Akamai has acquired Guardicore to extend its Zero Trust solutions and help stop ransomware. Read more

Blog

Integrating Akamai mPulse with Consent Management Providers

Written by

Simon Hearne

October 14, 2021

Simon Hearne is a web performance architect at Akamai, he has spent the past decade helping clients to understand and optimize the performance of their websites and applications. Simon often speaks about web performance topics at conferences, chairs the DeltaV web performance conference and is a director of the London Web Performance meetup group. He can be found on twitter at @SimonHearne.

 

Akamai mPulse is a real user monitoring solution, providing detailed information about the user experiences delivered by your web applications. mPulse can be configured within your Akamai property to automatically start collecting data from your customer visits. This initial setup will gather the data required to use advanced features in Adaptive Acceleration such as Script Manager, Automatic Server Push, and Automatic Preconnect. It is possible to enable session tracking to gain more insight from the data, which allows mPulse to aggregate individual page views into user sessions, allowing you to track bounce rate, conversion rate, session length, and even more valuable session-based metrics.

Setting cookies on users’ browsers is subject to their consent in many jurisdictions. To help customers maintain compliance, Akamai has developed a consent management plug-in for Boomerang (the open-source library that powers mPulse) to make it simple to use mPulse in a compliant manner.

This plug-in provides two implementation options: opt out or opt in. In the opt-out scenario, mPulse will collect data unless the user opts out. In the opt-in scenario, mPulse will only collect data if the user opts in.

The plug-in documentation explains the implementation details of these two options. In this post, we will detail how to implement the consent plug-in with Akamai edge injection (i.e., the mPulse behaviour is enabled in the Akamai property configuration).

1. Check the mPulse behaviour

First, log in to Control Center and ensure that the mPulse behaviour is present and enabled, and that the loader snippet is at least version 12 (latest preferred):

 

2. Check mPulse version

Ensure that mPulse is using a recent version of Boomerang (see the release notes here). Log in to the mPulse login page and use your Akamai SSO credentials. If your account won’t log in, ask an organisation administrator to enable access to mPulse.

Next, open the applications page and double-click on the application you are working on. Verify that the Boomerang version is 1.700 or greater (current recommended version is 1.737).

 

3. Set property variables

Once the mPulse behaviour and Boomerang version are correct, the consent plug-in can be enabled. Follow the documentation to add the code manually, or add property variables so that the mPulse behaviour injects the required code automatically.

The variables are:

  • PMUSER_MPULSE_CONSENT

  • PMUSER_MPULSE_CONSENT_OPT_REQ

The first variable determines whether the consent plug-in should be added to pages. The default value is ‘false’. Set it to ‘true’ (case sensitive).

The second variable determines if the consent plug-in behaviour should be opt-in or opt-out. The default value is ‘false,’ which represents the opt-out behaviour. Set it to ‘true’ for the user to opt in before beacons are sent:

 

4. Verify on staging

Once the steps above are complete, verify on staging that the behaviour works as expected. Follow the normal process for releasing to staging, and verify that the consent plug-in is added to the page by viewing the page source:

 

Then verify the two functions BOOMR_OPT_IN and BOOMR_OPT_OUT are present on the global scope:

 

5. Integrate with your CMP

Your consent management platform (CMP) should provide events for when the user’s consent status changes. The two consent functions within these events will ensure that the mPulse status mirrors the user’s consent in the CMP:

  • BOOMR_OPT_IN() — call when the user consents

  • BOOMR_OPT_OUT() — call when the user removes consent

An example for the open-source CMP Osano is provided in the documentation for reference.

6. Validate in production

Once the configuration has been validated on staging, it can be activated in production. Assuming an opt-in scenario, monitor network traffic to ensure the Boomerang library and application configuration are loaded, but no beacon (request to a subdomain of akstat.io) is sent:

 

Emulate the user providing consent by invoking the function ‘BOOMR_OPT_IN()’ or using the interface provided by your CMP.

Observe that a beacon will be sent upon opt-in:

 

Note that a first-party consent cookie ‘BOOMR_CONSENT’ will be set with the user’s consent status, as well as the mPulse RT cookie:

 

Lastly, simulate the user opting out by invoking ‘BOOMR_OPT_OUT()’ or using the UI provided by your CMP. Notice that the RT cookie is removed and the consent cookie is updated:

 

More information on the cookies used by Boomerang is available in the documentation.

Conclusion

Enabling mPulse compliance with your consent management platform is as simple as adding two variables to your Akamai configuration and adding two JavaScript functions to your CMP event code. Contact your Akamai account team if you have any questions about the consent plug-in or mPulse.



Written by

Simon Hearne

October 14, 2021

Simon Hearne is a web performance architect at Akamai, he has spent the past decade helping clients to understand and optimize the performance of their websites and applications. Simon often speaks about web performance topics at conferences, chairs the DeltaV web performance conference and is a director of the London Web Performance meetup group. He can be found on twitter at @SimonHearne.