Skip to main content
GetInlytics.
Cookie Compliance Checker/IAB TCF Validator
Cookie Compliance Checker

IAB TCF 2.2 Compliance Validator

We do not just check that a TCF cookie exists. We validate the string structure, verify that vendor consents match what the user actually chose, and confirm the CMP's __tcfapi callback responds correctly - the difference between a real TCF implementation and a cosmetic one.

euconsent-v2__tcfapiIABTCF_*TCF 2.2

What we validate

Six checks that go beyond confirming the cookie exists - we validate the content and behavior of the TCF implementation.

  • TCF cookie presence after consent

    Is a valid euconsent-v2 cookie set after the user accepts consent? The cookie must be present in the Accept All scenario (S2) and absent or minimal in the Reject All scenario (S3).

  • TCF string structure and well-formedness

    We validate that the TCF string is correctly base64-encoded with the proper segment structure. A malformed string means ad networks silently ignore the consent record.

  • Vendor consent accuracy

    The consent encoded in the TCF string should match what the user actually selected on the banner. We cross-reference the string against the banner interaction to detect mismatches.

  • __tcfapi callback behavior

    Does the CMP expose the __tcfapi window function and respond correctly to getTCData calls? This is the mechanism ad networks and publishers use to read consent state programmatically.

  • Purpose consent mapping

    Are vendor purposes mapped correctly in the string? Purpose 1 (Store/access information on a device) must be explicitly consented to before any cookie-based tracking can occur.

  • TCF string in Reject All scenario

    In the Reject All session, the TCF string should encode no vendor consents. We verify the string does not encode broad consent when the user has refused.

Why TCF validation matters beyond cookie checks

The IAB TCF is the consent transport layer for digital advertising. Getting it wrong means consent is not communicated - even if the banner is visible.

Ad networks read the TCF string - not your banner

Google, Meta, and other advertising partners read the euconsent-v2 cookie to determine which vendors and purposes have consent. A malformed or inaccurate string means the consent the visitor gave is not communicated correctly.

Publishers can be held responsible for string accuracy

Under the IAB Europe Framework Agreement and EU GDPR, publishers are responsible for ensuring the TCF string accurately reflects user consent. An incorrect string is a compliance failure even if the banner looks correct.

Silent breakage is common

TCF string issues rarely produce visible errors. The banner appears to work, but the string sent to ad partners does not match the user's choice. This is exactly why independent validation is needed.

Related: Supported CMPs · Dark Pattern Detector · Google Consent Mode v2 Checker

Coming Soon

Validate your TCF string

Cookie Compliance Checker is launching soon. Join the waitlist for early access and be among the first to scan your site.

See pricing

Privacy Policy · Terms of Service · Refund Policy