Online Enhanced Matching


Describes how to use Online Enhanced Matching to pass SHA256 hashed email addresses along with your pixel events to Yahoo to help attribute more conversions and reach more customers.


As cookieless advertising continues to grow in reach and value, Yahoo is dedicated to providing means for advertisers to carry out the measurement and targeting functions that provide them with performance on Yahoo advertising platforms, while at the same time still respecting user privacy.

Using Online Enhanced Matching, advertisers can hash the emails on their websites before sending them to Yahoo DSP to protect user privacy.

In the absence of a cookie, Yahoo matches the hashed email address against Yahoo’s own data and uses a deterministically matched ID in the attribution and targeting workflows, if a match is available.

How It Works

To implement online enhanced matching, you should work with your website developer to update any existing DOT pixel base JavaScript or image pixels with the Online Enhanced Matching snippet and implement macros to pass hashed email addresses through the new parameter fields.

Any new code should include the snippet and macro implementations. Yahoo provides a wizard in the DSP UI for adding the snippet more easily.

Yahoo cannot push code updates for this configuration, and implementation is fully at the discretion of the advertiser.

Use of this feature is subject to the terms of the Yahoo Pixel and Custom Audience Policy.

JavaScript Implementation

The JS tag supports two ways of capturing the email address; as clear text (to be hashed before passing) or pre-hashed.

If you are using the Yahoo Dot Javascript code, there are two different query parameter options:

  • Yahoo handles the normalization and hashing of email addresses.

  • You handle the normalization and hashing using SHA256.

Option 1: Yahoo Hashes the Email Addresses

If you want Yahoo to handle the email address hashing (recommended), you can add a new 'userEmail' field in the properties section of the Dot tag. One advantage of using this option is that Dot validates the data before doing the hashing. All normalization and hashing takes place in the browser.

For example:

'pixelId':'123456789','userEmail': '<email_address>'}});var


Your developer team is responsible for adding custom logic to your site to capture the email address value and replace the macro placeholder. If no email address is available, you should leave the userEmail field blank. The email address is then hashed before it’s fired with the pixel.

Option 2: The Advertiser Hashes the Email Addresses

Some advertisers may want to hash the email address values themselves before passing them to Yahoo. In the case of advertiser-hashed email address values, normalize and pass the values as follows:

  1. Trim the blank spaces around the email address.

  2. Convert the email address to lowercase.

  3. Hash the email address using SHA-256.

  4. Pass the hashed email address through the 'userHashedEmail' field.

For example:

'pixelId':'123456789','userHashedEmail': '<SHA256_hashed_email_address>'}});var

IMG Calls

You can use image calls with the addition of a query parameter.


For image calls, the only option is for the advertiser to handle the normalization, email address hashing, and replacing the macro placeholder in the new query parameter on the call to the Dot server.

Before the page is loaded in the browser, you should follow these steps:

  1. Trim the blank spaces around the email address.

  2. Convert the email address to lowercase.

  3. Hash the email address using SHA-256.

  4. Pass the hashed email address through the ‘&he’ field.

For example:



Q: Who should use online enhanced matching?

A: U.S.-based advertisers who have access to user emails and a DOT pixel implemented on their page.

Q: Does the Dot Online Enhanced Matching feature comply with privacy laws, like GDPR and CCPA?

A: Yes. Online Enhanced Matching feature complies with all privacy laws and mechanisms. DSP honors any opt-out values that advertisers pass to Yahoo through the U.S. Privacy or GDPR macros. Additionally, Yahoo maintains its own privacy dashboard and honors user opt outs from Yahoo’s user privacy settings.

Q: Does Yahoo have access to the email addresses in clear-text?

A: Yahoo does not allow any clear text email addresses into Yahoo’s systems for this feature. If the advertiser does not perform hashing, the data is be dropped from the DOT call. Yahoo recommends that advertisers use the JS code and the query parameter that allows Yahoo to perform the hashing function using SHA256.

Topics to Navigate

If you’re working with Tealium, be sure to explore these topics:



Tealium iQ implementation

Describes how to perform hashing and pass the email to DSP via Dot using Tealium iQ.

Yahoo Dot template for Tealium

Describes how to check and update your Yahoo Dot template for Tealium.