVC controller using the IConsentManager interface. This allows explicit permission to be granted or revoked via HTTP PATCH requests.
using Sitecore.Analytics.Tracking.Consent;
public class TrackingConsentController : Controller
{
private readonly IConsentManager _consentManager;
public TrackingConsentController(IConsentManager consentManager)
{
this._consentManager = consentManager;
}
[HttpPatch]
public ActionResult GiveConsent()
{
this._consentManager.GiveConsent(null);
return new JsonResult()
{
Data = new { Message = "Consent has been granted" }
};
}
[HttpPatch]
public ActionResult RevokeConsent()
{
this._consentManager.RevokeConsent(null);
return new JsonResult
{
Data = new { Message = "Consent has been revoked" }
};
}
}
Frontend: JavaScript for Consent Synchronization
We implemented a script on the frontend that listens for OneTrust consent events and synchronizes the consent status with Sitecore via AJAX.
javascriptCopyEdit(function ($) {
function hasSitecoreConsent() {
const match = document.cookie.match(/(?:^|;\s*)SC_TRACKING_CONSENT=([^;]+)/);
if (!match) return false;
try {
let decoded = atob(match[1]);
decoded = decoded.replace(/[^}\]]*$/, "");
const consentList = JSON.parse(decoded);
return consentList.some(e => e.IsConsentGiven === true);
} catch (e) {
console.warn("Error parsing SC_TRACKING_CONSENT:", e);
return false;
}
}
function ApplyScAnalyticsConsent() {
if (typeof window.OptanonActiveGroups !== "string" || OptanonActiveGroups === "0") return;
const scGroup = GetOneTrustCategory("SC_ANALYTICS_GLOBAL_COOKIE");
const hasConsent = OptanonActiveGroups.includes(scGroup);
const alreadyGiven = hasSitecoreConsent();
if (hasConsent !== alreadyGiven) {
const url = hasConsent
? '/api/metadata/giveconsent'
: '/api/metadata/revokeconsent';
$.ajax({
type: 'PATCH',
url: url,
success: function (response) {
console.log(response.Message);
},
error: function (jqxhr, settings, ex) {
console.error("Error applying consent:", ex);
}
});
}
}
window.addEventListener("OneTrustGroupsUpdated", function () {
ApplyScAnalyticsConsent($);
});
})(jQuery);
This JavaScript code manages the synchronization of user cookie consent between OneTrust and Sitecore. It listens for the OneTrustGroupsUpdated event, which is triggered when a user updates their cookie preferences, and then compares OneTrust’s consent state with Sitecore’s. If there’s a mismatch, it sends a request to Sitecore to either give or revoke consent accordingly.
The function hasSitecoreConsent() checks if the Sitecore consent cookie (SC_TRACKING_CONSENT) exists and is valid. It decodes the cookie value from base64, parses it into a JSON object, and determines whether consent has already been given. This helps avoid unnecessary updates when both systems are already in sync.
Finally, if a change is needed, the script sends a PATCH request using jQuery to either /api/metadata/giveconsent or /api/metadata/revokeconsent. This ensures Sitecore accurately reflects the user’s preferences as stored in OneTrust, maintaining compliance with privacy regulations and consistency in user tracking behavior.
Wrapping Up
Consent management is mission-critical for enterprises, and Sitecore provides the tools to enforce consent, ensuring enterprises remain compliant and can consistently track user behavior. However, turning those capabilities into a governed, multi-brand rollout takes a seasoned partner to align multiple moving parts.
Oshyn is a Sitecore partner with over a decade of experience helping enterprises create personalized digital experiences that help them remain compliant but also drive revenue. Whether you need implementation support or help with an integration like this, then we can assist.
Contact us to learn how.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.