What is a TCF consent string?

It is the encoded payload (the 'TC string') the IAB Transparency and Consent Framework uses to record a user's consent choices. CMPs store it in the euconsent-v2 cookie and expose it via the __tcfapi interface so vendors can read which purposes and vendors the user consented to.

Which TCF versions does this decode?

It decodes the v2.x core segment (TCF v2.0 and v2.1), which share the same core bit layout — version, timestamps, CMP ID and version, consent language, vendor list version, and the purpose and vendor consent fields. v1 strings use a different, older layout and are not supported.

What do the purpose numbers mean?

TCF defines 11 standard purposes, such as 1 (store/access information on a device), 3 (create a personalised ads profile), and 7 (measure ad performance). The decoder labels each purpose so you can see exactly what the user consented to.

Why are only some vendors shown?

Vendor consent can be encoded as a bitfield or as ranges. The decoder reads both encodings and lists the vendor IDs that have consent. The Global Vendor List maps those IDs to vendor names; this tool shows the numeric IDs that the string actually carries.

Does the string get sent anywhere?

No. Decoding is pure bit manipulation performed in your browser. The consent string is never transmitted, so you can safely paste production strings while debugging.

TCF Consent String (IAB) Decoder

Read exactly what a TC string consents to

When you debug a Consent Management Platform (CMP) integration, you often have an opaque euconsent-v2 value and need to know what it actually permits. This decoder reads the IAB TCF v2.x core segment directly in your browser and shows the metadata (CMP ID, version, timestamps, consent language) plus the user’s consented purposes, legitimate interests, special features, and the vendor IDs that have consent.

How it works

A TC string is a base64url-encoded bit string. The decoder:

Base64url-decodes the core segment (everything before the first .) into a bit array, mapping each character to 6 bits.
Reads the fixed-position fields of the TCF v2 core: version (6 bits), created and last-updated timestamps (36 bits each, in deciseconds), CMP ID (12 bits), CMP version (12 bits), consent screen, consent language (12 bits = two 6-bit letters), vendor list version (12 bits), and the TCF policy version.
Reads the Purpose Consents (24 bits → purposes 1–24, of which 1–11 are standard) and the Purposes LI Transparency bitfield, plus the 12-bit Special Feature Opt-ins.
Reads Vendor Consent: a max-vendor-id field, then either a bitfield (one bit per vendor) or a range encoding (a count of ranges, each a single ID or a start–end pair).

All of this is integer and bit arithmetic — no library, no network.

Notes and example

Paste only the core segment if your string contains additional segments separated by dots (disclosed vendors, publisher TC) — those use different layouts and are not needed for the core consent view. A typical v2 string begins with C because the 6-bit version field of 2 plus the high bits encodes to that character. Because decoding is local, you can paste live production consent strings while debugging a CMP without any privacy concern. The purpose numbers follow the IAB Global Vendor List definitions, so cross-reference them against the official purpose list when interpreting a user’s choices.