Ads - Consent String (IAB)

1 - About

In the Transparency and Consent Framework (TCF), an Consent String contains a list of permissions telling a list of partners what they’re allowed to do with user data. This a Base64 encoded bit string representing user preference in the TCF (Transparency-and-ConsentFramework)

Vendors rely on the consent string created by CMPs to know whether information has been disclosed to users and whether users have given their consent to processing.

3 - Characteristics

  • Consent string may be created under the TCF only by registered CMPs. If you sent a consent-string as a not registered CMP, you are violating the policies. That's more about legal, not about tech.
  • A user must be able to select the partners with whom they consent to share their data. A user should be able to toggle within the consent UI

4 - Format

The format of the consent string used for storing user consent as part of the IAB’s GDPR Transparency and Consent Framework is a web-safe base64 encoded string. The format details are available in this document provided by the IAB. Consent String format

4.1 - Purpose

The consent string contains the allowed purposes.

Purpose Id Purpose Name
1 Information storage and access
2 Personalisation
3 Ad selection, delivery, reporting
4 Content selection, delivery, reporting
5 Measurement

4.2 - pubvendors.json

The consent string contains a list of allowed vendors (ad network ?) (vendors that the publisher is working with).

The publisher defines this list by:

  • creating a file named pubvendors.json
  • placed at the .well-known path of their domain
  • and that is a subset from the Global vendor list

The pubvendors.json file has a similar function that ads.txt and robots.txt (5785).


    "publisherVendorsVersion": 1,         // [Required] Version of the pubvendors.json specification    "version": 1,                         // [Required] Increment on each update of this file
    "globalVendorListVersion": 1,         // [Required] The version of the GVL this was created from
    "updatedAt": "2018-05-28T00:00:00Z",  // [Required] Updated for every modification
    "vendors": [                          // [Required] Whitelist vendors
            "id": 1                       // [Required] ID of vendor
            "id": 2
            "id": 3


5 - Example




6 - Management

6.1 - Create

To be able to perform this steps, you need to be recognized as a CMP (Consent Management Provider)

6.2 - See / Storage

The consent string can be found in the euconsent cookie after given a consent.

Then you can decode it.

6.3 - Encode

6.4 - Decode

parser tool to decodes a consent string and display its information in a human-readable format.

6.5 - pubvendors.json generator

7 - Documentation / Reference

Data Science
Data Analysis
Data Science
Linear Algebra Mathematics

Powered by ComboStrap