Transcend XDI is a JavaScript library that implements a secure, offline, client-side tunnel between your cross-domain hosts (e.g. your Privacy Center and your website), enabling automated and secure synchronization of consent, tracking events, and client-side identifiers from sources such as cookies and local storage.

<aside> 💡 Read more about how we ensure the code that powers XDI is kept secure.

</aside>

Hosting an XDI endpoint

Update embedder policy headers

In order to host Transcend XDI yourself, you must ensure that your embedder policy headers allow XDI clients to embed your host endpoint.

No existing headers

If your site does not have any existing embedding control headers, such as X-Frame-Options or Content-Security-Policy: frame-ancestors, then no additional steps are necessary.

X-Frame-Options

If your site uses the X-Frame-Options header, you will need to remove this header and upgrade to [Content-Security-Policy: frame-ancestors](<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors>).

Content-Security-Policy: frame-ancestors

If your site has a Content-Security-Policy header with a frame-ancestors directive, then you will need to specifically allow the origin of your Privacy Center in this directive.

Example (before):

Content-Security-Policy: frame-ancestors 'none';

Example (after):

Content-Security-Policy: frame-ancestors <https://privacy.example.com>;

Add XDI host script (standalone)

<aside> ℹ️ This step is not necessary if you have already installed Transcend Consent on your site. Our Consent Manager automatically loads the Transcend XDI host script as needed.

</aside>

To install the Transcend XDI host script, simply add this script element to the end of any page where you want to extract identifiers or coordinate offline consent manager sync. Take note to replace privacy.example.com with the domain of your Privacy Center.