Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
33Across is a US-based programmatic advertising and identity resolution platform that helps publishers monetise content through header bidding and audience targeting. It operates as a third-party tracker, placing cookies across publisher websites to build cross-site audience profiles for targeted advertising. On European websites, 33Across requires IAB TCF v2.2 consent for all its processing activities. Without consent, 33Across must not be loaded. Its cross-site tracking model is among the most GDPR-sensitive in digital advertising.
33Across is a US-based programmatic advertising and identity resolution platform that specialises in attention-based advertising and cookieless identity solutions. It operates a supply-side platform (SSP) helping publishers maximise ad revenue through header bidding and programmatic demand. 33Across is particularly known for its Lexicon cookieless identity product, which attempts to identify users without third-party cookies using browser signals and contextual data. It participates in the IAB OpenRTB ecosystem and processes bid requests for ad auctions.
33Across operates as a third-party tracker across publisher websites. Its cookies and fingerprinting techniques build cross-site profiles of individual users for targeted advertising. Under GDPR and the ePrivacy Directive, placing third-party advertising cookies requires explicit opt-in consent (IAB TCF Purpose 1: Store and/or access information on a device). Legitimate interest cannot be used to justify placing advertising cookies on user devices.
33Across is registered in the IAB TCF (Transparency and Consent Framework) as a vendor. Publishers using 33Across on EU-facing properties must have a TCF-registered CMP, obtain consent for 33Across specifically, and only fire 33Across tags when consent is confirmed. Without TCF consent, 33Across must not receive bid requests containing EU personal data. Non-compliant implementation can result in regulatory action against both the publisher and the ad tech vendor.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
All 33Across processing occurs on US infrastructure. SCCs are required. Publishers using 33Across should ensure the 33Across DPA and SCCs are in place. The US transfer should be disclosed in the publisher''s privacy policy as part of the advertising data flows.
Use a TCF v2.2 certified CMP. Only fire 33Across tags after TCF Purpose 1 consent for 33Across specifically. Sign the 33Across DPA. Conduct a DPIA for your advertising data ecosystem. Disclose 33Across in your privacy policy and cookie banner vendor list. Implement a consent signal pipeline from your CMP to your header bidding wrapper.
Websites using 33Across must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is required for 33Across deployments on EU-facing publisher websites. Cross-site tracking of individuals for advertising profiling purposes constitutes large-scale systematic monitoring requiring a DPIA under GDPR Article 35.
Sample consent text
This website works with 33Across and other advertising partners to show you relevant ads based on your browsing behaviour across websites. This involves cross-site tracking cookies. You can manage your advertising preferences in the cookie settings below.
Third-party domains contacted
33across.comssc.33across.comlexicon.33across.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| 33x_ps | persistent | 13 months | 33Across cross-site visitor ID for programmatic advertising audience profiling |
33Across places tracking cookies for advertising — comply with GDPR using FlowConsent.
Yes. 33Across places third-party advertising cookies requiring IAB TCF Purpose 1 consent (Store and/or access information on a device). 33Across must not be loaded without valid TCF consent from a registered CMP.
33Across is used by publishers to monetise content through programmatic advertising. It connects publisher ad inventory to demand-side platforms via header bidding, enabling real-time auctions for ad placements based on visitor profiles.
33Across sets a cross-site visitor ID cookie (33x_ps, persistent) for audience profiling across publisher sites, and session cookies for bid request management. These are third-party cookies requiring TCF consent.
Yes. Cross-site tracking for advertising profiling constitutes large-scale systematic monitoring of individuals, triggering a mandatory DPIA under GDPR Article 35.
Consent only (IAB TCF Purpose 1 and relevant special purposes). Legitimate interest cannot justify placing third-party advertising tracking cookies on user devices under the ePrivacy Directive.
Use a TCF v2.2 certified CMP. Add 33Across as a vendor in your CMP vendor list. Configure your header bidding wrapper (Prebid.js) to pass TCF consent signals to 33Across. Only send bid requests to 33Across when TCF Purpose 1 consent is confirmed for them specifically.
33Across offers its Lexicon identity product as a cookieless alternative using browser signals and contextual identifiers. However, the GDPR status of cohort-based and probabilistic identifiers is still evolving, and these approaches may still require consent depending on implementation.
Loading 33Across without consent for EU visitors violates the ePrivacy Directive and GDPR. Data protection authorities have issued fines to publishers for non-compliant advertising stacks. Both the publisher and ad tech vendors can be held liable. Always use TCF-compliant consent flows.