Ir al contenido principal
Beta · Pending IAB Europe registration

Interactive demo

IAB TCF v2.3 Consent Widget

This page embeds SiteGuardian's TCF v2.3 implementation. Use the tools below to inspect the live __tcfapi, see the TC String the backend encodes, and watch the Google Consent Mode v2 signals flow on every decision.

This demo emits cmpId=0 because our IAB Europe CMP application is not yet complete. Vendors (Google Ad Manager, Xandr, TTD) treat cmpId=0 as an invalid TCF signal — the demo is for technical evaluation only, not for live ad monetisation.

Controls

Tip: “Clear stored consent” removes the localStorage entry and reopens the banner — useful to test the cold-boot flow.

Live __tcfapi inspector

cmpStatus
eventStatus
tcfPolicyVersion
gvlVersion
tcString
addtlConsent (AC v1)
purpose.consents
purpose.LI

Google Consent Mode v2 signals

(waiting for gtag signals…)

Legal framing — please read

IAB TCF v2.3 participation is a technical conformance programme run by IAB Europe, not a GDPR certification under Art. 42 GDPR. The European Data Protection Board clarified this in its 2023 review.

The Belgian Data Protection Authority found (2022) that IAB Europe acts as a joint controller for the TC String. The CJEU (C-604/22, March 2024) and the Brussels Market Court (14 May 2025) confirmed key parts of that finding. Using TCF therefore does not establish a safe harbour — publishers remain responsible for their own controller obligations, transparency, and legal basis analysis.

SiteGuardian provides a TCF-conformant technical implementation. We do not sell GDPR certification, and our T&Cs exclude warranties that TCF participation alone discharges a publisher’s GDPR obligations.

What this demo proves

  • __tcfapi stub loads before any vendor tag (queue-and-replay pattern).
  • __tcfapiLocator iframe present for cross-origin postMessage bridging.
  • ✔ Full TC String v2 codec server-side (Core + DisclosedVendors + PublisherTC).
  • ✔ Accept / Reject with equal prominence on the first layer (TCF v2.2+ policy).
  • ✔ Second-layer preferences with per-purpose + per-vendor toggles, retention and LI disclosure.
  • ✔ Persistent re-open affordance (GDPR Art. 7(3) withdraw-as-easy-as-consent).
  • ✔ Google Consent Mode v2 default-denied before interaction; live updates on decisions.
  • ✔ Consent records persisted server-side with TC String, AC String, GVL version, hashed IP/UA.