Ads - Consent String (IAB)

Card Puncher Data Processing


In the Transparency and Consent Framework (TCF), an Consent String contains a list of permissions telling a list of partners what they’re allowed to do with user data. This a Base64 encoded bit string representing user preference in the TCF (Transparency-and-ConsentFramework)

Vendors rely on the consent string created by CMPs to know whether information has been disclosed to users and whether users have given their consent to processing.


  • Consent string may be created under the TCF only by registered CMPs. If you sent a consent-string as a not registered CMP, you are violating the policies. That's more about legal, not about tech.
  • A user must be able to select the partners with whom they consent to share their data. A user should be able to toggle within the consent UI


The format of the consent string used for storing user consent as part of the IAB’s GDPR Transparency and Consent Framework is a web-safe base64 encoded string. The format details are available in this document provided by the IAB. Consent String format


The consent string contains the allowed purposes.

Purpose Id Purpose Name
1 Information storage and access
2 Personalisation
3 Ad selection, delivery, reporting
4 Content selection, delivery, reporting
5 Measurement


The consent string contains a list of allowed vendors (ad network ?) (vendors that the publisher is working with).

The publisher defines this list by:

  • creating a file named pubvendors.json
  • placed at the .well-known path of their domain
  • and that is a subset from the Global vendor list

The pubvendors.json file has a similar function that ads.txt and robots.txt (5785).


    "publisherVendorsVersion": 1,         // [Required] Version of the pubvendors.json specification    "version": 1,                         // [Required] Increment on each update of this file
    "globalVendorListVersion": 1,         // [Required] The version of the GVL this was created from
    "updatedAt": "2018-05-28T00:00:00Z",  // [Required] Updated for every modification
    "vendors": [                          // [Required] Whitelist vendors
            "id": 1                       // [Required] ID of vendor
            "id": 2
            "id": 3








To be able to perform this steps, you need to be recognized as a CMP (Consent Management Provider)

See / Storage

The consent string can be found in the euconsent cookie after given a consent.

Then you can decode it.




parser tool to decodes a consent string and display its information in a human-readable format.

pubvendors.json generator

pubvendors.json generator

Documentation / Reference

Discover More
Card Puncher Data Processing
Ads - Consent Management Platform (CMP)

In the Transparency and Consent Framework (TCF), a Consent Management Platform is a third party that is registered and authorized to produce a consent string in order to gather the consent given by the...
Card Puncher Data Processing
Transparency and Consent Framework (TCF)

The is a framework that: register and validate consent management provider that are authorized to register the consent of users in a consent string Gdpr...

Share this page:
Follow us:
Task Runner