Understanding consent signals and vendor behavior
When a user interacts with the CookieHub consent dialog, their choices are not only stored locally—they are also translated into consent signals that are either:
- Sent to third-party vendors
- Used to control script execution and service behavior
Understanding how these signals work is essential for ensuring that your implementation meets regulatory and platform requirements.
Types of consent signals
CookieHub generates and transmits consent signals using multiple methods:
| Signal Type | Purpose | Example Format |
|---|---|---|
| TC string | Vendor consent under IAB TCF 2.2 | tcString (base64) |
| GPP string | US state privacy preferences | gppString + section ID |
| US Privacy string | Legacy opt-out signal (pre-GPP) | usprivacy=1YNN |
| Google Consent Mode | Consent signals for Google Ads, Analytics, etc. | ad_storage=granted |
| Google AC string | Additional consent string for non-GVL Google vendors | 1~1.35.41 |
| UET Consent Mode | ad_storage signal for Microsoft UET tracking | 'ad_storage': 'denied' |
These signals are passed to supported vendors either via in-page variables, APIs, or structured tag behavior.
When signals are generated
CookieHub generates consent signals automatically when:
- A user submits their preferences in the consent dialog
- A framework is assigned to the user’s region (e.g., TCF, GPP)
- A browser sends a Global Privacy Control (GPC) signal
- Default values need to be applied on page load
No manual setup is required for signals to work with supported frameworks.
How vendors use signals
Supported vendors receive and interpret consent signals to determine:
- Whether tracking scripts or cookies should run
- If user data may be shared or personalized
- Whether specific features (e.g., ad personalization) are allowed
Examples:
- Google Ads uses Consent Mode and the Additional Consent string
- Meta, Amazon, and others use the IAB TCF or GPP string
- Older vendors may still rely on the US Privacy string
Blocking vs signaling
CookieHub applies different consent enforcement depending on your implementation method:
| Method | Behavior |
|---|---|
| HTML implementation | ✅ Sends signals to vendors ✅ Automatically blocks scripts by category |
| GTM implementation | ✅ Sends signals to vendors ❌ Does not block scripts—requires tag setup |
In GTM, script behavior depends on whether the tag supports Consent Mode or other signal APIs.
For unsupported tags, you can configure additional consent logic to block execution manually.
Supported frameworks and signals
| Framework | Signals sent by CookieHub |
|---|---|
| CookieHub Choices | Internal category-based logic |
| IAB TCF 2.2 | TC string + Google Additional Consent (AC) string |
| IAB GPP | GPP string + legacy US Privacy string (USP) |
| Google Consent Mode | Consent Mode v2 parameters (ad_storage, etc.) |
| Microsoft UET | Optional ad_storage parameter based on consent state |
| GPC (Global Privacy Control) | Interpreted locally by CookieHub as an opt-out trigger |
Summary
| Consent Action | Vendor Communication | Local Script Control |
|---|---|---|
| Consent submitted | ✅ Signals sent | ✅ Categories enforced |
| GPC received | ✅ Signals updated | ✅ Local opt-out |
| Unsupported vendor tag | ❌ May need manual setup | ✅ Can be blocked via category or GTM logic |