Understanding consent signals and vendor behavior
When a user interacts with the CookieHub consent dialog, their choices are stored locally and translated into consent signals. These signals are:
- Sent to third-party vendors
- Used to control script execution and service behavior
Understanding these signals is key to ensuring compliance with regulations and vendor requirements.
Types of consent signals
CookieHub generates and sends multiple types of signals:
| Signal Type | Purpose | Example Format |
|---|---|---|
| TC string | Vendor consent under IAB TCF 2.2 | tcString (base64) |
| GPP string | US state privacy preferences | gppString + section ID |
| US Privacy string | Legacy opt-out signal (pre-GPP) | usprivacy=1YNN |
| Google Consent Mode | Signals for Google Ads, Analytics, etc. | ad_storage=granted |
| Google AC string | Additional consent for non-GVL Google vendors | 1~1.35.41 |
| UET Consent Mode | Consent status for Microsoft Ads tracking | { 'ad_storage': 'denied' } |
These signals are transmitted to supported vendors via in-page variables, APIs, or structured tag behavior.
When signals are generated
CookieHub generates consent signals automatically when:
- A user submits preferences in the consent dialog
- A framework applies to the user’s region (e.g., TCF or GPP)
- A Global Privacy Control (GPC) signal is received
- Default values are required at page load
No manual setup is needed for supported frameworks.
How vendors use signals
Vendors interpret consent signals to decide:
- Whether scripts or cookies can run
- If user data may be shared or personalized
- Which features (e.g., ad personalization) are allowed
Examples:
- Google Ads uses Consent Mode and the Additional Consent string
- Meta, Amazon, and other ad platforms use TCF or GPP strings
- Older vendors may rely on the US Privacy string
Blocking vs signaling
CookieHub enforces consent differently based on implementation:
| Method | Behavior |
|---|---|
| HTML implementation | ✅ Sends signals to vendors ✅ Blocks scripts by category |
| GTM implementation | ✅ Sends signals to vendors ❌ Does not block scripts automatically |
In GTM, tag behavior depends on whether the tag supports Consent Mode or similar APIs.
For unsupported tags, you can configure additional consent logic to block execution.
Frameworks and signals
| Framework | Signals sent by CookieHub |
|---|---|
| CookieHub Choices | Internal category-based logic |
| IAB TCF 2.2 | TC string + Google Additional Consent (AC) string |
| IAB GPP | GPP string + legacy US Privacy string |
| Google Consent Mode | Consent Mode v2 parameters (e.g., ad_storage ) |
| Microsoft UET | Optional ad_storage parameter based on consent |
| GPC (Global Privacy Control) | Interpreted locally as an opt-out trigger |
Summary of behavior
| Consent Action | Vendor Communication | Local Script Control |
|---|---|---|
| Consent submitted | ✅ Signals sent | ✅ Categories enforced |
| GPC received | ✅ Signals updated | ✅ Local opt-out |
| Unsupported vendor tag | ❌ Manual setup may be required | ✅ Block via category or GTM |