Managing Cookies with PDF Viewer Component | Community
Skip to main content
P
Psythe
Level 1
March 26, 2026
Solved

Managing Cookies with PDF Viewer Component

  • March 26, 2026
  • 1 reply
  • 37 views

We are using the WCM Core component PDF Viewer (https://experienceleague.adobe.com/en/docs/experience-manager-core-components/using/wcm-components/pdf-viewer) on our site to improve the pdf experience of our customers but we are getting analytics cookies coming along for the ride:

acrobatservices.adobe.com
dc-api.adobe.io
p.typekit.net
p13n.adobe.io
use.typekit.net
viewlicense.adobe.io

Obviously we need to make sure if the users disables analytic cookies in our cookie consent manager that these cookies don’t get dropped.

This isn’t a problem for js that we managed in Adobe Tags, we have rules to wire it up to the consent manager but im not sure how to go about wiring up these cookies from this core component.

Any ideas?

Best answer by AmitVishwakarma

Hi ​@Psythe 

You're right: when you use the Core PDF Viewer component, you're also loading the Acrobat Services / PDF Embed API client, which in turn calls Adobe domains like:

  • acrobatservices.adobe.com, dc-api.adobe.io, viewlicense.adobe.io
  • p.typekit.net, use.typekit.net
  • potentially p13n.adobe.io (personalization/experimentation)

Those calls can set cookies or local storage that fall into your analytics / personalization categories, and they are not controlled via Adobe Tags/Launch, because they come directly from the embedded viewer script, not from your tag rules. https://experienceleague.adobe.com/en/docs/experience-manager-core-components/using/wcm-components/pdf-viewer

There is no OOTB switch in the component to bind this to your CMP, so the recommended pattern is:

  • Proxy the PDF Viewer component
    • Create /apps/<project>/components/pdfviewer with sling:resourceSuperType="core/wcm/components/pdfviewer/v1/pdfviewer"
    • Add a marker attribute in HTL, e.g. data-cmp-pdfviewer.
  • Do NOT auto-load the Embed SDK
    • Don't embed the core pdfviewer JS directly in your clientlib.
    • Instead, add your own JS that waits for consent and then loads the SDK.
  • Gate loading on consent (example with OneTrust): 
    (function () {
      function hasAnalyticsConsent() {
        // OneTrust: analytics category example
        return window.Optanon && Optanon.ActiveGroups.indexOf('C0002') > -1;
      }

      function initPdfViewers() {
        if (!hasAnalyticsConsent()) {
          // No analytics consent: keep simple fallback (download link, etc.)
          return;
        }

        // Load Acrobat Services viewer SDK only after consent
        var s = document.createElement('script');
        s.src = 'https://documentservices.adobe.com/view-sdk/viewer.js';
        s.onload = function () {
          document.querySelectorAll('[data-cmp-pdfviewer]').forEach(function (el) {
            // Call/replicate the core PDF viewer init for this element
            // (same logic the original core component uses)
          });
        };
        document.head.appendChild(s);
      }

      function onConsentReady() {
        try { initPdfViewers(); } catch (e) { console.error(e); }
      }

      // Hook into your CMP's event – adjust for your CMP
      if (window.Optanon && typeof Optanon.OnConsentChanged === 'function') {
        Optanon.OnConsentChanged(onConsentReady);
      } else {
        document.addEventListener('DOMContentLoaded', onConsentReady);
      }
    })();
  • Authoring behavior
    • If the user accepts analytics > the PDF viewer loads and behaves as today.
    • If the user rejects analytics > the viewer is never initialised (no calls to those Adobe endpoints from this component); you can show a simple "Download PDF" link as fallback.

This aligns with how Acrobat's PDF Embed API tracks only "essential" usage by default but still lets you not load it at all until your CMP says it's allowed, which is usually what legal/compliance teams expect.

1 reply

AmitVishwakarma
Community Advisor
AmitVishwakarmaCommunity AdvisorAccepted solution
Community Advisor
March 26, 2026

Hi ​@Psythe 

You're right: when you use the Core PDF Viewer component, you're also loading the Acrobat Services / PDF Embed API client, which in turn calls Adobe domains like:

  • acrobatservices.adobe.com, dc-api.adobe.io, viewlicense.adobe.io
  • p.typekit.net, use.typekit.net
  • potentially p13n.adobe.io (personalization/experimentation)

Those calls can set cookies or local storage that fall into your analytics / personalization categories, and they are not controlled via Adobe Tags/Launch, because they come directly from the embedded viewer script, not from your tag rules. https://experienceleague.adobe.com/en/docs/experience-manager-core-components/using/wcm-components/pdf-viewer

There is no OOTB switch in the component to bind this to your CMP, so the recommended pattern is:

  • Proxy the PDF Viewer component
    • Create /apps/<project>/components/pdfviewer with sling:resourceSuperType="core/wcm/components/pdfviewer/v1/pdfviewer"
    • Add a marker attribute in HTL, e.g. data-cmp-pdfviewer.
  • Do NOT auto-load the Embed SDK
    • Don't embed the core pdfviewer JS directly in your clientlib.
    • Instead, add your own JS that waits for consent and then loads the SDK.
  • Gate loading on consent (example with OneTrust): 
    (function () {
      function hasAnalyticsConsent() {
        // OneTrust: analytics category example
        return window.Optanon && Optanon.ActiveGroups.indexOf('C0002') > -1;
      }

      function initPdfViewers() {
        if (!hasAnalyticsConsent()) {
          // No analytics consent: keep simple fallback (download link, etc.)
          return;
        }

        // Load Acrobat Services viewer SDK only after consent
        var s = document.createElement('script');
        s.src = 'https://documentservices.adobe.com/view-sdk/viewer.js';
        s.onload = function () {
          document.querySelectorAll('[data-cmp-pdfviewer]').forEach(function (el) {
            // Call/replicate the core PDF viewer init for this element
            // (same logic the original core component uses)
          });
        };
        document.head.appendChild(s);
      }

      function onConsentReady() {
        try { initPdfViewers(); } catch (e) { console.error(e); }
      }

      // Hook into your CMP's event – adjust for your CMP
      if (window.Optanon && typeof Optanon.OnConsentChanged === 'function') {
        Optanon.OnConsentChanged(onConsentReady);
      } else {
        document.addEventListener('DOMContentLoaded', onConsentReady);
      }
    })();
  • Authoring behavior
    • If the user accepts analytics > the PDF viewer loads and behaves as today.
    • If the user rejects analytics > the viewer is never initialised (no calls to those Adobe endpoints from this component); you can show a simple "Download PDF" link as fallback.

This aligns with how Acrobat's PDF Embed API tracks only "essential" usage by default but still lets you not load it at all until your CMP says it's allowed, which is usually what legal/compliance teams expect.

Amit Vishwakarma - Adobe Commerce Champion 2025 | 16x Adobe certified | 4x Adobe SME
    P
    PsytheAuthor
    Level 1
    April 1, 2026

    This is an excellent flow that worked.

    Thanks again

    Terms & ConditionsAccessibility statement

    Loading footer...