Respect ATT Tracking Settings with PHP: Disable/Enable Tracking Scripts Based on User Consent

appos_nick
appos_nick
edited April 11 in Appos Studio

If you’re building a mobile app using Appos Studio and submitting it to the App Store, it’s crucial to comply with Apple’s App Tracking Transparency (ATT) framework. Apple requires apps to disclose and honor user preferences around tracking. If your app opens a website that uses cookies, analytics, or ad scripts, failing to disable these when tracking is denied can result in App Store rejection.

To help you comply, here’s a simple PHP script that dynamically disables or enables tracking scripts (like Google Analytics or Facebook Pixel) based on a user’s ATT status. This is especially useful if your website uses these trackers and is being embedded in a mobile app created with Appos Studio.

When to Use This Script

Add this script to your website if any of the following are true:

  • You use tracking cookies or third-party analytics tools.
  • You’ve converted your website into a mobile app using Appos Studio.
  • You’re submitting your app to Apple’s App Store and need to comply with ATT.

How It Works

  • Appos Studio (or your client app) sends the user’s ATT status via a custom HTTP header or URL parameter.
  • The script checks the status:
  • If tracking is denied, it removes cookies and tracking scripts.
  • If tracking is allowed, it includes them as usual.

Example Code with Comments

<?php
// Get the user's ATT status from the request
// Priority: Custom HTTP header > URL parameter > Default to "allow"
$attStatus = $_SERVER['HTTP_X_ATT_STATUS'] ?? $_GET['att'] ?? 'allow';

// Check if tracking has been denied
if ($attStatus === 'denied') {
    // Remove any "Set-Cookie" headers to avoid placing tracking cookies
    header_remove('Set-Cookie');

    // Leave tracking scripts out of the page
    $trackingScripts = '';
} else {
    // ATT is allowed: include tracking scripts like Google Analytics, etc.
    $trackingScripts = '<script src="tracking.js"></script>';
}

// Output the HTML with or without tracking scripts in the <head>
echo "<!DOCTYPE html>
<html>
<head>
    <meta charset='UTF-8'>
    <title>My Website</title>
    $trackingScripts
</head>
<body>
    <h1>Welcome to my website!</h1>
    <p>Your experience has been tailored based on your privacy preferences.</p>
</body>
</html>";
?>

Final Notes

  • You can customize the trackingScripts variable to include any script snippets (Google Tag Manager, Facebook Pixel, etc.).
  • If you’re using a CMS like WordPress, this logic may need to be added as a plugin or directly in the theme’s header.php.

If you’re unsure whether your site uses tracking cookies, it’s better to err on the side of caution and implement this logic.

Let me know below if you need help customizing this for your stack!

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Categories