Understanding Consent Management in Uniform

Last updated: June 16, 2026

If you are looking for the essential answers, see the table below and check out the FAQ at the end of the article.

What you need to know

Details

Two consent settings exist

Storage consent controls cookie persistence. *requireConsentForPersonalization* controls whether personalization runs at all.

A/B tests always run

Consent settings don't block A/B tests. They always execute.

Without consent, A/B tests don't persist

Variant assignments are stored in memory only. Page refresh = new random variant.

requireConsentForPersonalization only affects personalization

When enabled, visitors without consent see only default content. A/B tests are unaffected.

Geo-based defaults are possible

Set consent ON by default in US, OFF in EU/UK using edge detection.

Consent can change mid-session

Granting consent saves all in-memory data to cookies. Revoking consent deletes cookies immediately.

Quick decision guide:

  • Want personalization to work before consent? → Leave requireConsentForPersonalization disabled (default)

  • Want to completely block personalization without consent? → Enable requireConsentForPersonalization

  • Need accurate A/B test results? → Encourage visitors to grant consent for consistent variant assignment

This guide explains how Uniform’s consent management works, how it integrates with external consent management platforms (like OneTrust, Cookiebot, or similar), and what happens to personalization and A/B testing when visitors haven’t provided consent.

How Consent Works in Uniform

Uniform’s SDK operates with two distinct consent-related concepts:

  1. Storage Consent — Whether visitor data can be persisted (saved to cookies/browser storage)

  2. Personalization Consent — Whether personalization logic should run at all

These two settings give you flexibility in how you handle different regulatory requirements and user preferences.

consent1.png

Storage Consent: Persisting Visitor Data

Storage consent determines whether Uniform can save visitor data to cookies or browser storage. This is the primary consent mechanism that connects to external consent management platforms.

Storage Consent Status

What Happens

Granted

Visitor data (scores, quirks, test selections) is saved to cookies. Data persists across page loads and sessions.

Not Granted

Visitor data is stored in memory only. All data is lost when the page is refreshed or the browser is closed.

Integration with External Consent Platforms

When using an external consent management platform like OneTrust:

  1. Your consent platform collects the visitor’s consent choice

  2. Your website notifies Uniform’s SDK of the consent status

  3. Uniform updates its storage behavior accordingly

If consent is later revoked, Uniform will delete any stored cookies and revert to in-memory storage only.

Personalization Consent: The requireConsentForPersonalization Setting

This setting adds an additional layer of control specifically for personalization. When enabled:

Consent Status

Personalization Behavior

Consent granted

Personalization runs normally, showing tailored content based on visitor behavior and attributes

Consent not granted

Personalization is completely disabled. Visitors see only default (unpersonalized) content

This setting is useful for organizations that interpret privacy regulations strictly and want to ensure no personalization occurs until explicit consent is obtained.

Key Point: This setting affects personalization only. It does not affect A/B testing.

How A/B Testing Handles Consent

A/B testing in Uniform operates differently from personalization. A/B tests always run regardless of consent status. Here’s why and what happens:

Why A/B Tests Run Without Consent

A/B testing randomly assigns visitors to variants — it doesn’t use behavioral data or personal information to make decisions. The random assignment is considered less privacy-invasive than behavioral personalization.

What Changes Based on Consent

consent-seq-1.png

Consent Status

A/B Test Behavior

Granted

Variant assignment is saved. Visitor sees the same variant consistently across page loads and sessions. Test results are reliable.

Not Granted

Variant assignment is stored in memory only. Each page refresh triggers a new random assignment. The visitor may see different variants on each page load.

Impact on Test Results

When running A/B tests with visitors who haven’t granted consent:

  • Test execution continues normally

  • Variant consistency is not guaranteed across page loads

  • Analytics accuracy may be affected for non-consenting visitors since they could be counted in multiple variant groups

For the most accurate A/B test results, encouraging visitors to grant consent ensures consistent variant assignment throughout their session.

Geographic Default Consent Settings

Different regions have different privacy regulations:

  • United States — Generally more permissive; consent is often implied

  • European Union / UK — GDPR requires explicit opt-in consent

  • Other regions — Varying requirements

Uniform allows you to configure different default consent values based on the visitor’s geographic location. This is typically implemented at the edge (CDN level) where the visitor’s location can be determined.

consent-setting-geo.png

Example Regional Configuration

Region

Default Consent

Rationale

United States

Enabled

Implied consent model common in US

European Union

Disabled

GDPR requires explicit opt-in

United Kingdom

Disabled

UK GDPR maintains similar requirements

California

Disabled

CCPA provides opt-out rights

Rest of World

Configurable

Based on your organization’s policy

This approach ensures compliance while maximizing the personalized experience for visitors in regions with more permissive regulations.

Updating Consent at Runtime

Consent isn’t a one-time setting — it can change during a visitor’s session:

  1. Initial state — Consent is set based on default configuration (potentially geo-based)

  2. Consent granted — When a visitor accepts cookies via your consent banner, Uniform is notified and begins persisting data

  3. Consent revoked — If a visitor later revokes consent (e.g., via a “Manage Preferences” option), Uniform deletes stored data and reverts to in-memory storage

consent-sequence-diagram.png

What Happens When Consent Changes

Consent Change

Immediate Effect

Granted

Current in-memory data is written to cookies. Future page loads will remember visitor state.

Revoked

All cookies are deleted. Current session continues with in-memory data, but nothing persists after page refresh.

Summary: Consent Impact Matrix

Feature

Storage Consent OFF

Storage Consent ON

requireConsentForPersonalization ON (no consent)

Personalization

Runs (in-memory)

Runs (persisted)

Disabled completely

A/B Testing

Runs (not persisted)

Runs (persisted)

Runs (not persisted)

Visitor Scores

Calculated but not saved

Calculated and saved

Not calculated

Quirks

Set but not saved

Set and saved

Set but not saved

Cross-session consistency

No

Yes

No

Best Practices

  1. Choose the right consent model for your regions — Use geo-based default consent to balance user experience with compliance requirements.

  2. Consider A/B test accuracy — If accurate A/B testing is critical, design your consent experience to encourage acceptance, or segment your analytics to account for non-consenting visitors.

  3. Use requireConsentForPersonalization thoughtfully — Only enable this if your legal team requires that personalization not occur without explicit consent. For many organizations, the default storage consent mechanism is sufficient.

  4. Test both consent states — Ensure your website provides a good experience for both consenting and non-consenting visitors.

  5. Integrate with your consent platform — Ensure your consent management platform (OneTrust, Cookiebot, etc.) properly notifies Uniform when consent status changes.

FAQ

  1. Does requireConsentForPersonalization affect A/B testing?
    No. The requireConsentForPersonalization setting only affects personalization. A/B tests will always run regardless of this setting or consent status.

  2. Will A/B tests still work if a visitor hasn't given consent?
    Yes, but with a caveat. A/B tests will execute and assign a variant to the visitor. However, without consent, the variant assignment is stored in memory only. If the visitor reloads the page, they may be assigned a different variant.

  3. If consent is not given, will reloading the page assign a different A/B test variant?
    Possibly, yes. Without consent, variant assignments are not persisted to cookies. Each page load triggers a new random assignment, so the visitor could see a different variant after refreshing the page.

  4. Does this affect A/B test accuracy?
    It can. Visitors without consent may be counted in multiple variant groups across their session, which can skew test results. For the most accurate A/B testing, consistent variant assignment (which requires consent) is recommended.

  5. Should I disable A/B testing for visitors without consent?
    That's a business decision. Uniform doesn't disable A/B testing based on consent because random assignment doesn't use personal data. However, if consistent measurement is critical, you may want to exclude non-consenting visitors from your analytics.