Customers who use OneTrust's Consent Management Platform (CMP) often require strict adherence to privacy regulations such as GDPR and CCPA. This means that our Triple Pixel must not fire unless the end user has explicitly consented to marketing/tracking cookies. Failing to do so could expose brands to legal risk and violate user trust. This guide outlines exactly how to ensure compliance when a customer is using OneTrust with their website.

Customer: https://admin.triplewhale.com/shops/jeremysrazors.myshopify.com

We helped a customer implement our Pixel in a way that respected their OneTrust configuration. Their setup required:

- US visitors: Opted in by default, but able to opt out.

- Non-US visitors: Opted out by default, must opt in to be tracked.

However, our Pixel was still firing regardless of consent due to missing logic and a misnamed variable. Here's how we fixed it.

1. Ensure OneTrust Script is Loading First

- OneTrust's script (`optanon.js`) must be loaded before any tracking-related logic runs.

- This usually means putting the script in the <head> of the HTML.

2. Identify the Correct Consent Group

- The Triple Pixel should only fire if the user consents to tracking.

- In OneTrust, these consents are stored in a variable called OnetrustActiveGroups.

- You’ll need to know which category ID represents Marketing or Tracking cookies. In our case, it was C0004.

3. Use Correct Variable Name

- We originally used OneTrustActiveGroups, which returned undefined.

- The correct name is OnetrustActiveGroups (note the lowercase t).

4. Add Consent Check Logic

- Insert the following logic in the OptanonWrapper function (OneTrust calls this automatically after consent updates):

A. Check That OneTrust Is Installed and Active

- Open browser DevTools → go to Network tab → search for optanon.js to confirm it loaded.

- Also check the Elements tab and confirm that window. OnetrustActiveGroups exists.

B. Validate Consent Group Keys

- Open Console and run: window. OnetrustActiveGroups

- Confirm the returned string includes the expected category ID (e.g. C0004) when consent is given.

- If it returns undefined, make sure OneTrust is fully loaded and that you’ve interacted with the banner.

C. Confirm Consent Banner Behavior

- Reload the site in an incognito window.

- Click “Allow All” and check if OnetrustActiveGroups includes your tracking category.

- Click “Reject All” or “Essential Only” and check if it excludes it.

D. Confirm Triple Pixel Behavior

- Open browser DevTools → Console:

- Look for: TriplePixel trackingConsent set to: true/false

- Check Network tab for outbound tracking requests only when consent is true.

- Variable Names Matter: A small typo (T vs. t) can silently break consent checks.

- TriplePixel Keyword: We should now use 'trackingConsent' instead of 'gdpr'.

- Console Logging Helps: Logging consent status made it easy to debug behavior.

- Sales & CS Teams Tip: Always ask the customer for

- Their OneTrust category ID for tracking (like C0004)

- Where the OneTrust script is placed in their HTML

- How their geo-based consent rules are configured

Triple Pixel Headless Installation Guide: https://kb.triplewhale.com/en/articles/6266255-adding-the-triple-pixel-to-a-headless-store-or-custom-website#h_cb6206a82c