From 174197afd8f7881e436d4d030e363f0054af66e6 Mon Sep 17 00:00:00 2001
From: Patrick McCann <patmmccann@gmail.com>
Date: Thu, 27 Mar 2025 09:35:52 -0400
Subject: [PATCH 1/4] Update ozone.md

---
 dev-docs/bidders/ozone.md | 53 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/dev-docs/bidders/ozone.md b/dev-docs/bidders/ozone.md
index 4f93fc6d09..a7f6f22efc 100644
--- a/dev-docs/bidders/ozone.md
+++ b/dev-docs/bidders/ozone.md
@@ -29,6 +29,59 @@ sidebarType: 1
 | `placementId`    | required | The placement ID.  | `"0420420421"` | `string` |
 | `customData`     | optional | publisher key-values used for targeting | `[{"settings":{},"targeting":{"key1": "value1", "key2": "value2"}}],` | `array` |
 
+### Disclosure:
+
+```
+Ozone Bid Adapter sets cookies without purpose one consent. They support essential technical functions such as load balancing traffic and identifying bot activity. These cookies are not set by Ozone's application but by our cloud providers – Cloudflare for security and performance, and Amazon Web Services for load balancing.
+
+Our immediate recommendation is to include information about these cookies in your CMP and privacy policy. This ensures transparency regarding the essential technical cookies that support site functionality and security. Given the nature and purpose of these cookies, they are typically categorised as strictly necessary and do not require user consent under regulations like GDPR or the ePrivacy Directive.Below is an example entry for your privacy policy:
+
+Strictly Necessary Cookies:
+Our website uses certain cookies that are essential for its operation and security. These cookies are automatically placed on your device when you access the site, ensuring that it functions properly and remains protected from malicious activity.
+
+Cookie Name: __cf_bm
+Provider: Cloudflare
+
+Purpose: This cookie is set by Cloudflare, our security and performance partner. It distinguishes between humans and bots to protect the website from automated malicious traffic. The cookie supports performance optimization and security features such as bot management and threat mitigation.
+
+Duration: Expires after 30 minutes of inactivity
+
+Data Collected: Encrypted, non-personally identifiable information used solely for security and performance purposes. No tracking of users across different websites or sessions.
+
+Consent: As this cookie is strictly necessary for the functioning and security of the website, it is exempt from consent requirements under applicable data protection laws, including the UK GDPR and ePrivacy Directive.
+
+Cookie Names: AWSALBG & AWSALBGTCORS
+Provider: Amazon Web Services (via our load balancing service)
+
+Purpose: These cookies are used to maintain session stickiness for load balancing purposes. When a load balancer receives a client request, it routes the request to a specific target server using a chosen algorithm.
+
+AWSALBG:
+
+Encodes and encrypts information about the selected target server.
+
+Is automatically included in the response to the client with a fixed expiry of 7 days, which is non-configurable.
+
+AWSALBGTCORS:
+
+For cross-origin resource sharing (CORS) requests, some browsers require cookies with SameSite=None; Secure attributes.
+
+This cookie is generated alongside AWSALBG and carries the same target information with the required SameSite attribute.
+
+Duration: Both cookies expire after 7 days.
+
+Data Collected: The cookies store information related to load balancing. The data is encrypted and used solely to ensure consistent session routing.
+
+Consent: As these are strictly necessary technical cookies, they are exempt from user consent requirements under applicable data protection laws.
+
+Technical Breakdown:
+
+__cf_bm:
+Cloudflare’s __cf_bm cookie is used to identify and mitigate automated traffic. It is essential for Cloudflare’s bot management and threat mitigation functions. Each end-user device visiting a protected site gets a unique __cf_bm cookie that expires after 30 minutes of inactivity. The content (except for time-related data) is encrypted and used only for computing a proprietary bot score and a session identifier if Anomaly Detection is enabled.
+
+AWSALBG & AWSALBGTCORS:
+When Amazon Web Services' load balancer receives a request, it routes the request to a target server based on a predetermined algorithm. The AWSALBG cookie encodes and encrypts information about the selected target server and is set with a fixed expiry of 7 days. For browsers that require cookies with SameSite=None; Secure attributes to support CORS, the AWSALBGTCORS cookie is generated alongside AWSALBG, containing the same target information with the necessary security attributes.
+```
+
 ### Test Parameters
 
 A test ad unit that will consistently return test creatives:

From 79e6ff7821c9d49df4370f5813e54e8dbd930451 Mon Sep 17 00:00:00 2001
From: Patrick McCann <patmmccann@gmail.com>
Date: Thu, 27 Mar 2025 09:38:38 -0400
Subject: [PATCH 2/4] Update ozone.md

---
 dev-docs/bidders/ozone.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev-docs/bidders/ozone.md b/dev-docs/bidders/ozone.md
index a7f6f22efc..b679631240 100644
--- a/dev-docs/bidders/ozone.md
+++ b/dev-docs/bidders/ozone.md
@@ -29,9 +29,9 @@ sidebarType: 1
 | `placementId`    | required | The placement ID.  | `"0420420421"` | `string` |
 | `customData`     | optional | publisher key-values used for targeting | `[{"settings":{},"targeting":{"key1": "value1", "key2": "value2"}}],` | `array` |
 
-### Disclosure:
+### Disclosure
 
-```
+```legal
 Ozone Bid Adapter sets cookies without purpose one consent. They support essential technical functions such as load balancing traffic and identifying bot activity. These cookies are not set by Ozone's application but by our cloud providers – Cloudflare for security and performance, and Amazon Web Services for load balancing.
 
 Our immediate recommendation is to include information about these cookies in your CMP and privacy policy. This ensures transparency regarding the essential technical cookies that support site functionality and security. Given the nature and purpose of these cookies, they are typically categorised as strictly necessary and do not require user consent under regulations like GDPR or the ePrivacy Directive.Below is an example entry for your privacy policy:

From 4752fd447d011c0d92a0dafeb44456c2d9beee44 Mon Sep 17 00:00:00 2001
From: Patrick McCann <patmmccann@gmail.com>
Date: Thu, 27 Mar 2025 11:51:12 -0400
Subject: [PATCH 3/4] Update ozone.md

---
 dev-docs/bidders/ozone.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/dev-docs/bidders/ozone.md b/dev-docs/bidders/ozone.md
index b679631240..78ced47191 100644
--- a/dev-docs/bidders/ozone.md
+++ b/dev-docs/bidders/ozone.md
@@ -81,6 +81,29 @@ Cloudflare’s __cf_bm cookie is used to identify and mitigate automated traffic
 AWSALBG & AWSALBGTCORS:
 When Amazon Web Services' load balancer receives a request, it routes the request to a target server based on a predetermined algorithm. The AWSALBG cookie encodes and encrypts information about the selected target server and is set with a fixed expiry of 7 days. For browsers that require cookies with SameSite=None; Secure attributes to support CORS, the AWSALBGTCORS cookie is generated alongside AWSALBG, containing the same target information with the necessary security attributes.
 ```
+To require purpose one consent for Ozone, one could include the following
+
+```javascript
+pbjs.setConfig({
+    allowActivities: {
+        fetchBids: {
+            rules: [
+                {
+                    condition({componentType, adapterCode, gdprConsent}) {
+                        return (
+                            componentType === 'bidder' &&
+                            adapterCode === 'ozone' &&
+                            gdprConsent?.gdprApplies &&
+                            !gdprConsent?.vendorData?.purpose?.consents?.[1]
+                        )
+                    },
+                    allow: false
+                }
+            ]
+        }
+    }
+})
+```
 
 ### Test Parameters
 

From 809d3d4f3c3e1786a4a9d5eeb13b21c27b3e2c91 Mon Sep 17 00:00:00 2001
From: Patrick McCann <patmmccann@gmail.com>
Date: Thu, 27 Mar 2025 11:52:55 -0400
Subject: [PATCH 4/4] Update ozone.md

---
 dev-docs/bidders/ozone.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dev-docs/bidders/ozone.md b/dev-docs/bidders/ozone.md
index 78ced47191..80bb8470c9 100644
--- a/dev-docs/bidders/ozone.md
+++ b/dev-docs/bidders/ozone.md
@@ -81,6 +81,7 @@ Cloudflare’s __cf_bm cookie is used to identify and mitigate automated traffic
 AWSALBG & AWSALBGTCORS:
 When Amazon Web Services' load balancer receives a request, it routes the request to a target server based on a predetermined algorithm. The AWSALBG cookie encodes and encrypts information about the selected target server and is set with a fixed expiry of 7 days. For browsers that require cookies with SameSite=None; Secure attributes to support CORS, the AWSALBGTCORS cookie is generated alongside AWSALBG, containing the same target information with the necessary security attributes.
 ```
+
 To require purpose one consent for Ozone, one could include the following
 
 ```javascript